In this blog post, we will explore the capabilities of Cloud Assembly for managing resources after deploying cloud templates. Once your templates are deployed, Cloud Assembly provides you with a range of actions to effectively manage your resources. However, the availability of these actions depends on factors such as the resource type and the support for specific actions on your chosen cloud account or integration platform.
As an administrator or project administrator, you can set up Day 2 Actions policies in Service Broker.
It's
important to note that the actions you can perform are also influenced by the
entitlements set by your administrator. These entitlements determine the level
of access you have and the actions you are authorized to execute,
Action |
Applies to these resource types |
Available for these cloud types |
Resour ce origin |
Description |
Add Disk |
Machines |
n Amazon Web Service n Google Cloud Platform n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Add additional disks
to existing virtual
machines. If you add a disk
to an Azure
machine, the persistent disk or non-persistent disk is deployed in the resource group that includes the machine. When you add a disk to an Azure machines,
you can also
encrypt the new disk using
the Azure disk
encryption set configured in the storage
profile. When you add a disk to vSphere machines,
you can select the SCSI controller, the order of which was set in the cloud
template and deployed. You can also
specify the unit
number for the new disk. You cannot specify
a unit number
without a selected controller. If you do not select a controller or provide a unit number, the new disk is deployed
to first available controller and assigned then next available unit number
on that controller. If you add a disk to a vSphere machine for
a project with defined storage limits, the added machine
is not considered as part of the storage limits.
Only resized disks are considered. If you use VMware Storage DRS (SDRS) and
the datastore cluster
is configured in the storage
profile, you can add disks on SDRS to vSphere
machines. |
Apply Salt Configu ration |
Machines |
n VMware vSphere |
n Deployed n On-boarded |
Install
a Salt minion
or update an existing minion
on a virtual machine. The Apply Salt Configuration option
is available if you configured the SaltStack Config integration. To apply a configuration, you must select
an authentication method. The Remote access with existing
credentials uses the remote
access credentials that are included in the deployment. If you changed the credentials on the machine
after deployment, the action can fail. If you
know the new credentials, use the Password authentication method. The Password and Private key use the user name and the password or key to validate your credentials and then connect
to the virtual machine using SSH. If you do not provide a value for the Master
ID and Minion
ID, Salt creates the values for you. |
Cancel |
n Various resource types in deployments n Deployments |
n Amazon Web Service n Google Cloud Platform n Microsoft Azure n VMware vSphere |
n Deploye d n On-boarded |
Cancel a deployment or a day 2 action on a deployment or a resource while the request
is being processed. You can cancel the request on the
deployment card or in the deployment details. After you cancel the request, it
appears as a failed request on the Deployments page. Use the Delete action
to release any deployed resources and clean up your deployment list. Canceling a request that you think has been
running too long is one method for managing deployment time. However, it is more
efficient to set the Request Timeout in the projects. The default timeout is
two hours. You can set if for a longer period of time if the workload deployment for a project requires
more time. |
Change Lease |
Deployments |
n Amazon Web Service n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Change the lease expiration date and time. When a lease expires, the deployment is destroyed
and the resources are reclaimed. Lease policies are set in Service Broker. |
Change Owner |
Deployments |
n Amazon Web Service n Google Cloud Platform n Microsoft Azure n VMware vSphere |
n Deployed n Onb oar ded |
Changes to deployment owner to the selected
user. The selected user must be a member of the same project that deployed the
request. If you want to assign a service
administrator or project administrator as the owner, you must add them as a project member. |
Change Project |
Deployments |
n Amazon Web Service n Google Cloud Platform n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
The change project action is only available for deployments with onboarded resources.
The onboarded deployments can include only machines and disks. The action is
not available for deployed cloud templates nor migrated deployments. If you make any changes to the deployment resources,
for example, add a disk, you cannot run the change project action. Change the project of an onboarded deployment.
