In this recipe, you will learn how to create, export, and generally work with packages. Packages are great for shipping complete Orchestrator solutions between Orchestrators to customers or for backup.
We need at least one workflow or action to work with in this recipe. Optimally, you have workflows and actions that depend on each other. You can test with the 04.03 Export-Package example workflow; it contains an action and another workflow.
This recipe has several sections. As an overview, the following screenshot shows all the icons and their usages. To get to the correct section, follow these instructions:
- Using Orchestrator Client, make sure that you are in Design mode.
- Click on packages (the yellow box with a white circle icon):
- Either right-click on the white space below the displayed packages and select Add package, or select the icon from the right-hand side (the yellow box with a white circle icon).
- Select a new name for the package; the default is org.company.mypackage. A good naming convention is useful.
- The new package is created; now click on the package and either right-click and select Edit or select Edit from the right-hand side (the pencil icon).
- Click on Workflows.
- To add a workflow, you can either select single workflows using Insert workflow (List search) (the green plus icon) to select a single workflow or Insert workflows (Tree browsing) (the folder icon) to insert all workflows of a specific folder. Remember that when Orchestrator shows you an empty selection window, you need to use the Filter option (see the introduction to this chapter).
- Choose one option and click on Select to add the workflow(s). If your workflow depends on other elements, such as Actions, Configurations, Resources, and so on, these elements will be automatically imported into the package as well.
- Click on Save and close and finish the packaging process.
- Before we export a package, we should make sure that its content is current. To do so, we right-click on the package and select Rebuild package. The content of the package will now be updated with the latest versions (and their dependencies) of all elements in the package.
- After the rebuild has finished, we now export the package by right-clicking on the package and selecting Export package, or from the menu, as shown in the beginning of this recipe.
- The export window opens up. Choose an appropriate directory and filename. You also see that there are several options on the right-hand side; we will discuss them in detail in the How it works... section of this recipe:
- Click on Save. Your package has now been exported.
- Either right-click on the white space below the displayed packages and select Import package or select from the menu, as shown at the beginning of this recipe.
- Browse to the appropriate directory and select the package you would like to import and click on Open.
- You might now be presented with a request to accept the user certificate of this Orchestrator server (also see the Important Orchestrator settings recipe in Chapter 1, Installing and Configuring Orchestrator). You can choose to import just the package (Import once) or import the package and add the SSL certificate of this user to your trusted certificates (Import and trust provider). We will work with these certificates more in the There's more... section of this recipe:
- Orchestrator will now check the content of your package against what is already installed. The following window will be displayed. Here, you can choose whether an element should be imported or not. You see on the left-hand side the version and name of the element in the package and on the right-hand side the same information for the Orchestrator server (if that element already exists). You can use the magnifying glass icon on the far right to check the version log of your Orchestrator server-based element. You can force an import by just ticking the box of the element. Please note that we will discuss the Import the values of the configuration settings option in detail in the How it works... section of this recipe:
The package will now be imported. Every element that is part of the package will be placed back in its folder or module as it was. This means that the import will also create folders and modules as required.
When right-clicking on a package, you will see there are two delete options:
|
Option |
Description |
|
Delete |
This will delete the package only but no content (workflows, actions, and so on) will be deleted. |
|
Delete element with content |
This not only deletes the package but also its content (workflows, actions, and so on) from Orchestrator. |
In this example, we will delete the package as well as the content:
- Right-click on the package and select Delete element with content.
- If you used the example package or have elements in this package that are used by other elements, then you will see the following warning message:
- If you are not sure, you can Keep shared elements or DELETE ALL!.
- Your package and its elements will now be deleted.
This option lets you import a package that is stored on another Orchestrator installation:
- Go to packages and click on get remote package.
- Enter the URL (including the port,
8281) of the remote Orchestrator, followed by a user ID and password. - You now see all the additional packages (not the basic ones).
- Select a package and click on Import....
