In vSphere 6.0, we introduced a new command-line option to allow you to automate both the deployment and upgrade of a vCenter Server Appliance (VCSA) and Platform Services Controller (PSC) using a simple JSON configuration file. This has been a very popular request from customers and one that I have been asking for some time now and was glad to see it was finally made available with the VCSA. One thing that was still missing from an Automation standpoint was being able to some basic post-configurations after the initial deployment. Common operations such as adding additional user accounts, configuring SNMP for monitoring or adding proxy server were available but had to be done interactively and manually.
In vSphere 6.0 Update 1, an enhancement was made to the appliancesh interface which will now allow customers to automate the post-configurations of either a VCSA or PSC by simply re-directing a series of appliancesh commands within a file using SSH. Although SSH may not be ideal for all customers and having a programmatic interface via an API is ultimately where we want to get to; This at least allows customers to automate the end-to-end deployment of both the VCSA and PSC as well as covering any additional post-configurations that might be required to stand up a vSphere environment.
To make use of this feature, you simply create a file that contains the list of appliancesh commands that you wish to run on either the VCSA and/or PSC. Here is an example configuration called psc.config (you can name it anything you want):
access.shell.set --enabled false access.ssh.set --enabled false ntp.server.add --servers "0.pool.ntp.org,1.pool.ntp.org" timesync.set --mode NTP services.restart --name ntp proxy.set --protocol https --server proxy.primp-industries.com localaccounts.user.add --email *protected email* --role operator --fullname 'William Lam' --username lamw --password 'VMware1!' snmp.set --communities public --targets 192.168.1.160@161/public snmp.enable
Once you have saved the configuration file, you simply SSH to either your VCSA or PSC and re-direct the configuration file by running the following command:
ssh *protected email* < psc.config
Once authenticated, the series of appliancesh commands will be executed and then you will be automatically logged off as seen in the screenshot below.
If you have any feedback in this particular area, please leave a comment as I know both PM/Engineering are interested in hearing your thoughts and what you might want to see in the future in terms of post-configuration of the VCSA and PSC.
maazaruManuel says
Hi William,
Have you found a way to configure SSO (AD integration + Identity) without using the pi shell? (On the vCSA 6.0U1)
It's possible to do it in the shell with:
/opt/likewise/bin/domainjoin-cli join
/usr/lib/vmidentity/tools/scripts/sso-add-native-ad-idp.sh
I'm trying to do it with vRO but can't get it to work yet.
Thanks! (great blog btw!)
Manuel
Kamruddin Chowdhury says
Hi Lam,
I am trying to enable SNMP with community strings to add my VCENTER and EXTERNAL PSC to solarwinds network performance monitoring system.
But it is not working.
Solarwinds NPM IP: 10.128.150.200
Community string: DSE-Community
The takss I have done is as followed:
1. In vcenter web-client I have enabled SNMP receiver with IP, port and Community String.
2.
VCENTER COMMAND DETAILS:
vis-vcenter:~ # vi dsevis.config
vis-vcenter:~ # cat dsevis.config
snmp.set --communities DSE-Community --targets 10.128.150.200@161/DSE-Community
snmp.enable
vis-vcenter:~ # ssh *protected email* Command> Command> vis-vcenter:~ # shell
bash: shell: command not found
vis-vcenter:~ # timed out waiting for input: auto-logout
3.
EXTERNAL PSC COMMAND DETAILS:
vis-psc:~ # vi dsevis.config
vis-psc:~ # cat dsevis.config
snmp.set --communities DSE-Community --targets 10.128.150.200@161/DSE-Community
snmp.enable
vis-psc:~ # ssh *protected email* < dsevis.config
Pseudo-terminal will not be allocated because stdin is not a terminal.
The authenticity of host 'vis-psc.dsevis.com (10.228.254.23)' can't be established.
ECDSA key fingerprint is b8:d0:cb:9e:fb:3e:4b:41:03:88:9b:88:c4:af:55:9e [MD5].
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'vis-psc.dsevis.com,10.228.254.23' (ECDSA) to the list of known hosts.
VMware vCenter Server Appliance 6.0.0.10000
Type: VMware Platform Services Controller
Password:
Last login: Wed Dec 2 15:59:21 BDT 2015 from 172.16.1.40 on pts/0
Connected to service
* List APIs: "help api list"
* List Plugins: "help pi list"
* Enable BASH access: "shell.set --enabled True"
* Launch BASH: "shell"
Jeff Johnson says
Off topic a bit, but how about an article on securing the appliances with the firewall? I am considering making the move from Windows to the Appliance, but the lack of a firewall seems a bit disturbing as some of my locations have no hardware firewall available.
Hauce says
Are you aware if similar post-deployment configuration will be available in future vROps builds?