WilliamLam.com

Quickly Configuring the New vCenter Orchestrator 5.1 Appliance

by // 5 Comments

Have you checked out the latest release of vCenter Orchestrator 5.1? If not, you should really consider taking a look as there are number of significant enhancements in this release. Deploying the vCO 5.1 virtual appliance is a quick and easy way of getting started and that is what I used to test drive the new vCO 5.1. One thing I noticed after deploying the appliance is that vCO now requires a few more steps for configuration and that means more clicking and longer wait before I can get started!

As you probably may have guessed, I had to look for a better way of setting up vCO so that I can get started faster! As far as I knew, there were no configuration utilities or APIs that I could leverage and all configuration changes had to be done through the vCO configuration web interface. After clicking around for a bit, I realized I could "ghetto" it by just sending in the raw HTTP requests the UI was performing. I ended up writing a very simple shell script and using Firebug, a very handy tool that I used from time to time to help me figure out what each request looked like.

Disclaimer: This is for educational purposes only, this is not officially supported by VMware. Please test this in a development environment before using it on actual systems.

You can download the script here called configureVCO51.sh

To use the script, you just need a machine with curl, you do not need to copy the script to your vCO server. You will need to edit the following variables in the script before executing:

VCO_IP_ADDRESS=172.30.0.203
VCO_DEFAULT_USERNAME=vmware
VCO_DEFAULT_PASSWORD=vmware
VCO_NEW_PASSWORD=vmware123
VCENTER_IP_ADDRESS=172.30.0.181
SSO_IP_ADDRESS=172.30.0.181
VCENTER_USERNAME=root
VCENTER_PASSWORD=vmware

The variables should be pretty self explanatory, you will need to provide the IP Address of your vCO Server and the default username/password for the vCO 5.1 appliance is vmware/vmware. You will need to specify the new password that you wish to set and then provide information about your vCenter Server as well as your vCenter SSO Server. In this example, I used the VCSA.

Note: The script currently assumes you will be using System-Domain\__Administrators__ as the admin group, if you decided to user another group, you will need to edit the confirmSSOServer section of the script. I also used the VCSA

Here is an example execution of the script:

The numbers on the left hand side of each task is the HTTP return code and as you can see, the script not only setups the vCO appliance but also enables the vCenter Server vCO plugin as well as adding in your vCenter Server 5.1 and then automatically restarting the vCO service for all changes to take effect. I timed my script versus a manual configuration (assuming you know exactly what to do), I was still able to get everything configured in less than 1.5minutes where as the manual clicking and waiting took almost 5minutes (remember, I knew exactly what to click on which means it could take even longer!).

At the end of the script, you should be presented with two URLs: one that takes you straight to the vCO configuration web interface in case you wanted to check or verify the settings and the other is the vSphere Web Client URL for your vCenter Server.

Here is a screenshot of the vCO configuration interface, we can see that everything is showing green for it's status:

Here is a screenshot of the vSphere Web Client and we can see that our vCO Server has been configured and is now accessible to us within vCenter Server.

This script can easily be modified to perform other operations within vCO (e.g. enabling other plugins/configurations), this was just a sample of what you could do. To add or modify other functionality, you just need to use Firebug and watch for the specific HTTP request that is made while you are manually performing the task in the vCO configuration interface. For more details on setting up the new vCO 5.1 appliance, I highly recommend you check out Christophe Decanni's vCenter Server & vCenter Orchestrator 5.1 integration tips doc.

Additional Resources: 

Configuring Additional VCSA 5.1 as vSphere Web Client Servers

by // 6 Comments

In my previous article, I showed you how to configure additional vSphere Web Client 5.1 Servers for a Windows environment. For those interested in using the VCSA (vCenter Server Appliance) instead to configure additional vSphere Web Client Servers, here is the process.

Disclaimer: This is for educational purposes only, this is not officially supported by VMware. Please test this in a development environment before using it on actual systems.

Before getting started, it is very important to ensure you have proper DNS resolution (forward / reverse working) on all your VCSA's.

Step 1 - You will need to know the IP Address or hostname of your vCenter SSO Server (If you are using the VCSA, then it is the same address as your vCenter Server). Next, deploy a brand new VCSA and go ahead and configure the IP Address, hostname, etc. in preparation for the next step.