This action allows you to change individual deployments from the onboarding
project to a different project. Action constraints: n The initiating user must have permission to
run the change project action. n If you are an administrator moving the deployment,
you could move the deployment to a project where the owner is not a member and
therefore loses access. You can add the user to the target project or move
the deployment to a project where they are a member. n The target project cloud zones must be the
same as the source project cloud zones. If they are not, any future day 2 actions
involving cloud account / region resources that you run might not work. |
Change Security Groups |
Machines |
n VMware vSphere |
n Deploye d n On-boarded |
You can associate and dissociate security groups with machine networks in a deployment. The
change action applies to existing and on-demand security groups for NSX-V and
NSX-T. This action is available only for single machines, not machine clusters. To associate a security group with the
machine network, the security group must be present in the deployment. Dissociating a security group from all networks
of all machines in a deployment does not remove the security group from the deployment. These changes do not affect security groups
applied as part of the network profiles. This action changes the machine's security
group configuration without recreating the machine. This is a non-destructive
change. n To change the machine's security group configuration,
select the machine in the topology pane, then click the Action menu in the
right pane and select Change Security Groups. You can now add or remove the
association on the security groups with the machine networks. |
Connect to Remote Console |
Machines |
n VMware vSphere |
n Deployed n Discovered n On-boarded |
Open a remote session on the selected machine. Review the following requirements for a successful
connection. n As a deployment consumer, verify that the provisioned
machine is powered on. |
Create Disk Snapshot |
Machines and disks |
n Microsoft Azure |
n Deployed n On-boarded |
Create a snapshot of a virtual machine disk or a storage disk. n For machines, you create snapshots for individual
machine disks, including boot disk, image disks, and storage disks. n For storage disks, you create snapshots of
independent managed disks, not unmanaged disks. In addition to providing a snapshot name,
you can also provide the following information for the snapshot: n Incremental Snapshot. Select the check box
to create a snapshot of the changes since the last snapshot rather full snapshot. n Resource Group. Enter the name of the target
resource group where you want to create the snapshot. By default, the snapshot
is created in the same resource group that is used by the parent disk. n Encryption Set Id. Select the encryption key
for the snapshot. By default, the snapshot is encrypted with the same key that is used by
the parent disk. n Tags. Enter any tags that will help you manage
the snapshots in Microsoft Azure. |
Create Snapshot |
Machines |
n Google Cloud Platform n VMware vSphere |
n Deployed n On-boarded |
Create a snapshot of the virtual machine. If you are allowed only two snapshots in
vSphere and you already have them, this command is not available until you
delete a snapshot. |
Delete |
Deployments |
n Amazon Web Service n Google Cloud Platform n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Destroy a deployment. All the resources are deleted and the reclaimed. If a delete fails, you can run the delete action on a deployment a second time. During the second attempt, you can select Ignore Delete Failures. If you select this option, the deployment is deleted, but the resources might not be reclaimed. You should check the systems on which the deployment was provisioned to ensure that all resources are removed. If they are not, you must manually delete the residual resources on those systems |
|
NSX Gateway |
n NSX |
n Deployed n On-boarded |
Delete the NAT port forwarding rules from an NSX-T or NSX-V gateway. |
|
Machines and load balancers |
n Amazon Web Service n Microsoft Azure n VMware vSphere n VMware NSX |
n Deployed n On-boarded |
Delete a machine or load balancer from a deployment.
