Installing and Configuring VMware vCenter Orchestrator vCenter Orchestrator 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Installing and Configuring VMware vCenter Orchestrator You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2008–2013 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents Installing and Configuring VMware vCenter Orchestrator 7 1 Introduction to VMware vCenter Orchestrator 9 Key Features of the Orchestrator Platform 9 Orchestrator User Types and Related Responsibilities Orchestrator Architecture 11 Orchestrator Plug-Ins 12 10 2 Orchestrator System Requirements 13 Hardware Requirements for Orchestrator 13 Hardware Requirements for the Orchestrator Appliance Operating Systems Supported by Orchestrator 14 Supported Directory Services 14 Browsers Supported by Orch
Installing and Configuring VMware vCenter Orchestrator Upgrading the Orchestrator Appliance Uninstall Orchestrator 33 33 5 Configuring the Orchestrator Server 35 Start the Orchestrator Configuration Service 36 Log In to the Orchestrator Configuration Interface 37 Configure the Network Connection 37 Orchestrator Network Ports 38 Import the vCenter Server SSL Certificate 39 Selecting the Authentication Type 40 Configuring vCenter Single Sign-On Settings 41 Configuring LDAP Settings 44 Configuring the Orc
Contents Managing SSL Certificates by Using the REST API 76 Delete an SSL Certificate by Using the REST API 77 Import SSL Certificates by Using the REST API 77 Importing Licenses by Using the REST API 78 Import the vCenter Server License by Using the REST API 78 Enter a License Key by Using the REST API 79 8 Additional Configuration Options 81 Change the Password of the Orchestrator Configuration Interface 81 Change the Default Configuration Ports on the Orchestrator Client Side Uninstall a Plug-In 82
Installing and Configuring VMware vCenter Orchestrator Create and Locate the js-io-rights.conf File in the Orchestrator Appliance 111 Manually Create the js-io-rights.
Installing and Configuring VMware vCenter Orchestrator Installing and Configuring VMware vCenter Orchestrator provides information and instructions about ® installing, upgrading and configuring VMware vCenter Orchestrator. Intended Audience This information is intended for advanced vSphere administrators and experienced system administrators who are familiar with virtual machine technology and datacenter operations. VMware, Inc.
Installing and Configuring VMware vCenter Orchestrator 8 VMware, Inc.
Introduction to VMware vCenter Orchestrator 1 VMware vCenter Orchestrator is a development- and process-automation platform that provides a library of extensible workflows to allow you to create and run automated, configurable processes to manage the VMware vSphere infrastructure as well as other VMware and third-party technologies. Orchestrator exposes every operation in the vCenter Server API, allowing you to integrate all of these operations into your automated processes.
Installing and Configuring VMware vCenter Orchestrator Scripting engine Workflow engine The Mozilla Rhino JavaScript engine provides a way to create new building blocks for Orchestrator Platform. The scripting engine is enhanced with basic version control, variable type checking, name space management and exception handling. It can be used in the following building blocks: n Actions n Workflows n Policies The workflow engine allows you to capture business processes.
Chapter 1 Introduction to VMware vCenter Orchestrator Developers n Managing access rights for Orchestrator and applications n Importing and exporting packages n Enabling and disabling Web views n Running workflows and scheduling tasks n Managing version control of imported elements n Creating new workflows and plug-ins This user type has full access to all of the Orchestrator platform capabilities.
Installing and Configuring VMware vCenter Orchestrator Figure 1‑1. VMware vCenter Orchestrator Architecture vCenter Orchestrator Client application browser access workflow engine vCenter Server Directory services or vCenter Single Sign On vCenter Server XML SSH Web services REST/SOAP workflow library SQL SMTP 3rd-party plug-in Orchestrator database Orchestrator Plug-Ins Plug-ins allow you to use Orchestrator to access and control external technologies and applications.
Orchestrator System Requirements 2 Your system must meet the technical requirements that are necessary for Orchestrator to work properly. For a list of the supported versions of vCenter Server, see VMware Product Interoperability Matrix.
Installing and Configuring VMware vCenter Orchestrator Operating Systems Supported by Orchestrator You can install the Orchestrator 5.5 server only on 64-bit operating systems. Orchestrator is also available as a virtual appliance running on a SUSE Linux Enterprise Server. For a list of the operating systems supported by Orchestrator, see the VMware Compatibility Guide.
Chapter 2 Orchestrator System Requirements Software Included in the Orchestrator Appliance The Orchestrator Appliance is a preconfigured virtual machine optimized for running Orchestrator. The appliance is distributed with preinstalled software. The Orchestrator Appliance package contains the following software: n SUSE Linux Enterprise Server 11 Update 1 for VMware, 64-bit edition n PostgreSQL n OpenLDAP n Orchestrator 5.
Installing and Configuring VMware vCenter Orchestrator Non-ASCII Character Support for Oracle Databases To store characters in the correct format in an Oracle database, set the NLS_CHARACTER_SET parameter to AL32UTF8 before configuring the database connection and building the table structure for Orchestrator. This setting is crucial for an internationalized environment. 16 VMware, Inc.
Setting Up Orchestrator Components 3 You can install Orchestrator on a computer running Microsoft Windows or you can download and deploy the Orchestrator Appliance. In both cases, the Orchestrator server is preconfigured, and after successful installation or deployment, the service starts automatically. To enhance the availability and scalability of your Orchestrator setup, you can follow several guidelines : Install Orchestrator on a computer different from the computer on which vCenter Server runs.
