5.5.1

ManualsBrandsVMware ManualsApplicationsvCenter Orchestrator

Table Of Contents

Installing and Configuring VMware vCenter Orchestrator

Installing and Configuring VMware

vCenter Orchestrator

vCenter Orchestrator 5.5.1

This document supports the version of each product listed and

supports all subsequent versions until the document is

replaced by a new edition. To check for more recent editions

of this document, see http://www.vmware.com/support/pubs.

EN-001339-01

Summary of content (128 pages)

PAGE 1
Installing and Configuring VMware vCenter Orchestrator vCenter Orchestrator 5.5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
PAGE 2
Installing and Configuring VMware vCenter Orchestrator You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2008–2014 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
PAGE 3
Contents Installing and Configuring VMware vCenter Orchestrator 7 1 Updated Infromation 9 2 Introduction to VMware vCenter Orchestrator 11 Key Features of the Orchestrator Platform 11 Orchestrator User Types and Related Responsibilities 12 Orchestrator Architecture 13 Orchestrator Plug-Ins 14 3 Orchestrator System Requirements 15 Hardware Requirements for Orchestrator 15 Hardware Requirements for the Orchestrator Appliance Operating Systems Supported by Orchestrator 16 Supported Directory Services 16 B
PAGE 4
Installing and Configuring VMware vCenter Orchestrator Upgrade Orchestrator Standalone 32 Updating Orchestrator Appliance 5.5.x 34 Upgrading Orchestrator Appliance 5.1.x and Earlier to 5.5.
PAGE 5
Contents Register Orchestrator as a vCenter Single Sign-On Solution by Using the REST API 75 Configure the Database Connection by Using the REST API 76 Create a Self-Signed Server Certificate by Using the REST API 78 Managing SSL Certificates by Using the REST API 78 Delete an SSL Certificate by Using the REST API 79 Import SSL Certificates by Using the REST API 79 Importing Licenses by Using the REST API 80 Import the vCenter Server License by Using the REST API 80 Enter a License Key by Using the REST
PAGE 6
Installing and Configuring VMware vCenter Orchestrator Setting Server File System Access for Workflows and JavaScript 113 Rules in the js-io-rights.conf File Permitting Write Access to the Orchestrator System Set Server File System Access for Workflows and JavaScript 114 Create and Locate the js-io-rights.conf File in the Orchestrator Appliance 115 Manually Create the js-io-rights.
PAGE 7
Installing and Configuring VMware vCenter Orchestrator Installing and Configuring VMware vCenter Orchestrator provides information and instructions about ® installing, upgrading and configuring VMware vCenter Orchestrator. Intended Audience This information is intended for advanced vSphere administrators and experienced system administrators who are familiar with virtual machine technology and datacenter operations. VMware, Inc.
PAGE 8
Installing and Configuring VMware vCenter Orchestrator 8 VMware, Inc.
PAGE 9
Updated Infromation 1 This vCenter Orchestrator Installation and Configuration Guide is updated with each release of the product or when necessary. This table provides the update history of the vCenter Orchestrator Installation and Configuration Guide. Revision Description EN-001339-01 Added information about in-place updates of Orchestrator 5.5.x in “Updating Orchestrator Appliance 5.5.x,” on page 34. EN-001339-00 Initial release. VMware, Inc.
PAGE 10
Installing and Configuring VMware vCenter Orchestrator 10 VMware, Inc.
PAGE 11
Introduction to VMware vCenter Orchestrator 2 VMware vCenter Orchestrator is a development- and process-automation platform that provides a library of extensible workflows to allow you to create and run automated, configurable processes to manage the VMware vSphere infrastructure as well as other VMware and third-party technologies. Orchestrator exposes every operation in the vCenter Server API, allowing you to integrate all of these operations into your automated processes.
PAGE 12
Installing and Configuring VMware vCenter Orchestrator Scripting engine Workflow engine The Mozilla Rhino JavaScript engine provides a way to create new building blocks for Orchestrator Platform. The scripting engine is enhanced with basic version control, variable type checking, name space management and exception handling. It can be used in the following building blocks: n Actions n Workflows n Policies The workflow engine allows you to capture business processes.
PAGE 13
Chapter 2 Introduction to VMware vCenter Orchestrator Developers n Managing access rights for Orchestrator and applications n Importing and exporting packages n Enabling and disabling Web views n Running workflows and scheduling tasks n Managing version control of imported elements n Creating new workflows and plug-ins This user type has full access to all of the Orchestrator platform capabilities.
PAGE 14
Installing and Configuring VMware vCenter Orchestrator Figure 2‑1. VMware vCenter Orchestrator Architecture vCenter Orchestrator Client application browser access workflow engine vCenter Server Directory services or vCenter Single Sign On vCenter Server XML SSH Web services REST/SOAP workflow library SQL SMTP 3rd-party plug-in Orchestrator database Orchestrator Plug-Ins Plug-ins allow you to use Orchestrator to access and control external technologies and applications.
PAGE 15
Orchestrator System Requirements 3 Your system must meet the technical requirements that are necessary for Orchestrator to work properly. For a list of the supported versions of vCenter Server, see VMware Product Interoperability Matrix.
PAGE 16
Installing and Configuring VMware vCenter Orchestrator Operating Systems Supported by Orchestrator You can install the Orchestrator server only on 64-bit operating systems. Orchestrator is also available as a virtual appliance running on a SUSE Linux Enterprise Server. For a list of the operating systems supported by Orchestrator, see the VMware Compatibility Guide.
PAGE 17
Chapter 3 Orchestrator System Requirements Software Included in the Orchestrator Appliance The Orchestrator Appliance is a preconfigured virtual machine optimized for running Orchestrator. The appliance is distributed with preinstalled software.
PAGE 18
Installing and Configuring VMware vCenter Orchestrator Non-ASCII Character Support for Oracle Databases To store characters in the correct format in an Oracle database, set the NLS_CHARACTER_SET parameter to AL32UTF8 before configuring the database connection and building the table structure for Orchestrator. This setting is crucial for an internationalized environment. 18 VMware, Inc.