This action might result in an unusable deployment. |
|
Security groups |
n NSX-T n NSX-V |
n Deployed n On-boarded |
If the security is not associated with any
machine in the deployment, the process removes the security group from the deployment. n If the security group is on-demand, then it
is destroyed on the endpoint. n If the security group is shared, the action fails. |
Delete Disk Snapshot |
Machines and disks |
n Microsoft Azure |
n Deployed n On-boarded |
Delete an Azure virtual machine disk or managed
disk snapshot. This action is available when there is at least
one snapshot. |
Delete Snapshot |
Machines |
n VMware vSphere n Google Cloud Platform |
n Deployed n On-boarded |
Delete a snapshot of the virtual machine. |
Disable Boot Diagnostics |
Machines |
n Microsoft Azure |
n Deployed n On-boarded |
Turn off the Azure virtual machine debugging
feature. The Disable option is only available if the
feature is turned on. |
Edit Tags |
Deploymen ts |
n Amazon Web Service n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Add or modify resource tags that are applied
to individual deployment resources. |
|
NSX Gateway |
n NSX |
n Deploye d n On-boarded |
Delete the NAT port forwarding rules from an
NSX-T or NSX-V gateway. |
|
Machines and load balancers |
n Amazon Web Service n Microsoft Azure n VMware vSphere n VMware NSX |
n Deployed n On-boarded |
Delete a machine or load balancer from a deployment.
This action might result in an unusable deployment. |
|
Security groups |
n NSX-T n NSX-V |
n Deployed n On-boarded |
If the security is not associated with any
machine in the deployment, the process removes the security group from the deployment. n If the security group is on-demand, then it
is destroyed on the endpoint. n If the security group is shared, the action fails. |
Delete Disk Snapshot |
Machines and disks |
n Microsoft Azure |
n Deployed n On-boarded |
Delete an Azure virtual machine disk or managed
disk snapshot. This action is available when there is at least
one snapshot. |
Delete Snapshot |
Machines |
n VMware vSphere n Google Cloud Platform |
n Deployed n On-boarded |
Delete a snapshot of the virtual machine. |
Disable Boot Diagnostics |
Machines |
n Microsoft Azure |
n Deployed n On-boarded |
Turn off the Azure virtual machine debugging
feature. The Disable option is only available if the
feature is turned on. |
Edit Tags |
Deploymen ts |
n Amazon Web Service n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Add or modify resource tags that are applied
to individual deployment resources. |
|
Machines |
n Amazon Web Service n Google Cloud Platform n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Power off the machine without shutting down
the guest operating systems. |
Power On |
Deployments |
n Amazon Web Service n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Power on the deployment. If the resources
were suspended, normal operation resumes from the point at which they were suspended. |
|
Machines |
n Amazon Web Service n Google Cloud Platform n Microsoft Azure n VMware vSphere |
n Deployed n Disc over ed n On-boarded |
Power on the machine. If the machine was suspended,
normal operation resumes from the point at which the machine was suspended. |
Reboot |
Machines |
n Amazon Web Service n VMware vSphere |
n Deployed n On-boarded |
Reboot the guest operating system on a virtual
machine. For a vSphere machine, VMware Tools must be
installed on the machine to use this action. |
Reconfigure |
Load Balancers |
n Amazon Web Service n Microsoft Azure n VMware NSX |
n Deployed n On-boarded |
Change the load balancer size and logging level. You can also add or remove routes, and change the protocol, port, health configuration, and
member pool settings. For NSX load balancers, you can enable or disable
the health check and modify the health options. For NSX-T, you can set the check
to active or passive. NSX-V does not support passive health checks. |
|
NSX Gateway port forwarding |
n NSX-T n NSX-V |
n Deployed n On-boarded |
Add, edit, or delete the NAT port forwarding
rules from an NSX-T or NSX-V gateway. |
|
Security Groups |
n NSX-T n NSX-V n VMware Cloud n VMware vSphere |
n Deployed n On-boarded |
Add, edit, or remove firewall rules or constraints based on whether the security group is an on-
demand or an existing security group. n On-demand security group
Add, edit, or remove firewall rules for NSX-T
and VMware Cloud on-demand security groups. n To add or remove a rule, select the security
group in the topology pane, click the Action menu in the right pane, and select
Reconfigure. You can now add, edit, or remove the rules. n Existing security group
Add, edit, or remove constraints for existing
NSX-V, NSX-T, and VMware Cloud security groups. n To add or remove a constraint, select the security
group in the topology pane, click the Action menu in the right pane, and select
