Vma 51 Guide

7/23/2019 Vma 51 Guide

1/36

vSphere Management Assistant GuidevSphere 5.1

This document supports the version of each product listed and

supports all subsequent versions until the document is replaced

by a new edition. To check for more recent editions of thisdocument, see http://www.vmware.com/support/pubs.

EN-000852-00
http://www.vmware.com/support/pubshttp://www.vmware.com/support/pubs

7/23/2019 Vma 51 Guide

2/36

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

[email protected]

Copyright 20082012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright andintellectual property laws. VMware products are covered by one or more patents listed at

http://www.vmware.com/go/patents .VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marksand names mentioned herein may be trademarks of their respective companies.

VMware, Inc.

3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

2 VMware, Inc.

vSphere Management Assistant Guide
http://www.vmware.com/supportmailto:[email protected]://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentsmailto:[email protected]://www.vmware.com/supporthttp://www.vmware.com/support/

7/23/2019 Vma 51 Guide

3/36

VMware, Inc. 3

Contents

About

This

Book 5

1 IntroductiontovMA 7vMACapabilities 7

vMAComponentOverview 8

vSphereAuthenticationMechanism 8

vMASamples 9

vMAUseCases 9

WritingorConvertingScripts 9

WritingorConvertingAgents 9

2 GettingStartedwithvMA 11HardwareRequirements 12

SoftwareRequirements 12

RequiredAuthentication Information 12

DeployvMA 13

ConfigurevMAatFirstBoot 13

vMAConsoleandWebUI 14

ConfigurevMAforActiveDirectoryAuthentication 15

ConfigureUnattendedAuthenticationforActiveDirectoryTargets 15

TroubleshootingUnattendedAuthentication 16

EnabletheviuserAccount 16

vMAUserAccountPrivileges 17

AddTarget

Servers

to

vMA 17

RunningvSphereCLIfortheTargets 20

ReconfigureaTargetServer 20

RemoveTargetServersfromvMA 21

ModifyingScripts 21

ConfigurevMAtoUseaStaticIPAddress 22

ConfigureaStaticIPAddressfromtheConsole 22

ConfigureaStaticIPAddressfromtheWebUI 23

ConfigurevMAtoUseaDHCPServer 23

ConfigurevMAtoUseaDHCPServerfromtheConsole 23

ConfigurevMAtoUseaDHCPServerfromtheWebUI 23

SettingtheTimeZone 24

SettingtheTimeZonefromtheConsole 24SettingtheTimeZonefromtheWebUI 24

ShutDownvMA 24

DeletevMA 24

TroubleshootingvMA 25

UpdatevMA 26

ConfigureAutomaticvMAUpdates 26

3 vMAInterfaces 27vMAInterfaceOverview 27

vifptargetCommandforvifastpassInitialization 27

7/23/2019 Vma 51 Guide

4/36


4 VMware, Inc.

vifpTargetManagementCommands 28

vifpaddserver 28

vifpremoveserver 29

vifprotatepassword 30

vifplistservers 31

vifpreconfigure 32

TargetManagementExampleSequence 32

Using

the

VmaTargetLib

Library 33VmaTargetLibReference 33

EnumeratingTargets 33

QueryingTargets 33

Programmatic Login 34

Programmatic Logout 34

Index 35

7/23/2019 Vma 51 Guide

5/36

VMware, Inc. 5

ThevSphereManagementAssistantGuideexplainshowtodeployandusevMAandincludesreference

informationforvMACLIsandlibraries.

Toviewthecurrentversionofthisbook,aswellasallVMwareAPIandSDKdocumentation, goto

http://www.vmware.com/support/pubs/sdk_pubs.html .

Revision History

Thisbook,thevSphereManagementAssistantGuide,isrevisedwitheachreleaseoftheproductorwhen

necessary.Arevisedversioncancontainminorormajorchanges.Table 1summarizesthesignificantchanges

ineachversionofthisbook.

Intended Audience

ThisbookisforadministratorsanddeveloperswithsomeexperiencesettingupaLinuxsystemandworking

inaLinuxenvironment.AdministratorscanusethevMAautomatedauthenticationfacilitiesandthesoftware

packagedwithvMAtointeractwithESXihostsandvCenterServersystems.Developerscancreateagentsthat

interactwithESXihostsandvCenterServersystems.

About This Book

NOTE

Thetopicsinwhichthisdocumentationusestheproductname ESXi areapplicabletoallsupportedreleasesofESXandESXi.

Table 1. Revision History

Revision Description

10SEP2012 vMA5.1release

20JAN2012 Chapter2,sectionConfigureUnattendedAuthenticationforActiveDirectoryTargetsisupdated.

24AUG2011 vMA5.0release.

13JUL2010 vMA4.1release

16NOV2009 Chapter1isenhancedtoprovidedetailsaboutvMAsenhancedcapabilities,authenticationmechanismsandthechangestothesamples.

Chapter2providesinformationaboutconfiguringvMAforActiveDirectory.Italsoexplainshowtoreconfigureatargetserver.

Chapter3providesinformationaboutthenewvifptargetandvifp reconfigurecommands.ItalsodescribestheVmaTargetLiblibrary.

21MAY2009 vMA4.0documentation

27OCT2008 VIMA1.0documentation
http://www.vmware.com/support/pubs/sdk_pubs.htmlhttp://www.vmware.com/support/pubs/sdk_pubs.html

7/23/2019 Vma 51 Guide

6/36


6 VMware, Inc.

VMware Technical Publications Glossary

VMwareTechnicalPublicationsprovidesaglossaryoftermsthatmightbeunfamiliartoyou.Fordefinitions

oftermsastheyareusedinVMwaretechnicaldocumentationgotohttp://www.vmware.com/support/pubs.

Document Feedback

VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Sendyourfeedbackto

[email protected] .

Technical Support and Education Resources

Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Toaccessthecurrentversions

ofotherVMwarebooks,gotohttp://www.vmware.com/support/pubs.

Online and Telephone Support

Touseonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and

registeryourproducts,gotohttp://www.vmware.com/support .

Support OfferingsTofindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds,goto

http://www.vmware.com/support/services .

VMware Professional Services

VMwareEducationServicescoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerials

designedtobeusedasonthejobreferencetools.Coursesareavailableonsite,intheclassroom,andlive

online.Foronsitepilotprograms andimplementation bestpractices,VMwareConsultingServicesprovides

offeringsto helpyouassess,plan,build,andmanageyourvirtualenvironment.Toaccessinformationabout

educationclasses,certificationprograms,andconsultingservices,gotohttp://www.vmware.com/services.
http://www.vmware.com/support/pubsmailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]://www.vmware.com/support/pubshttp://www.vmware.com/supporthttp://www.vmware.com/support/serviceshttp://www.vmware.com/services/http://www.vmware.com/support/pubshttp://www.vmware.com/services/http://www.vmware.com/support/serviceshttp://www.vmware.com/supporthttp://www.vmware.com/support/pubsmailto:[email protected]

7/23/2019 Vma 51 Guide

7/36

VMware, Inc. 7

1

ThevSphereManagementAssistant(vMA)isaSUSELinuxEnterpriseServer11basedvirtualmachinethat

includesprepackagedsoftwaresuchasthevSpherecommandlineinterface,andthevSphereSDKforPerl.

vMAallowsadministratorstorunscriptsoragentsthatinteractwithESXihostsandvCenterServersystems

withouthavingtoauthenticateeachtime.

Thechapterincludesthefollowingtopics:

vMACapabilitiesonpage 7

vMAComponentOverviewonpage 8

vMAUseCasesonpage 9

TogetstartedwithvMArightaway,gotoGettingStartedwithvMAonpage 11.

vMA Capabilities

vMAprovidesaflexibleandauthenticatedplatformforrunningscriptsandprograms.

Asadministrator,youcanaddvCenterServersystemsandESXihostsastargetsandrunscriptsand

programsonthesetargets.Onceyouhaveauthenticatedwhileaddingatarget,youneednotloginagain

whilerunningavSphereCLIcommandoragentonanytarget.

Asadeveloper,youcanusetheAPIsprovidedwiththeVmaTargetLiblibrarytoprogrammatically

connecttovMAtargetsbyusingPerlorJava.

vMAenablesreuseofserviceconsolescriptsthatarecurrentlyusedforESXiadministration,though

minormodificationstothescriptsareusuallynecessary.

vMAcomespreconfiguredwithtwouseraccounts,namely,viadminandviuser.

Asviadmin,youcanperformadministrative operationssuchasadditionandremovaloftargets.

You canalsorunvSphereCLIcommandsandagentswithadministrative privilegesonthe

added targets.

Asviuser,youcanrunthevSphereCLIcommandsandagentswithreadonlyprivilegesonthe

target.

YoucanmakevMAjoinanActiveDirectorydomainandloginasanActiveDirectoryuser.Whenyourun

commandsfromsuchauseraccount,theappropriateprivilegesgiventotheuseronthevCenterServer

systemortheESXihostwouldbeapplicable.

vMAcanrunagentcodethatmakeproprietaryhardwareorsoftwarecomponentscompatiblewith

VMwareESX.ThesecodecurrentlyrunintheserviceconsoleofexistingESXhosts.Youcanmodifymost

oftheseagentcodetoruninvMA,bycallingthevSphereAPI,ifnecessary.Developersmustmoveany

agentcodethatdirectlyinterfaceswithhardwareintoaprovider.

Introduction to vMA 1

7/23/2019 Vma 51 Guide

8/36


8 VMware, Inc.

vMA Component Overview

WhenyouinstallvMA,youarelicensedtousethevirtualmachinethatincludesallvMAcomponents.

vMAincludesthefollowingcomponents.

SUSELinuxEnterpriseServer11SP1vMArunsSUSELinuxEnterpriseServeronthevirtualmachine.

YoucanmovefilesbetweentheESXihostandthevMAconsolebyusingthevifsvSphereCLIcommand.

VMwareTools

Interface

to

the

hypervisor.

vSphereCLICommandsformanagingvSpherefromthecommandline.SeethevSphereCommandLine

InterfaceInstallationandReferenceGuide.

vSphereSDKforPerlClientsidePerlframeworkthatprovidesascriptinginterfacetothevSphereAPI.

TheSDKincludesutilityapplicationsandsamplesformanycommontasks.

JavaJREversion1.6RuntimeengineforJavabasedapplicationsbuiltwithvSphereWebServicesSDK.

vifastpass Authenticationcomponent.

vSphere Authentication Mechanism

vMAsauthenticationinterfaceallowsusersandapplicationstoauthenticatewiththetargetserversusing

vifastpassorActiveDirectory.Whileaddingaserverasatarget,theAdministratorcandetermineifthetargetneedstousevifastpassorActiveDirectoryauthentication.Forvifastpassauthentication, thecredentialsthat

auserhasonthevCenterServersystemorESXihostarestoredinalocalcredentialstore.ForActiveDirectory

authentication, theuserisauthenticatedwithanActiveDirectoryserver.

WhenyouaddanESXihostasafastpasstargetserver,vifastpasscreatestwouserswithobfuscated

passwordsonthetargetserverandstoresthepasswordinformationonvMA:

viadminwithadministratorprivileges

viuserwithreadonlyprivileges

ThecreationofviadminandviuserdoesnotapplyforActiveDirectoryauthentication targets.Whenyouadd

asystemasanActiveDirectorytarget,vMAdoesnotstoreanyinformationaboutthecredentials.Tousethe

ActiveDirectory

authentication,

the

administrator

must

configure

vMA

for

Active

Directory.

For

more

informationonhowtoconfigurevMAforActiveDirectory,seeConfigurevMAforActiveDirectory

Authentication onpage 15.

Afteraddingatargetserver,youmustinitializevifastpasssothatyoudonothavetoauthenticateeachtime

yourunvSphereCLIcommands.IfyourunavSphereCLIcommandwithoutinitializingvifastpass,youwill

beaskedforusernameandpassword.

Youcaninitializevifastpassbyusingoneofthefollowingmethods:

Runvifptarget.Formoreinformationaboutthisscript,seevifptargetCommandforvifastpass

Initializationonpage 27.

CalltheLoginmethodinaPerlorJavaprogram.Formoreinformationaboutthismethod,see

VmaTargetLibReferenceonpage 33.

Aftersettingupatargetusingthevifptargetcommand,youcanrunvSphereCLIcommandsorscriptsthat

usevSphereSDKforPerlwithoutprovidinganyauthenticationinformation.Toruncommandsagainstan

ESXihostthatismanagedbyavCenterServer,youcanusethe--vihostoption.

EachtimeyoulogintovMA,youmustrunthevifptargetcommandortheLoginmethodonce.Thetarget

thatyouspecifyinthevifptargetcommandisthedefaulttarget.Targetserversremaintargetsacross

reboots.Youcanoverrideitbyusingthe--serveroptionofthevSphereCLIcommandsasshowninthe

followingexample:

vifptarget -s esx1.foo.com

vicfg-nics -l #lists the nics on esx1.foo.com

vicfg-nics -l --server esx2.foo.com #lists the nics on esx2.foo.com

7/23/2019 Vma 51 Guide

9/36

VMware, Inc. 9

Chapter 1 Introduction to vMA

vMA Samples

vMAsamplesillustratethevMACLIsandtheVmaTargetLiblibrary.ThesamplesareavailableinvMAat

/opt/vmware/vma/samples.

bulkAddServers.plPerlsamplethataddsmultipletargetstovMA.

mcli.plPerlsamplethatrunsavSphereCLIcommandonmultiplevMAtargetsspecifiedinafile

suppliedasanargument.Youmustrunvifptargetbeforerunningthisscript.

listTargets.pl PerlsamplethatretrievesinformationandversionofvMAtargetsusing

VmaTargetLib.

listTargets.sh JavasamplethatdemonstratesuseofVmaTargetLib.

vMA Use Cases

Thissectionlistsafewtypicalusecases.

Writing or Converting Scripts

YoucanrunexistingvSphereCLIorvSphereSDKforPerlscriptsfromvMA.Tosettargetserversandinitialize

vifastpass,thescriptcanusetheVmaTarget.login() methodofVmaTargetLib.

Writing or Converting Agents

PartnersorcustomerscanusevMAtowriteorconvertagents.

ApartnerorcustomerwritesanewagentinPerl.

WhenapartnerorcustomerwritesanewagentinPerl,thePerlscriptmustimporttheVmaTargetLib

PerlmoduleandallvSphereSDKforPerlmodules.InsteadofcallingthevSphereSDKforPerlsubroutine

Util::Connect(targetUrl, username, password),theagentcalls

VmaTargetLib::VmaTarget.login().

ApartnerorcustomerrunsanagentwritteninPerlorJavaintheserviceconsoleandwantstoportthe

agenttovMA.

TheagentusescodesimilartothefollowingPerllikepseudocodetologintoESXihosts:

LoginToMyEsx() {

SessionManagerLocalTicket tkt = SessionManager.AcquireLocalTicket(userName);

UserSession us = sm.login(tkt.userName, tkt.passwordFilePath);

}

Thepartnerchangestheagenttousecodesimilartothefollowingpseudocodeinstead:

LoginToMyEsx(String myESXName) {

VmaTarget target = VmaTargetLib.query_target(myESXName);

UserSession us = target.login();

}

ThispseudocodeassumesonlyonevMAtarget.Formultipletargetservers,thecodecanspecifyany

targetserverorloopthroughalistoftargetservers.

ApartnerorcustomerrunsanagentwritteninPerloutsidetheESXihostandportstheagenttovMA.

InsteadofcallingthevSphereSDKforPerlmethodUtil::Connect(),theagentcallsthevifplibrary

methodVmaTargetLib::VmaTarget.login().

7/23/2019 Vma 51 Guide

10/36


10 VMware, Inc.

7/23/2019 Vma 51 Guide

11/36

VMware, Inc. 11

2

YoushouldhavesomeexperiencesettingupaLinuxsystemandworkinginaLinuxenvironment.This

chapterexplainshowtodeployandconfigurevMA,howtoaddandremovetargetservers,andhowto

prepareandrunscripts.Thechapteralsoincludestroubleshootinginformation.

ReadChapter 1,IntroductiontovMA,onpage 7forbackgroundinformationonvMAfunctionalityand

availablevMAcomponents.

Thischapterincludesthefollowingtopics:

HardwareRequirementsonpage 12

SoftwareRequirementsonpage 12

RequiredAuthenticationInformationonpage 12

DeployvMAonpage 13

ConfigurevMAatFirstBootonpage 13

vMAConsoleandWebUIonpage 14

ConfigurevMAforActiveDirectoryAuthentication onpage 15

ConfigureUnattendedAuthenticationforActiveDirectoryTargetsonpage 15

EnabletheviuserAccountonpage 16

vMAUserAccountPrivilegesonpage 17

AddTargetServerstovMAonpage 17

RunningvSphereCLIfortheTargetsonpage 20

ReconfigureaTargetServeronpage 20

RemoveTargetServersfromvMAonpage 21

ModifyingScriptsonpage 21

ConfigurevMAtoUseaStaticIPAddressonpage 22

ConfigurevMAtoUseaDHCPServeronpage 23

SettingtheTimeZoneonpage 24

ShutDownvMAonpage 24

DeletevMAonpage 24

TroubleshootingvMAonpage 25

Getting Started with vMA 2

IMPORTANT YoucannotupgradeapreviousversionofvMAtovMA5.1.YoumustinstallafreshvMA5.1

instance.

7/23/2019 Vma 51 Guide

12/36


12 VMware, Inc.

UpdatevMAonpage 26

ConfigureAutomaticvMAUpdatesonpage 26

Hardware Requirements

TosetupvMA,youmusthaveanESXihost.BecausevMArunsa64bitLinuxguestoperatingsystem,the

ESXihostonwhichitrunsmustsupport64bitvirtualmachines.

TheESXihostmusthaveoneofthefollowingCPUs:

AMDOpteron,revEorlater

IntelprocessorswithEM64TsupportwithVTenabled.

Opteron64bitprocessorsearlierthanrevE,andIntelprocessorsthathaveEM64Tsupportbutdonothave

VTsupportenabled,donotsupporta64bitguestoperatingsystem.Fordetailedhardwarerequirements,see

theHardwareCompatibilityListontheVMwareWebsite.

Bydefault,vMAusesonevirtualprocessor,andrequires3GBofstoragespaceforthevMAvirtualdisk.The

recommendedmemoryforvMAis600MB.

Software Requirements

YoucandeployvMAonthefollowingsystems:

vSphere5.1

vSphere5.0andlater

vSphere4.1andlater

vCenterApplication5.0andlater

YoucandeployvMAbyusingavSphereClientconnectedtoanESXihostorbyusingavSphereClient

connectedtovCenterServer5.1,vCenterServer5.0orlater,vCenterServer4.1orlater,orvCenterApplication

5.0andlater.

Youcan

use

vMA

to

target

vSphere

4.1

and

later,

vSphere

5.0

and

later,

and

vSphere

5.1

systems.

Atruntime,thenumberoftargetsasinglevMAinstancecansupportdependsonhowitisused.

Required Authentication Information

BeforeyoubeginvMAconfiguration,obtainthefollowingusernameandpasswordinformation:

vCenterServersystemIfyouwanttouseavCenterServersystemasthetargetserver,youmustbeable

toconnecttothatsystem.

IfyouareusingavCenterServertarget,youdonotneedpasswordsfortheESXihoststhatthevCenter

Serversystemmanages,unlessyouruncommandsthatdonotsupportvCenterServertargets.

ESXihostYoumusthavetherootpasswordortheusernameandpasswordforauserwith

administrative privilegesforeachESXihostyouaddasavMAtarget.Youdonotneedtheauthentication

informationwhenyouremoveatargethost.

vMAWhenyoufirstconfigurevMA,vMApromptsforapasswordfortheviadminuser.Specifya

passwordandrememberitforsubsequentlogins.TheviadminuserhasrootprivilegesonvMA.

IMPORTANT TherootuseraccountisdisabledonvMA.Torunprivilegedcommands,typesudo

.Bydefault,onlyviadmincanruncommandsthatrequiresudo.

7/23/2019 Vma 51 Guide

13/36

VMware, Inc. 13

Chapter 2 Getting Started with vMA

Deploy vMA

YoucandeployvMAbyusingafileorfromaURL.Ifyouwanttodeployfromafile,downloadandunzipthe

vMAZIPfilebeforeyoustartthedeploymentprocess.

To deploy vMA

1 UseavSphereClienttoconnecttoasystemthatisrunningthesupportedversionofESXiorvCenter

Server.

2 IfconnectedtoavCenterServersystem,selectthehosttowhichyouwanttodeployvMAintheinventory

pane.

3 SelectFile>DeployOVFTemplate.

TheDeployOVFTemplatewizardappears.

4 SelectDeployfromafileorURLifyouhavealreadydownloadedandunzippedthevMAvirtual

appliancepackage.

5 ClickBrowse,select

the

OVF,

and

click

Next.

6 ClickNextwhentheOVFtemplatedetailsaredisplayed.

7 AcceptthelicenseagreementandclickNext.

8 Specifyanameforthevirtualmachine.

Youcanalsoacceptthedefaultvirtualmachinename.

9 Selectaninventorylocationforthevirtualmachinewhenprompted.

IfyouareconnectedtoavCenterServersystem,youcanselectafolder.

10 IfconnectedtoavCenterServersystem,selecttheresourcepoolforthevirtualmachine.

Bydefault,thetoplevelrootresourcepoolisselected.

11 Ifprompted,selectthedatastoretostorethevirtualmachineonandclickNext.

12 SelecttherequireddiskformatoptionandclickNext.

13 SelectthenetworkmappingandclickNext.

14 ReviewtheinformationandclickFinish.

ThewizarddeploysthevMAvirtualmachinetothehostthatyouselected.The deployprocesscantake

severalminutes.

NextyouconfigureyourvMAvirtualmachine.YouperformthistaskwhenyoulogintovMAthefirsttime.

Configure vMA at First Boot

WhenyoustartthevMAvirtualmachinethefirsttime,youcanconfigureit.

To configure vMA

1 InthevSphereClient,rightclickthevirtualmachine,andclickPowerOn.

2 SelecttheConsoletab.

IMPORTANT YoucannotupgradeanearlierversionofvMAtovMA5.1.YoumustinstallafreshvMA5.1

instance.

IMPORTANT EnsurethatvMAisconnectedtothemanagementnetworkonwhichthevCenterServer

systemandtheESXihoststhatareintendedvMAtargetsarelocated.

7/23/2019 Vma 51 Guide

14/36


14 VMware, Inc.

3 Selecttheappropriatemenuoptiontoconfigurethenetworksettings.

YoucanindividuallyconfigurethevariousnetworksettingssuchasIPaddress,hostname,DNS,proxy

server,anddefaultgateway,byselectingtheappropriatemenuoption.

Thehostnamecancontain64alphanumericcharacters.YoucanchangethevMAhostnamelaterby

modifyingthe/etc/HOSTNAME and/etc/hostsfiles,asyouwouldforaLinuxhost.Youcanalsousethe

vMAconsoletochangethehostname.ForaDHCPconfiguration,thehostnameisobtainedfromthe

DNSserver.

IfyouuseastaticIPv4networkconfigurationtoconfiguretheIPaddress,DNS,defaultgateway,and

hostname,thenyoumustalsoconfigureadefaultIPv6gatewayduringthefirstbootnetwork

configuration,elsethevMAmightbeunreachableinthenetworkafterlogin.

Ensurethatyoucompletethenetworkconfigurationatthefirstboot.Ifyouskipthenetwork

configuration,theappliancetakesthedefaultnetworkconfigurationfromtheguestoperatingsystem,

whichmayleadtosomeinconsistencies.

4 Whenprompted,specifyapasswordfortheviadminuser.

Ifpromptedforanoldpassword,pressEnterandcontinue.

ThenewpasswordmustconformtothevMApasswordpolicy.Thepasswordmusthaveatleast:

Ninecharacters

Oneuppercasecharacter

Onelowercasecharacter

Onenumeralcharacter

Onesymbolsuchas#,$

YoucanlaterchangethepasswordfortheviadminuserusingtheLinuxpasswdcommand.

Thisuserhasrootprivileges.

vMAisnowconfiguredandthevMAconsoleappears.TheconsoledisplaystheURLfromwhichyoucan

accesstheWebUI.

vMA Console and Web UI

vMAprovidestwointerfaces,theconsole,whichisacommandlineinterfaceandthebrowserbasedWebUI.

Fromtheconsole,youcandothefollowingtasks:

Loginasviadmin

AddserverstovMA

RuncommandsfromthevMAconsole

Configurethenetworksettingsandproxyserversettings

Configurethetimezonesettings.

ThewebUIenablesyoutodothefollowingtasks:

Loginasviadmin

Configurethenetworksettingsandproxyserversettings

Configurethetimezonesettings.

UpdatevMA

NOTE YoucanconfigureonlyonenetworkadapterinvMA.Youcannotaddandconfiguremultiplenetwork

adaptersinvMA.

7/23/2019 Vma 51 Guide

15/36

VMware, Inc. 15


Configure vMA for Active Directory Authentication

ConfigurevMAforActiveDirectoryauthenticationsothatESXihostsandvCenterServersystemsaddedto

ActiveDirectorycanbeaddedtovMAwithouthavingtostorethepasswordsinvMAscredentialstore.This

isamoresecurewayofaddingtargetstovMA.