PAGE 19
Setting Up Orchestrator Components 4 You can install Orchestrator on a computer running Microsoft Windows or you can download and deploy the Orchestrator Appliance. In both cases, the Orchestrator server is preconfigured, and after successful installation or deployment, the service starts automatically. To enhance the availability and scalability of your Orchestrator setup, you can follow several guidelines : Install Orchestrator on a computer different from the computer on which vCenter Server runs.
PAGE 20
Installing and Configuring VMware vCenter Orchestrator vCenter Server Setup Increasing the number of vCenter Server instances in your Orchestrator setup causes Orchestrator to manage more sessions. Each active session results in activity on the corresponding vCenter Server, and too many active sessions can cause Orchestrator to experience timeouts when more than 10 vCenter Server connections occur. For a list of the supported versions of vCenter Server, see VMware Product Interoperability Matrix.
PAGE 21
Chapter 4 Setting Up Orchestrator Components If you install Orchestrator separately from vCenter Server, the Orchestrator server is preconfigured to use an embedded database, which is suitable for testing purposes only. When the database is embedded, you cannot set up Orchestrator to work in cluster mode, or change the license and the server certificate from the Orchestrator configuration interface.
PAGE 22
Installing and Configuring VMware vCenter Orchestrator 22 VMware, Inc.
PAGE 23
Installing and Upgrading Orchestrator 5 Orchestrator consists of a server component and a client component. You can install the Orchestrator components on the machine on which vCenter Server is installed or on a separate machine. You can also download and deploy the Orchestrator Appliance. To improve performance, install the Orchestrator server component on a separate machine. You can install the Orchestrator configuration server on 64-bit Windows machines only.
PAGE 24
Installing and Configuring VMware vCenter Orchestrator n “Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine,” on page 30 n “Upgrading Orchestrator 4.0.x and Migrating the Configuration Data,” on page 32 n “Upgrade Orchestrator Standalone,” on page 32 n “Updating Orchestrator Appliance 5.5.x,” on page 34 n “Upgrading Orchestrator Appliance 5.1.x and Earlier to 5.5.
PAGE 25
Chapter 5 Installing and Upgrading Orchestrator Procedure 1 Start the Orchestrator installer. In the directory containing the installer, browse to the download_directory\vCenter-Server\vCO\ folder and double-click vCenterOrchestrator.exe. The file contains installers for the client and the server components. 2 Click Next. 3 Accept the terms in the license agreement and click Next. 4 Either accept the default destination folders or click Change to select another location, and click Next.
PAGE 26
Installing and Configuring VMware vCenter Orchestrator 4 Accept the terms in the license agreement and click Next. 5 Either accept the default destination folders or click Change to select another location, and click Next. CAUTION You cannot install Orchestrator in a directory whose name contains non-ASCII characters. If you are operating in a locale that features non-ASCII characters, you must install Orchestrator in the default location.
PAGE 27
Chapter 5 Installing and Upgrading Orchestrator Procedure 1 In the vSphere Web Client, navigate to a link to download the Client Integration Plug-in. Option Description vSphere Web Client login page a b Guest OS Details panel This option is not available for browsers that run on a Mac OS. a Select a virtual machine in the inventory and click the Summary tab. b Click Download Plug-in.
PAGE 28
Installing and Configuring VMware vCenter Orchestrator 9 10 Select a format in which you want to save the appliance's virtual disk and the storage. Format Description Thick provisioned Lazy Zeroed Creates a virtual disk in a default thick format. The space required for the virtual disk is allocated when the virtual disk is created. If any data remains on the physical device, it is not erased during creation, but is zeroed out on demand later on first write from the virtual machine.
PAGE 29
Chapter 5 Installing and Upgrading Orchestrator Change the Root Password For security reasons, you can change the root password of the Orchestrator Appliance. IMPORTANT The password for the root account of the Orchestrator Appliance expires after 365 days. You can increase the expiry time for an account by logging in to the Orchestrator Appliance as root, and running passwd -x number_of_days name_of_account.
PAGE 30
Installing and Configuring VMware vCenter Orchestrator n Verify that the appliance is up and running. Procedure 1 In a Web browser, go to https://orchestrator_appliance_ip:5480. 2 Log in as root. 3 On the Network tab, click Address. 4 Select the method by which the appliance obtains IP address settings. Option Description DHCP Obtains IP settings from a DHCP server. This is the default setting. Static Uses static IP settings. Type the IP address, netmask, and gateway.
PAGE 31
Chapter 5 Installing and Upgrading Orchestrator Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 On the General tab, click Export Configuration. 3 (Optional) Type a password to protect the configuration file. Use the same password when you import the configuration. 4 Click Export. Orchestrator creates a vmo_config_dateReference.vmoconfig file on the machine on which the Orchestrator server is installed. You can use this file to clone or to restore the system.
PAGE 32
Installing and Configuring VMware vCenter Orchestrator 5 Select whether to override the Orchestrator internal certificate and network settings. Select the check box only if you want to restore your Orchestrator configuration and the .vmoconfig file is the backup file of the same Orchestrator configuration. If you import the configuration to duplicate the Orchestrator environment, for example for scaling purposes, leave the check box unselected.
PAGE 33
Chapter 5 Installing and Upgrading Orchestrator 2 3 (Optional) Back up your Orchestrator plug-in files and their configurations so that you can import them after the upgrade. Option Action To back up the plug-ins Copy the files from install_directory\VMware\Orchestrator\appserver\server\vmo\plugins to your backup location. To back up the plug-in configurations Copy the files from install_directory\VMware\Orchestrator\appserver\server\vmo\conf\plugins to your backup location.
PAGE 34
Installing and Configuring VMware vCenter Orchestrator 14 Reimport the SSL certificate for the licensed vCenter Server and start the Orchestrator server. 15 On the Plug-ins tab, click Reload all plug-ins. 16 On the Startup Options tab, click Restart the vCO Configuration server. 17 Click Start service to start the Orchestrator server. You upgraded to the latest version of Orchestrator. The existing Orchestrator configuration is preserved. Updating Orchestrator Appliance 5.5.
PAGE 35
Chapter 5 Installing and Upgrading Orchestrator 6 Update the database of the new Orchestrator Appliance. See “Configure the Database Connection,” on page 53. 7 Replace the IP address of the new Orchestrator Appliance with the IP address of your previous Orchestrator Appliance manually. See “Configure the Network Connection,” on page 39. 8 Restart the vCenter Orchestrator Configuration service.
PAGE 36
Installing and Configuring VMware vCenter Orchestrator Procedure 1 From the Windows Start menu, select Settings > Control Panel > Add or Remove Programs. 2 Select vCenter Orchestrator and click Remove. 3 Click Uninstall in the Uninstall vCenter Orchestrator window. A message confirms that all items have been successfully removed. 4 Click Done. Orchestrator is uninstalled from your system. 36 VMware, Inc.
PAGE 37
6 Configuring the Orchestrator Server You can use the Orchestrator Web Configuration tool to configure the components that are related to the Orchestrator engine, such as network, database, server certificate, and so on. The correct configuration of these components ensures the proper functioning of the applications running on the Orchestrator platform. The Orchestrator Web Configuration tool is installed silently with vCenter Server or when you install Orchestrator standalone.
PAGE 38
Installing and Configuring VMware vCenter Orchestrator You can also configure the Orchestrator server by running the configuration workflows from the Orchestrator client or when you run the configuration workflows by using the REST API. For information about configuring Orchestrator by using the Configuration plug-in workflows, see Using VMware vCenter Orchestrator Plug-Ins.
PAGE 39
Chapter 6 Configuring the Orchestrator Server Log In to the Orchestrator Configuration Interface To start the configuration process, you must access the Orchestrator configuration interface. Prerequisites Verify that the VMware vCenter Orchestrator Configuration service is running. Procedure 1 Start the Orchestrator configuration interface.
PAGE 40
Installing and Configuring VMware vCenter Orchestrator Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Network. 3 From the IP address drop-down menu, select the IP address to which you want to bind the Orchestrator server. Orchestrator discovers the IP address of the machine on which the server is installed. The corresponding DNS name appears. If no network name is found, the IP address appears in the DNS name text box.
PAGE 41
Chapter 6 Configuring the Orchestrator Server External Communication Ports You must configure your firewall to allow outgoing connections so that Orchestrator can communicate with external services. Table 6‑2. VMware vCenter Orchestrator External Communication Ports Port Number Protocol Source Target Description LDAP 389 TCP Orchestrator server LDAP server The lookup port of your LDAP Authentication server.
PAGE 42
Installing and Configuring VMware vCenter Orchestrator 4 Load the vCenter Server SSL certificate in Orchestrator from a URL address or file. Option Action Import from URL Specify the URL of the vCenter Server: https://your_vcenter_server_IP_address or your_vcenter_server_IP_address:port Import from file Obtain the vCenter Server certificate file. The file is usually available at the following locations: n n 5 C:\Documents and Settings\AllUsers\ApplicationData\VMware\VMware VirtualCenter\SSL\rui.
PAGE 43
Chapter 6 Configuring the Orchestrator Server Configuring vCenter Single Sign-On Settings VMware vCenter Single Sign-On is an authentication service that implements the brokered authentication architectural pattern. You can configure Orchestrator to connect to a vCenter Single Sign-On server. The vCenter Single Sign-On server provides an authentication interface called Security Token Service (STS).
PAGE 44
Installing and Configuring VMware vCenter Orchestrator 4 Load the vCenter Single Sign-On SSL certificate from a URL or a file. Option Action Import from URL Type the URL of the vCenter Single Sign-On server: https://your_vcenter_single_sign_on_server_IP_address:7444 or your_vcenter_single_sign_on_server_IP_address:7444 Import from file 5 Obtain the vCenter Single Sign-On SSL certificate file and browse to import it. Click Import. A message confirming that the import is successful appears.
PAGE 45
Chapter 6 Configuring the Orchestrator Server 7 Complete the vCenter Single Sign-On configuration. a (Optional) Filter the list of available groups by typing search criteria in the Groups filter text box and pressing Enter. b Select a vCO Admin domain and group from the drop-down menu. c (Optional) Modify the value for the time difference between a client clock and a domain controller clock. The default clock tolerance value is 300 seconds. 8 Click Accept Orchestrator Configuration.
PAGE 46
Installing and Configuring VMware vCenter Orchestrator Configuring LDAP Settings You can configure Orchestrator to connect to a working LDAP server on your infrastructure to manage user permissions. If you are using secure LDAP over SSL, Windows Server 2008 or 2012, and AD, verify that the LDAP Server Signing Requirements group policy is disabled on the LDAP server. If you configure Orchestrator to work with LDAP, you cannot use the Orchestrator Web Client for managing vSphere inventory objects.
PAGE 47
Chapter 6 Configuring the Orchestrator Server 2 Click Network. 3 In the right pane, click the SSL Trust Manager tab. 4 Browse to select a certificate file to import. 5 Load the LDAP SSL certificate from a URL or a file. Option Action Import from URL Type the URL of the LDAP server: https://your_LDAP_server_IP_address or your_LDAP_server_IP_address:port Import from file 6 Obtain the LDAP SSL certificate file and browse to import it. Click Import.
PAGE 48
Installing and Configuring VMware vCenter Orchestrator 6 (Optional) In the Secondary LDAP host text box, type the IP address or the DNS name of the host on which your secondary LDAP service runs. If the primary LDAP host becomes unavailable, Orchestrator verifies user credentials on the secondary host. 7 In the Port text box, type the value for the lookup port of your LDAP server. NOTE Orchestrator supports the Active Directory hierarchical domains structure.
PAGE 49
Chapter 6 Configuring the Orchestrator Server Specify the Browsing Credentials Orchestrator must read your LDAP structure to inherit its properties. You can specify the credentials that Orchestrator uses to connect to an LDAP server. Prerequisites Ensure that you have a working LDAP service in your infrastructure and have generated the LDAP connection URL. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Authentication.
PAGE 50
Installing and Configuring VMware vCenter Orchestrator 4 Specify the primary and secondary LDAP hosts, the lookup port of the LDAP server, the root element, and the browsing credentials. 5 Define the User lookup base. This is the LDAP container (the top-level domain name or organizational unit) where Orchestrator searches for potential users. a Click Search and type the top-level domain name or organizational unit.
PAGE 51
Chapter 6 Configuring the Orchestrator Server 4 In the Request timeout text box, type a value in milliseconds. This value determines the period during which the Orchestrator server sends a query to the service directory, the directory searches, and sends a reply. If the timeout period elapses, modify this value to check whether the timeout occurs in the Orchestrator server. 5 (Optional) For all links to be followed before the search operation is performed, select the Dereference links check box.
PAGE 52
Installing and Configuring VMware vCenter Orchestrator Configuring the Orchestrator Database Connection The Orchestrator server requires a database for storing data. The type of Orchestrator installation determines the kind of database it works with. n When you install Orchestrator standalone, the Orchestrator server is preconfigured to work with an embedded database.
PAGE 53
Chapter 6 Configuring the Orchestrator Server What to do next Configure the Orchestrator database connection parameters. Import the Database SSL Certificate If your database uses SSL, you must import the SSL certificate to the Orchestrator configuration interface and activate secure connection between Orchestrator and the database. You can import the database SSL certificate from the SSL Trust Manager tab in the Orchestrator configuration interface. Prerequisites n Configure your database for SSL access.
PAGE 54
Installing and Configuring VMware vCenter Orchestrator n To prevent possible transactional deadlocks when the database is Microsoft SQL Server database, set the ALLOW_SNAPSHOT_ISOLATION and READ_COMMITTED_SNAPSHOT database options on. n To avoid an ORA-01450 error when using the Oracle database, verify that you have configured the database block size properly. The minimum allowed size depends on the block size your Oracle database index is using.
PAGE 55
Chapter 6 Configuring the Orchestrator Server Option Description Domain To use Windows authentication, type the domain name of the SQL Server machine, for example company.org. To use SQL authentication, leave this text box blank. This option is valid only for SQL Server and specifies whether you want to use Windows or SQL Server authentication. Use Windows authentication mode (NTLMv2) Select to send NTLMv2 responses when using Windows authentication. This option is valid only for SQL Server.
PAGE 56
Installing and Configuring VMware vCenter Orchestrator 11 Click Apply. 12 Build or update the database as necessary and click Apply changes. You successfully configured Orchestrator to work with SQL Server Express by using Windows authentication mode. Server Certificate The Package Signing Certificate is a form of digital identification that is used to guarantee encrypted communication and a signature for your Orchestrator packages.
PAGE 57
Chapter 6 Configuring the Orchestrator Server Create a Self-Signed Server Certificate Installing Orchestrator or deploying the Orchestrator requires that you create a certificate. You can create a self-signed certificate to guarantee encrypted communication and a signature for your packages. However, the recipient cannot be sure that the self-signed package that you are sending is in fact a package issued by your server and not a third party claiming to be you.
PAGE 58
Installing and Configuring VMware vCenter Orchestrator Import a Server Certificate You can import a server certificate and use it with Orchestrator. IMPORTANT You can import a certificate only if you have not created a self-signed certificate. If you have already created a certificate in the database, the option to import a certificate is not available. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Server Certificate. 3 Click Import certificate database.
PAGE 59
Chapter 6 Configuring the Orchestrator Server e Leave the View content, Add to package, and Edit contents options selected. CAUTION Do not sign the package with your current certificate. You must not encrypt the package. When you delete the certificate database, the private key is lost and the contents of the exported package become unavailable.
PAGE 60
Installing and Configuring VMware vCenter Orchestrator Configure the Orchestrator Plug-Ins To deploy the standard set of plug-ins when the Orchestrator server starts, the Orchestrator system must authenticate against an LDAP or vCenter Single Sign-On server. You first specify the administrative credentials that Orchestrator uses with the plug-ins, and enable or disable plug-ins.
PAGE 61
Chapter 6 Configuring the Orchestrator Server 4 Text Box Description User name Enter a valid email account. This is the email account Orchestrator uses to send emails. Password Enter the password associated with the user name. From name and address Enter the sender information to appear in all emails sent by Orchestrator. Click Apply changes. Configure the SSH Plug-In You can set up the SSH plug-in to ensure encrypted connections.
PAGE 62
Installing and Configuring VMware vCenter Orchestrator 6 (Optional) Select the Secure channel check box to establish a secure connection to your vCenter Server system. 7 In the Path text box, retain the default value, /sdk. This value is the location of the SDK that you use for connecting to your vCenter Server instance. 8 Select the method you want to use for managing user access on the vCenter Server system. Option Description Share a unique session Creates only one connection to vCenter Server.
PAGE 63
Chapter 6 Configuring the Orchestrator Server The installed plug-in file is stored in the install_directory\app-server\plugins folder. Install a New Plug-In Distributed as a VMOAPP File After you configure the default Orchestrator plug-ins, you might want to install a new .vmoapp plug-in. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 On the General tab, click Install Application. 3 Click the magnifying glass icon. 4 Browse to locate the .vmoapp file, and click Open.
PAGE 64
Installing and Configuring VMware vCenter Orchestrator 3 On the vCenter Server License tab, provide the details about the vCenter Server host on which Orchestrator must verify the license key. a In the Host text box, type the IP address or the DNS name of the vCenter Server host. b In the Port text box, leave the default value, 443. c (Optional) Select the Secure channel check box to establish a secure connection to the vCenter Server host. d In the Path text box, use the default value, /sdk.
PAGE 65
Chapter 6 Configuring the Orchestrator Server Access Rights to Orchestrator Server The type of vCenter Server license you apply in the Orchestrator configuration interface determines whether you get read-only or full access to the Orchestrator server capabilities. Table 6‑4. Orchestrator Server Modes vCenter Server License Edition vCenter Orchestrator Mode Description Standard Server You are granted full read and write privileges to all Orchestrator elements. You can run and edit workflows.
PAGE 66
Installing and Configuring VMware vCenter Orchestrator Configure an Orchestrator Cluster To increase the availability of Orchestrator services, you can configure a cluster of Orchestrator server instances. An Orchestrator cluster consists of at least two Orchestrator server instances that share one database. IMPORTANT To work properly in the cluster, all Orchestrator server instances must be configured identically with each other and must have the same plug-ins installed.
PAGE 67
Chapter 6 Configuring the Orchestrator Server You have set up an Orchestrator cluster. What to do next You can add more Orchestrator cluster nodes. IMPORTANT When you configure Orchestrator to work in cluster mode, you must first start one of the Orchestrator servers and wait until it starts and initializes the database. A cluster node is considered running when on the Server Availability tab, the node appears under Started cluster nodes with a Running status.
PAGE 68
Installing and Configuring VMware vCenter Orchestrator 68 VMware, Inc.
PAGE 69
7 Configuring vCenter Orchestrator in the Orchestrator Appliance Although the Orchestrator Appliance is a preconfigured Linux-based virtual machine, you must configure the default vCenter Server plug-in as well as the other default Orchestrator plug-ins. In addition, you might also want to change the Orchestrator settings. For instructions about installing and configuring the default Mail and SSH plug-ins, see “Define the Default SMTP Connection,” on page 60 and “Configure the SSH Plug-In,” on page 61.
PAGE 70
Installing and Configuring VMware vCenter Orchestrator Log In to the Orchestrator Configuration Interface of the Orchestrator Appliance To edit the default configuration settings of the Orchestrator server in the Orchestrator appliance and to import a server certificate, you must log in to the Orchestrator configuration interface. Prerequisites n Download and deploy the Orchestrator Appliance. n Verify that the appliance is up and running.
PAGE 71
Chapter 7 Configuring vCenter Orchestrator in the Orchestrator Appliance 8 Select the method you want to use for managing user access on the vCenter Server system. Option Description Share a unique session Creates only one connection to vCenter Server. In the User name and Password text boxes, type the credentials for Orchestrator to use to establish the connection to the vCenter Server host.
PAGE 72
Installing and Configuring VMware vCenter Orchestrator 4 Load the vCenter Server SSL certificate in Orchestrator from a URL or a file. Option Action Import from URL Type the URL of the vCenter Server system: https://your_vcenter_server_IP_address or your_vcenter_server_IP_address:port Import from file Obtain the vCenter Server certificate file. The file is usually available at the following locations: n n 5 C:\Documents and Settings\AllUsers\ApplicationData\VMware\VMware VirtualCenter\SSL\rui.
PAGE 73
Configuring Orchestrator by Using the Configuration Plug-In and the REST API 8 In addition to configuring Orchestrator by using the Orchestrator Web Configuration interface, you can modify the Orchestrator server configuration settings by running workflows included in the Orchestrator Configuration plug-in. The Configuration plug-in is included by default in the Orchestrator package. You can access the Configuration plug-in workflows from either the Orchestrator workflow library or the REST API.
PAGE 74
Installing and Configuring VMware vCenter Orchestrator For more information about configuring the Orchestrator database connection by using the Orchestrator configuration interface, see “Configure the Network Connection,” on page 39. Procedure 1 Make a GET request at the URL of the Workflow service of the Configure the network settings workflow.
PAGE 75
Chapter 8 Configuring Orchestrator by Using the Configuration Plug-In and the REST API Option Description Configure OpenLDAP Configures OpenLDAP Configure Sun One Directory Configures Sun ONE Directory For example, to search for the workflow named Configure Active Directory, make the following GET request: GET https://{vcoHost}:{port}/vco/api/workflows?conditions=name=Configure Active Directory 2 Retrieve the definition of the workflow by making a GET request at the URL of the definition.
PAGE 76
Installing and Configuring VMware vCenter Orchestrator Procedure 1 Make a GET request at the URL of the Configure SSO Workflow service. GET https://{vcoHost}:{port}/vco/api/workflows?conditions=name=Configure SSO 2 Retrieve the definition of the Configure SSO workflow. GET https://{vcoHost}:{port}/vco/api/workflows/9ff67fbc-411c-47c7-af80-c81b1215b516 3 Make a POST request at the URL that holds the execution objects of the Configure SSO workflow.
PAGE 77
Chapter 8 Configuring Orchestrator by Using the Configuration Plug-In and the REST API Option Description PostgreSQL Configures Orchestrator to work with a PostgreSQL database instance Embedded Configures Orchestrator to work with the embedded database For example, to search for a workflow named Microsoft SQL Server, make the following GET request: GET https://{vcoHost}:{port}/vco/api/workflows?conditions=name=Microsoft SQL Server 2 Retrieve the definition of the workflow by making a GET request at
PAGE 78
Installing and Configuring VMware vCenter Orchestrator Create a Self-Signed Server Certificate by Using the REST API You can create a self-signed certificate by running a workflow from the Configuration plug-in or by using the REST API. The Configuration plug-in contains a workflow for creating a certificate database and inserting a self-signed server certificate in it.
PAGE 79
Chapter 8 Configuring Orchestrator by Using the Configuration Plug-In and the REST API Delete an SSL Certificate by Using the REST API You can delete an SSL certificate by running the Delete trusted certificate workflow of the Configuration plug-in or by using the REST API. Procedure 1 Make a GET request at the URL of the Workflow service of the Delete trusted certificate workflow.
PAGE 80
Installing and Configuring VMware vCenter Orchestrator 4 Provide values for the input parameters of the workflow in an execution-context element of the request body. Parameter Description cer The CER file from which you want to import the SSL certificate. This parameter is applicable for the Import trusted certificate from a file workflow. url The URL from which you want to import the SSL certificate. For non-HTPS services, the supported format is IP_address_or_DNS_name:port.
PAGE 81
Chapter 8 Configuring Orchestrator by Using the Configuration Plug-In and the REST API Enter a License Key by Using the REST API You can import a license key by running a workflow from the Configuration plug-in or by using the REST API. Procedure 1 Make a GET request at the URL of the Workflow service of the Enter license key workflow.
PAGE 82
Installing and Configuring VMware vCenter Orchestrator 82 VMware, Inc.
PAGE 83
Additional Configuration Options 9 You can use the Orchestrator configuration interface to change the default Orchestrator behavior.
PAGE 84
Installing and Configuring VMware vCenter Orchestrator Change the Default Configuration Ports on the Orchestrator Client Side If you change the default network ports in the Orchestrator configuration interface, your changes are applied only on the Orchestrator server side. To connect to the server with the client, you must change the configuration of all Orchestrator client instances or connect to the server by using your Orchestrator server DNS name or IP address followed by the new https port number.
PAGE 85
Chapter 9 Additional Configuration Options 3 Delete the .dar and .war archives for the plug-in that you want to remove. and restart the vCenter Orchestrator services. The plug-in is removed from the Orchestrator configuration interface. 4 Delete the plug-in configuration files. Option Action If you installed Orchestrator with the vCenter Server installer Go to install_directory\VMware\Infrastructure\Orchestrator\appserver\conf\plugins.
PAGE 86
Installing and Configuring VMware vCenter Orchestrator 2 Navigate to the configuration file and open the file in a text editor. Option Action If you installed Orchestrator with the vCenter Server installer Go to install_directory\VMware\Infrastructure\Orchestrator\appserver\bin. If you installed the standalone version of Orchestrator Go to install_directory\VMware\Orchestrator\app-server\bin. If you deployed the Orchestrator Appliance Go to usr/lib/vco/app-server/bin. 3 Locate the -wrapper.ping.
PAGE 87
Chapter 9 Additional Configuration Options Orchestrator Configuration Files When you export the system configuration, a vmo_config_dateReference.vmoconfig file is created locally on the machine on which the Orchestrator server is installed. It contains all the Orchestrator configuration data. NOTE Some of the configuration files that are created during the export are empty.
PAGE 88
Installing and Configuring VMware vCenter Orchestrator Import the Orchestrator Configuration You can restore the previously exported system configuration when you reinstall Orchestrator or if a system failure occurs. If you use the import procedure for cloning the Orchestrator configuration, the vCenter Server plug-in configuration becomes invalid and non-working, because a new ID of the vCenter Server plug-in is generated.
PAGE 89
Chapter 9 Additional Configuration Options 4 Fill in the Maximum number of runs text box. After you reach the maximum number of runs, the rollover process starts. If you do not want the rollover process to start, type 0 in this text box. If you type 0, your database continues to extend. 5 (Optional) To set the default login credentials, fill in the User name for automatic Web login and Password for automatic Web login text boxes.
PAGE 90
Installing and Configuring VMware vCenter Orchestrator Orchestrator Log Files VMware Technical Support routinely requests diagnostic information from you when a support request is received by them. This diagnostic information contains product-specific logs and configuration files from the host on which the product runs. The information is gathered by using a specific script tool for each product. Table 9‑3. Orchestrator Log Files File Name Location scripting.log n n n server.
PAGE 91
Chapter 9 Additional Configuration Options Table 9‑3. Orchestrator Log Files (Continued) File Name Location access.yyyy-mm-dd.log n n n wrapper.log n n vCenter_Orchestrator_InstallLo g.log Description If you installed Orchestrator standalone: install_directory\VMware\Orchestrator\c onfiguration\logs If you installed Orchestrator with the vCenter Server installer: install_directory\VMware\Infrastructur e\Orchestrator\configuration\logs If you deployed the Orchestrator Appliance: /var/log/vco/apps
PAGE 92
Installing and Configuring VMware vCenter Orchestrator Non-Persistent Logs When you use a non-persistent log (system log) in your scripting, the Orchestrator server notifies all running Orchestrator applications about this log, but this information is not stored. When the application is restarted, the log information is lost. Non-persistent logs are used for debugging purposes or for live information.
PAGE 93
Chapter 9 Additional Configuration Options Change the Size of Server Logs If a server log regenerates multiple times a day, it becomes difficult to determine what causes problems. To prevent this, you can change the default size of the server log. The default size of the server log is 5MB. Procedure 1 2 On the Orchestrator server system, navigate to the folder that contains configuration files. Option Action If you installed Orchestrator with the vCenter Server installer Go to install_directory\VMware
PAGE 94
Installing and Configuring VMware vCenter Orchestrator Export Orchestrator Log Files Orchestrator provides a workflow that generates a ZIP archive of troubleshooting information containing configuration, server, wrapper, and installation log files. Prerequisites Verify that you created the c:/orchestrator folder at the root of the Orchestrator server system or set write access rights to another folder in which to store the generated ZIP archive.
PAGE 95
Chapter 9 Additional Configuration Options Procedure 1 Log in as an administrator to the machine on which the Orchestrator server is installed. 2 Navigate to the log4j.xml file and open it in a text editor. 3 Option Action If you installed the standalone version of Orchestrator Go to install_directory\VMware\Orchestrator\appserver\conf\log4j.xml. If the vCenter Server installed Orchestrator Go to install_directory\VMware\Infrastructure\Orchestrator\appserver\conf\log4j.xml.
PAGE 96
Installing and Configuring VMware vCenter Orchestrator 96 VMware, Inc.
PAGE 97
Configuration Use Cases and Troubleshooting 10 You can configure the Orchestrator server to work with the vCenter Server appliance, you can also uninstall plug-ins from Orchestrator, or change the self-signed certificates. The configuration use cases provide task flows that you can perform to meet specific configuration requirements of your Orchestrator server system, as well as troubleshooting topics to understand and solve a problem, if a workaround exists.
PAGE 98
Installing and Configuring VMware vCenter Orchestrator n Cloning the virtual machine on which the main Orchestrator server instance is configured. In this case, if the Orchestrator nodes are behind a load balancer configured in the vSphere Web Client, one of the Orchestrator nodes might appear in the inventory along with the load balancer. You can remove it by using the the Managed Object Browser (MOB) of the corresponding vCenter Server.
PAGE 99
Chapter 10 Configuration Use Cases and Troubleshooting 12 Verify that both Orchestrator server instances have identical configurations and configure the plug-ins on Orchestrator server 2 identically with the plug-ins on Orchestrator server 1. 13 On the vCenter Server tab of the Orchestrator configuration interface of Orchestrator server 2, type the credentials that Orchestrator server 2 must use to establish the connection to the vCenter Server instance.
PAGE 100
Installing and Configuring VMware vCenter Orchestrator b In the Admin user name and the Admin password text boxes, type the credentials of the root user of the vCenter Server Appliance. c Click Register Orchestrator. d Complete the registration by selecting the vCO Admin domain and group from the drop-down menu.
PAGE 101
Chapter 10 Configuration Use Cases and Troubleshooting Check Whether Orchestrator Is Successfully Registered as an Extension After you register Orchestrator server with vCenter Single Sign-On and configure it to work with vCenter Server, you can check whether Orchestrator is successfully registered as an extension with vCenter Server. Procedure 1 In a Web browser navigate to the managed object browser of your vCenter Server instance.
PAGE 102
Installing and Configuring VMware vCenter Orchestrator Enable Orchestrator for Remote Workflow Execution Remote workflow execution might not start. Problem When you try to run a remote workflow from one Orchestrator server over another Orchestrator server, the workflow might not start. Cause Orchestrator does not permit the usage of the default SSL certificates. After you install or upgrade Orchestrator, a new self-signed certificate is generated.
PAGE 103
Chapter 10 Configuration Use Cases and Troubleshooting You can also receive a certificate warning when you start the Orchestrator client and attempt to connect to the Orchestrator server over an SSL connection. You can resolve the problem by installing a certificate signed by a commercial certificate authority (CA) or by creating a certificate that matches your Orchestrator server name and then importing the certificate in your local keystore.
PAGE 104
Installing and Configuring VMware vCenter Orchestrator 9 When prompted for the password for dunes, press Enter to use the same password as the keystore password (dunesdunes). 10 Log in to the Orchestrator configuration interface as vmware and start the Orchestrator server service. a In the Orchestrator configuration interface, click the Startup Options tab. b Click Start service. What to do next You can create a signing request and submit the certificate to a Certificate Authority.
PAGE 105
Chapter 10 Configuration Use Cases and Troubleshooting Adding the Certificate to the Local Store After you get a certificate from a CA or create a certificate that matches your Orchestrator server name, you must add the certificate to your local store so that you can work with the Orchestrator configuration interface or Web views without receiving certificate warnings or error messages. This workflow describes the process to add the certificate to your local store in Internet Explorer.
PAGE 106
Installing and Configuring VMware vCenter Orchestrator You successfully changed the certificate of the Orchestrator Appliance management site. Back Up the Orchestrator Configuration and Elements You can take a snapshot of your Orchestrator configuration and import this configuration into a new Orchestrator instance to back up your Orchestrator configuration. You can also back up the Orchestrator elements that you modified.
PAGE 107
Chapter 10 Configuration Use Cases and Troubleshooting e f 8 (Optional) To apply restrictions for the contents of the exported package, deselect the options as required. Option Description Export version history The version history of the package is not exported. Export the values of the configuration settings The attribute values of the configuration elements in the package are not exported. Export global tags The global tags in the package are not exported. Click Save.
PAGE 108
Installing and Configuring VMware vCenter Orchestrator i j From the drop-down menu, choose whether you want to import tags from the package. Option Description Import tags but preserve existing values Import tags from the package without overwriting existing tag values. Import tags and overwrite existing values Import tags from the package and overwrite their values. Do not import tags Do not import tags from the package. Click Import selected elements.
PAGE 109
Chapter 10 Configuration Use Cases and Troubleshooting Verify that the Orchestrator database is running on a dedicated server. Verify that the Orchestrator components are configured properly and that all of the status indicators in the configuration interface display a green circle. Revert to the Default Password for Orchestrator Configuration If the default password for the Orchestrator configuration interface is changed, you cannot retrieve it because Orchestrator uses encryption to encode passwords.
PAGE 110
Installing and Configuring VMware vCenter Orchestrator 110 VMware, Inc.
PAGE 111
Setting System Properties 11 You can set system properties to change the default Orchestrator behavior.
PAGE 112
Installing and Configuring VMware vCenter Orchestrator 3 Add the following line to the vmo.properties configuration file. #Disable Orchestrator client connection com.vmware.o11n.smart-client-disabled = true 4 Save the vmo.properties file. 5 Restart the Orchestrator server. You disabled access to the Orchestrator client to all users other than members of the Orchestrator administrator group.
PAGE 113
Chapter 11 Setting System Properties Setting Server File System Access for Workflows and JavaScript Orchestrator limits access to the server file system from workflows and JavaScript to specific directories. You can extend access to other parts of the server file system by modifying the js-io-rights.conf Orchestrator configuration file. The js-io-rights.conf file is created when a workflow tries to access the Orchestrator server file system. If the js-io-rights.
PAGE 114
Installing and Configuring VMware vCenter Orchestrator The first two lines in the default js-io-rights.conf configuration file allow the following access rights: -rwx / All access to the file system is denied. +rwx /var/run/vco Read, write, and execute access is permitted in the /var/run/vco directory. Rules in the js-io-rights.conf File Orchestrator resolves access rights in the order they appear in the js-io-rights.conf file. Each line can override the previous lines. In the default js-io-rights.