Installing and Configuring VMware vCenter Orchestrator vCenter Server Setup Increasing the number of vCenter Server instances in your Orchestrator setup causes Orchestrator to manage more sessions. Each active session results in activity on the corresponding vCenter Server, and too many active sessions can cause Orchestrator to experience timeouts when more than 10 vCenter Server connections occur. For a list of the supported versions of vCenter Server, see VMware Product Interoperability Matrix.
Chapter 3 Setting Up Orchestrator Components If you install Orchestrator separately from vCenter Server, the Orchestrator server is preconfigured to use an embedded database, which is suitable for testing purposes only. When the database is embedded, you cannot set up Orchestrator to work in cluster mode, or change the license and the server certificate from the Orchestrator configuration interface.
Installing and Configuring VMware vCenter Orchestrator 20 VMware, Inc.
Installing and Upgrading Orchestrator 4 Orchestrator consists of a server component and a client component. You can install the Orchestrator components on the machine on which vCenter Server is installed or on a separate machine. You can also download and deploy the Orchestrator Appliance. To improve performance, install the Orchestrator server component on a separate machine. You can install the Orchestrator configuration server on 64-bit Windows machines only.
Installing and Configuring VMware vCenter Orchestrator n “Upgrade Orchestrator 4.2.x and 5.1.x Standalone,” on page 28 n “Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine,” on page 29 n “Upgrading Orchestrator 4.0.
Chapter 4 Installing and Upgrading Orchestrator 5 6 Select the type of installation and click Next. Option Description Client Installs the Orchestrator client application, which allows you to create and edit workflows. Server Installs the Orchestrator server platform. Client-Server Installs the Orchestrator client and server. Select the location for the Orchestrator shortcuts and click Next. CAUTION The name of the shortcuts directory must contain only ASCII characters.
Installing and Configuring VMware vCenter Orchestrator 9 Click Done to close the installer. The Orchestrator client component is installed on your system. What to do next You can log in to the Orchestrator client interface to perform general administration tasks and create workflows.
Chapter 4 Installing and Upgrading Orchestrator 2 If the browser blocks the installation either by issuing certificate errors or by running a pop-up blocker, follow the Help instructions for your browser to resolve the problem. Download and Deploy the Orchestrator Appliance As an alternative to installing vCenter Orchestrator on a Windows computer, you can download and deploy the Orchestrator Appliance.
Installing and Configuring VMware vCenter Orchestrator 11 Review the properties of the appliance and set initial passwords for the root user account and for the vmware user in the Orchestrator Configuration interface. Your initial passwords must be at least eight characters long, and must contain at least one digit, special character, and uppercase letter. IMPORTANT The password for the root account of the Orchestrator Appliance expires after 365 days.
Chapter 4 Installing and Upgrading Orchestrator Enable or Disable SSH Administrator Login on the vCenter Orchestrator Appliance You can enable or disable the ability to log in as root to the Orchestrator Appliance using SSH. Prerequisites n Download and deploy the Orchestrator Appliance. n Verify that the appliance is up and running. Procedure 1 In a Web browser, go to https://orchestrator_appliance_ip:5480. 2 Log in as root.
Installing and Configuring VMware vCenter Orchestrator Upgrade Orchestrator 4.2.x and 5.1.x Standalone To upgrade Orchestrator 4.2.x or Orchestrator 5.1.x on a 64-bit Microsoft Windows machine that is different from the machine on which vCenter Server runs, run the latest version of the Orchestrator standalone installer. Prerequisites n Create a backup of the Orchestrator database. n Back up your Orchestrator configuration, custom workflows, and packages.
Chapter 4 Installing and Upgrading Orchestrator For example, if you have installed only the Orchestrator client, select Client and then upgrade your Orchestrator server separately. IMPORTANT The versions of the Orchestrator client and server must be the same. 9 Select the location for the Orchestrator shortcuts and click Next. CAUTION The name of the shortcuts directory must contain only ASCII characters. 10 Click Install to start the installation process. 11 Click Done to close the installer.
Installing and Configuring VMware vCenter Orchestrator 4 Import the Orchestrator Configuration on page 32 You can restore the previously exported system configuration when you reinstall Orchestrator or if a system failure occurs. Export the Orchestrator Configuration The Orchestrator configuration interface provides a mechanism to export the Orchestrator configuration settings to a local file.
Chapter 4 Installing and Upgrading Orchestrator Install Orchestrator Standalone For production environments and to enhance the scalability of your Orchestrator setup, install Orchestrator on a dedicated Windows machine. You can install the Orchestrator server only on a 64-bit operating system platform. The Orchestrator client can run on both 32-bit and 64-bit Windows machines. You can install the Orchestrator client on a 32-bit machine.
Installing and Configuring VMware vCenter Orchestrator What to do next To start configuring Orchestrator, start the VMware vCenter Orchestrator Configuration service and log in to the Orchestrator configuration interface at: https://orchestrator_server_DNS_name_or_IP_address:8283 or https://localhost:8283. Import the Orchestrator Configuration You can restore the previously exported system configuration when you reinstall Orchestrator or if a system failure occurs.
Chapter 4 Installing and Upgrading Orchestrator Upgrading the Orchestrator Appliance Orchestrator 5.5 does not allow you to perform updates of the deployed Orchestrator Appliance over the external Web, on your local area network, or from a CD-ROM. To upgrade your Orchestrator Appliance, you must deploy the latest Orchestrator Appliance and migrate your current Orchestrator configuration, plug-ins, and data to the newly deployed Orchestrator Appliance manually.
