vRealize Orchestrator – Working with XML and the NSX API

I’ve found that it’s a must to know how to work with XML in vRealize Orchestrator, especially when using the NSX API, and the good news is that it is very simple, once you know a few key commands.

First off, the XML plugin is based on E4X, so searching for help on this XML library is a good start.

Take this XML structure for example, which is for NSX load balance configuration that shows the configuration for pool members:


Notice there are multiple member XML nodes, one for each pool member. That makes sense as you would have mor ethan one pool member in a NSX load balancer.

You can delete nodes by converting the XML into an object and using the delete command in Javascript. So something like this:

var xmlObj = new XML(xml);
delete xmlObj.pool.member[0];

So this would delete the first member node and all the child nodes but what happens if you need to delete a specific node, say the pool member, or any member for that matter.

In order to do this, you need to find the index. Note that E4X is zero based, so the first member node is index 0 , the second member node is at index 1 etc..

So you need to find the index number for Here’s a script to do this.

// Convert the XML to a XML document object
var document = XMLManager.fromString(xml);

//Search for member element by tag name
var members = document.getElementsByTagName("member");

// Set a marker so we can break in the loop
var memberFound = false;
// Now iterate using i and starting from 0 (remember E4X is zero based.
for (i = 0; i < members.length; i++){

// Now get all the child nodes for the first member.
var childNodes = members.item(i).getChildNodes();

// Iterate through the child node.
for (j = 0; j < childNodes.length; j++){

// Search for your IP address.
if (childNodes.item(j).textContent == ""){

// Now take the value of the iterator for the member iteration, not the member nodes.
// In this case, it is 1.

System.log(childNodes.item(j).textContent + " found at index " + i);

// Set you flag as you've found the IP and do not want to iterate further.
memberFound = true;
if (memberFound) {break;}

Now you can delete the member using the iterator value. Note that E4X is zero based, so the member-one node is at index 0, member-two is at index 1 etc..

// Create the xmlObj, although we did set this up above.
var xmlObj = new XML(xml);

// note, you need to have the value for i, which is 1 in this case
delete xmlObj.pool.member[i];

But what happens if you what to append an element with child nodes? Say you want to add this XML to the main xmlObj.

var newMemberXml = "<member>

We can use the new XMLList() object type. An XML List is a linear sequence of XML nodes.

var xmlNewObj = new XMLList(newMemberXml);

// Create the xmlObj, although we did set this up above.
var xmlObj = new XML(xml);

// create the new xml object you wish to append
var xmlNewObj = new XMLList(newMemberXml);

// Append the xmlNeObj to the xmlObj.pool node

This will add the new member node and its child elements to the main xmlObj.
So using delete and childApend(obj) can get you a long way.


I use resource elements to hold XML structure in vRealize Orchestrator. Most structures, say to configure a load balancer or to add a node, have static element nodes.

So in order to change the resource element, you can set placeholders in your XML resource element. For example:


You can then use the following code to replace the placeholders in the curly brackets with values from vRO attributes or input parameters (addHTTPMonitor is the resource element)

var content = addHTTPMonitor.getContentAsMimeAttachment().content;

var monitorContent = content.replace("{monitor_url}", monitorUrl)
	.replace("{monitor_expected}", monitorExpected)
	.replace("{monitor_send}", monitorSend)
	.replace("{monitor_receive}", monitorReceive)

So once you have your XML structure from the resource element, append this using the childApend(obj) method to add the XML element and node to the main XML structure.

vRealize Orchestrator 7 VAPI vSphere tags workflow

I created a workflow using the VAPI plugin to assign vSphere tags to a VC:VirtualMachine object.

You will need to import the package, then configure VAPI with your vCenter endpoints by following these instructions:

1 – Run the Import VAPI metamodel workflow

2 – Run the Add VAPI endpoint workflow

Both workflows take the same inputs, but you must run the workflows in that order. Screen shot of inputs as follows:

Screen Shot 2016-07-19 at 22.56.04


Once you have configured your VAPI endpoints, download the following package from github


Import the package and then the following workflows and actions.