PAGE 115
Chapter 11 Setting System Properties You modified the access rights to the file system from workflows and from the Orchestrator API. Create and Locate the js-io-rights.conf File in the Orchestrator Appliance The js-io-rights.conf file is created when a workflow tries to access the Orchestrator server file system. You cannot create the js-io-rights.conf file manually in an Orchestrator Appliance instance. Run a workflow that accesses the Orchestrator server file system and locate the js-io-rights.
PAGE 116
Installing and Configuring VMware vCenter Orchestrator 2 Navigate to the Orchestrator configuration directory. Option Action If you installed Orchestrator with the vCenter Server installer Go to install_directory\VMware\Infrastructure\Orchestrator\appserver\conf. If you installed Orchestrator standalone Go to install_directory\VMware\Orchestrator\app-server\conf. 3 Create the js-io-rights.conf file and open it in a text editor. 4 Type the default contents of the js-io-rights.conf file.
PAGE 117
Chapter 11 Setting System Properties 4 Save the vmo.properties file. 5 Restart the Orchestrator server. You granted permissions to Orchestrator applications to run local commands in the Orchestrator server host operating system. NOTE By setting the com.vmware.js.allow-local-process system property to true, you allow the Command scripting class to write anywhere in the file system. This property overrides any file system access permissions that you set in the js-io-rights.
PAGE 118
Installing and Configuring VMware vCenter Orchestrator The JavaScript engine has access to the Java classes that you specified. Set Custom Timeout Property When vCenter is overloaded, it takes more time to return the response to the Orchestrator server than the 20000 milliseconds set by default. To prevent this situation, you must modify the Orchestrator configuration file to increase the default timeout period.
PAGE 119
Chapter 11 Setting System Properties Procedure 1 Navigate to the plug-in configuration folder on the Orchestrator server system. This folder contains an XML configuration file for each plug-in you have installed in the Orchestrator server. Option Action If you installed Orchestrator with the vCenter Server installer Go to install_directory\VMware\Infrastructure\Orchestrator\appserver\conf\plugins. If you installed the standalone version of Orchestrator Go to install_directory\VMware\Orchestrator\apps
PAGE 120
Installing and Configuring VMware vCenter Orchestrator 3 Set the com.vmware.vco.workflow-engine.executors-count and com.vmware.vco.workflowengine.executors-max-queue-size properties by adding the following lines to the vmo.properies file. com.vmware.vco.workflow-engine.executors-count=200 com.vmware.vco.workflow-engine.executors-max-queue-size=5000 4 Save the vmo.properties file. 5 Restart the Orchestrator server. You set the maximum values for concurrent and pending workflows.
PAGE 121
Where to Go From Here 12 When you have installed and configured vCenter Orchestrator, you can use Orchestrator to automate frequently repeated processes related to the management of the virtual environment. n Log in to the Orchestrator client, run, and schedule workflows on the vCenter Server inventory objects or other objects that Orchestrator accesses through its plug-ins. n Publish the weboperator Web view and provide browser access to Orchestrator workflows to users and user groups.
PAGE 122
Installing and Configuring VMware vCenter Orchestrator 2 Click Start > Programs > VMware > vCenter Orchestrator Client. 3 In the Host name field, type the IP address to which Orchestrator server is bound. To check the IP address, log in to the Orchestrator configuration interface and check the IP settings on the Network tab. 4 Log in by using the Orchestrator user name and password.
PAGE 123
Chapter 12 Where to Go From Here 3 Type the IP or the domain name of the Orchestrator Appliance in the Host name text box. The IP address of the Orchestrator Appliance is displayed by default. 4 Log in by using the Orchestrator client user name and password.
PAGE 124
Installing and Configuring VMware vCenter Orchestrator n Password: vcoadmin If you are using vCenter Single Sign On or another directory service as an authentication method, type the respective credentials to log in to the Orchestrator client. You see the workflow library tree and you can run and monitor workflow runs.
PAGE 125
Index A D add, certificate 105 additional configuration options 83 assign static IP 29 audience 7 authentication settings settings 74 authentication type 42 availability 19 data migration 32 database connection parameters 53 import SSL certificate 53 installation 20 Oracle 20 server size 20 setup 20 SQL Server 20 SQL Server Express 20 default password 109 default ports command port 40 data port 40 HTTP port 40 HTTPS port 40 LDAP port 40 LDAP with Global Catalog 40 LDAP with SSL 40 lookup port 40 messagi
PAGE 126
Installing and Configuring VMware vCenter Orchestrator filter attributes 50 filtering, Orchestrator log files 94 G generate a certificate 103 get a certificate signed by a CA 104 H hardware requirements, Orchestrator Appliance 15 high availability 97 I i18n support 17 ignore referrals 50 import license 80 SSL certificate 102 import SSL certificate, vCenter Single SignOn 43 import vCenter Server license 63 install .dar plug-in 62 .
PAGE 127
Index Orchestrator client, download 124 Orchestrator client, install 124 Orchestrator elements, back up 106 Orchestrator installed on a 64-bit machine 30 Orchestrator overview 11 Orchestrator plug-ins 14 OS 17 overview of, vCenter Single Sign-On 43 P password 83 persistence 11 plug-ins removing a plug-in 84 searching 118 plug-ins configuration Mail plug-in 60 SSH plug-in 61 vCenter Server plug-in 61, 70 policy engine 11 power on 28 R exporting 57, 58 importing 58 removing 58 self-signed 56, 57 server lo
PAGE 128
Installing and Configuring VMware vCenter Orchestrator V vCenter Server downloading the installer 24 extension manager 101 managed object browser 101 vCenter Server license 63 vCenter Single Sign-On advanced registration 45 import SSL certificate 43 register Orchestrator 99 running in the vCenter Server Appliance 99 simple registration 44 unregister Orchestrator 101 vCO appliance, change password 29 versioning 11 virtual machine console, installing 26 VMware vCenter Orchestrator Server, installing as Windo