Post installations without network access

Hello,
Here a use case my company wants me to work on :
Currently, we have to deploy som VM on vmmware, on an isolated network. I mean morpheus can access vcenter, but not the deployed VM.
Is it possible to have a workflow that runs several post installation scripts using vmware tools (agent can be installed that way, but, how can i run a specific task)

hope i’m clear,
thank you for your help,
Matthieu

Just to clarify the VM cannot reach the Morpheus Appliance either?

My first thought was if you have the Agent installed via VMware tools, then as long as there is outbound access from the VM’s network to the Morpheus appliance, Agent will act as the command bus via which you can execute workflows with tasks.

If VM can’t reach the appliance then that’s not going to work.

yes, the network in wich the VM is installed is totaly isolatted from the network in wich morpheus appliance is installed (in and out)

This is set at the cloud level:
image

Uncheck install agent, and run your deployment, I believe that will rely on vmtool only workflows. That said, I think this was improved upon sometime in the 6.2.x branch so be sure you are on at least 6.2.x

Thank you Chris,
You mean that, i have to select SSH/WinRM as RPC mode for the workfllow to be run through vmtools (if the agent is not installed) ?

Sorry, no. Select VMtools. Just a poor highlight from my Chrome screenshot :slight_smile:

no problem. Thank you for the tip :slight_smile:

Hello Everyone,

I’m back on this topic.
folowing @Ollie_Phillips suggestion, i have the oportunity to open some flows between these networks.
Are you confirming that i only need to have an outbound connection on TCP443 between the newly installed VM and the appliance ?
the process would be :

  1. Morpheus creates the VM
  2. Morpheus install its agent on the VM, via VMware tools
  3. the newly installed VM can access the appliance URL on TCP443
  4. Morpheus runs an ansible workflow with post installation tasks
  5. i’m happy

regards,
Matthieu.

PS : are you confirming that distributed workers are useless for this kind of use case ?

You shouldn’t need the Worker here.

Agent comms are outbound to appliance on 443 (the connection is then upgraded to websocket to facilitate two way communication.

Three things would generally need.

  1. VM needs to be able to resolve the Morpheus Appliance on hostname or IP (if you need to use IP, then that can be configured in each cloud’s settings),

  2. Outbound connectivity from VM to Appliance on port 443,

  3. If the routing from the VM to Appliance goes through a load balancer, that load balancer must support websocket connections. Some don’t.