Step 2 - Create a script called configureVCSAvSphereWebClientStandalone.sh (this script reside on the new VCSA itself or on a remote host) which contains the following

#!/bin/bash
# William Lam
# www.virtuallyghetto.com

# User Configurations

VCENTER_SSO_IPADDRESS=172.30.0.181

## DO NOT EDIT BEYOND HERE ##

echo "Adding Lookup Service URL to /etc/vmware/ls_url.txt & /etc/vmware-sso/ls_url.txt"
echo "https://${VCENTER_SSO_IPADDRESS}:7444/lookupservice/sdk" > /etc/vmware/ls_url.txt;echo "https://${VCENTER_SSO_IPADDRESS}:7444/lookupservice/sdk" > /etc/vmware-sso/ls_url.txt;

echo "Retrieving ${VCENTER_SSO_IPADDRESS} SSL Certificate"
echo "" | openssl s_client -connect ${VCENTER_SSO_IPADDRESS}:7444 2> /dev/null 1> /tmp/cert

echo "Storing ${VCENTER_SSO_IPADDRESS} SSL Certificate in /etc/ssl/certs/VMware-Lookup-Service-Root-CA.pem"
openssl x509 -in /tmp/cert > /etc/ssl/certs/VMware-Lookup-Service-Root-CA.pem

echo "Registering vSphere Web Client with ${VCENTER_SSO_IPADDRESS}"
/usr/lib/vmware-vsphere-client/vsphere-client-sso-hook install --ls-server https://${VCENTER_SSO_IPADDRESS}:7444/lookupservice/sdk --user root --password vmware

 
You will need to change the VCENTER_SSO_IPADDRESS variable to the address of your vCenter SSO Server.

Step 3 - Set the script to executable by running the following command:

chmod +x configureVCSAvSphereWebClientStandalone.sh

Step 4 - You can either execute the script locally on the VCSA or my preferred method is just to execute it remotely by running the following command:

ssh [email protected] < configureVCSAvSphereWebClientStandalone.sh

Note: Make sure to replace the IP Address with address of your VCSA

As part of the configuration, the vSphere Web Client service will automatically start up at the very end. Once the service has successfully started, you will be able to connect to the vSphere Web Client URL by going to https://[webclient-hostname-ip]:9443/vsphere-client and you now should be able to see all the vCenter Servers that have registered with the same vCenter SSO server.

Here is another view using the new VIN 1.2 (vSphere Infrastructure Navigator) to show that I have two vSphere Web Client servers (webclient1 and webclient2) registered to my primary vCenter SSO Server (vcenter51-1) as well as two additional vCenter Server (vcenter51-2 and vcenter51-3) that are also registered with the same SSO Server.

As you can see, if you need to add additional vSphere Web Client Servers, the VCSA can easily be configured to enable only this feature to help you scale out and provide additional capacity as well as redundancy. Stay tuned for some more details on configuring a Load Balancer to load balance multiple vSphere Web Client Servers.

Additional Resources: 

 

Default Password for vCenter SSO Admin Account on VCSA

by // 14 Comments

I thought I share this quick tidbit about the VCSA (vCenter Server Appliance) default password for the vCenter SSO Administrator account as I was just asked about it today and this was something I had research just earlier in the week. In the Windows version of vCenter SSO installation, users are prompted during the install to select a password for this account, you might have seen it show up as admin@System-Domain. For the VCSA, vCenter SSO is already installed and you might be wondering what the default password is?

Well, the answer is ... there is no default password. During the installation process, there is a random password that is generated and once the installation is complete, the password is then immediately removed. This is a good thing from a security perspective, by not having a default password set. This account is not only a vCenter SSO Administrator but it also the only account that has access to the internal RSA IMS system. You should definitely go in and set a password for this account after setting up your VCSA which can only be done through the vSphere Web Client.

Here are the steps:

1. Click on the Administration tab on the left hand side of the vSphere Web Client navigation bar.

2. Next click on "SSO Users ad Groups" and you should see the admin user account.

3. Lastly, you just need to right click and edit the user or select the pencil icon and set a password for the admin user account. Be sure to use a strong password, as there is a password validation before the system accepts the change.

Big thanks goes out to Michael Haines for helping me track down this answer about the default (or not so default) password for the admin account on the VCSA.