Installing and Configuring VMware vCenter Orchestrator 2 Select vCenter Orchestrator and click Remove. 3 Click Uninstall in the Uninstall vCenter Orchestrator window. A message confirms that all items have been successfully removed. 4 Click Done. Orchestrator is uninstalled from your system. 34 VMware, Inc.
5 Configuring the Orchestrator Server You can use the Orchestrator Web Configuration tool to configure the components that are related to the Orchestrator engine, such as network, database, server certificate, and so on. The correct configuration of these components ensures the proper functioning of the applications running on the Orchestrator platform. The Orchestrator Web Configuration tool is installed silently with vCenter Server or when you install Orchestrator standalone.
Installing and Configuring VMware vCenter Orchestrator You can also configure the Orchestrator server by running the configuration workflows from the Orchestrator client or when you run the configuration workflows by using the REST API. For information about configuring Orchestrator by using the Configuration plug-in workflows, see Using VMware vCenter Orchestrator Plug-Ins.
Chapter 5 Configuring the Orchestrator Server Log In to the Orchestrator Configuration Interface To start the configuration process, you must access the Orchestrator configuration interface. Prerequisites Verify that the VMware vCenter Orchestrator Configuration service is running. Procedure 1 Start the Orchestrator configuration interface.
Installing and Configuring VMware vCenter Orchestrator Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Network. 3 From the IP address drop-down menu, select the IP address to which you want to bind the Orchestrator server. Orchestrator discovers the IP address of the machine on which the server is installed. The corresponding DNS name appears. If no network name is found, the IP address appears in the DNS name text box.
Chapter 5 Configuring the Orchestrator Server External Communication Ports You must configure your firewall to allow outgoing connections so that Orchestrator can communicate with external services. Table 5‑2. VMware vCenter Orchestrator External Communication Ports Port Number Protocol Source Target Description LDAP 389 TCP Orchestrator server LDAP server The lookup port of your LDAP Authentication server.
Installing and Configuring VMware vCenter Orchestrator 4 Load the vCenter Server SSL certificate in Orchestrator from a URL address or file. Option Action Import from URL Specify the URL of the vCenter Server: https://your_vcenter_server_IP_address or your_vcenter_server_IP_address:port Import from file Obtain the vCenter Server certificate file. The file is usually available at the following locations: n n 5 C:\Documents and Settings\AllUsers\ApplicationData\VMware\VMware VirtualCenter\SSL\rui.
Chapter 5 Configuring the Orchestrator Server Configuring vCenter Single Sign-On Settings VMware vCenter Single Sign-On is an authentication service that implements the brokered authentication architectural pattern. You can configure Orchestrator to connect to a vCenter Single Sign-On server. The vCenter Single Sign-On server provides an authentication interface called Security Token Service (STS).
Installing and Configuring VMware vCenter Orchestrator 4 Load the vCenter Single Sign-On SSL certificate from a URL or a file. Option Action Import from URL Type the URL of the vCenter Single Sign-On server: https://your_vcenter_single_sign_on_server_IP_address:7444 or your_vcenter_single_sign_on_server_IP_address:7444 Import from file 5 Obtain the vCenter Single Sign-On SSL certificate file and browse to import it. Click Import. A message confirming that the import is successful appears.
Chapter 5 Configuring the Orchestrator Server 7 Complete the vCenter Single Sign-On configuration. a (Optional) Filter the list of available groups by typing search criteria in the Groups filter text box and pressing Enter. b Select a vCO Admin domain and group from the drop-down menu. c (Optional) Modify the value for the time difference between a client clock and a domain controller clock. The default clock tolerance value is 300 seconds. 8 Click Accept Orchestrator Configuration.
Installing and Configuring VMware vCenter Orchestrator Configuring LDAP Settings You can configure Orchestrator to connect to a working LDAP server on your infrastructure to manage user permissions. If you are using secure LDAP over SSL, Windows Server 2008 or 2012, and AD, verify that the LDAP Server Signing Requirements group policy is disabled on the LDAP server. If you configure Orchestrator to work with LDAP, you cannot use the Orchestrator Web Client for managing vSphere inventory objects.
Chapter 5 Configuring the Orchestrator Server 2 Click Network. 3 In the right pane, click the SSL Trust Manager tab. 4 Browse to select a certificate file to import. 5 Load the LDAP SSL certificate from a URL or a file. Option Action Import from URL Type the URL of the LDAP server: https://your_LDAP_server_IP_address or your_LDAP_server_IP_address:port Import from file 6 Obtain the LDAP SSL certificate file and browse to import it. Click Import.
Installing and Configuring VMware vCenter Orchestrator 6 (Optional) In the Secondary LDAP host text box, type the IP address or the DNS name of the host on which your secondary LDAP service runs. If the primary LDAP host becomes unavailable, Orchestrator verifies user credentials on the secondary host. 7 In the Port text box, type the value for the lookup port of your LDAP server. NOTE Orchestrator supports the Active Directory hierarchical domains structure.
Chapter 5 Configuring the Orchestrator Server Specify the Browsing Credentials Orchestrator must read your LDAP structure to inherit its properties. You can specify the credentials that Orchestrator uses to connect to an LDAP server. Prerequisites Ensure that you have a working LDAP service in your infrastructure and have generated the LDAP connection URL. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Authentication.
Installing and Configuring VMware vCenter Orchestrator 4 Specify the primary and secondary LDAP hosts, the lookup port of the LDAP server, the root element, and the browsing credentials. 5 Define the User lookup base. This is the LDAP container (the top-level domain name or organizational unit) where Orchestrator searches for potential users. a Click Search and type the top-level domain name or organizational unit.