- You are now presented with a window similar to the one we saw when importing a workflow that shows the difference between the versions of the elements between Remote server and Local server. Click on Synchronize!:
- The package is now imported. If you change the content on the Remote server, you can right-click on the package and select Synchronize to actualize the content on the Local server.
Building packages makes it very easy to transport or publish Orchestrator solutions that have been developed. A package contains all the important elements such as Workflows, Actions, Policy Templates, Web Views, Configurations, Resources, and Plugins used.
Another typical usage for packages is to create a backup.
When your package contains workflows or actions from a plugin, such as vCenter, vCloud Director or such like, the plugins and their versions are displayed in the Used plugin tab of the package. Orchestrator doesn't display any warnings or messages when you import a package that depends on a certain plugin. It will just import all the elements of this plugin that are part of the package. However, because of the dependencies, you will not be able to execute workflows that depend on this plugin.
Please note that when you export a package that contains AMQP, SNMP, or other Orchestrator plugins, the resource element that contains the server configuration is exported as well. Before delivering this package to a customer, you might want to delete these elements.
The package that is created is zipped and contains all the files. When you export to a folder, the content of the package is more exposed, but it's not the same format as when extracting the package.
When exporting a package, you have several options that you can choose from. When you deselect an option, all elements in this package will inherit the settings:
|
Option |
Description |
|
Add target certificate |
We shall discuss this in the There's more... section of this recipe. |
|
View Contents |
This is not really as restrictive as one would expect.
When you deselect this option, you can still see all the normal tabs in the workflow. The only thing that won't work is that you can go to an element by double-clicking on it. For example, if the workflow contains an action, double-clicking on it won't open the action element. However, the action can be accessed normally and you can see the scripting content.
|
|
Add to package |
Deselecting this option will make it impossible for users to export a package that contains elements from this package. You can still create packages with elements that don't have the Add to package flag; however, you will get an error message when trying to export the package. |
|
Edit content |
Without this flag, users that import this package will not be able to edit the workflow. This flag is mostly set for all packages that are part of a plugin or to make sure that for support reasons changes are not possible. |
|
Export version history |
Deselecting this option will not export the full version history of each element. Instead, the element will be displayed in the latest version with the remark imported content from package. |
|
Export values of the configuration settings |
Deselecting this section will export the configuration and its attributes; however, it will not export their values. |
|
Export global tags |
This will export the global tag of the objects in the package. See the Working with Orchestrator tags recipe in Chapter 8, Better Workflows and Optimized Working. |
When importing a package, you can deselect the Import the values of the configuration settings option. This will import the configuration and its attributes, but not its values.
The function to switch off editing is extremely important when delivering an Orchestrator solution to a customer. You will want to lock down the customer's ability to edit workflows or actions in order to make it possible to support the solution.
The target server function comes in handy if you want to make sure that Orchestrator packages do not get into the wrong hands. Typical things to mention here are configuration items in Orchestrator that contain sensitive information.
Each package that is created is encrypted with this user certificate. You may have seen that when you imported the package onto a different Orchestrator installation. The certificate is the one we created in the Important Orchestrator settings recipe in Chapter 1, Installing and Configuring Orchestrator.
When you import a package, you can choose to trust this certificate. If you do so, it will be stored in the certificate store. You can manage the certificate store by clicking on Tools (this is in the top-right corner of Orchestrator Client) and then selecting Certificate manager...:
A popup will appear in which the upper part shows your user certificate and the lower part shows all known certificates (you might need to adjust the length of the window). See the following screenshot.
You are able to export your own certificate and also import others or remove others from the certificate store.
When you export a package, you can select the Add target certificate option to make sure that the package can only be read by a certain Orchestrator server. When you add a certificate to the package that is contained in your certificate store, you can make sure that only the Orchestrator server that is the owner of this certificate can import the package. If you try to import a package that is not intended for you, you will get an error message that says this package is not intended for you.
In the example package that comes with this book, I have placed a certificate in resources that you can use to test this:
