Upload
abhinav-srivastava
View
225
Download
0
Embed Size (px)
Citation preview
7/23/2019 Vma 51 Guide
1/36
vSphere Management Assistant GuidevSphere 5.1
This document supports the version of each product listed and
supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of thisdocument, see http://www.vmware.com/support/pubs.
EN-000852-00
http://www.vmware.com/support/pubshttp://www.vmware.com/support/pubs7/23/2019 Vma 51 Guide
2/36
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
Copyright 20082012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright andintellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents .VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marksand names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com
2 VMware, Inc.
vSphere Management Assistant Guide
http://www.vmware.com/supportmailto:[email protected]://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentsmailto:[email protected]://www.vmware.com/supporthttp://www.vmware.com/support/7/23/2019 Vma 51 Guide
3/36
VMware, Inc. 3
Contents
About
This
Book 5
1 IntroductiontovMA 7vMACapabilities 7
vMAComponentOverview 8
vSphereAuthenticationMechanism 8
vMASamples 9
vMAUseCases 9
WritingorConvertingScripts 9
WritingorConvertingAgents 9
2 GettingStartedwithvMA 11HardwareRequirements 12
SoftwareRequirements 12
RequiredAuthentication Information 12
DeployvMA 13
ConfigurevMAatFirstBoot 13
vMAConsoleandWebUI 14
ConfigurevMAforActiveDirectoryAuthentication 15
ConfigureUnattendedAuthenticationforActiveDirectoryTargets 15
TroubleshootingUnattendedAuthentication 16
EnabletheviuserAccount 16
vMAUserAccountPrivileges 17
AddTarget
Servers
to
vMA 17
RunningvSphereCLIfortheTargets 20
ReconfigureaTargetServer 20
RemoveTargetServersfromvMA 21
ModifyingScripts 21
ConfigurevMAtoUseaStaticIPAddress 22
ConfigureaStaticIPAddressfromtheConsole 22
ConfigureaStaticIPAddressfromtheWebUI 23
ConfigurevMAtoUseaDHCPServer 23
ConfigurevMAtoUseaDHCPServerfromtheConsole 23
ConfigurevMAtoUseaDHCPServerfromtheWebUI 23
SettingtheTimeZone 24
SettingtheTimeZonefromtheConsole 24SettingtheTimeZonefromtheWebUI 24
ShutDownvMA 24
DeletevMA 24
TroubleshootingvMA 25
UpdatevMA 26
ConfigureAutomaticvMAUpdates 26
3 vMAInterfaces 27vMAInterfaceOverview 27
vifptargetCommandforvifastpassInitialization 27
7/23/2019 Vma 51 Guide
4/36
vSphere Management Assistant Guide
4 VMware, Inc.
vifpTargetManagementCommands 28
vifpaddserver 28
vifpremoveserver 29
vifprotatepassword 30
vifplistservers 31
vifpreconfigure 32
TargetManagementExampleSequence 32
Using
the
VmaTargetLib
Library 33VmaTargetLibReference 33
EnumeratingTargets 33
QueryingTargets 33
Programmatic Login 34
Programmatic Logout 34
Index 35
7/23/2019 Vma 51 Guide
5/36
VMware, Inc. 5
ThevSphereManagementAssistantGuideexplainshowtodeployandusevMAandincludesreference
informationforvMACLIsandlibraries.
Toviewthecurrentversionofthisbook,aswellasallVMwareAPIandSDKdocumentation, goto
http://www.vmware.com/support/pubs/sdk_pubs.html .
Revision History
Thisbook,thevSphereManagementAssistantGuide,isrevisedwitheachreleaseoftheproductorwhen
necessary.Arevisedversioncancontainminorormajorchanges.Table 1summarizesthesignificantchanges
ineachversionofthisbook.
Intended Audience
ThisbookisforadministratorsanddeveloperswithsomeexperiencesettingupaLinuxsystemandworking
inaLinuxenvironment.AdministratorscanusethevMAautomatedauthenticationfacilitiesandthesoftware
packagedwithvMAtointeractwithESXihostsandvCenterServersystems.Developerscancreateagentsthat
interactwithESXihostsandvCenterServersystems.
About This Book
NOTE
Thetopicsinwhichthisdocumentationusestheproductname ESXi areapplicabletoallsupportedreleasesofESXandESXi.
Table 1. Revision History
Revision Description
10SEP2012 vMA5.1release
20JAN2012 Chapter2,sectionConfigureUnattendedAuthenticationforActiveDirectoryTargetsisupdated.
24AUG2011 vMA5.0release.
13JUL2010 vMA4.1release
16NOV2009 Chapter1isenhancedtoprovidedetailsaboutvMAsenhancedcapabilities,authenticationmechanismsandthechangestothesamples.
Chapter2providesinformationaboutconfiguringvMAforActiveDirectory.Italsoexplainshowtoreconfigureatargetserver.
Chapter3providesinformationaboutthenewvifptargetandvifp reconfigurecommands.ItalsodescribestheVmaTargetLiblibrary.
21MAY2009 vMA4.0documentation
27OCT2008 VIMA1.0documentation
http://www.vmware.com/support/pubs/sdk_pubs.htmlhttp://www.vmware.com/support/pubs/sdk_pubs.html7/23/2019 Vma 51 Guide
6/36
vSphere Management Assistant Guide
6 VMware, Inc.
VMware Technical Publications Glossary
VMwareTechnicalPublicationsprovidesaglossaryoftermsthatmightbeunfamiliartoyou.Fordefinitions
oftermsastheyareusedinVMwaretechnicaldocumentationgotohttp://www.vmware.com/support/pubs.
Document Feedback
VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Sendyourfeedbackto
Technical Support and Education Resources
Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Toaccessthecurrentversions
ofotherVMwarebooks,gotohttp://www.vmware.com/support/pubs.
Online and Telephone Support
Touseonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and
registeryourproducts,gotohttp://www.vmware.com/support .
Support OfferingsTofindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds,goto
http://www.vmware.com/support/services .
VMware Professional Services
VMwareEducationServicescoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerials
designedtobeusedasonthejobreferencetools.Coursesareavailableonsite,intheclassroom,andlive
online.Foronsitepilotprograms andimplementation bestpractices,VMwareConsultingServicesprovides
offeringsto helpyouassess,plan,build,andmanageyourvirtualenvironment.Toaccessinformationabout
educationclasses,certificationprograms,andconsultingservices,gotohttp://www.vmware.com/services.
http://www.vmware.com/support/pubsmailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]://www.vmware.com/support/pubshttp://www.vmware.com/supporthttp://www.vmware.com/support/serviceshttp://www.vmware.com/services/http://www.vmware.com/support/pubshttp://www.vmware.com/services/http://www.vmware.com/support/serviceshttp://www.vmware.com/supporthttp://www.vmware.com/support/pubsmailto:[email protected]7/23/2019 Vma 51 Guide
7/36
VMware, Inc. 7
1
ThevSphereManagementAssistant(vMA)isaSUSELinuxEnterpriseServer11basedvirtualmachinethat
includesprepackagedsoftwaresuchasthevSpherecommandlineinterface,andthevSphereSDKforPerl.
vMAallowsadministratorstorunscriptsoragentsthatinteractwithESXihostsandvCenterServersystems
withouthavingtoauthenticateeachtime.
Thechapterincludesthefollowingtopics:
vMACapabilitiesonpage 7
vMAComponentOverviewonpage 8
vMAUseCasesonpage 9
TogetstartedwithvMArightaway,gotoGettingStartedwithvMAonpage 11.
vMA Capabilities
vMAprovidesaflexibleandauthenticatedplatformforrunningscriptsandprograms.
Asadministrator,youcanaddvCenterServersystemsandESXihostsastargetsandrunscriptsand
programsonthesetargets.Onceyouhaveauthenticatedwhileaddingatarget,youneednotloginagain
whilerunningavSphereCLIcommandoragentonanytarget.
Asadeveloper,youcanusetheAPIsprovidedwiththeVmaTargetLiblibrarytoprogrammatically
connecttovMAtargetsbyusingPerlorJava.
vMAenablesreuseofserviceconsolescriptsthatarecurrentlyusedforESXiadministration,though
minormodificationstothescriptsareusuallynecessary.
vMAcomespreconfiguredwithtwouseraccounts,namely,viadminandviuser.
Asviadmin,youcanperformadministrative operationssuchasadditionandremovaloftargets.
You canalsorunvSphereCLIcommandsandagentswithadministrative privilegesonthe
added targets.
Asviuser,youcanrunthevSphereCLIcommandsandagentswithreadonlyprivilegesonthe
target.
YoucanmakevMAjoinanActiveDirectorydomainandloginasanActiveDirectoryuser.Whenyourun
commandsfromsuchauseraccount,theappropriateprivilegesgiventotheuseronthevCenterServer
systemortheESXihostwouldbeapplicable.
vMAcanrunagentcodethatmakeproprietaryhardwareorsoftwarecomponentscompatiblewith
VMwareESX.ThesecodecurrentlyrunintheserviceconsoleofexistingESXhosts.Youcanmodifymost
oftheseagentcodetoruninvMA,bycallingthevSphereAPI,ifnecessary.Developersmustmoveany
agentcodethatdirectlyinterfaceswithhardwareintoaprovider.