EnsurethattheDNSserverconfiguredforvMAisthesameastheDNSserverofthedomain.Youcanchange

theDNSserverbyusingthevMAConsoleortheWebUI.EnsurethatthedomainisaccessiblefromvMA.

Also,You

must

be

able

to

ping

the

ESXi

and

vCenter

Server

systems

that

you

want

to

add

to

vMA.

Ensure

that

pingingresolvestheIPaddressto,wheredomainnameisthedomainto

whichvMAistobeadded.

To add vMA to a domain

1 FromthevMAconsole,runthefollowingcommand:

sudo domainjoin-cli join

2 Whenprompted,providetheActiveDirectoryadministrator spassword.

Onsuccessfulauthentication, thecommandaddsvMAasamemberofthedomain.Thecommandalso

addsentriesinthe/etc/hostsfilewithvmaHostname.domainname.

3 RestartvMA.

Now,youcanaddanActiveDirectorytargettovMA.Forstepstodothis,seeAddTargetServersto

vMAonpage 17.

To check vMA's domain settings

FromthevMAconsole,runthefollowingcommand:

sudo domainjoin-cli query

ThecommanddisplaysthenameofthedomaintowhichvMAhasjoined.

To remove vMA from the domain

FromthevMAconsole,runthefollowingcommand:

sudo domainjoin-cli leave

ThevMAconsoledisplaysamessagestatingwhethervMAhaslefttheActiveDirectorydomain.

Configure Unattended Authentication for Active Directory Targets

Toconfigureunattendedauthentication (authentication fromviadminorrootcontext)toActiveDirectory

targets,youmustrenewtheKerberosticketsforthedomainuserusingwhichthetargetisadded.Unattended

authenticationissupportedforESXi4.1Update3andlater.YoumustensurethattheActiveDirectoryissetup

forunattendedlogin.

To conf igure unattended authentication for Active Directory targets

1 Onany

Windows

Server

2003

computer

that

is

part

of

the

domain

to

which

vMA

is

added,

download

and

installtheKtpasstoolfromtheMicrosoftwebsite.

2 Openthecommandpromptandrunthefollowingcommand:

ktpass /out foo.keytab /princ [email protected] /pass ca... /ptype KRB5_NT_PRINCIPAL

-mapuser \

where,isthenameofthedomainandfooistheuserhavingpermissionsforthevCenter

administration.

Thiscommandcreatesafilecalledfoo.keytab.

3 Movethefoo.keytabfileto/home/local/VMA-DC/foo.

YoucanuseWinSCPandloginasuservma-dc\footomovethefile.

7/23/2019 Vma 51 Guide

16/36


16 VMware, Inc.

4 (Optional)Makesurethattheuservmadc\fooonvMAownsthefoo.keytabfilebyusingthefollowing

commands:

ls -l /home/local/VMA-DC/foo/foo.keytab

chown vma-dc\foo/home/local/VMA-DC/foo/foo.keytab

5 OnvMA,createascriptin/etc/cron.hourly/kticket-renewwiththefollowingcontents:

#!/bin/sh

su - vma-dc\\foo -c '/usr/bin/kinit -k -t /home/local/VMA-DC/foo/foo.keytab foo'

Thisscriptwillrenewtheticketfortheuserfooeveryhour.

Youcanalsoaddtheabovescripttoaservicein/etc/init.dtorefreshtheticketswhenvMAisbooted.

Troubleshooting Unattended Authentication

IfyouarenotabletoauthenticatefromvMAorcannotaddvMAtothedomaincontroller,verifythefollowing

conditions:

YourDNSserversetupinvMAresolvestheIPaddressorhostnameofthevCenterservertoafully

qualifieddomainname(FQDN)andthattheFQDNcontainsthedomainnametowhichvMAisadded.

Thecommandvifp listserversshowsthenameofvCenterserverastheFQDNthatcontainsthe

domainname

to

which

vMA

is

added

as

the

suffix.

ThedateandtimesettingsonvMA,thedomaincontrollerandthevCenterserverarethesame.Verifythe

timezoneaswell.Thetimemayvarybyanhour,butalargetimeskewmightcauseauthentication

problems.

Enable the vi-user Account

Aspartofconfiguration,vMAcreatesaviuseraccountwithnopassword.However,youcannotusethe

viuseraccountuntilyouhavespecifiedaviuserpassword.

To enable the vi-user account

1 LogintovMAasviadmin.

2 RuntheLinuxpasswdcommandforviuserasfollows:

sudo passwd vi-user

IfthisisthefirsttimeyouusesudoonvMA,amessageaboutrootuserprivilegesappears,andyouare

promptedfortheviadminpassword.

3 Specifytheviadminpassword.

4 Whenprompted,typeandconfirmthepasswordforviuser.

AftertheviuseraccountisenabledonvMA,ithasnormalprivilegesonvMAbutisnotinthesudoerslist.

WhenyouaddESXitargetservers,vMAcreatestwousersoneachtarget:

viadminhasadministrative privilegesonthetargetsystem.

viuserhasreadonlyprivilegesonthetargetsystem.vMAcreatesviuseroneachtargetthatyouadd,

evenifviuserisnotcurrentlyenabledonvMA.

WhenauserisloggedintovMAasviuser,vMAusesthataccountontargetESXihosts,andtheusercanrun

onlycommandsontargetESXihoststhatdonotrequireadministrative privileges.

IMPORTANT TheviuseraccounthaslimitedprivilegesonthetargetESXihostsandcannotrunany

commandsthatrequiresudoexecution.YoucannotuseviusertoruncommandsforActiveDirectorytargets

(ESXior

vCenter

Server).

To

run

commands

for

the

Active

Directory

targets,

use

the

vi-admin

user

or

log

in

asanActiveDirectoryusertovMA.

7/23/2019 Vma 51 Guide

17/36

VMware, Inc. 17


vMA User Account Privileges

Table 21liststheprivilegesthatthedifferentuseraccountshaveforvCLIusageagainstdifferenttargets.

Add Target Servers to vMA

AfteryouconfigurevMA,youcanaddtargetserversthatrunthesupportedvCenterServerorESXiversion.

ForvCenterServerandESXisystemtargets,youmusthavethenameandpasswordofauserwhocanconnect

tothatsystem.

Seevifpaddserveronpage 28forthecompletesyntax.

To add a vCenter Server system as a vMA target for Ac tive Directory Authentication


2 AddaserverasavMAtargetbyrunningthefollowingcommand:

vifp addserver vc1.mycomp.com --authpolicy adauth --username ADDOMAIN\\user1

Here,--authpolicy adauthindicatesthatthetargetneedstousetheActiveDirectoryauthentication.

Ifyourunthiscommandwithoutthe--usernameoption,vMApromptsforthenameoftheuserthatcan

connecttothevCenterServersystem.Youcanspecifythisusernameasshowninthefollowingexample:

Enter username for machinename.example.com: ADDOMAIN\user1

If--authpolicy

is

not

specified

in

the

command,

then

fpauth

is

taken

as

the

default

authentication

policy.

3 Verifythatthetargetserverhasbeenadded.

Thedisplayshowsalltargetserversandtheauthenticationpolicyusedforeachtarget.

vifp listservers --long

server1.mycomp.com ESX adauth

server2.mycomp.com ESX fpauth

server3.mycomp.com ESXi adauth

vc1.mycomp.com vCenter adauth

4 Setthetargetasthedefaultforthecurrentsession:

vifptarget --set | -s

5 VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommandonone

oftheESXihosts,forexample:

esxcli --server --vihost network nic list

Thecommandrunswithoutpromptingforauthentication information.

Table 2-1. Account Privileges for vCLI Usage

Target

Authent ication

Policy vi-admin vi-user domain user

ESXi fpauth Y Y N

ESXi adauth Y N Y

vCenterServer fpauth Y N N

vCenterServer adauth Y N Y

IMPORTANT Ifthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifp

removeserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname.

7/23/2019 Vma 51 Guide

18/36


18 VMware, Inc.

To add a vCenter Server system as a vMA target fo r fastpass Authenti cation


2 AddaserverasavMAtargetbyrunningthefollowingcommand:

vifp addserver vc2.mycomp.com --authpolicy fpauth

Here,--authpolicy fpauthindicatesthatthetargetneedstousethefastpassauthentication.

3 Specifythe

username

when

prompted:

Enter username for machinename.example.com: MYDOMAIN\user1

4 Specifythepasswordforthatuserwhenprompted.

[email protected]'s password:

5 Reviewandacceptthesecurityriskinformation.






server3.mycomp.com ESXi adauthvc1.mycomp.com vCenter adauth

vc2.mycomp.com vCenter fpauth

7 Setthetargetasthedefaultforthecurrentsession.


8 VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommandonone

oftheESXihosts,forexample:

esxcli --server --vihost network nic list


To add an ESXi host as a vMA target for Active Directory Authentication


2 AddanESXiserverasavMAtargetbyrunningthefollowingcommand:

vifp addserver server3.mycomp.com --authpolicy adauth --username ADDOMAIN\\user1

Here,--authpolicy adauthindicatesthatthetargetneedstousetheActiveDirectoryauthentication.

Ifyourunthiscommandwithoutthe--usernameoption,vMApromptsforthenameoftheuserthatcan

connecttotheESXiServer.Youcanspecifythisusernameasshowninthefollowingexample:

Enter username for machinename.example.com: ADDOMAIN\user1

If--authpolicyisnotspecifiedinthecommand,thenfpauthistakenasthedefaultauthentication

policy.










7/23/2019 Vma 51 Guide

19/36

VMware, Inc. 19


4 Setthetargetasthedefaultforthecurrentsession:


5 VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommand,forexample:

esxcli network nic list


To add an ESXi host as a vMA target for fastpass Authentication


2 AddanESXiServerasavMAtargetbyrunningthefollowingcommand:

vifp addserver server2.mycomp.com --authpolicy fpauth

Here,--authpolicy fpauthindicatesthatthetargetneedstousethefastpassauthentication.

Youarepromptedforthetargetserversrootuserpassword.

root@s password:

3 SpecifytherootpasswordfortheESXihostthatyouwanttoadd.

vMAdoesnotretaintherootpassword.Instead,vMAaddsviadminandviusertotheESXihost,and

storestheobfuscatedpasswordsthatitgeneratesforthoseusersintheVMwarecredentialstore.

InavSphereclientconnectedtothetargetserver,theRecentTaskspaneldisplaysinformationaboutthe

usersthatvMAadds.ThetargetserversUsersandGroupspaneldisplaystheusersifyouselectit.

4 Reviewandacceptthesecurityriskinformation.








vc2.mycomp.com vCenter fpauth

6 Setthetargetasthedefaultforthecurrentsession.


7 VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommand,forexample:

esxcli network nic list


IMPORTANT

Ifthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifpremoveserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname.

CAUTION RemoveusersaddedbyvMAfromthetargetserveronlyifyouhavedeletedthevMAvirtual

machinebutdidnotremovethetargetservers.



7/23/2019 Vma 51 Guide

20/36


20 VMware, Inc.

Running vSphere CLI for the Targets

Ifyouhaveaddedmultipletargetservers,youshouldspecifythetargetserverexplicitlywhenrunning

commands.Bydefault,vMAexecutescommandsontheserverthatisconfiguredasthedefaulttargetbyusing

thevifptarget -scommand.Ifnoneoftheaddedtargetserversareconfiguredasthedefaulttargetandno

targetserverisexplicitlyspecifiedwhenrunningthevSphereCLIcommands,thenthecommandsarerun

againstthevMAitself.

To run vSphere CLI for the targets

1 AddserversasvMAtargets.

vifp addserver

vifp addserver

2 Verifythatthetargetserverhasbeenadded:

vifp listservers

3 Runvifptarget.

vifptarget -s

Thecommandinitializesthespecifiedtargetserver.Now,thisserverwillbetakenasthedefaulttargetfor

thevSphereCLIorvSphereSDKforPerlscripts.

4 RunvSphereCLIorvSphereSDKforPerlscripts,byspecifyingthetargetserver.Forexample:

esxcli --server server2 network nic list

Reconfigure a Target Server

Youcanreconfigureatargetserverifyouwanttoperformanyofthefollowingtasks:

ChangetheauthenticationmodeofavMAtargetfromvifastpasstoActiveDirectoryorviceversa.

ChangetheconfigureduserfortheActiveDirectorytarget.

Recoverusersforthevifastpasstarget.AuserneedstoberecoveredifthecredentialstoreonvMAis

corruptedorifthecredentialsofuserscorrespondingtovMAusersaremodifiedandnotreflectedinvMA.

To change the authentication poli cy


2 Runreconfigure

vifp reconfigure --authpolicy

3 Whenprompted,provideyourcredentials.

IfyoureconfigureanActiveDirectorytargettovifastpassauthentication, thenspecifytheroot

passwordforESXitargetsandtherootusernameandpasswordforvCentertargets.

IfyoureconfigureavifastpasstargettoActiveDirectoryauthentication, thenspecifytheroot

usernamefor

the

target.

To change the configured user or to recover users


2 Runreconfigure.

vifp reconfigure

3 Whenprompted,provideyourcredentials.

IfyoureconfigureanActiveDirectorytarget,specifyausernameforthetarget.

7/23/2019 Vma 51 Guide

21/36

VMware, Inc. 21


Ifyoureconfigureavifastpasstarget,specifytherootpasswordoftheESXitarget,andthepassword

forusernameusedtoaddthevCenterServertarget.

Example 2-1. Adding and Reconfiguring a Target

vi-admin@example-dhcp:~> vifp addserver 90.100.110.120Enter username for 90.100.110.120: administrator


This will store username and password in credential store which is a security risk. Do you want

to continue?(yes/no): yes

vi-admin@example-dhcp:~> vifp reconfigure 90.100.110.120


vi-admin@example-dhcp:~>

Remove Target Servers f rom vMA

BeforeyoudeleteavMAvirtualmachine,removealltargetserversfromvMA.Ifyoudonotremovetarget

ESXihosts,

the

vi

admin

and

vi

user

users

remain

on

the

target

servers.

To remove a vCenter Server system from vMA


2 ToremoveatargetvCenterServersystemfromvMA,runthefollowingcommand:

vifp removeserver

ThevCenterServersystemisnolongeravMAtarget.

To remove an ESXi host from vMA


2 Toremove

an

ESXi

host

that

is

avMA

target,

run

the

following

command:

vifp removeserver

TheRecentTaskspanelofthetargetserverdisplaysinformationabouttheviadminandviuserusersthat

arebeingremoved.TheUsersandGroupspanelofthetargetservernolongerdisplaystheusers.

Modifying Scripts

YoucanmodifyserviceconsolescriptstorunfromvMA.

LinuxcommandsScriptsrunninginvMAcannotuseLinuxcommandsinthewaythattheydoonthe

ESXserviceconsolebecausetheLinuxcommandsarerunningonvMAandnotontheESXhost.

AccesstoESXifilesIfyouneedaccesstofoldersorfilesonanESXihost,youcanmakethathostatarget

serverandusethevifsvSphereCLIcommandtoview,retrieve,ormodifyfoldersandfiles.

ReferencestolocalhostScriptscannotrefertolocalhost.

Ifvifastpassisinitialized,allcommandsthatdonotspecify--serverapplytothedefaulttarget.

Ifvifastpassisinitialized,allcommandsthatspecifyhostnameorIPofthetargetapplytothetarget

specified.

ProgrammaticconnectionInPerlscriptsorJavaprograms,youcancallVmaTarget.login() method

ofVmaTargetLibandspecifythehosttoconnectto.Thedirectory/opt/vmware/vma/samplescontains

examplesinPerlandJava.vMAhandlesauthenticationiftheserverhasbeenestablishedasatarget

server.ProgramscanuseVmaTargetLiblibrarycommands.SeeUsingtheVmaTargetLibLibraryon

page 33.

NOTE Ifthetargetserverisnotinitializedasthedefaulttarget,thenyoumustrunthevifptarget -s

commandagainstthetargetservertoreinitializeitwiththenewcredentialsafteryoureconfigurethetarget.

7/23/2019 Vma 51 Guide

22/36


22 VMware, Inc.

NoprocnodesSomeserviceconsolescriptsstilluseVMwareprocnodes,whichwereofficiallymade

obsoletewithESXServer3.0andarenotavailableinESX/ESXi4.0andlater.Youcanextractinformation

thatwasavailableinVMwareprocnodesusingthevSphereCLIcommandsavailableonvMA.

TargetspecificationYoumustspecifythetargetserverwhenyouruncommandsorscripts.

Table 22liststhevMAcomponentsthatyoucanuseformodifyingscriptsthatincludeprocnodesandLinux

commands.

Configure vMA to Use a Static IP Address

Duringthefirstboot,youcanconfigurevMAtouseaDHCPserverorspecifyastaticIPaddress.TheDHCP

serverassignsanetworkaddress,allowingyoutorunthevirtualmachinewithoutsetup.Thisnetwork

addressmight

change

after

the

virtual

machine

has

been

powered

off

longer

than

the

DHCP

lease

time.

