Essential Automation
Production-grade open-source repositories from real VMware customer engagements.
Each repository represents a workstream from a real customer engagement — sanitized of all customer-identifying detail, published under GPL-3.0, and ready for adaptation in other environments. Read the customer success story for each to understand the full context, then clone the repository to use the code.
Aria Automation Modernization
BlueCat IPAM Provider for Aria Automation
Production-ready third-party IPAM provider integrating BlueCat Address Manager with VMware Aria Automation. ABX-based with five Python actions: ValidateEndpoint, GetIPRanges, AllocateIP, DeallocateIP, UpdateRecord. Federation-aware via Strategy-4 prefix-stripping for Global Manager segments. Format-preserving package builds matching the reference Infoblox implementation. DNS host record + PTR creation via BlueCat’s quickDeploy.
License: GPL-3.0 | Language: Python | Requires: Aria Automation 8.x+, BlueCat Address Manager (Proteus)
Aria Network Automation Toolkit
Multi-tool Python toolkit for managing Aria Automation infrastructure as code. aria_mapping.py handles flavors, images, storage, capability tags, segment tags, and DNS via configuration-as-code. mapper.py provides multi-profile NSX network management with CIDR-based BlueCat IPAM matching and dynamic VCF sub-account discovery. cleanup_profiles.py performs Federation-aware cleanup of ghost and duplicate network entries. Reduced one customer’s TX network profile from 2,500+ stale references to 155 clean workload networks.
License: GPL-3.0 | Language: Python | Requires: Aria Automation 8.x+, NSX Federation, BlueCat (recommended)
Unified VM Deployment Blueprint
One Cloud Assembly blueprint serving Windows, Linux, and Oracle VM provisioning. Twenty-six dynamic inputs with comprehensive validation. Hybrid network resource declaration (Cloud.vSphere.Network for VLAN-backed segments, Cloud.NSX.Network for overlay) for federated VCF environments. Service Broker custom form with $dynamicEnum live dropdown integration. Conditional second-NIC pattern via count: 0. Empty-string-default safety mechanism preventing accidental misdeployments. Eight major versions of production iteration (v5.5.1 → v8.8.3).
License: GPL-3.0 | Language: YAML + JSON | Requires: Aria Automation 8.x+, Service Broker custom forms
vRO Actions for Aria Automation
Three production JavaScript actions in the com.essential.aria vRealize Orchestrator module solving capabilities Aria doesn’t provide natively. getNetworkSegmentsAll powers dynamic Service Broker dropdowns from live NSX data. getNetworkProfileTag routes deployment requests to the correct network profile based on segment and datacenter selection. addDataDisksOnDeploy is the post-provision disk attach event subscription that bypasses Aria’s storage validator while waiting for VMware Tools confirmation.
License: GPL-3.0 | Language: JavaScript (vRO) | Requires: vRO 8.x, Aria Automation 8.x+
Ansible Windows Post-Deploy Library
Ten production Ansible roles replacing legacy inline-PowerShell post-deploy workflows. Built around the desired-state dispatcher pattern: every role checks current state before changing it, making the playbook safely re-runnable against any VM at any time. Roles cover timezone, KMS activation, Windows hardening, RDP, fleet agents, build info registry, AD groups, DNS validation, WinRM HTTPS, and domain join. Includes enable_winrm_handler.py ABX bridge that pushes ConfigureRemotingForAnsible.ps1 via VMware Tools Guest Operations before Ansible connects.
License: GPL-3.0 | Language: Ansible (YAML) + Python (ABX) | Requires: Ansible 2.15+, Aria Automation 8.x+
Ansible Inventory Generators
Two Python inventory generators triggered via vRO workflows so operators never leave the Aria UI. The vSphere generator pulls VMs from vCenter with intelligent IP resolution preferring VMware Tools data, groups by OS, folder, and environment, and writes INI-format Ansible inventories. The HPE OneView generator supports OneView 6.6 (API 3800), 8.9 (API 6400), and 10.0 (API 7600) with auth variants for local and directory accounts. Each ships with vRO workflow JS and a signed .package file.
License: GPL-3.0 | Language: Python | Requires: vRO 8.x, vSphere or HPE OneView 6.6/8.9/10.0
Federal STIG Compliance
VMware vSphere 8.0 STIG Compliance Tooling
Production tooling for VMware vSphere 8.0 STIG compliance scanning at federal scale. Includes a Base64-based train-vmware password fix for vCenter passwords containing special characters, an enhanced PowerShell InSpec runner with -allhosts mode that scans entire clusters and produces per-host JSON + CKL artifacts, a Python CKL → CKLB converter that preserves mode flags, GUIDs, and target metadata for STIG Viewer 3.x, plus comprehensive scanning documentation and Photon OS 5.0 static-IP configuration guides.
License: GPL-3.0 | Language: Ruby + PowerShell + Python | Requires: VMware STIG Tools Appliance 5.x, vSphere 8.0 U2/U3, v2r3-stig content baseline
How to Use These Repositories
- Read the customer success story first. Each repository links to its corresponding story. The story explains the problem, the discoveries, the patterns, and the lessons. The code makes more sense after the story.
- Always test in a non-production environment first. These tools work in production environments because they were built for production environments — but every environment is different. Validate before deploying.
- Review and customize for your specific environment. The code is sanitized of customer-identifying details, but customer-specific tags, naming conventions, and configurations are still present and need to be adjusted for your environment.
- Understand what each script does before running it. Especially the cleanup scripts. Several of these tools modify infrastructure state — read the README and run with –dry-run first.
- Back up your configuration before making changes. Aria Automation configuration export, NSX backup, BlueCat backup, vRO package export. The tools include backup capabilities; use them.
License
All repositories are published under GPL-3.0. You’re free to use, modify, and redistribute. We ask only that you maintain the license notice and contribute improvements back to the community where you can.
Get Help
Each repository has its own README with usage examples, configuration reference, and troubleshooting tables. Open an issue on GitHub for repository-specific questions. For broader guidance — modernization planning, architecture review, or custom integrations — reach out at noah@essential.coach.