Screen Shot 2016-07-19 at 23.02.25

Screen Shot 2016-07-19 at 23.03.11

Run the Add tag to VC vm workflow (highlighted in the package screen shot above), and as long as you have configured VAPI endpoints, you can add vSphere Tags and vSphere Categories to a VC:VirtualMachine object.


  • The vCenter Virtual Machine is the VC:VirtualMachine object
  • The VAPI Endpoint drop down list should contain all your VAPI endpoints
  • The Create new Tag Category allows you to create a new Category
  • The Tag Category displays existing tag categories configured on your VAPI Endpoint
  • The Tag Name is the name of the tag you wish to create
  • The Tag description is the description and is optional

Code is more of an example, as I found the OOTB VAPI plugins for tags pretty limited. You can move the input parameters to attributes as desired and pass in values for the tag name using maybe an API call to a SNOW or CMDB to get values for your tag name.

Any issues, send in a comment.


vRealize Cloud Client pagesize configuration

When running the vRealize Cloud Client CLI tool, the default page size is set to 25. This means that any command you run will return the 25 items on a page. Sometime you may have more than 25 items, for example for xaas-blueprints

Screen Shot 2016-06-27 at 09.25.14

You can include this parameter to set the pagesize

vra catalog list --pageSize 50

This will return 50 items per page.

However, you can set the default page size in your cloudclient configuration by configuring the cloudclient.config file on the virtual machine you are running cloud client on. For example:

vi ~/.cloudclient/cloudclient.config

And here is an example configuration

Screen Shot 2016-06-27 at 09.29.31

default.page.size can be set to any number you want.




Creating multiple log files using Python logging library

I was looking at the Python logging library as I needed to create 2 log files for different logging purposes. I ended up creating the following Python log functions.

#!/usr/bin/env python
import logging

LOG_FILE_ONE = "/var/log/one.log"
LOG_FILE_TWO = "/var/log/two.log"

def main():

    setup_logger('log_one', LOG_FILE_ONE)
    setup_logger('log_two', LOG_FILE_TWO)

    logger('Logging out to log one...', 'info', 'one')
    logger('Logging out to log two...', 'warning', 'two')

def setup_logger(logger_name, log_file, level=logging.INFO):

    log_setup = logging.getLogger(logger_name)
    formatter = logging.Formatter('%(levelname)s: %(asctime)s %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p')
    fileHandler = logging.FileHandler(log_file, mode='a')
    streamHandler = logging.StreamHandler()

def logger(msg, level, logfile):
    if logfile == 'one'   : log = logging.getLogger('log_one')
    if logfile == 'two'   : log = logging.getLogger('log_two') 
    if level == 'info'    : log.info(msg) 
    if level == 'warning' : log.warning(msg)
    if level == 'error'   : log.error(msg)

if __name__ == "__main__":


In the main() function, we set up a logging instance. We do this for both LOG_FILE_ONE and LOG_FILE_TWO.

    setup_logger('log_one', LOG_FILE_ONE)
    setup_logger('log_two', LOG_FILE_TWO)

This uses standard logging python library. The formatter is important as that is how the log entries look in the log file (below). Here is mine:

formatter = logging.Formatter('%(levelname)s: %(asctime)s %(message)s', 
            datefmt='%m/%d/%Y %I:%M:%S %p')

Have a look at this online doc from Python.org for more info on the formatter method.


Once we set up the logging instance, including the file streamer and handler, we can then use those instances,  in this case log_one or log_two.

Both have different log file paths /var/log/{one.log,two.log}.

We then call the logging function, telling it what logging instance to use (log_one or log_two) and we also pass in what log level we want (info, warn, debug).

    logger('Logging out to log one...', 'info', 'one')
    logger('Logging out to log two...', 'warn', 'two')

Interesting, we get this output when we run this script.

INFO: 01/01/2016 01:01:01 AM Logging out to log one…

Notice we do not get WARNING being logged.