Introduction to vMA 1
7/23/2019 Vma 51 Guide
8/36
vSphere Management Assistant Guide
8 VMware, Inc.
vMA Component Overview
WhenyouinstallvMA,youarelicensedtousethevirtualmachinethatincludesallvMAcomponents.
vMAincludesthefollowingcomponents.
SUSELinuxEnterpriseServer11SP1vMArunsSUSELinuxEnterpriseServeronthevirtualmachine.
YoucanmovefilesbetweentheESXihostandthevMAconsolebyusingthevifsvSphereCLIcommand.
VMwareTools
Interface
to
the
hypervisor.
vSphereCLICommandsformanagingvSpherefromthecommandline.SeethevSphereCommandLine
InterfaceInstallationandReferenceGuide.
vSphereSDKforPerlClientsidePerlframeworkthatprovidesascriptinginterfacetothevSphereAPI.
TheSDKincludesutilityapplicationsandsamplesformanycommontasks.
JavaJREversion1.6RuntimeengineforJavabasedapplicationsbuiltwithvSphereWebServicesSDK.
vifastpass Authenticationcomponent.
vSphere Authentication Mechanism
vMAsauthenticationinterfaceallowsusersandapplicationstoauthenticatewiththetargetserversusing
vifastpassorActiveDirectory.Whileaddingaserverasatarget,theAdministratorcandetermineifthetargetneedstousevifastpassorActiveDirectoryauthentication.Forvifastpassauthentication, thecredentialsthat
auserhasonthevCenterServersystemorESXihostarestoredinalocalcredentialstore.ForActiveDirectory
authentication, theuserisauthenticatedwithanActiveDirectoryserver.
WhenyouaddanESXihostasafastpasstargetserver,vifastpasscreatestwouserswithobfuscated
passwordsonthetargetserverandstoresthepasswordinformationonvMA:
viadminwithadministratorprivileges
viuserwithreadonlyprivileges
ThecreationofviadminandviuserdoesnotapplyforActiveDirectoryauthentication targets.Whenyouadd
asystemasanActiveDirectorytarget,vMAdoesnotstoreanyinformationaboutthecredentials.Tousethe
ActiveDirectory
authentication,
the
administrator
must
configure
vMA
for
Active
Directory.
For
more
informationonhowtoconfigurevMAforActiveDirectory,seeConfigurevMAforActiveDirectory
Authentication onpage 15.
Afteraddingatargetserver,youmustinitializevifastpasssothatyoudonothavetoauthenticateeachtime
yourunvSphereCLIcommands.IfyourunavSphereCLIcommandwithoutinitializingvifastpass,youwill
beaskedforusernameandpassword.
Youcaninitializevifastpassbyusingoneofthefollowingmethods:
Runvifptarget.Formoreinformationaboutthisscript,seevifptargetCommandforvifastpass
Initializationonpage 27.
CalltheLoginmethodinaPerlorJavaprogram.Formoreinformationaboutthismethod,see
VmaTargetLibReferenceonpage 33.
Aftersettingupatargetusingthevifptargetcommand,youcanrunvSphereCLIcommandsorscriptsthat
usevSphereSDKforPerlwithoutprovidinganyauthenticationinformation.Toruncommandsagainstan
ESXihostthatismanagedbyavCenterServer,youcanusethe--vihostoption.
EachtimeyoulogintovMA,youmustrunthevifptargetcommandortheLoginmethodonce.Thetarget
thatyouspecifyinthevifptargetcommandisthedefaulttarget.Targetserversremaintargetsacross
reboots.Youcanoverrideitbyusingthe--serveroptionofthevSphereCLIcommandsasshowninthe
followingexample:
vifptarget -s esx1.foo.com
vicfg-nics -l #lists the nics on esx1.foo.com
vicfg-nics -l --server esx2.foo.com #lists the nics on esx2.foo.com
7/23/2019 Vma 51 Guide
9/36
VMware, Inc. 9
Chapter 1 Introduction to vMA
vMA Samples
vMAsamplesillustratethevMACLIsandtheVmaTargetLiblibrary.ThesamplesareavailableinvMAat
/opt/vmware/vma/samples.
bulkAddServers.plPerlsamplethataddsmultipletargetstovMA.
mcli.plPerlsamplethatrunsavSphereCLIcommandonmultiplevMAtargetsspecifiedinafile
suppliedasanargument.Youmustrunvifptargetbeforerunningthisscript.
listTargets.pl PerlsamplethatretrievesinformationandversionofvMAtargetsusing
VmaTargetLib.
listTargets.sh JavasamplethatdemonstratesuseofVmaTargetLib.
vMA Use Cases
Thissectionlistsafewtypicalusecases.
Writing or Converting Scripts
YoucanrunexistingvSphereCLIorvSphereSDKforPerlscriptsfromvMA.Tosettargetserversandinitialize
vifastpass,thescriptcanusetheVmaTarget.login() methodofVmaTargetLib.
Writing or Converting Agents
PartnersorcustomerscanusevMAtowriteorconvertagents.
ApartnerorcustomerwritesanewagentinPerl.
WhenapartnerorcustomerwritesanewagentinPerl,thePerlscriptmustimporttheVmaTargetLib
PerlmoduleandallvSphereSDKforPerlmodules.InsteadofcallingthevSphereSDKforPerlsubroutine
Util::Connect(targetUrl, username, password),theagentcalls
VmaTargetLib::VmaTarget.login().
ApartnerorcustomerrunsanagentwritteninPerlorJavaintheserviceconsoleandwantstoportthe
agenttovMA.
TheagentusescodesimilartothefollowingPerllikepseudocodetologintoESXihosts:
LoginToMyEsx() {
SessionManagerLocalTicket tkt = SessionManager.AcquireLocalTicket(userName);
UserSession us = sm.login(tkt.userName, tkt.passwordFilePath);
}
Thepartnerchangestheagenttousecodesimilartothefollowingpseudocodeinstead:
LoginToMyEsx(String myESXName) {
VmaTarget target = VmaTargetLib.query_target(myESXName);
UserSession us = target.login();
}
ThispseudocodeassumesonlyonevMAtarget.Formultipletargetservers,thecodecanspecifyany
targetserverorloopthroughalistoftargetservers.
ApartnerorcustomerrunsanagentwritteninPerloutsidetheESXihostandportstheagenttovMA.
InsteadofcallingthevSphereSDKforPerlmethodUtil::Connect(),theagentcallsthevifplibrary
methodVmaTargetLib::VmaTarget.login().
7/23/2019 Vma 51 Guide
10/36
vSphere Management Assistant Guide
10 VMware, Inc.
7/23/2019 Vma 51 Guide
11/36
VMware, Inc. 11
2
YoushouldhavesomeexperiencesettingupaLinuxsystemandworkinginaLinuxenvironment.This
chapterexplainshowtodeployandconfigurevMA,howtoaddandremovetargetservers,andhowto
prepareandrunscripts.Thechapteralsoincludestroubleshootinginformation.
ReadChapter 1,IntroductiontovMA,onpage 7forbackgroundinformationonvMAfunctionalityand
availablevMAcomponents.
Thischapterincludesthefollowingtopics:
HardwareRequirementsonpage 12
SoftwareRequirementsonpage 12
RequiredAuthenticationInformationonpage 12
DeployvMAonpage 13
ConfigurevMAatFirstBootonpage 13
vMAConsoleandWebUIonpage 14
ConfigurevMAforActiveDirectoryAuthentication onpage 15
ConfigureUnattendedAuthenticationforActiveDirectoryTargetsonpage 15
EnabletheviuserAccountonpage 16
vMAUserAccountPrivilegesonpage 17
AddTargetServerstovMAonpage 17
RunningvSphereCLIfortheTargetsonpage 20
ReconfigureaTargetServeronpage 20
RemoveTargetServersfromvMAonpage 21
ModifyingScriptsonpage 21
ConfigurevMAtoUseaStaticIPAddressonpage 22
ConfigurevMAtoUseaDHCPServeronpage 23
SettingtheTimeZoneonpage 24
ShutDownvMAonpage 24
DeletevMAonpage 24
TroubleshootingvMAonpage 25
Getting Started with vMA 2
IMPORTANT YoucannotupgradeapreviousversionofvMAtovMA5.1.YoumustinstallafreshvMA5.1
instance.
7/23/2019 Vma 51 Guide
12/36
vSphere Management Assistant Guide
12 VMware, Inc.
UpdatevMAonpage 26
ConfigureAutomaticvMAUpdatesonpage 26
Hardware Requirements
TosetupvMA,youmusthaveanESXihost.BecausevMArunsa64bitLinuxguestoperatingsystem,the
ESXihostonwhichitrunsmustsupport64bitvirtualmachines.