Chapter 5 Configuring the Orchestrator Server 4 In the Request timeout text box, type a value in milliseconds. This value determines the period during which the Orchestrator server sends a query to the service directory, the directory searches, and sends a reply. If the timeout period elapses, modify this value to check whether the timeout occurs in the Orchestrator server. 5 (Optional) For all links to be followed before the search operation is performed, select the Dereference links check box.
Installing and Configuring VMware vCenter Orchestrator Configuring the Orchestrator Database Connection The Orchestrator server requires a database for storing data. The type of Orchestrator installation determines the kind of database it works with. n When you install Orchestrator standalone, the Orchestrator server is preconfigured to work with an embedded database.
Chapter 5 Configuring the Orchestrator Server You can now use SQL Server 2008 Express R2 to create and manage Orchestrator databases. What to do next Configure the Orchestrator database connection parameters. Import the Database SSL Certificate If your database uses SSL, you must import the SSL certificate to the Orchestrator configuration interface and activate secure connection between Orchestrator and the database.
Installing and Configuring VMware vCenter Orchestrator n If you are using an SQL Server database, verify that the SQL Server Browser service is running. n To store characters in the correct format in an Oracle database, set the NLS_CHARACTER_SET parameter to AL32UTF8 before configuring the database connection and building the table structure for Orchestrator. This setting is crucial for an internationalized environment.
Chapter 5 Configuring the Orchestrator Server Option Description Domain To use Windows authentication, type the domain name of the SQL Server machine, for example company.org. To use SQL authentication, leave this text box blank. This option is valid only for SQL Server and specifies whether you want to use Windows or SQL Server authentication. Use Windows authentication mode (NTLMv2) Select to send NTLMv2 responses when using Windows authentication. This option is valid only for SQL Server.
Installing and Configuring VMware vCenter Orchestrator 11 Click Apply. 12 Build or update the database as necessary and click Apply changes. You successfully configured Orchestrator to work with SQL Server Express by using Windows authentication mode. Server Certificate The Package Signing Certificate is a form of digital identification that is used to guarantee encrypted communication and a signature for your Orchestrator packages.
Chapter 5 Configuring the Orchestrator Server Create a Self-Signed Server Certificate Installing Orchestrator or deploying the Orchestrator requires that you create a certificate. You can create a self-signed certificate to guarantee encrypted communication and a signature for your packages. However, the recipient cannot be sure that the self-signed package that you are sending is in fact a package issued by your server and not a third party claiming to be you.
Installing and Configuring VMware vCenter Orchestrator Import a Server Certificate You can import a server certificate and use it with Orchestrator. IMPORTANT You can import a certificate only if you have not created a self-signed certificate. If you have already created a certificate in the database, the option to import a certificate is not available. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Server Certificate. 3 Click Import certificate database.
Chapter 5 Configuring the Orchestrator Server e Leave the View content, Add to package, and Edit contents options selected. CAUTION Do not sign the package with your current certificate. You must not encrypt the package. When you delete the certificate database, the private key is lost and the contents of the exported package become unavailable.
Installing and Configuring VMware vCenter Orchestrator Configure the Default Plug-Ins To deploy the set of default plug-ins when the Orchestrator server starts, the Orchestrator system must authenticate against an LDAP or vCenter Single Sign-On server. You first specify the administrative credentials that Orchestrator uses with the plug-ins, and enable or disable plug-ins.
Chapter 5 Configuring the Orchestrator Server 4 Text Box Description User name Enter a valid email account. This is the email account Orchestrator uses to send emails. Password Enter the password associated with the user name. From name and address Enter the sender information to appear in all emails sent by Orchestrator. Click Apply changes. Configure the SSH Plug-In You can set up the SSH plug-in to ensure encrypted connections.
Installing and Configuring VMware vCenter Orchestrator 6 (Optional) Select the Secure channel check box to establish a secure connection to your vCenter Server system. 7 In the Path text box, retain the default value, /sdk. This value is the location of the SDK that you use for connecting to your vCenter Server instance. 8 Select the method you want to use for managing user access on the vCenter Server system. Option Description Share a unique session Creates only one connection to vCenter Server.
Chapter 5 Configuring the Orchestrator Server The installed plug-in file is stored in the install_directory\app-server\plugins folder. Install a New Plug-In Distributed as a VMOAPP File After you configure the default Orchestrator plug-ins, you might want to install a new .vmoapp plug-in. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 On the General tab, click Install Application. 3 Click the magnifying glass icon. 4 Browse to locate the .vmoapp file, and click Open.
Installing and Configuring VMware vCenter Orchestrator 3 On the vCenter Server License tab, provide the details about the vCenter Server host on which Orchestrator must verify the license key. a In the Host text box, type the IP address or the DNS name of the vCenter Server host. b In the Port text box, leave the default value, 443. c (Optional) Select the Secure channel check box to establish a secure connection to the vCenter Server host. d In the Path text box, use the default value, /sdk.
Chapter 5 Configuring the Orchestrator Server Access Rights to Orchestrator Server The type of vCenter Server license you apply in the Orchestrator configuration interface determines whether you get read-only or full access to the Orchestrator server capabilities. Table 5‑4. Orchestrator Server Modes vCenter Server License Edition vCenter Orchestrator Mode Description Standard Server You are granted full read and write privileges to all Orchestrator elements. You can run and edit workflows.
Installing and Configuring VMware vCenter Orchestrator Configure an Orchestrator Cluster To increase the availability of Orchestrator services, you can configure a cluster of Orchestrator server instances. An Orchestrator cluster consists of at least two Orchestrator server instances that share one database. IMPORTANT To work properly in the cluster, all Orchestrator server instances must be configured identically with each other and must have the same plug-ins installed.
Chapter 5 Configuring the Orchestrator Server You have set up an Orchestrator cluster. What to do next You can add more Orchestrator cluster nodes. IMPORTANT When you configure Orchestrator to work in cluster mode, you must first start one of the Orchestrator servers and wait until it starts and initializes the database. A cluster node is considered running when on the Server Availability tab, the node appears under Started cluster nodes with a Running status.
Installing and Configuring VMware vCenter Orchestrator 66 VMware, Inc.
6 Configuring vCenter Orchestrator in the Orchestrator Appliance Although the Orchestrator Appliance is a preconfigured Linux-based virtual machine, you must configure the default vCenter Server plug-in as well as the other default Orchestrator plug-ins. In addition, you might also want to change the Orchestrator settings. For instructions about installing and configuring the default Mail and SSH plug-ins, see “Define the Default SMTP Connection,” on page 58 and “Configure the SSH Plug-In,” on page 59.
Installing and Configuring VMware vCenter Orchestrator Log In to the Orchestrator Configuration Interface of the Orchestrator Appliance To edit the default configuration settings of the Orchestrator server in the Orchestrator appliance and to import a server certificate, you must log in to the Orchestrator configuration interface. Prerequisites n Download and deploy the Orchestrator Appliance. n Verify that the appliance is up and running.
Chapter 6 Configuring vCenter Orchestrator in the Orchestrator Appliance 8 Select the method you want to use for managing user access on the vCenter Server system. Option Description Share a unique session Creates only one connection to vCenter Server. In the User name and Password text boxes, type the credentials for Orchestrator to use to establish the connection to the vCenter Server host.
Installing and Configuring VMware vCenter Orchestrator 4 Load the vCenter Server SSL certificate in Orchestrator from a URL or a file. Option Action Import from URL Type the URL of the vCenter Server system: https://your_vcenter_server_IP_address or your_vcenter_server_IP_address:port Import from file Obtain the vCenter Server certificate file. The file is usually available at the following locations: n n 5 C:\Documents and Settings\AllUsers\ApplicationData\VMware\VMware VirtualCenter\SSL\rui.
Configuring Orchestrator by Using the Configuration Plug-In and the REST API 7 In addition to configuring Orchestrator by using the Orchestrator Web Configuration interface, you can modify the Orchestrator server configuration settings by running workflows included in the Orchestrator Configuration plug-in. The Configuration plug-in is included by default in the Orchestrator package. You can access the Configuration plug-in workflows from either the Orchestrator workflow library or the REST API.
Installing and Configuring VMware vCenter Orchestrator For more information about configuring the Orchestrator database connection by using the Orchestrator configuration interface, see “Configure the Network Connection,” on page 37. Procedure 1 Make a GET request at the URL of the Workflow service of the Configure the network settings workflow.
Chapter 7 Configuring Orchestrator by Using the Configuration Plug-In and the REST API Option Description Configure OpenLDAP Configures OpenLDAP Configure Sun One Directory Configures Sun ONE Directory For example, to search for the workflow named Configure Active Directory, make the following GET request: GET https://{vcoHost}:{port}/vco/api/workflows?conditions=name=Configure Active Directory 2 Retrieve the definition of the workflow by making a GET request at the URL of the definition.
Installing and Configuring VMware vCenter Orchestrator Procedure 1 Make a GET request at the URL of the Configure SSO Workflow service. GET https://{vcoHost}:{port}/vco/api/workflows?conditions=name=Configure SSO 2 Retrieve the definition of the Configure SSO workflow. GET https://{vcoHost}:{port}/vco/api/workflows/9ff67fbc-411c-47c7-af80-c81b1215b516 3 Make a POST request at the URL that holds the execution objects of the Configure SSO workflow.
Chapter 7 Configuring Orchestrator by Using the Configuration Plug-In and the REST API Option Description PostgreSQL Configures Orchestrator to work with a PostgreSQL database instance Embedded Configures Orchestrator to work with the embedded database For example, to search for a workflow named Microsoft SQL Server, make the following GET request: GET https://{vcoHost}:{port}/vco/api/workflows?conditions=name=Microsoft SQL Server 2 Retrieve the definition of the workflow by making a GET request at
Installing and Configuring VMware vCenter Orchestrator Create a Self-Signed Server Certificate by Using the REST API You can create a self-signed certificate by running a workflow from the Configuration plug-in or by using the REST API. The Configuration plug-in contains a workflow for creating a certificate database and inserting a self-signed server certificate in it.
Chapter 7 Configuring Orchestrator by Using the Configuration Plug-In and the REST API Delete an SSL Certificate by Using the REST API You can delete an SSL certificate by running the Delete trusted certificate workflow of the Configuration plug-in or by using the REST API. Procedure 1 Make a GET request at the URL of the Workflow service of the Delete trusted certificate workflow.
Installing and Configuring VMware vCenter Orchestrator 4 Provide values for the input parameters of the workflow in an execution-context element of the request body. Parameter Description cer The CER file from which you want to import the SSL certificate. This parameter is applicable for the Import trusted certificate from a file workflow. url The URL from which you want to import the SSL certificate. For non-HTPS services, the supported format is IP_address_or_DNS_name:port.
Chapter 7 Configuring Orchestrator by Using the Configuration Plug-In and the REST API Enter a License Key by Using the REST API You can import a license key by running a workflow from the Configuration plug-in or by using the REST API. Procedure 1 Make a GET request at the URL of the Workflow service of the Enter license key workflow.
Installing and Configuring VMware vCenter Orchestrator 80 VMware, Inc.