Most

serverapplicationsshouldbeconfiguredtoastaticnetworkaddressthatisconstantandwellknown.

Configure a Static IP Address from the Console

YoucanconfigureastaticIPaddressfromthevMAconsoleorthewebUI.

To conf igure a static IP address from the console

1 Intheconsole,selectConfigureNetworkandpressEnter.

2 Selectmenuoption6toconfiguretheIPaddress.

3 IfyouwanttoconfigureanIPv6address,typeyandpressEnter.

a PressEnter

to

specify

astatic

IP

address

and

provide

the

IP

address

and

Netmask

b TypeyandpressEntertoconfirmtheIPaddress.


a PressEntertospecifyastaticIPaddressandprovidetheIPaddressandNetmask

b TypeyandpressEntertoconfirmtheIPaddress.

5 Toconfiguretheothernetworksettings,suchasDNSanddefaultgateway,selecttheappropriatemenu

optionandprovidetherequirednetworkconfigurationdetails.

Table 2-2. vMA Components for Use in Scripts

vMA Component Description For more information

vSphereCLIcommands ManageESXihostsandvirtualmachines. vSphereCommandLineInterfaceInstallationandReferenceGuide.

vifsvSphereCLIcommand

Performcommonoperations,suchascopy,remove,get,andput,onfilesanddirectories.

vSphereCommandLineInterfaceInstallationandReferenceGuide.

vSphereSDKforPerl AccessthevSphereAPI,aWebservicesbasedAPIformanaging,monitoring,andcontrollingthelifecycleofallvSpherecomponents.

vSphereSDKforPerlProgrammingGuide.

vSphereSDKforPerlutilityapplications

Performcommonadministrativetasks. vSphereSDKforPerlUtilityApplicationsReference.

CommandsareonvMAin/usr/lib/vmware-vcli/apps

vSphereSDKforPerlWSManagementcomponent

AccessCIM/SMASHdata.ESXisupportsmanySystemsManagementArchitectureforServerHardware(SMASH)profiles,enablingsystemmanagementclientapplicationstocheckthestatusofunderlyingservercomponentssuchasCPU,fans,powersupplies,andsoon.

vSphereSDKforPerlProgrammingGuide.

7/23/2019 Vma 51 Guide

23/36

VMware, Inc. 23


Configure a Static IP Address f rom the Web UI

YoucanconfigureastaticIPaddressfromthevMAconsoleorthewebUI.

To configure a static IP address from the web UI

1 LogintothewebUI.

2 OpentheNetworkpageandclicktheAddresstab.

3 SelecttheUse

the

following

IP

settingsoptionandprovidetheIPaddressesforthefollowing:

IPAddress

Netmask

Gateway

PreferredDNSServer

AlternateDNSServer

Hostname

4 ClickSaveSettings.

Configure vMA to Use a DHCP Server

YoucanreconfigurevMAtouseaDHCPserverinsteadofusingastaticIPaddress.

Configure vMA to Use a DHCP Server from the Console

To conf igure vMA to use a DHCP server from the consol e

1 OnthevMAconsole,selectConfigureNetworkandpressEnter.

2 Selectmenuoption6toconfiguretheIPaddress.


a TypeyandpressEntertouseaDHCPserver.

b ProvidethedetailsoftheDHCPserver.


a TypeyandpressEntertouseaDHCPserver.

b ProvidethedetailsoftheDHCPserver.

5 Toconfiguretheothernetworksettings,suchasDNSanddefaultgateway,selecttheappropriatemenu

optionandprovidetherequirednetworkconfigurationdetails.

Configure vMA to Use a DHCP Server from the Web UI

To configure vMA to use a DHCP server from the web UI

1 LogintothewebUI.

2 OpentheNetworkpageandclicktheAddresstab.

3 SelecttheObtainconfigurationfromDHCPserveroption.


7/23/2019 Vma 51 Guide

24/36


24 VMware, Inc.

Setting the Time Zone

Bydefault,thevirtualhardwareclockismaintainedinCoordinatedUniversalTime(UTC),whichvMA

convertstolocaltime.Youcan,however,setittoalocaltime,whichisimportantfortheupdaterepositoryand

VMwarevCenterUpdateManager.

Setting the Time Zone from the Console

Youcansettimezonefromtheconsoleasdescribedhere.

To set the time zone from the console

1 Ontheconsole,selectSetTimezoneandpressEnter.

2 Whenprompted,selectyourcontinentorregionandpressEnter.

3 Whenprompted,selectyourcountryandpressEnter.

Thescreendisplaystheinformationthatyouhaveselectedandthetimethatwillbeset.

4 Type1iftheinformationiscorrect.

vMAsetsthetimezone.

Setting the Time Zone from the Web UI

YoucansetthetimezonefromthewebUIbyusingthefollowingsteps.

To set the time zone from the Web UI

1 AccessthewebUIandlogin.

2 ClicktheSystemtabthenclicktheTimeZonebutton.

3 FromtheTimeZoneSettingslist,selectyourcountryandcity.


Shut Down vMABeforeyoupoweroffvMA,shutdownthevirtualmachine.

To shut down vMA from vSphere Client

1 ShutdowntheoperatingsystemusingaLinuxcommandsuchasthehaltcommandonthevMA

commandline.

2 PoweroffthevMAvirtualmachineusingthevSphereClient.

To shut down vMA from the Web UI

3 LogintotheWebUIasviadmin.

4 Inthe

Information

tab,

click

Shutdown.

Delete vMA

IfyouintendtodeployanewerversionofvMA,orifyounolongerneedvMA,youcandeletethevMAvirtual

machine.

IMPORTANT IfyoudeletevMAwithoutremovingallservers,theviadminandviuserusersremainonthe

targetESXihosts.ThenexttimeyouaddthehosttoavMAinstance,vMAcreatesausernamewithadifferent

numericextension.

7/23/2019 Vma 51 Guide

25/36

VMware, Inc. 25


To delete the vMA virtual machine

1 RemoveallvMAtargetserversyouadded.SeeRemoveTargetServersfromvMAonpage 21.

2 ShutdownvMA.

3 PoweroffthevirtualmachinebyusingthevSphereClient.

4 InthevSphereClient,rightclickthevirtualmachineandselectDeletefromDisk.

Troubleshooting vMA

YoucanfindtroubleshootinginformationforallVMwareproductsinVMwareKnowledgeBasearticlesand

informationaboutvMAknownissuesinthereleasenotes.Table 23explainsafewcommonlyencountered

issuesthatareeasilyresolved.

ThisreleaseofvMAprovidesthevma-supportscriptthatenablesyoutocollectvarioussystemconfigurationinformationandotherlogs.Youcanrunthisscriptbyissuingthefollowingcommand:

> sudo vma-support

Thescriptgeneratestheinformationandlogbundleandappendsittothevmware.logfileontheESXihost

onwhichvMAisdeployed.

Table 2-3. Troubleshooting vMA

Issue Resolution

YoucandeployvMAbutwhenyoustartupthevirtualmachine,anerroroccurs.

CheckwhetheryoursetupmeetsthehardwareandsoftwarerequirementslistedinHardwareRequirementsonpage 12.

YouaddaserverbutthevSphereCLIcommandorPerlscriptstillpromptsforauthentication.

Runviftargetforthetargetserver.

Youhaveaddedmultipleservers.YoudonotknowwherevMArunsvSphereCLIcommandsifyoudonotspecify--server.

Afteracalltovifptarget,yourpromptchangestoincludethecurrenttarget.

YouwanttoenableDNSresolutioninvMA. YoucanconfiguretheDNSresolutionnameserverforvMAbyupdatingthe/etc/resolv.conffile.AddthefollowinglineforeachDNSserverinyournetwork:

nameserver

Typeman resolv.conffordetailsonthatfile.

IfvMAissetupforDHCP,andthenetworkisrestarted,changesyoumadeto/etc/resolv.confarelost.

ProblemswhileaddingActiveDirectorytarget

orconfiguringvMAforActiveDirectory.

IfyouareunabletoauthenticatefromvMAorcannotadd

vMAto

the

domain

controller,

check

the

following:

YourDNSserversetupinvMAresolvestheIPaddressorhostnameofthevCenterservertoanFQDNandtheFQDNcontainsthedomainnametowhichvMAisadded.

Thevifp listservercommandshowsthenameofvCenterastheFQDNthatcontainsthedomainnametowhichvMAisaddedasthesuffix.

ThedateandtimesettingsonvMA,thedomaincontrollerandvCenterServerareidentical.Checkthetimezoneaswell.Thetimemaynotexactlybethesamebutmayvarybyanhour.However,alargeskewinthetimemaycauseauthenticationproblems.

7/23/2019 Vma 51 Guide

26/36


26 VMware, Inc.

Update vMA

YoucandownloadsoftwareupdatesincludingsecurityfixesfromVMwareandcomponentsincludedinvMA,

suchastheSUSELinuxEnterpriseServerupdatesandJRE.

To update vMA

1 AccesstheWebUI.

2 Loginasviadmin.

3 ClicktheUpdatetabandthentheStatustab.

4 OpentheSettingstabandthenfromtheUpdateRepositorysection,selectarepository.

5 ClickCheckUpdates.

6 ClickInstallUpdates.

Configure Automatic vMA Updates

Youcan

configure

automatic

download

of

vMA

updates.

To configure automatic updates

1 AccesstheWebUI.

2 Loginasviadmin.

3 ClicktheUpdatetabandthentheSettingstab.

4 ClickAutomaticcheckforupdates.

5 Setthescheduleforperformingtheautomaticchecksbyselectingadayandtimefromthedropdown

lists.

6 IntheUpdateRepositorysection,selectarepository.


IMPORTANT YoucannotupgradeapreviousversionofvMAtovMA5.1.YouneedtoinstallvMA5.1.

7/23/2019 Vma 51 Guide

27/36

VMware, Inc. 27

3

vMAinterfacesallowyoutoinitializevifastpass,add,remove,andlisttargetservers,andmanagepasswords.

TheinterfacesareavailableasPerlcommandsandJavamethods.

Thischapterincludesthefollowingtopics:

vMAInterfaceOverviewonpage 27

vifptargetCommandforvifastpassInitializationonpage 27

vifpTargetManagementCommandsonpage 28

TargetManagementExampleSequenceonpage 32

UsingtheVmaTargetLibLibraryonpage 33

VmaTargetLibReferenceonpage 33

vMA Interface Overview

Table 31showswhichinterfacesincludewhichcommandandmethod.

vifptarget Command for vi-fastpass Initialization

Youcanrunthiscommandtoperformthefollowingtasks:

InitializevifastpassforthevSphereCLIandthevSphereSDKforPerl.

Resetfastpasstarget

Displaytheinitializedfastpasstarget

vMA Interfaces 3

Table 3-1. vMA Interface Overview

Interface / Library Commands Methods For More Information

vifptarget vifptarget vifptargetCommandforvifastpassInitializationonpage 27.

vifp

(administrativeinterface)

addserver

removeserver

rotatepassword

listservers

reconfigure

vifpTargetManagementCommandsonpage 28.

VmaTargetLib

(library)

enumerate_targets

query_target

login

logout

enumerateTargets

queryTarget

login

logout

UsingtheVmaTargetLibLibraryonpage 33.

7/23/2019 Vma 51 Guide

28/36


28 VMware, Inc.

Usage

vifptarget

--set | -s

--clear | -c

--display | -d

--help | -h

Description

ThevifptargetcommandenablesseamlessauthenticationforremotevSphereCLIandvSphereSDKforPerlcommands.

Youcanestablishmultipleserversastargetservers,andthencallvifptargetoncetoinitializeallserversfor

vifastpassauthentication.Youcanthenruncommandsagainstanytargetserverwithoutadditional

authentication. Youcanusethe--serveroptiontospecifytheservertoruncommandson.

ThevMApromptdisplaysthecurrentdefaultexecutionserver.Ifyouremovethatdefaultserver,theserver

nameisremovedfromthepromptbutthevifastpassenvironmentisnotclearedandthevCLIcommandscan

stillrunseamlesslyagainstallthetargets.

WhilehostsremaintargetserversacrossvMAreboots,youmustrunvifptargetaftereachlogouttoenable

vifastpassforvSphereCLIandvSphereSDKforPerlcommands.

Options

Example


Initializesthefastpasstarget.

vifptarget --display | -d

Displaystheinitializedfastpasstarget.

vifptarget --clear | -c

Clearsthevifastpassenvironment.

vifp Target Management Commands

Thevifpinterfaceallowsadministratorstoadd,list,andremovetargetserversandtomanagetheviadmin

userspassword.

vifp addserver

AddsavCenterServersystemorESXihostasavMAtargetserver.

Usage

vifp addserver

[--authpolicy ]

[--protocol ]

[--portnumber ]

[--servicepath ]

[--username ]

[--password ]

Option Description

set Initializesthefastpasstarget.

display Displaystheinitializedfastpasstarget.

clear Clearsthevifastpassenvironment.

help Displayhelpforthecommand.

7/23/2019 Vma 51 Guide

29/36

VMware, Inc. 29

Chapter 3 vMA Interfaces

Description

AfteraserverisaddedasavMAtarget,youmustrunvifptarget beforeyourunvSphereCLI

commandsorvSphereSDKforPerlscriptsagainstthatsystem.ThesystemremainsavMAtargetacrossvMA

reboots,butrunningvifptargetagainisrequiredaftereachlogout.SeevifptargetCommandforvifastpass

Initializationonpage 27.

Afteryourunvifptarget,youcanrunvSphereCLIorvSphereSDKforPerlcommandsandscriptsandyou

arenolongerpromptedforauthenticationinformation,asfollows:

IfyouaddavCenterServersystemasavMAtarget,youcanrunmostcommandsonallESXihoststhat

thevCenterServersystemmanagesusingthevSphereCLI--vihostoption.ThevSphereCLIInstallation

andReferenceGuideincludesatablethatshowswhichcommandscannottargetavCenterServersystem.

IfyouaddonlyoneESXihost,youcanruncommandswithoutspecifyingthetarget.

IfyouaddmultipleESXihosts,specifythetargettoavoidconfusion.

SeeAddTargetServerstovMAonpage 17andRunningvSphereCLIfortheTargetsonpage 20.

Options

Example

vifp addserver my_vCenter

AddsavCenterServersystemasavMAtarget.Youarepromptedforausernameandpassword.Theuser

musthaveloginprivilegesonthevCenterServersystem.

vifp addserver myESX42

AddsanESXihosttovifastpass.Youarepromptedfortherootpasswordforthetargetsystem.

vifp removeserver

RemovesaspecifiedvMAtargetthatwaspreviouslyaddedwithvifp addserver.

IfthetargetisanESXisystem,youneedsuperuserprivilegesforremoval.IfthetargetisavCenterServer

system,anyuserwithconnectionprivilegescanremovethetarget.Youonlyhavetospecifythe

option,withoutthepassword.

IMPORTANT Ifyouchangeatargetserversname,youmustremoveit,andthenaddittovMAwiththenew

name.

Option Description

server NameorIPaddressoftheESXihostorvCenterServersystemtoaddasavMAtarget.

authpolicy SetstheauthenticationpolicytofastpassauthenticationortheActiveDirectoryauthentication.Thedefaultvalueisfpauth.

protocol Connectionprotocol.HTTPSbydefault.

portnumber Connectionportnumberofthetargetserver.Thedefaultis443.

servicepath ServicepathURLofthetargetserver.Thedefaultis/sdk.

username Userwhoconnectstothetargetserver.

IfthetargetserverpointstoanESXihost,thedefaultisroot.Theusermusthave

superuserprivilegesontheESXihost.IfthetargetserverpointstoavCenterServersystem,thereisnodefault.Youarepromptedforausernameifyoudonotspecifyoneusingthisoption.TheusermusthaveprivilegestoconnecttothevCenterServersystem.

password Passwordoftheuserspecifiedbyusername.

7/23/2019 Vma 51 Guide

30/36


30 VMware, Inc.

Usage

vifp removeserver

[--protocol ]

[--portnumber ]

[--servicepath ]

[--username ]

[--password ]

[--force]

Description

Runvifp removeserverforeachvMAtargetbeforeyoudeletethevMAinstance.Ifyoudonotrunvifp

removeserver,theviuserandviadminusersremainonthetargetserver.IfyoulaterthisservertovMA,

vMAcreatestwomoreaccountsonthisserver.Runvifp removeservertoavoidhavingmultipleusers

createdbyvMAoneachtargetserver.

Options

Examples

vifp removeserver

RemovesavCenterServersystem.Youarenotpromptedforapassword.

vifp removeserver

RemovesanESXihost.

vifp rotatepassword

Specifiesviadminandviuserpasswordrotationparameters.