Reconfigure. You can now add, edit, or remove the constraints. |
Refresh Terraform State |
Terraform Configurati on |
n Amazon Web Service n Google Cloud Platform n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Retrieve the latest iteration of the Terraform
state file. To retrieve any changes that were made to
the Terraform machines on the cloud platforms that they were deployed on and
update the deployment, you first run this Refresh Terraform State action. To view the file, run the Get Terraform State
action on the configuration. Use the deployment history tab to monitor the
refresh process. |
Remove Disk |
Machines |
n Amazon Web Service n Google Cloud Platform n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Remove disks from existing virtual machines. If you run the day 2 action on a
deployment that is deployed as vSphere machines and disks, the disk count is
reclaimed as it applies to project storage limits. The project storage limits
do not apply to additional disks that you added after deployment as a day 2 action. |
Reset |
Machines |
n Amazon Web Service n Google Cloud Platform n VMware vSphere |
n Deployed n On-boarded |
Force a virtual machine restart without shutting
down the guest operating system. |
Resize |
Machines |
n Amazon Web Service n Microsoft Azure n Google Cloud Platform n VMware vSphere |
n Deployed n On-boarded |
Increase or decrease the CPU and memory of a virtual machine. |
Resize Boot Disk |
Machines |
n Amazon Web Service n Google Cloud Platform n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Increase or decrease the size of your boot
disk medium. If you run the day 2 action on a deployment
that is deployed as vSphere machines and disks, and the action fails with a message
similar to “The requested storage is more than the available
storage placement,” it is likely due to the defined storage limits on your vSphere
VM templates that are defined in the project. The project storage limits do not
apply to additional disks that you added after deployment as a day 2 action. |
Resize Disk |
Storage disk |
n Amazon Web Service n Google Cloud Platform |
n Deployed n On-boarded |
Increase the capacity of a storage disk. If you run the day 2 action on a deployment
that is deployed as vSphere machines and disks, and the action fails with a message
similar to “The requested storage is more than the available
storage placement,” it is likely due to the defined storage limits on your vSphere
VM templates that are defined in the project. The project storage limits do not
apply to additional disks that you added after deployment as a day 2 action. |
|
Machines |
n Amazon Web Service n Google Cloud Platform n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Increase or decrease the size of disks included
in the machine image template and any attached disks. |
Restart |
Machines |
n Microsoft Azure |
n Deployed n On-boarded |
Shut down and restart a running machine. |
Revert to Snapsh ot |
Machines |
n VMware vSphere |
n Deployed n On-boarded |
Revert to a previous snapshot of the machine. You must have an existing snapshot to use this
action. |
Run Puppet Task |
Managed resources |
n Puppet Enterprise |
n Deploye d n On-boarded |
Run the selected task on machines in your deployment. The tasks are defined in your Puppet instance.
You must be able to identify the task and provide the input parameters. |
Shutdo wn |
Machines |
n VMware vSphere |
n Deployed |
Shut down the guest operating system and power
off the machine. VMware Tools must be installed on the machine to use this action. |
Suspen d |
Machines |
n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Pause the machine so that it cannot be used
and does not consume any system resources other than the storage it is using. |
Update |
Deploymen ts |
n Amazon Web Service n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Change the deployment based on the input parameters. For an example, see How
to move a deployed machine to another network. If the deployment is based on vSphere resources, and the machine and disks include the count
option, |
Update Tags |
Machines and disks |
n Amazon Web Service n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
Add, modify, or delete a tag that is applied
to an individual resource. |
Unregister |
Machines |
n Amazon Web Service n Google Cloud Platform n Microsoft Azure n VMware vSphere |
n Deployed n On-boarded |
The unregister action is only available for
onboarded deployment machines. Unregistered machines are removed from the
deployment, along with any attached disks. By removing the resources, you can
then re-run the onboarding workflow for the unregistered machine. You might want
to onboard the resource again, this time to a new project. If you make any changes to the machine,
for example, add a disk, before unregistering the machine, the unregister action
fails. |