Additional Configuration Options 8 You can use the Orchestrator configuration interface to change the default Orchestrator behavior.
Installing and Configuring VMware vCenter Orchestrator Change the Default Configuration Ports on the Orchestrator Client Side If you change the default network ports in the Orchestrator configuration interface, your changes are applied only on the Orchestrator server side. To connect to the server with the client, you must change the configuration of all Orchestrator client instances or connect to the server by using your Orchestrator server DNS name or IP address followed by the new https port number.
Chapter 8 Additional Configuration Options 3 Delete the .dar and .war archives for the plug-in that you want to remove. and restart the vCenter Orchestrator services. The plug-in is removed from the Orchestrator configuration interface. 4 Delete the plug-in configuration files. Option Action If you installed Orchestrator with the vCenter Server installer Go to install_directory\VMware\Infrastructure\Orchestrator\appserver\conf\plugins.
Installing and Configuring VMware vCenter Orchestrator 2 Navigate to the configuration file and open the file in a text editor. Option Action If you installed Orchestrator with the vCenter Server installer Go to install_directory\VMware\Infrastructure\Orchestrator\appserver\bin. If you installed the standalone version of Orchestrator Go to install_directory\VMware\Orchestrator\app-server\bin. If you deployed the Orchestrator Appliance Go to usr/lib/vco/app-server/bin. 3 Locate the -wrapper.ping.
Chapter 8 Additional Configuration Options Orchestrator Configuration Files When you export the system configuration, a vmo_config_dateReference.vmoconfig file is created locally on the machine on which the Orchestrator server is installed. It contains all the Orchestrator configuration data. NOTE Some of the configuration files that are created during the export are empty.
Installing and Configuring VMware vCenter Orchestrator Import the Orchestrator Configuration You can restore the previously exported system configuration when you reinstall Orchestrator or if a system failure occurs. If you use the import procedure for cloning the Orchestrator configuration, the vCenter Server plug-in configuration becomes invalid and non-working, because a new ID of the vCenter Server plug-in is generated.
Chapter 8 Additional Configuration Options 4 Fill in the Maximum number of runs text box. After you reach the maximum number of runs, the rollover process starts. If you do not want the rollover process to start, type 0 in this text box. If you type 0, your database continues to extend. 5 (Optional) To set the default login credentials, fill in the User name for automatic Web login and Password for automatic Web login text boxes.
Installing and Configuring VMware vCenter Orchestrator Orchestrator Log Files VMware Technical Support routinely requests diagnostic information from you when a support request is received by them. This diagnostic information contains product-specific logs and configuration files from the host on which the product runs. The information is gathered by using a specific script tool for each product. Table 8‑3. Orchestrator Log Files File Name Location scripting.log n n n server.
Chapter 8 Additional Configuration Options Table 8‑3. Orchestrator Log Files (Continued) File Name Location access.yyyy-mm-dd.log n n n wrapper.log n n vCenter_Orchestrator_InstallLo g.log Description If you installed Orchestrator standalone: install_directory\VMware\Orchestrator\c onfiguration\logs If you installed Orchestrator with the vCenter Server installer: install_directory\VMware\Infrastructur e\Orchestrator\configuration\logs If you deployed the Orchestrator Appliance: /var/log/vco/apps
Installing and Configuring VMware vCenter Orchestrator Non-Persistent Logs When you use a non-persistent log (system log) in your scripting, the Orchestrator server notifies all running Orchestrator applications about this log, but this information is not stored. When the application is restarted, the log information is lost. Non-persistent logs are used for debugging purposes or for live information.
Chapter 8 Additional Configuration Options Change the Size of Server Logs If a server log regenerates multiple times a day, it becomes difficult to determine what causes problems. To prevent this, you can change the default size of the server log. The default size of the server log is 5MB. Procedure 1 2 On the Orchestrator server system, navigate to the folder that contains configuration files. Option Action If you installed Orchestrator with the vCenter Server installer Go to install_directory\VMware
Installing and Configuring VMware vCenter Orchestrator Export Orchestrator Log Files Orchestrator provides a workflow that generates a ZIP archive of troubleshooting information containing configuration, server, wrapper, and installation log files. Prerequisites Verify that you created the c:/orchestrator folder at the root of the Orchestrator server system or set write access rights to another folder in which to store the generated ZIP archive.
Chapter 8 Additional Configuration Options Procedure 1 Log in as an administrator to the machine on which the Orchestrator server is installed. 2 Navigate to the log4j.xml file and open it in a text editor. 3 Option Action If you installed the standalone version of Orchestrator Go to install_directory\VMware\Orchestrator\appserver\conf\log4j.xml. If the vCenter Server installed Orchestrator Go to install_directory\VMware\Infrastructure\Orchestrator\appserver\conf\log4j.xml.
Installing and Configuring VMware vCenter Orchestrator 94 VMware, Inc.
Configuration Use Cases and Troubleshooting 9 You can configure the Orchestrator server to work with the vCenter Server appliance, you can also uninstall plug-ins from Orchestrator, or change the self-signed certificates. The configuration use cases provide task flows that you can perform to meet specific configuration requirements of your Orchestrator server system, as well as troubleshooting topics to understand and solve a problem, if a workaround exists.
Installing and Configuring VMware vCenter Orchestrator n Cloning the virtual machine on which the main Orchestrator server instance is configured. In this case, if the Orchestrator nodes are behind a load balancer configured in the vSphere Web Client, one of the Orchestrator nodes might appear in the inventory along with the load balancer. You can remove it by using the the Managed Object Browser (MOB) of the corresponding vCenter Server.
Chapter 9 Configuration Use Cases and Troubleshooting For instructions about configuring the vCenter Server plug-in, see “Configure the vCenter Server PlugIn,” on page 59. 10 Modify the network settings on both Orchestrator server instances to reflect your environment, if necessary. For instructions about configuring the Orchestrator network settings, see “Configure the Network Connection,” on page 37. 11 On Orchestrator server 2, configure and install the plug-ins that you installed in Step 4.
Installing and Configuring VMware vCenter Orchestrator Setting Up Orchestrator to Work with the vSphere Web Client You can set up Orchestrator so that you can use the vSphere Web Client to log in to Orchestrator and run workflows on the objects in your vSphere inventory. 1 Install vCenter Single Sign-On, vCenter Inventory Service, vCenter Server, and vCenter Orchestrator. Orchestrator is silently installed on your system when you install vCenter Server.
Chapter 9 Configuration Use Cases and Troubleshooting 2 Log in with your vCenter Server credentials. 3 Under Properties, click content. 4 On the Data Object Type: ServiceContent page, under Properties, click ExtensionManager. 5 On the Managed Object Type page, under Properties, click the Orchestrator extension string. extensionList["com.vmware.orchestrator.universally-unique-ID"] The universally unique ID is the ID of the Orchestrator server.
Installing and Configuring VMware vCenter Orchestrator Solution 1 Verify that the remote and the primary Orchestrator servers are up and running. 2 Log in to the Orchestrator configuration interface of the primary Orchestrator server. 3 Click Network. 4 From the IP address drop-down menu select the IP address, which corresponds to the correct subnet (do not use multi adapter addresses such as 0.0.0.0). 5 Click Apply Changes. 6 In the right pane, click the SSL Trust Manager tab.
Chapter 9 Configuration Use Cases and Troubleshooting n Back up the jssecacerts file, located at install_directory\app-server\conf\security\jssecacerts. Procedure 1 Stop the Orchestrator server service. a Select Start > Programs > Administrative Tools > Services. b In the right pane, right-click VMware vCenter Orchestrator Server and select Stop. 2 On the Windows Start menu, right-click Command Prompt, and select Run as administrator. 3 Navigate to the keytool utility at the command prompt.
Installing and Configuring VMware vCenter Orchestrator Install a Certificate from a Certificate Authority To install a signed certificate from a Certificate Authority you must obtain an SSL certificate from a CA and import it in your local keystore. Prerequisites Generate a new SSL certificate. Procedure 1 Create a certificate signing request by running the following command in the Java utility. keytool -certreq -dunes -keypass "dunesdunes" -keystore "install_directory\app-server\conf\security\jssecacerts
Chapter 9 Configuration Use Cases and Troubleshooting 7 Browse and select Trusted Root Certification Authorities. 8 Complete the wizard and restart Internet Explorer. 9 Navigate to the Orchestrator server over your SSL connection. You no longer receive warnings and you do not receive a Certificate Error on the right within the address bar. Other applications and systems (such as VMware Service Manager) must have access to the Orchestrator SOAP and REST APIs over SSL connection.
Installing and Configuring VMware vCenter Orchestrator Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 On the General tab, click Export Configuration. 3 (Optional) Type a password to protect the configuration file. Use the same password when you import the configuration. 4 Click Export. 5 Log in to the Orchestrator client application. 6 Create a package that contains all the Orchestrator elements that you created or edited. a Click the Packages view.
Chapter 9 Configuration Use Cases and Troubleshooting 9 Import the exported package to the new Orchestrator instance. a Log in to the Orchestrator client application of the new Orchestrator instance. b From the drop-down menu in the Orchestrator client, select Administer. c Click the Packages view. d Right-click within the left pane and select Import package. e Browse to select the package that you want to import and click Open. Certificate information about the exporter appears.
Installing and Configuring VMware vCenter Orchestrator n Orchestrator and vCenter Server run on a shared host with less than 4GB of RAM. n The Orchestrator database runs on the same host as Orchestrator. n Orchestrator is installed in a directory whose name contains non-ASCII characters. Solution If you installed Orchestrator standalone, verify that your system has at least 2GB of RAM. If you installed Orchestrator silently with vCenter Server, verify that your system has at least 4GB of RAM.
Setting System Properties 10 You can set system properties to change the default Orchestrator behavior.
Installing and Configuring VMware vCenter Orchestrator 3 Add the following line to the vmo.properties configuration file. #Disable Orchestrator client connection com.vmware.o11n.smart-client-disabled = true 4 Save the vmo.properties file. 5 Restart the Orchestrator server. You disabled access to the Orchestrator client to all users other than members of the Orchestrator administrator group.
Chapter 10 Setting System Properties Setting Server File System Access for Workflows and JavaScript Orchestrator limits access to the server file system from workflows and JavaScript to specific directories. You can extend access to other parts of the server file system by modifying the js-io-rights.conf Orchestrator configuration file. The js-io-rights.conf file is created when a workflow tries to access the Orchestrator server file system. If the js-io-rights.
Installing and Configuring VMware vCenter Orchestrator The first two lines in the default js-io-rights.conf configuration file allow the following access rights: -rwx / All access to the file system is denied. +rwx /var/run/vco Read, write, and execute access is permitted in the /var/run/vco directory. Rules in the js-io-rights.conf File Orchestrator resolves access rights in the order they appear in the js-io-rights.conf file. Each line can override the previous lines. In the default js-io-rights.
Chapter 10 Setting System Properties You modified the access rights to the file system from workflows and from the Orchestrator API. Create and Locate the js-io-rights.conf File in the Orchestrator Appliance The js-io-rights.conf file is created when a workflow tries to access the Orchestrator server file system. You cannot create the js-io-rights.conf file manually in an Orchestrator Appliance instance. Run a workflow that accesses the Orchestrator server file system and locate the js-io-rights.
Installing and Configuring VMware vCenter Orchestrator 2 Navigate to the Orchestrator configuration directory. Option Action If you installed Orchestrator with the vCenter Server installer Go to install_directory\VMware\Infrastructure\Orchestrator\appserver\conf. If you installed Orchestrator standalone Go to install_directory\VMware\Orchestrator\app-server\conf. 3 Create the js-io-rights.conf file and open it in a text editor. 4 Type the default contents of the js-io-rights.conf file.
Chapter 10 Setting System Properties 4 Save the vmo.properties file. 5 Restart the Orchestrator server. You granted permissions to Orchestrator applications to run local commands in the Orchestrator server host operating system. NOTE By setting the com.vmware.js.allow-local-process system property to true, you allow the Command scripting class to write anywhere in the file system. This property overrides any file system access permissions that you set in the js-io-rights.
Installing and Configuring VMware vCenter Orchestrator The JavaScript engine has access to the Java classes that you specified. Set Custom Timeout Property When vCenter is overloaded, it takes more time to return the response to the Orchestrator server than the 20000 milliseconds set by default. To prevent this situation, you must modify the Orchestrator configuration file to increase the default timeout period.
Chapter 10 Setting System Properties Procedure 1 Navigate to the plug-in configuration folder on the Orchestrator server system. This folder contains an XML configuration file for each plug-in you have installed in the Orchestrator server. Option Action If you installed Orchestrator with the vCenter Server installer Go to install_directory\VMware\Infrastructure\Orchestrator\appserver\conf\plugins. If you installed the standalone version of Orchestrator Go to install_directory\VMware\Orchestrator\apps
Installing and Configuring VMware vCenter Orchestrator 3 Set the com.vmware.vco.workflow-engine.executors-count and com.vmware.vco.workflowengine.executors-max-queue-size properties by adding the following lines to the vmo.properies file. com.vmware.vco.workflow-engine.executors-count=200 com.vmware.vco.workflow-engine.executors-max-queue-size=5000 4 Save the vmo.properties file. 5 Restart the Orchestrator server. You set the maximum values for concurrent and pending workflows.
Where to Go From Here 11 When you have installed and configured vCenter Orchestrator, you can use Orchestrator to automate frequently repeated processes related to the management of the virtual environment. n Log in to the Orchestrator client, run, and schedule workflows on the vCenter Server inventory objects or other objects that Orchestrator accesses through its plug-ins. n Publish the weboperator Web view and provide browser access to Orchestrator workflows to users and user groups.
Installing and Configuring VMware vCenter Orchestrator 2 Click Start > Programs > VMware > vCenter Orchestrator Client. 3 In the Host name field, type the IP address to which Orchestrator server is bound. To check the IP address, log in to the Orchestrator configuration interface and check the IP settings on the Network tab. 4 Log in by using the Orchestrator user name and password.
Chapter 11 Where to Go From Here 2 Click Start Orchestrator Client. 3 Type the IP or the domain name of the Orchestrator Appliance in the Host name text box. The IP address of the Orchestrator Appliance is displayed by default. 4 Log in by using the Orchestrator client user name and password.
Installing and Configuring VMware vCenter Orchestrator n Password: vcoadmin If you are using vCenter Single Sign On or another directory service as an authentication method, type the respective credentials to log in to the Orchestrator client. You see the workflow library tree and you can run and monitor workflow runs.
Index A D add, certificate 102 additional configuration options 81 assign static IP 27 audience 7 authentication settings settings 72 authentication type 40 availability 17 data migration 32 database connection parameters 51 import SSL certificate 51 installation 18 Oracle 18 server size 18 setup 18 SQL Server 18 SQL Server Express 18 default password 106 default ports command port 38 data port 38 HTTP port 38 HTTPS port 38 LDAP port 38 LDAP with Global Catalog 38 LDAP with SSL 38 lookup port 38 messagi
Installing and Configuring VMware vCenter Orchestrator filter attributes 48 filtering, Orchestrator log files 92 G generate a certificate 100 get a certificate signed by a CA 102 H hardware requirements, Orchestrator Appliance 13 high availability 95 I i18n support 15 ignore referrals 48 import license 78 SSL certificate 99 import SSL certificate, vCenter Single SignOn 41 import vCenter Server license 61 install .dar plug-in 60 .
Index login 117 start 120 Orchestrator client, download 120 Orchestrator client, install 120 Orchestrator elements, back up 103 Orchestrator installed on a 64-bit machine 29 Orchestrator overview 9 Orchestrator plug-ins 12 OS 15 overview of, vCenter Single Sign-On 41 P password 81 persistence 9 plug-ins removing a plug-in 82 searching 114 plug-ins configuration Mail plug-in 58 SSH plug-in 59 vCenter Server plug-in 59, 68 policy engine 9 power on 26 R server certificate CA-signed 54, 55 exporting 55, 56
Installing and Configuring VMware vCenter Orchestrator user permissions 40 user roles 10 V vCenter Server downloading the installer 22 extension manager 98 managed object browser 98 vCenter Server license 61 vCenter Single Sign-On advanced registration 43 import SSL certificate 41 register Orchestrator 97 running in the vCenter Server Appliance 97 simple registration 42 unregister Orchestrator 99 vCO appliance, change password 26 versioning 9 virtual machine console, installing 24 VMware vCenter Orchestra