Usage

vifp rotatepassword

[--now [--server ] |

--never |

--days ]

Description

vMAchangespasswordsforviadminandviuserbothinthelocalcredentialstoreandonthetargetserver.

vMAattemptsthepasswordrotationatmidnight.

IfoneormoreofthetargetserversisdownwhenvMAattemptspasswordrotation,vMArepeatstheattempt

thenextdayatmidnight.

Option Description

server NameorIPaddressoftheESXihostorthevCenterServersystemtoremove.

protocol Connectionprotocol.

HTTPS

by

default.




ForESXihosts,thedefaultisrootandtheusermusthavesuperuserprivilegesonthetargetserver.

password Passwordoftheuserspecifiedby--username.Usethepasswordyouusedwhenaddingtheserver.

force Forcesremovaloftheserver.

IMPORTANT ThiscommandappliesonlytoESXitargetserverswiththefpauthauthenticationpolicy.You

cannotrotatepasswordsfortargetswithadauthauthenticationpolicyandforvCenterServertargets.

7/23/2019 Vma 51 Guide

31/36

VMware, Inc. 31


Options

Examples

vifp rotatepassword --now

ImmediatelyrotatespasswordsofallESXivMAtargetservers.

vifp rotatepassword --now --server

Immediatelyrotatesthepasswordofaspecificserver.

vifp rotatepassword --days 7

SetsthepasswordrotationpolicytorotatethepasswordofallESXivMAtargetseverysevendays.

Forexample,ifyouaddserver1on9/1,andserver2on9/2,andrunvifp rotatepassword --days 7,vMA

rotatesthepasswordforserver1atmidnighton9/8andthepasswordforserver2atmidnighton9/9.vMA

rotatestheserver1passwordagainon9/15andtheserver2passwordagainon9/16.Ifyouthenrunvifp

rotatepassword --days 3,vMArotatestheserver1passwordon9/18andtheserver2passwordon9/19.

vifp rotatepassword

Displaysthecurrentpasswordrotationpolicy.

vifp lis tservers

Liststargetsystems.

Usage

listservers [-l | --long]

Description

Youcanusethiscommandtoverifythataddserversucceeded.Thiscommanddoesnotrequireadministrator

privilegesonvMA.

Example


ListsallserversthatarevMAtargets,forexample:



server3.mycomp.com ESXi fpauth


Option Description

now Immediatelyrotatesthepasswordforallserversoraspecifiedserver.

server ESXihostforwhichyouwanttorotatethepassword.Use--serveronlywith--now.

never Neverrotatethepasswordforanytargetserver.

days Rotatethe

password

for

all

target

servers

after

the

specified

number

of

days.

7/23/2019 Vma 51 Guide

32/36


32 VMware, Inc.

vifp reconfigure

Reconfigurestargetsystems.ThiscanbedonetochangeauthenticationpolicyortheconfiguredActive

Directoryuser.

Usage

reconfigure

[--authpolicy ]

[--protocol ][--portnumber ]

[--servicepath ]

[--username ]

[--password ]

Description

Youcanusethiscommandtoreconfiguretheauthenticationpolicyortheusers.Thiscommandcanberunonly

byadministrators.

Options

Target Management Example Sequence

ThefollowingsequenceofcommandsaddsanESXihost,listsservers,runsvifptargettoenablevifastpass,

runsavSphereCLIcommand,andremovestheESXihost.

vifp addserver server1.company.com

[email protected] password:

vifp listservers

server1.company.com ESX

vifptarget --set server1.company.comesxcli storage core path list

cdrom vmhba0:1:0 (0MB has 1 paths and policy of fixed

Local 0:7:1 vmhba0:1:0 On active preferred

.....

vifp removeserver server1.company.com

[email protected] password:

Option Description

server NameorIPaddressoftheESXihostorthevCenterServersystemtobereconfigured.

authpolicy IndicatesifthetargetusesthefastpassauthenticationortheActiveDirectoryauthentication.Thedefaultvalueisfpauth.

protocol Connectionprotocol.HTTPSbydefault.




IfthetargetserverpointstoanESXihost,thedefaultisroot.Theusermusthavesuperuserprivilegesonthetargetserver.

IfthetargetserverpointstoavCenterServersystem,thedefaultuseristheoneconfiguredforthevCentersystemintheprevioussession.Forexample,ifvCenterwasaddedorreconfiguredwiththeusernameadministratorintheprevioussession,thedefaultuserforthevifp reconfigurecommandisadministrator.

password Passwordoftheuserspecifiedbyusername.

7/23/2019 Vma 51 Guide

33/36

VMware, Inc. 33


Using the VmaTargetLibLibrary

TheVmaTargetLiblibraryallowsyoutoprogrammaticallyconnecttovMAtargetsbyusingPerlorJava.

AgentscanlinkwithVmaTargetLibandusevifastpassfunctionality.TheVmaTargetLiblibraryallowsyou

toenablevifastpassauthenticationandtoqueryorlistoneormoretargetswiththefollowingcommands:

EnumerateTargetsRetrievesalistofallserversthatarevMAtargets.

QueryTargetRetrievesconnectioninformationforatargetserver.

LoginConnectstoatargetserver.

LogoutLogsyououtofthetargetserver.

SeetheVmaTargetLibjavalibraryforamoredetailedreferencetotheJavainterface.Youcanfindsamplesin

/opt/vmware/vma/samples.

VmaTargetLibReference

YoucanusethefollowingVmaTargetLibcommandsinPerlorJavaprograms.

Enumerating Targets

Usage

Description

ReturnsalistoftargetvCenterServerorESXisystemsaddedtothevMAinstancebyusingvifp addserver.

Options

None

Returns

Returnsalistofalltargetservers.

Querying Targets

Usage

Description

Allowsthecaller,forexample,anagent,toretrievelogincredentialsfromavMAtargetandusethosecredentialstoconnecttothevMAtarget.

Options

Returns

ReturnsaspecificvMAtargetserver.

Perl enumerate_targets()

Java enumerateTargets()

Perl query_target ()

Java queryTarget (string )

Option Description

servername OneoftheserversaddedtothisvMAinstanceusingvifp addserver.CanbeanESXihostoravCenterServersystem.

7/23/2019 Vma 51 Guide

34/36


34 VMware, Inc.

Programmatic Login

Usage

Description

Allowsaprogramtologintoatargetserverprogrammatically.

Options

Returns

Returns1ifsuccessfuland0otherwise.

Programmatic Logout

Usage

Description

Allowsaprogramtologoutofatargetserverprogrammatically.

Options

Perl VmaTarget.login()

Java VmaTarget.login()

Option Language Description

service Java Javaserviceinstance.

svcRef Java JavaserviceManagedObjectReference.

servername Java,Perl OneoftheserversaddedtothisvMAinstanceusingvifp addserver.

Perl VmaTarget.logout()

Java VmaTarget.logout()

Option Language Description

servername Java,Perl OneoftheserversaddedtothisvMAinstanceusingvifp addserver.

7/23/2019 Vma 51 Guide

35/36

VMware, Inc. 35

Index

Aadding target servers 17addserver command 28

authentication component 8

authentication prerequisites 12

C

configuring vMA 16

D

deleting vMA 24

deploying vMA 13

DNS resolution 25

E

ESXi systems, vMA target 18

example sequence 32

H

hardware prerequisites 12

I

initialization 27

JJava JRE 8

L

listservers command 31

localhost 21

M

modifying scripts 21

multiple target servers 20

N

name change 17, 18, 19network configuration 14

network setup 14

P

passwords

ESXi hosts 12

vCenter Server systems 12

proc nodes 22

Rremoveservers command 29removing target servers 21

root user account 12

rotatepassword command 30

rotatepassword example 31

S

scripts, modifying 21

shutting down vMA 24

storage required for vMA 12

sudo 12

T

target servers

commands 28

multiple 20

name change 17, 18, 19

removing 21

single 17

technical support resources 6

troubleshooting vMA 25

U

user account

privileges 17

V

vCenter Server systems, vMA target 17

VI CLI

vifptarget 27

vifs 21

without vi-fastpass 20

vi-admin

privileges 16

vi-fastpassinitialization 27

overview 8

vifp addserver 28

vifp listservers 31

vifp removeserver 29

vifp rotatepassword 30

vifp target management 28

vifptarget command 27

vifs command 21

vi-user

7/23/2019 Vma 51 Guide

36/36


privileges 16

setup 16

vMA

component overview 8

getting started 11

interface overview 27

samples 9

use cases 9vMA targets

ESXi systems 18

vCenter Server systems 17

VmaTargetLib 33

VMware Tools 8

vSphere CLI 8

vSphere SDK for Perl 8

Documents

Vma 51 Guide