TheESXihostmusthaveoneofthefollowingCPUs:
AMDOpteron,revEorlater
IntelprocessorswithEM64TsupportwithVTenabled.
Opteron64bitprocessorsearlierthanrevE,andIntelprocessorsthathaveEM64Tsupportbutdonothave
VTsupportenabled,donotsupporta64bitguestoperatingsystem.Fordetailedhardwarerequirements,see
theHardwareCompatibilityListontheVMwareWebsite.
Bydefault,vMAusesonevirtualprocessor,andrequires3GBofstoragespaceforthevMAvirtualdisk.The
recommendedmemoryforvMAis600MB.
Software Requirements
YoucandeployvMAonthefollowingsystems:
vSphere5.1
vSphere5.0andlater
vSphere4.1andlater
vCenterApplication5.0andlater
YoucandeployvMAbyusingavSphereClientconnectedtoanESXihostorbyusingavSphereClient
connectedtovCenterServer5.1,vCenterServer5.0orlater,vCenterServer4.1orlater,orvCenterApplication
5.0andlater.
Youcan
use
vMA
to
target
vSphere
4.1
and
later,
vSphere
5.0
and
later,
and
vSphere
5.1
systems.
Atruntime,thenumberoftargetsasinglevMAinstancecansupportdependsonhowitisused.
Required Authentication Information
BeforeyoubeginvMAconfiguration,obtainthefollowingusernameandpasswordinformation:
vCenterServersystemIfyouwanttouseavCenterServersystemasthetargetserver,youmustbeable
toconnecttothatsystem.
IfyouareusingavCenterServertarget,youdonotneedpasswordsfortheESXihoststhatthevCenter
Serversystemmanages,unlessyouruncommandsthatdonotsupportvCenterServertargets.
ESXihostYoumusthavetherootpasswordortheusernameandpasswordforauserwith
administrative privilegesforeachESXihostyouaddasavMAtarget.Youdonotneedtheauthentication
informationwhenyouremoveatargethost.
vMAWhenyoufirstconfigurevMA,vMApromptsforapasswordfortheviadminuser.Specifya
passwordandrememberitforsubsequentlogins.TheviadminuserhasrootprivilegesonvMA.
IMPORTANT TherootuseraccountisdisabledonvMA.Torunprivilegedcommands,typesudo
.Bydefault,onlyviadmincanruncommandsthatrequiresudo.
7/23/2019 Vma 51 Guide
13/36
VMware, Inc. 13
Chapter 2 Getting Started with vMA
Deploy vMA
YoucandeployvMAbyusingafileorfromaURL.Ifyouwanttodeployfromafile,downloadandunzipthe
vMAZIPfilebeforeyoustartthedeploymentprocess.
To deploy vMA
1 UseavSphereClienttoconnecttoasystemthatisrunningthesupportedversionofESXiorvCenter
Server.
2 IfconnectedtoavCenterServersystem,selectthehosttowhichyouwanttodeployvMAintheinventory
pane.
3 SelectFile>DeployOVFTemplate.
TheDeployOVFTemplatewizardappears.
4 SelectDeployfromafileorURLifyouhavealreadydownloadedandunzippedthevMAvirtual
appliancepackage.
5 ClickBrowse,select
the
OVF,
and
click
Next.
6 ClickNextwhentheOVFtemplatedetailsaredisplayed.
7 AcceptthelicenseagreementandclickNext.
8 Specifyanameforthevirtualmachine.
Youcanalsoacceptthedefaultvirtualmachinename.
9 Selectaninventorylocationforthevirtualmachinewhenprompted.
IfyouareconnectedtoavCenterServersystem,youcanselectafolder.
10 IfconnectedtoavCenterServersystem,selecttheresourcepoolforthevirtualmachine.
Bydefault,thetoplevelrootresourcepoolisselected.
11 Ifprompted,selectthedatastoretostorethevirtualmachineonandclickNext.
12 SelecttherequireddiskformatoptionandclickNext.
13 SelectthenetworkmappingandclickNext.
14 ReviewtheinformationandclickFinish.
ThewizarddeploysthevMAvirtualmachinetothehostthatyouselected.The deployprocesscantake
severalminutes.
NextyouconfigureyourvMAvirtualmachine.YouperformthistaskwhenyoulogintovMAthefirsttime.
Configure vMA at First Boot
WhenyoustartthevMAvirtualmachinethefirsttime,youcanconfigureit.
To configure vMA
1 InthevSphereClient,rightclickthevirtualmachine,andclickPowerOn.
2 SelecttheConsoletab.
IMPORTANT YoucannotupgradeanearlierversionofvMAtovMA5.1.YoumustinstallafreshvMA5.1
instance.
IMPORTANT EnsurethatvMAisconnectedtothemanagementnetworkonwhichthevCenterServer
systemandtheESXihoststhatareintendedvMAtargetsarelocated.
7/23/2019 Vma 51 Guide
14/36
vSphere Management Assistant Guide
14 VMware, Inc.
3 Selecttheappropriatemenuoptiontoconfigurethenetworksettings.
YoucanindividuallyconfigurethevariousnetworksettingssuchasIPaddress,hostname,DNS,proxy
server,anddefaultgateway,byselectingtheappropriatemenuoption.
Thehostnamecancontain64alphanumericcharacters.YoucanchangethevMAhostnamelaterby
modifyingthe/etc/HOSTNAME and/etc/hostsfiles,asyouwouldforaLinuxhost.Youcanalsousethe
vMAconsoletochangethehostname.ForaDHCPconfiguration,thehostnameisobtainedfromthe
DNSserver.
IfyouuseastaticIPv4networkconfigurationtoconfiguretheIPaddress,DNS,defaultgateway,and
hostname,thenyoumustalsoconfigureadefaultIPv6gatewayduringthefirstbootnetwork
configuration,elsethevMAmightbeunreachableinthenetworkafterlogin.
Ensurethatyoucompletethenetworkconfigurationatthefirstboot.Ifyouskipthenetwork
configuration,theappliancetakesthedefaultnetworkconfigurationfromtheguestoperatingsystem,
whichmayleadtosomeinconsistencies.
4 Whenprompted,specifyapasswordfortheviadminuser.
Ifpromptedforanoldpassword,pressEnterandcontinue.
ThenewpasswordmustconformtothevMApasswordpolicy.Thepasswordmusthaveatleast:
Ninecharacters
Oneuppercasecharacter
Onelowercasecharacter
Onenumeralcharacter
Onesymbolsuchas#,$
YoucanlaterchangethepasswordfortheviadminuserusingtheLinuxpasswdcommand.
Thisuserhasrootprivileges.
vMAisnowconfiguredandthevMAconsoleappears.TheconsoledisplaystheURLfromwhichyoucan
accesstheWebUI.
vMA Console and Web UI
vMAprovidestwointerfaces,theconsole,whichisacommandlineinterfaceandthebrowserbasedWebUI.
Fromtheconsole,youcandothefollowingtasks:
Loginasviadmin
AddserverstovMA
RuncommandsfromthevMAconsole
Configurethenetworksettingsandproxyserversettings
Configurethetimezonesettings.
ThewebUIenablesyoutodothefollowingtasks:
Loginasviadmin
Configurethenetworksettingsandproxyserversettings
Configurethetimezonesettings.
UpdatevMA
NOTE YoucanconfigureonlyonenetworkadapterinvMA.Youcannotaddandconfiguremultiplenetwork
adaptersinvMA.
7/23/2019 Vma 51 Guide
15/36
VMware, Inc. 15
Chapter 2 Getting Started with vMA
Configure vMA for Active Directory Authentication
ConfigurevMAforActiveDirectoryauthenticationsothatESXihostsandvCenterServersystemsaddedto
ActiveDirectorycanbeaddedtovMAwithouthavingtostorethepasswordsinvMAscredentialstore.This
isamoresecurewayofaddingtargetstovMA.
EnsurethattheDNSserverconfiguredforvMAisthesameastheDNSserverofthedomain.Youcanchange
theDNSserverbyusingthevMAConsoleortheWebUI.EnsurethatthedomainisaccessiblefromvMA.
Also,You
must
be
able
to
ping
the
ESXi
and
vCenter
Server
systems
that
you
want
to
add
to
vMA.
Ensure
that
pingingresolvestheIPaddressto,wheredomainnameisthedomainto
whichvMAistobeadded.
To add vMA to a domain
1 FromthevMAconsole,runthefollowingcommand:
sudo domainjoin-cli join
2 Whenprompted,providetheActiveDirectoryadministrator spassword.
Onsuccessfulauthentication, thecommandaddsvMAasamemberofthedomain.Thecommandalso
addsentriesinthe/etc/hostsfilewithvmaHostname.domainname.
3 RestartvMA.
Now,youcanaddanActiveDirectorytargettovMA.Forstepstodothis,seeAddTargetServersto
vMAonpage 17.
To check vMA's domain settings
FromthevMAconsole,runthefollowingcommand:
sudo domainjoin-cli query
ThecommanddisplaysthenameofthedomaintowhichvMAhasjoined.
To remove vMA from the domain
FromthevMAconsole,runthefollowingcommand:
sudo domainjoin-cli leave
ThevMAconsoledisplaysamessagestatingwhethervMAhaslefttheActiveDirectorydomain.
Configure Unattended Authentication for Active Directory Targets
Toconfigureunattendedauthentication (authentication fromviadminorrootcontext)toActiveDirectory
targets,youmustrenewtheKerberosticketsforthedomainuserusingwhichthetargetisadded.Unattended
authenticationissupportedforESXi4.1Update3andlater.YoumustensurethattheActiveDirectoryissetup
forunattendedlogin.
To conf igure unattended authentication for Active Directory targets
1 Onany
Windows
Server
2003
computer
that
is
part
of
the
domain
to
which
vMA
is
added,
download
and
installtheKtpasstoolfromtheMicrosoftwebsite.
2 Openthecommandpromptandrunthefollowingcommand:
ktpass /out foo.keytab /princ [email protected] /pass ca... /ptype KRB5_NT_PRINCIPAL
-mapuser \
where,isthenameofthedomainandfooistheuserhavingpermissionsforthevCenter
administration.
Thiscommandcreatesafilecalledfoo.keytab.
3 Movethefoo.keytabfileto/home/local/VMA-DC/foo.
YoucanuseWinSCPandloginasuservma-dc\footomovethefile.
7/23/2019 Vma 51 Guide
16/36
vSphere Management Assistant Guide
16 VMware, Inc.
4 (Optional)Makesurethattheuservmadc\fooonvMAownsthefoo.keytabfilebyusingthefollowing
commands:
ls -l /home/local/VMA-DC/foo/foo.keytab
chown vma-dc\foo/home/local/VMA-DC/foo/foo.keytab
5 OnvMA,createascriptin/etc/cron.hourly/kticket-renewwiththefollowingcontents:
#!/bin/sh
su - vma-dc\\foo -c '/usr/bin/kinit -k -t /home/local/VMA-DC/foo/foo.keytab foo'
Thisscriptwillrenewtheticketfortheuserfooeveryhour.
Youcanalsoaddtheabovescripttoaservicein/etc/init.dtorefreshtheticketswhenvMAisbooted.
Troubleshooting Unattended Authentication
IfyouarenotabletoauthenticatefromvMAorcannotaddvMAtothedomaincontroller,verifythefollowing
conditions:
YourDNSserversetupinvMAresolvestheIPaddressorhostnameofthevCenterservertoafully
qualifieddomainname(FQDN)andthattheFQDNcontainsthedomainnametowhichvMAisadded.
Thecommandvifp listserversshowsthenameofvCenterserverastheFQDNthatcontainsthe
domainname
to
which
vMA
is
added
as
the
suffix.
ThedateandtimesettingsonvMA,thedomaincontrollerandthevCenterserverarethesame.Verifythe
timezoneaswell.Thetimemayvarybyanhour,butalargetimeskewmightcauseauthentication
problems.
Enable the vi-user Account
Aspartofconfiguration,vMAcreatesaviuseraccountwithnopassword.However,youcannotusethe
viuseraccountuntilyouhavespecifiedaviuserpassword.
To enable the vi-user account
1 LogintovMAasviadmin.
2 RuntheLinuxpasswdcommandforviuserasfollows:
sudo passwd vi-user
IfthisisthefirsttimeyouusesudoonvMA,amessageaboutrootuserprivilegesappears,andyouare
promptedfortheviadminpassword.
3 Specifytheviadminpassword.
4 Whenprompted,typeandconfirmthepasswordforviuser.
AftertheviuseraccountisenabledonvMA,ithasnormalprivilegesonvMAbutisnotinthesudoerslist.
WhenyouaddESXitargetservers,vMAcreatestwousersoneachtarget:
viadminhasadministrative privilegesonthetargetsystem.
viuserhasreadonlyprivilegesonthetargetsystem.vMAcreatesviuseroneachtargetthatyouadd,
evenifviuserisnotcurrentlyenabledonvMA.
WhenauserisloggedintovMAasviuser,vMAusesthataccountontargetESXihosts,andtheusercanrun
onlycommandsontargetESXihoststhatdonotrequireadministrative privileges.
IMPORTANT TheviuseraccounthaslimitedprivilegesonthetargetESXihostsandcannotrunany
commandsthatrequiresudoexecution.YoucannotuseviusertoruncommandsforActiveDirectorytargets
(ESXior
vCenter
Server).
To
run
commands
for
the
Active
Directory
targets,
use
the
vi-admin
user
or
log
in
asanActiveDirectoryusertovMA.
7/23/2019 Vma 51 Guide
17/36
VMware, Inc. 17
Chapter 2 Getting Started with vMA
vMA User Account Privileges
Table 21liststheprivilegesthatthedifferentuseraccountshaveforvCLIusageagainstdifferenttargets.
Add Target Servers to vMA
AfteryouconfigurevMA,youcanaddtargetserversthatrunthesupportedvCenterServerorESXiversion.
ForvCenterServerandESXisystemtargets,youmusthavethenameandpasswordofauserwhocanconnect
tothatsystem.
Seevifpaddserveronpage 28forthecompletesyntax.
To add a vCenter Server system as a vMA target for Ac tive Directory Authentication
1 LogintovMAasviadmin.
2 AddaserverasavMAtargetbyrunningthefollowingcommand:
vifp addserver vc1.mycomp.com --authpolicy adauth --username ADDOMAIN\\user1
Here,--authpolicy adauthindicatesthatthetargetneedstousetheActiveDirectoryauthentication.
Ifyourunthiscommandwithoutthe--usernameoption,vMApromptsforthenameoftheuserthatcan
connecttothevCenterServersystem.Youcanspecifythisusernameasshowninthefollowingexample:
Enter username for machinename.example.com: ADDOMAIN\user1
If--authpolicy
is
not
specified
in
the
command,
then
fpauth
is
taken
as
the
default
authentication
policy.
3 Verifythatthetargetserverhasbeenadded.
Thedisplayshowsalltargetserversandtheauthenticationpolicyusedforeachtarget.
vifp listservers --long
server1.mycomp.com ESX adauth
server2.mycomp.com ESX fpauth
server3.mycomp.com ESXi adauth
vc1.mycomp.com vCenter adauth
4 Setthetargetasthedefaultforthecurrentsession:
vifptarget --set | -s
5 VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommandonone
oftheESXihosts,forexample:
esxcli --server --vihost network nic list
Thecommandrunswithoutpromptingforauthentication information.
Table 2-1. Account Privileges for vCLI Usage
Target
Authent ication
Policy vi-admin vi-user domain user
ESXi fpauth Y Y N
ESXi adauth Y N Y
vCenterServer fpauth Y N N
vCenterServer adauth Y N Y
IMPORTANT Ifthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifp
removeserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname.
7/23/2019 Vma 51 Guide
18/36
vSphere Management Assistant Guide
18 VMware, Inc.
To add a vCenter Server system as a vMA target fo r fastpass Authenti cation
1 LogintovMAasviadmin.
2 AddaserverasavMAtargetbyrunningthefollowingcommand:
vifp addserver vc2.mycomp.com --authpolicy fpauth
Here,--authpolicy fpauthindicatesthatthetargetneedstousethefastpassauthentication.
3 Specifythe
username
when
prompted:
Enter username for machinename.example.com: MYDOMAIN\user1
4 Specifythepasswordforthatuserwhenprompted.
[email protected]'s password:
5 Reviewandacceptthesecurityriskinformation.
6 Verifythatthetargetserverhasbeenadded.
Thedisplayshowsalltargetserversandtheauthenticationpolicyusedforeachtarget.
vifp listservers --long
server1.mycomp.com ESX adauth
server2.mycomp.com ESX fpauth
server3.mycomp.com ESXi adauthvc1.mycomp.com vCenter adauth
vc2.mycomp.com vCenter fpauth
7 Setthetargetasthedefaultforthecurrentsession.
vifptarget --set | -s
8 VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommandonone
oftheESXihosts,forexample:
esxcli --server --vihost network nic list
Thecommandrunswithoutpromptingforauthentication information.
To add an ESXi host as a vMA target for Active Directory Authentication
1 LogintovMAasviadmin.
2 AddanESXiserverasavMAtargetbyrunningthefollowingcommand:
vifp addserver server3.mycomp.com --authpolicy adauth --username ADDOMAIN\\user1
Here,--authpolicy adauthindicatesthatthetargetneedstousetheActiveDirectoryauthentication.
Ifyourunthiscommandwithoutthe--usernameoption,vMApromptsforthenameoftheuserthatcan
connecttotheESXiServer.Youcanspecifythisusernameasshowninthefollowingexample:
Enter username for machinename.example.com: ADDOMAIN\user1
If--authpolicyisnotspecifiedinthecommand,thenfpauthistakenasthedefaultauthentication
policy.
3 Verifythatthetargetserverhasbeenadded.
Thedisplayshowsalltargetserversandtheauthenticationpolicyusedforeachtarget.
vifp listservers --long
server1.mycomp.com ESX adauth
server2.mycomp.com ESX fpauth
server3.mycomp.com ESXi adauth
vc1.mycomp.com vCenter adauth
IMPORTANT Ifthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifp
removeserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname.
7/23/2019 Vma 51 Guide
19/36
VMware, Inc. 19
Chapter 2 Getting Started with vMA
4 Setthetargetasthedefaultforthecurrentsession:
vifptarget --set | -s
5 VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommand,forexample:
esxcli network nic list
Thecommandrunswithoutpromptingforauthentication information.
To add an ESXi host as a vMA target for fastpass Authentication
1 LogintovMAasviadmin.
2 AddanESXiServerasavMAtargetbyrunningthefollowingcommand:
vifp addserver server2.mycomp.com --authpolicy fpauth
Here,--authpolicy fpauthindicatesthatthetargetneedstousethefastpassauthentication.
Youarepromptedforthetargetserversrootuserpassword.
root@s password:
3 SpecifytherootpasswordfortheESXihostthatyouwanttoadd.
vMAdoesnotretaintherootpassword.Instead,vMAaddsviadminandviusertotheESXihost,and
storestheobfuscatedpasswordsthatitgeneratesforthoseusersintheVMwarecredentialstore.
InavSphereclientconnectedtothetargetserver,theRecentTaskspaneldisplaysinformationaboutthe
usersthatvMAadds.ThetargetserversUsersandGroupspaneldisplaystheusersifyouselectit.
4 Reviewandacceptthesecurityriskinformation.
5 Verifythatthetargetserverhasbeenadded.
Thedisplayshowsalltargetserversandtheauthenticationpolicyusedforeachtarget.
vifp listservers --long
server1.mycomp.com ESX adauth
server2.mycomp.com ESX fpauth
server3.mycomp.com ESXi adauth
vc1.mycomp.com vCenter adauth
vc2.mycomp.com vCenter fpauth
6 Setthetargetasthedefaultforthecurrentsession.
vifptarget --set | -s
7 VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommand,forexample:
esxcli network nic list
Thecommandrunswithoutpromptingforauthentication information.
IMPORTANT
Ifthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifpremoveserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname.
CAUTION RemoveusersaddedbyvMAfromthetargetserveronlyifyouhavedeletedthevMAvirtual
machinebutdidnotremovethetargetservers.
IMPORTANT Ifthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifp
removeserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname.
7/23/2019 Vma 51 Guide
20/36
vSphere Management Assistant Guide
20 VMware, Inc.
Running vSphere CLI for the Targets
Ifyouhaveaddedmultipletargetservers,youshouldspecifythetargetserverexplicitlywhenrunning
commands.Bydefault,vMAexecutescommandsontheserverthatisconfiguredasthedefaulttargetbyusing
thevifptarget -scommand.Ifnoneoftheaddedtargetserversareconfiguredasthedefaulttargetandno
targetserverisexplicitlyspecifiedwhenrunningthevSphereCLIcommands,thenthecommandsarerun
againstthevMAitself.
To run vSphere CLI for the targets
1 AddserversasvMAtargets.
vifp addserver
vifp addserver
2 Verifythatthetargetserverhasbeenadded:
vifp listservers
3 Runvifptarget.
vifptarget -s
Thecommandinitializesthespecifiedtargetserver.Now,thisserverwillbetakenasthedefaulttargetfor
thevSphereCLIorvSphereSDKforPerlscripts.
4 RunvSphereCLIorvSphereSDKforPerlscripts,byspecifyingthetargetserver.Forexample:
esxcli --server server2 network nic list
Reconfigure a Target Server
Youcanreconfigureatargetserverifyouwanttoperformanyofthefollowingtasks:
ChangetheauthenticationmodeofavMAtargetfromvifastpasstoActiveDirectoryorviceversa.
ChangetheconfigureduserfortheActiveDirectorytarget.
Recoverusersforthevifastpasstarget.AuserneedstoberecoveredifthecredentialstoreonvMAis
corruptedorifthecredentialsofuserscorrespondingtovMAusersaremodifiedandnotreflectedinvMA.
To change the authentication poli cy
1 LogintovMAasviadmin.
2 Runreconfigure
vifp reconfigure --authpolicy
3 Whenprompted,provideyourcredentials.
IfyoureconfigureanActiveDirectorytargettovifastpassauthentication, thenspecifytheroot
passwordforESXitargetsandtherootusernameandpasswordforvCentertargets.
IfyoureconfigureavifastpasstargettoActiveDirectoryauthentication, thenspecifytheroot
usernamefor
the
target.
To change the configured user or to recover users
1 LogintovMAasviadmin.
2 Runreconfigure.
vifp reconfigure
3 Whenprompted,provideyourcredentials.
IfyoureconfigureanActiveDirectorytarget,specifyausernameforthetarget.
7/23/2019 Vma 51 Guide
21/36
VMware, Inc. 21
Chapter 2 Getting Started with vMA
Ifyoureconfigureavifastpasstarget,specifytherootpasswordoftheESXitarget,andthepassword
forusernameusedtoaddthevCenterServertarget.
Example 2-1. Adding and Reconfiguring a Target
vi-admin@example-dhcp:~> vifp addserver 90.100.110.120Enter username for 90.100.110.120: administrator
[email protected]'s password:
This will store username and password in credential store which is a security risk. Do you want
to continue?(yes/no): yes
vi-admin@example-dhcp:~> vifp reconfigure 90.100.110.120
[email protected]'s password:
vi-admin@example-dhcp:~>
Remove Target Servers f rom vMA
BeforeyoudeleteavMAvirtualmachine,removealltargetserversfromvMA.Ifyoudonotremovetarget
ESXihosts,
the
vi
admin
and
vi
user
users
remain
on
the
target
servers.
To remove a vCenter Server system from vMA
1 LogintovMAasviadmin.
2 ToremoveatargetvCenterServersystemfromvMA,runthefollowingcommand:
vifp removeserver
ThevCenterServersystemisnolongeravMAtarget.
To remove an ESXi host from vMA
1 LogintovMAasviadmin.
2 Toremove
an
ESXi
host
that
is
avMA
target,
run
the
following
command:
vifp removeserver
TheRecentTaskspanelofthetargetserverdisplaysinformationabouttheviadminandviuserusersthat
arebeingremoved.TheUsersandGroupspanelofthetargetservernolongerdisplaystheusers.
Modifying Scripts
YoucanmodifyserviceconsolescriptstorunfromvMA.
LinuxcommandsScriptsrunninginvMAcannotuseLinuxcommandsinthewaythattheydoonthe
ESXserviceconsolebecausetheLinuxcommandsarerunningonvMAandnotontheESXhost.
AccesstoESXifilesIfyouneedaccesstofoldersorfilesonanESXihost,youcanmakethathostatarget
serverandusethevifsvSphereCLIcommandtoview,retrieve,ormodifyfoldersandfiles.
ReferencestolocalhostScriptscannotrefertolocalhost.
Ifvifastpassisinitialized,allcommandsthatdonotspecify--serverapplytothedefaulttarget.
Ifvifastpassisinitialized,allcommandsthatspecifyhostnameorIPofthetargetapplytothetarget
specified.
ProgrammaticconnectionInPerlscriptsorJavaprograms,youcancallVmaTarget.login() method
ofVmaTargetLibandspecifythehosttoconnectto.Thedirectory/opt/vmware/vma/samplescontains
examplesinPerlandJava.vMAhandlesauthenticationiftheserverhasbeenestablishedasatarget
server.ProgramscanuseVmaTargetLiblibrarycommands.SeeUsingtheVmaTargetLibLibraryon
page 33.
NOTE Ifthetargetserverisnotinitializedasthedefaulttarget,thenyoumustrunthevifptarget -s
commandagainstthetargetservertoreinitializeitwiththenewcredentialsafteryoureconfigurethetarget.
7/23/2019 Vma 51 Guide
22/36
vSphere Management Assistant Guide
22 VMware, Inc.
NoprocnodesSomeserviceconsolescriptsstilluseVMwareprocnodes,whichwereofficiallymade
obsoletewithESXServer3.0andarenotavailableinESX/ESXi4.0andlater.Youcanextractinformation
thatwasavailableinVMwareprocnodesusingthevSphereCLIcommandsavailableonvMA.
TargetspecificationYoumustspecifythetargetserverwhenyouruncommandsorscripts.
Table 22liststhevMAcomponentsthatyoucanuseformodifyingscriptsthatincludeprocnodesandLinux
commands.
Configure vMA to Use a Static IP Address
Duringthefirstboot,youcanconfigurevMAtouseaDHCPserverorspecifyastaticIPaddress.TheDHCP
serverassignsanetworkaddress,allowingyoutorunthevirtualmachinewithoutsetup.Thisnetwork
addressmight
change
after
the
virtual
machine
has
been
powered
off
longer
than
the
DHCP
lease
time.
Most
serverapplicationsshouldbeconfiguredtoastaticnetworkaddressthatisconstantandwellknown.
Configure a Static IP Address from the Console
YoucanconfigureastaticIPaddressfromthevMAconsoleorthewebUI.
To conf igure a static IP address from the console
1 Intheconsole,selectConfigureNetworkandpressEnter.
2 Selectmenuoption6toconfiguretheIPaddress.
3 IfyouwanttoconfigureanIPv6address,typeyandpressEnter.
a PressEnter
to
specify
astatic
IP
address
and
provide
the
IP
address
and
Netmask
b TypeyandpressEntertoconfirmtheIPaddress.
4 IfyouwanttoconfigureanIPv4address,typeyandpressEnter.
a PressEntertospecifyastaticIPaddressandprovidetheIPaddressandNetmask
b TypeyandpressEntertoconfirmtheIPaddress.
5 Toconfiguretheothernetworksettings,suchasDNSanddefaultgateway,selecttheappropriatemenu
optionandprovidetherequirednetworkconfigurationdetails.
Table 2-2. vMA Components for Use in Scripts
vMA Component Description For more information
vSphereCLIcommands ManageESXihostsandvirtualmachines. vSphereCommandLineInterfaceInstallationandReferenceGuide.
vifsvSphereCLIcommand
Performcommonoperations,suchascopy,remove,get,andput,onfilesanddirectories.
vSphereCommandLineInterfaceInstallationandReferenceGuide.
vSphereSDKforPerl AccessthevSphereAPI,aWebservicesbasedAPIformanaging,monitoring,andcontrollingthelifecycleofallvSpherecomponents.
vSphereSDKforPerlProgrammingGuide.
vSphereSDKforPerlutilityapplications
Performcommonadministrativetasks. vSphereSDKforPerlUtilityApplicationsReference.
CommandsareonvMAin/usr/lib/vmware-vcli/apps
vSphereSDKforPerlWSManagementcomponent
AccessCIM/SMASHdata.ESXisupportsmanySystemsManagementArchitectureforServerHardware(SMASH)profiles,enablingsystemmanagementclientapplicationstocheckthestatusofunderlyingservercomponentssuchasCPU,fans,powersupplies,andsoon.
vSphereSDKforPerlProgrammingGuide.
7/23/2019 Vma 51 Guide
23/36
VMware, Inc. 23
Chapter 2 Getting Started with vMA
Configure a Static IP Address f rom the Web UI
YoucanconfigureastaticIPaddressfromthevMAconsoleorthewebUI.
To configure a static IP address from the web UI
1 LogintothewebUI.
2 OpentheNetworkpageandclicktheAddresstab.
3 SelecttheUse
the
following
IP
settingsoptionandprovidetheIPaddressesforthefollowing:
IPAddress
Netmask
Gateway
PreferredDNSServer
AlternateDNSServer
Hostname
4 ClickSaveSettings.
Configure vMA to Use a DHCP Server
YoucanreconfigurevMAtouseaDHCPserverinsteadofusingastaticIPaddress.
Configure vMA to Use a DHCP Server from the Console
To conf igure vMA to use a DHCP server from the consol e
1 OnthevMAconsole,selectConfigureNetworkandpressEnter.
2 Selectmenuoption6toconfiguretheIPaddress.
3 IfyouwanttoconfigureanIPv6address,typeyandpressEnter.
a TypeyandpressEntertouseaDHCPserver.
b ProvidethedetailsoftheDHCPserver.
4 IfyouwanttoconfigureanIPv4address,typeyandpressEnter.
a TypeyandpressEntertouseaDHCPserver.
b ProvidethedetailsoftheDHCPserver.
5 Toconfiguretheothernetworksettings,suchasDNSanddefaultgateway,selecttheappropriatemenu
optionandprovidetherequirednetworkconfigurationdetails.
Configure vMA to Use a DHCP Server from the Web UI
To configure vMA to use a DHCP server from the web UI
1 LogintothewebUI.
2 OpentheNetworkpageandclicktheAddresstab.
3 SelecttheObtainconfigurationfromDHCPserveroption.
4 ClickSaveSettings.
7/23/2019 Vma 51 Guide
24/36
vSphere Management Assistant Guide
24 VMware, Inc.
Setting the Time Zone
Bydefault,thevirtualhardwareclockismaintainedinCoordinatedUniversalTime(UTC),whichvMA
convertstolocaltime.Youcan,however,setittoalocaltime,whichisimportantfortheupdaterepositoryand
VMwarevCenterUpdateManager.
Setting the Time Zone from the Console
Youcansettimezonefromtheconsoleasdescribedhere.
To set the time zone from the console
1 Ontheconsole,selectSetTimezoneandpressEnter.
2 Whenprompted,selectyourcontinentorregionandpressEnter.
3 Whenprompted,selectyourcountryandpressEnter.
Thescreendisplaystheinformationthatyouhaveselectedandthetimethatwillbeset.
4 Type1iftheinformationiscorrect.
vMAsetsthetimezone.
Setting the Time Zone from the Web UI
YoucansetthetimezonefromthewebUIbyusingthefollowingsteps.
To set the time zone from the Web UI
1 AccessthewebUIandlogin.
2 ClicktheSystemtabthenclicktheTimeZonebutton.
3 FromtheTimeZoneSettingslist,selectyourcountryandcity.
4 ClickSaveSettings.
Shut Down vMABeforeyoupoweroffvMA,shutdownthevirtualmachine.
To shut down vMA from vSphere Client
1 ShutdowntheoperatingsystemusingaLinuxcommandsuchasthehaltcommandonthevMA
commandline.
2 PoweroffthevMAvirtualmachineusingthevSphereClient.
To shut down vMA from the Web UI
3 LogintotheWebUIasviadmin.
4 Inthe
Information
tab,
click
Shutdown.
Delete vMA
IfyouintendtodeployanewerversionofvMA,orifyounolongerneedvMA,youcandeletethevMAvirtual
machine.
IMPORTANT IfyoudeletevMAwithoutremovingallservers,theviadminandviuserusersremainonthe
targetESXihosts.ThenexttimeyouaddthehosttoavMAinstance,vMAcreatesausernamewithadifferent
numericextension.
7/23/2019 Vma 51 Guide
25/36
VMware, Inc. 25
Chapter 2 Getting Started with vMA
To delete the vMA virtual machine
1 RemoveallvMAtargetserversyouadded.SeeRemoveTargetServersfromvMAonpage 21.
2 ShutdownvMA.
3 PoweroffthevirtualmachinebyusingthevSphereClient.
4 InthevSphereClient,rightclickthevirtualmachineandselectDeletefromDisk.
Troubleshooting vMA
YoucanfindtroubleshootinginformationforallVMwareproductsinVMwareKnowledgeBasearticlesand
informationaboutvMAknownissuesinthereleasenotes.Table 23explainsafewcommonlyencountered
issuesthatareeasilyresolved.
ThisreleaseofvMAprovidesthevma-supportscriptthatenablesyoutocollectvarioussystemconfigurationinformationandotherlogs.Youcanrunthisscriptbyissuingthefollowingcommand:
> sudo vma-support
Thescriptgeneratestheinformationandlogbundleandappendsittothevmware.logfileontheESXihost
onwhichvMAisdeployed.
Table 2-3. Troubleshooting vMA
Issue Resolution
YoucandeployvMAbutwhenyoustartupthevirtualmachine,anerroroccurs.
CheckwhetheryoursetupmeetsthehardwareandsoftwarerequirementslistedinHardwareRequirementsonpage 12.
YouaddaserverbutthevSphereCLIcommandorPerlscriptstillpromptsforauthentication.
Runviftargetforthetargetserver.
Youhaveaddedmultipleservers.YoudonotknowwherevMArunsvSphereCLIcommandsifyoudonotspecify--server.
Afteracalltovifptarget,yourpromptchangestoincludethecurrenttarget.
YouwanttoenableDNSresolutioninvMA. YoucanconfiguretheDNSresolutionnameserverforvMAbyupdatingthe/etc/resolv.conffile.AddthefollowinglineforeachDNSserverinyournetwork:
nameserver
Typeman resolv.conffordetailsonthatfile.
IfvMAissetupforDHCP,andthenetworkisrestarted,changesyoumadeto/etc/resolv.confarelost.
ProblemswhileaddingActiveDirectorytarget
orconfiguringvMAforActiveDirectory.
IfyouareunabletoauthenticatefromvMAorcannotadd
vMAto
the
domain
controller,
check
the
following:
YourDNSserversetupinvMAresolvestheIPaddressorhostnameofthevCenterservertoanFQDNandtheFQDNcontainsthedomainnametowhichvMAisadded.
Thevifp listservercommandshowsthenameofvCenterastheFQDNthatcontainsthedomainnametowhichvMAisaddedasthesuffix.