That is because of this:

def setup_logger(logger_name, log_file, level=logging.INFO):

Change level=logging.WARN, and this happens:

INFO: 01/01/2016 01:01:01 AM Logging out to log one...
WARNING: 01/01/2016 01:01:01 PM Logging out to log two...

So, pretty handy and you can create as many log files as you need…

Updating vRA ASD Service Blueprint workflows

There isn’t an easy way to find out what vRealize Orchestrator workflow is associated to a vRealize Automation Service Blueprint. You can query the vPostgres database to find out the workflow ID as follows:

1 – Log in to vPostgres and connect to the vcac database

2 – Run the following SQL command

vcac=# \x on;
Expanded display is on.
vcac=# select * from asd_serviceblueprint;

This should output something similar to this:

-[ RECORD 1 ]------------------------------------------------
id | 850b9e17-024e-44f7-9831-a5651a5d6e0f
description | This is a workflow description.
name | My XAAS workflow
status | 1
tenant | vsphere.local
workflowid | 1eea8b02-15e8-41b8-992e-3df1cd8e4b99
baseform |
outputparameter | ea001bf4-d43f-4c74-a010-b6027c7ecbdf
catalogrequestinfohidden | t
version | 1.0.0

You can change the vRealize Orchestrator workflow that gets called by a vRealize Automation service blueprint pretty easily, by changing the workflow ID value in the vPostgres database

vcac=# update asd_serviceblueprint 
set workflowid='ad9e2cc2-2efa-44c1-a574-6a02bec2f998'
where id = '9d6510ad-24a6-4f0c-adc8-736cc3e99d77';

This will change what workflow gets executed without redeploying the ASD form. It’s handy when you want to clone the ASD service blueprint and actually change the underlying workflow to test something new, without having to rebuild the ASD form.

You can also run a vRealize Orchestrator workflow using the below javascript to find out what the name is using the workflow ID

wfId = '9d6510ad-24a6-4f0c-adc8-736cc3e99d77'
System.log("Workflow name: " + Server.getWorkflowWithId(wfId).name);


All of this can be managed by creating your own service blueprint and publishing as a catalog item..

vRealize Automation vPostgres password

The password for vPostgres in vRealize Automation 7 is now encrpyted. This means you will not be able to log in to vPostgres without decrypting the password. To do this, follow these commands:

Check the password name value pair in file : /etc/vcac/server.xml


Run the below command on VA to get encrypted password:

vcac-config prop-util -d --p "s2enc~Bp/gQ0sSz5ejlemiTxsflCjMNp0GsnHD6tvahuh5Fpw="

The above command give the password which you can connect to vPostgres.

Then run the following commands:

su postgres
cd /opt/vmware/vpostgres/current/bin
./psql vcac -W

Enter the password and it should let you in to the postgres console, connected to the vcac database.

The other way, is to log in as postgres user and change to the vcac database, but that really is too easy.

./psql postgres
psql.bin (9.4.5 (VMware Postgres release))
Type "help" for help.
postgres=# \c vcac;
You are now connected to database "vcac" as user "postgres".


vRealize 7 Orchestrator endpoint

I’ve just hit a config issue when configuring the embedded vRealize 7 Orchestrator Endpoint in vRealize Automation 7, aka vRA 7. You may hit an error when running a vRealize Orchestrator data collection or hit this error when running a NSX data collection:

Workflow ‘vSphereVCNSInventory’ failed with the following exception:
Endpoint not found. There is no vRealize Orchestrator endpoint configured with property __VMware.VCenterOrchestrator.Plugin.NSX.Build.

In vRealize 6, we used to have to add the endpoint for orchestrator as:


However vRA now has an embedded LB HAproxy running and you don’t need add port 8281. Therefore the endpoint config just looks like this:


Screen Shot 2016-01-08 at 10.44.50

One other thing. If you try to enter that endpoint in a browser, it won’t work. You need to append a forward slash, so it should look like this:


You will need to add an orchestrator endpoint before being able to run a NSX data collection. You don’t need to configure the NSX plugin and that will get configured as long as your embeeded vRrealize orchestrator endpoint is correct. Additionally, use the load balancer address as required.