ThedateandtimesettingsonvMA,thedomaincontrollerandvCenterServerareidentical.Checkthetimezoneaswell.Thetimemaynotexactlybethesamebutmayvarybyanhour.However,alargeskewinthetimemaycauseauthenticationproblems.
7/23/2019 Vma 51 Guide
26/36
vSphere Management Assistant Guide
26 VMware, Inc.
Update vMA
YoucandownloadsoftwareupdatesincludingsecurityfixesfromVMwareandcomponentsincludedinvMA,
suchastheSUSELinuxEnterpriseServerupdatesandJRE.
To update vMA
1 AccesstheWebUI.
2 Loginasviadmin.
3 ClicktheUpdatetabandthentheStatustab.
4 OpentheSettingstabandthenfromtheUpdateRepositorysection,selectarepository.
5 ClickCheckUpdates.
6 ClickInstallUpdates.
Configure Automatic vMA Updates
Youcan
configure
automatic
download
of
vMA
updates.
To configure automatic updates
1 AccesstheWebUI.
2 Loginasviadmin.
3 ClicktheUpdatetabandthentheSettingstab.
4 ClickAutomaticcheckforupdates.
5 Setthescheduleforperformingtheautomaticchecksbyselectingadayandtimefromthedropdown
lists.
6 IntheUpdateRepositorysection,selectarepository.
7 ClickSaveSettings.
IMPORTANT YoucannotupgradeapreviousversionofvMAtovMA5.1.YouneedtoinstallvMA5.1.
7/23/2019 Vma 51 Guide
27/36
VMware, Inc. 27
3
vMAinterfacesallowyoutoinitializevifastpass,add,remove,andlisttargetservers,andmanagepasswords.
TheinterfacesareavailableasPerlcommandsandJavamethods.
Thischapterincludesthefollowingtopics:
vMAInterfaceOverviewonpage 27
vifptargetCommandforvifastpassInitializationonpage 27
vifpTargetManagementCommandsonpage 28
TargetManagementExampleSequenceonpage 32
UsingtheVmaTargetLibLibraryonpage 33
VmaTargetLibReferenceonpage 33
vMA Interface Overview
Table 31showswhichinterfacesincludewhichcommandandmethod.
vifptarget Command for vi-fastpass Initialization
Youcanrunthiscommandtoperformthefollowingtasks:
InitializevifastpassforthevSphereCLIandthevSphereSDKforPerl.
Resetfastpasstarget
Displaytheinitializedfastpasstarget
vMA Interfaces 3
Table 3-1. vMA Interface Overview
Interface / Library Commands Methods For More Information
vifptarget vifptarget vifptargetCommandforvifastpassInitializationonpage 27.
vifp
(administrativeinterface)
addserver
removeserver
rotatepassword
listservers
reconfigure
vifpTargetManagementCommandsonpage 28.
VmaTargetLib
(library)
enumerate_targets
query_target
login
logout
enumerateTargets
queryTarget
login
logout
UsingtheVmaTargetLibLibraryonpage 33.
7/23/2019 Vma 51 Guide
28/36
vSphere Management Assistant Guide
28 VMware, Inc.
Usage
vifptarget
--set | -s
--clear | -c
--display | -d
--help | -h
Description
ThevifptargetcommandenablesseamlessauthenticationforremotevSphereCLIandvSphereSDKforPerlcommands.
Youcanestablishmultipleserversastargetservers,andthencallvifptargetoncetoinitializeallserversfor
vifastpassauthentication.Youcanthenruncommandsagainstanytargetserverwithoutadditional
authentication. Youcanusethe--serveroptiontospecifytheservertoruncommandson.
ThevMApromptdisplaysthecurrentdefaultexecutionserver.Ifyouremovethatdefaultserver,theserver
nameisremovedfromthepromptbutthevifastpassenvironmentisnotclearedandthevCLIcommandscan
stillrunseamlesslyagainstallthetargets.
WhilehostsremaintargetserversacrossvMAreboots,youmustrunvifptargetaftereachlogouttoenable
vifastpassforvSphereCLIandvSphereSDKforPerlcommands.
Options
Example
vifptarget --set | -s
Initializesthefastpasstarget.
vifptarget --display | -d
Displaystheinitializedfastpasstarget.
vifptarget --clear | -c
Clearsthevifastpassenvironment.
vifp Target Management Commands
Thevifpinterfaceallowsadministratorstoadd,list,andremovetargetserversandtomanagetheviadmin
userspassword.
vifp addserver
AddsavCenterServersystemorESXihostasavMAtargetserver.
Usage
vifp addserver
[--authpolicy ]
[--protocol ]
[--portnumber ]
[--servicepath ]
[--username ]
[--password ]
Option Description
set Initializesthefastpasstarget.
display Displaystheinitializedfastpasstarget.
clear Clearsthevifastpassenvironment.
help Displayhelpforthecommand.
7/23/2019 Vma 51 Guide
29/36
VMware, Inc. 29
Chapter 3 vMA Interfaces
Description
AfteraserverisaddedasavMAtarget,youmustrunvifptarget beforeyourunvSphereCLI
commandsorvSphereSDKforPerlscriptsagainstthatsystem.ThesystemremainsavMAtargetacrossvMA
reboots,butrunningvifptargetagainisrequiredaftereachlogout.SeevifptargetCommandforvifastpass
Initializationonpage 27.
Afteryourunvifptarget,youcanrunvSphereCLIorvSphereSDKforPerlcommandsandscriptsandyou
arenolongerpromptedforauthenticationinformation,asfollows:
IfyouaddavCenterServersystemasavMAtarget,youcanrunmostcommandsonallESXihoststhat
thevCenterServersystemmanagesusingthevSphereCLI--vihostoption.ThevSphereCLIInstallation
andReferenceGuideincludesatablethatshowswhichcommandscannottargetavCenterServersystem.
IfyouaddonlyoneESXihost,youcanruncommandswithoutspecifyingthetarget.
IfyouaddmultipleESXihosts,specifythetargettoavoidconfusion.
SeeAddTargetServerstovMAonpage 17andRunningvSphereCLIfortheTargetsonpage 20.
Options
Example
vifp addserver my_vCenter
AddsavCenterServersystemasavMAtarget.Youarepromptedforausernameandpassword.Theuser
musthaveloginprivilegesonthevCenterServersystem.
vifp addserver myESX42
AddsanESXihosttovifastpass.Youarepromptedfortherootpasswordforthetargetsystem.
vifp removeserver
RemovesaspecifiedvMAtargetthatwaspreviouslyaddedwithvifp addserver.
IfthetargetisanESXisystem,youneedsuperuserprivilegesforremoval.IfthetargetisavCenterServer
system,anyuserwithconnectionprivilegescanremovethetarget.Youonlyhavetospecifythe
option,withoutthepassword.
IMPORTANT Ifyouchangeatargetserversname,youmustremoveit,andthenaddittovMAwiththenew
name.
Option Description
server NameorIPaddressoftheESXihostorvCenterServersystemtoaddasavMAtarget.
authpolicy SetstheauthenticationpolicytofastpassauthenticationortheActiveDirectoryauthentication.Thedefaultvalueisfpauth.
protocol Connectionprotocol.HTTPSbydefault.
portnumber Connectionportnumberofthetargetserver.Thedefaultis443.
servicepath ServicepathURLofthetargetserver.Thedefaultis/sdk.
username Userwhoconnectstothetargetserver.
IfthetargetserverpointstoanESXihost,thedefaultisroot.Theusermusthave
superuserprivilegesontheESXihost.IfthetargetserverpointstoavCenterServersystem,thereisnodefault.Youarepromptedforausernameifyoudonotspecifyoneusingthisoption.TheusermusthaveprivilegestoconnecttothevCenterServersystem.
password Passwordoftheuserspecifiedbyusername.
7/23/2019 Vma 51 Guide
30/36
vSphere Management Assistant Guide
30 VMware, Inc.
Usage
vifp removeserver
[--protocol ]
[--portnumber ]
[--servicepath ]
[--username ]
[--password ]
[--force]
Description
Runvifp removeserverforeachvMAtargetbeforeyoudeletethevMAinstance.Ifyoudonotrunvifp
removeserver,theviuserandviadminusersremainonthetargetserver.IfyoulaterthisservertovMA,
vMAcreatestwomoreaccountsonthisserver.Runvifp removeservertoavoidhavingmultipleusers
createdbyvMAoneachtargetserver.
Options
Examples
vifp removeserver
RemovesavCenterServersystem.Youarenotpromptedforapassword.
vifp removeserver
RemovesanESXihost.
vifp rotatepassword
Specifiesviadminandviuserpasswordrotationparameters.
Usage
vifp rotatepassword
[--now [--server ] |
--never |
--days ]
Description
vMAchangespasswordsforviadminandviuserbothinthelocalcredentialstoreandonthetargetserver.
vMAattemptsthepasswordrotationatmidnight.
IfoneormoreofthetargetserversisdownwhenvMAattemptspasswordrotation,vMArepeatstheattempt
thenextdayatmidnight.
Option Description
server NameorIPaddressoftheESXihostorthevCenterServersystemtoremove.
protocol Connectionprotocol.
HTTPS
by
default.
portnumber Connectionportnumberofthetargetserver.Thedefaultis443.
servicepath ServicepathURLofthetargetserver.Thedefaultis/sdk.
username Userwhoconnectstothetargetserver.
ForESXihosts,thedefaultisrootandtheusermusthavesuperuserprivilegesonthetargetserver.
password Passwordoftheuserspecifiedby--username.Usethepasswordyouusedwhenaddingtheserver.
force Forcesremovaloftheserver.
IMPORTANT ThiscommandappliesonlytoESXitargetserverswiththefpauthauthenticationpolicy.You
cannotrotatepasswordsfortargetswithadauthauthenticationpolicyandforvCenterServertargets.
7/23/2019 Vma 51 Guide
31/36
VMware, Inc. 31
Chapter 3 vMA Interfaces
Options
Examples
vifp rotatepassword --now
ImmediatelyrotatespasswordsofallESXivMAtargetservers.
vifp rotatepassword --now --server
Immediatelyrotatesthepasswordofaspecificserver.
vifp rotatepassword --days 7
SetsthepasswordrotationpolicytorotatethepasswordofallESXivMAtargetseverysevendays.
Forexample,ifyouaddserver1on9/1,andserver2on9/2,andrunvifp rotatepassword --days 7,vMA
rotatesthepasswordforserver1atmidnighton9/8andthepasswordforserver2atmidnighton9/9.vMA
rotatestheserver1passwordagainon9/15andtheserver2passwordagainon9/16.Ifyouthenrunvifp
rotatepassword --days 3,vMArotatestheserver1passwordon9/18andtheserver2passwordon9/19.
vifp rotatepassword
Displaysthecurrentpasswordrotationpolicy.
vifp lis tservers
Liststargetsystems.
Usage
listservers [-l | --long]
Description
Youcanusethiscommandtoverifythataddserversucceeded.Thiscommanddoesnotrequireadministrator
privilegesonvMA.
Example
vifp listservers --long
ListsallserversthatarevMAtargets,forexample:
server1.mycomp.com ESX fpauth
server2.mycomp.com ESX adauth
server3.mycomp.com ESXi fpauth
vc42.mycomp.com vCenter adauth
Option Description
now Immediatelyrotatesthepasswordforallserversoraspecifiedserver.
server ESXihostforwhichyouwanttorotatethepassword.Use--serveronlywith--now.
never Neverrotatethepasswordforanytargetserver.
days Rotatethe
password
for
all
target
servers
after
the
specified
number
of
days.
7/23/2019 Vma 51 Guide
32/36
vSphere Management Assistant Guide
32 VMware, Inc.
vifp reconfigure
Reconfigurestargetsystems.ThiscanbedonetochangeauthenticationpolicyortheconfiguredActive
Directoryuser.
Usage
reconfigure
[--authpolicy ]
[--protocol ][--portnumber ]
[--servicepath ]
[--username ]
[--password ]
Description
Youcanusethiscommandtoreconfiguretheauthenticationpolicyortheusers.Thiscommandcanberunonly
byadministrators.
Options
Target Management Example Sequence
ThefollowingsequenceofcommandsaddsanESXihost,listsservers,runsvifptargettoenablevifastpass,
runsavSphereCLIcommand,andremovestheESXihost.
vifp addserver server1.company.com
[email protected] password:
vifp listservers
server1.company.com ESX
vifptarget --set server1.company.comesxcli storage core path list
cdrom vmhba0:1:0 (0MB has 1 paths and policy of fixed
Local 0:7:1 vmhba0:1:0 On active preferred
.....
vifp removeserver server1.company.com
[email protected] password:
Option Description
server NameorIPaddressoftheESXihostorthevCenterServersystemtobereconfigured.
authpolicy IndicatesifthetargetusesthefastpassauthenticationortheActiveDirectoryauthentication.Thedefaultvalueisfpauth.
protocol Connectionprotocol.HTTPSbydefault.
portnumber Connectionportnumberofthetargetserver.Thedefaultis443.
servicepath ServicepathURLofthetargetserver.Thedefaultis/sdk.
username Userwhoconnectstothetargetserver.
IfthetargetserverpointstoanESXihost,thedefaultisroot.Theusermusthavesuperuserprivilegesonthetargetserver.
IfthetargetserverpointstoavCenterServersystem,thedefaultuseristheoneconfiguredforthevCentersystemintheprevioussession.Forexample,ifvCenterwasaddedorreconfiguredwiththeusernameadministratorintheprevioussession,thedefaultuserforthevifp reconfigurecommandisadministrator.
password Passwordoftheuserspecifiedbyusername.
7/23/2019 Vma 51 Guide
33/36
VMware, Inc. 33
Chapter 3 vMA Interfaces
Using the VmaTargetLibLibrary
TheVmaTargetLiblibraryallowsyoutoprogrammaticallyconnecttovMAtargetsbyusingPerlorJava.
AgentscanlinkwithVmaTargetLibandusevifastpassfunctionality.TheVmaTargetLiblibraryallowsyou
toenablevifastpassauthenticationandtoqueryorlistoneormoretargetswiththefollowingcommands:
EnumerateTargetsRetrievesalistofallserversthatarevMAtargets.
QueryTargetRetrievesconnectioninformationforatargetserver.
LoginConnectstoatargetserver.
LogoutLogsyououtofthetargetserver.
SeetheVmaTargetLibjavalibraryforamoredetailedreferencetotheJavainterface.Youcanfindsamplesin
/opt/vmware/vma/samples.
VmaTargetLibReference
YoucanusethefollowingVmaTargetLibcommandsinPerlorJavaprograms.
Enumerating Targets
Usage
Description
ReturnsalistoftargetvCenterServerorESXisystemsaddedtothevMAinstancebyusingvifp addserver.
Options
None
Returns
Returnsalistofalltargetservers.
Querying Targets
Usage
Description
Allowsthecaller,forexample,anagent,toretrievelogincredentialsfromavMAtargetandusethosecredentialstoconnecttothevMAtarget.
Options
Returns
ReturnsaspecificvMAtargetserver.
Perl enumerate_targets()
Java enumerateTargets()
Perl query_target ()
Java queryTarget (string )
Option Description
servername OneoftheserversaddedtothisvMAinstanceusingvifp addserver.CanbeanESXihostoravCenterServersystem.
7/23/2019 Vma 51 Guide
34/36
vSphere Management Assistant Guide
34 VMware, Inc.
Programmatic Login
Usage
Description
Allowsaprogramtologintoatargetserverprogrammatically.
Options
Returns
Returns1ifsuccessfuland0otherwise.
Programmatic Logout
Usage
Description
Allowsaprogramtologoutofatargetserverprogrammatically.
Options
Perl VmaTarget.login()
Java VmaTarget.login()
Option Language Description
service Java Javaserviceinstance.
svcRef Java JavaserviceManagedObjectReference.
servername Java,Perl OneoftheserversaddedtothisvMAinstanceusingvifp addserver.
Perl VmaTarget.logout()
Java VmaTarget.logout()
Option Language Description
servername Java,Perl OneoftheserversaddedtothisvMAinstanceusingvifp addserver.
7/23/2019 Vma 51 Guide
35/36
VMware, Inc. 35
Index
Aadding target servers 17addserver command 28
authentication component 8
authentication prerequisites 12
C
configuring vMA 16
D
deleting vMA 24
deploying vMA 13
DNS resolution 25
E
ESXi systems, vMA target 18
example sequence 32
H
hardware prerequisites 12
I
initialization 27
JJava JRE 8
L
listservers command 31
localhost 21
M
modifying scripts 21
multiple target servers 20
N
name change 17, 18, 19network configuration 14
network setup 14
P
passwords
ESXi hosts 12
vCenter Server systems 12
proc nodes 22
Rremoveservers command 29removing target servers 21
root user account 12
rotatepassword command 30
rotatepassword example 31
S
scripts, modifying 21
shutting down vMA 24
storage required for vMA 12
sudo 12
T
target servers
commands 28
multiple 20
name change 17, 18, 19
removing 21
single 17
technical support resources 6
troubleshooting vMA 25
U
user account
privileges 17
V
vCenter Server systems, vMA target 17
VI CLI
vifptarget 27
vifs 21
without vi-fastpass 20
vi-admin
privileges 16
vi-fastpassinitialization 27
overview 8
vifp addserver 28
vifp listservers 31
vifp removeserver 29
vifp rotatepassword 30
vifp target management 28
vifptarget command 27
vifs command 21
vi-user
7/23/2019 Vma 51 Guide
36/36
vSphere Management Assistant Guide
privileges 16
setup 16
vMA
component overview 8
getting started 11
interface overview 27
samples 9
use cases 9vMA targets
ESXi systems 18
vCenter Server systems 17
VmaTargetLib 33
VMware Tools 8
vSphere CLI 8
vSphere SDK for Perl 8