vCenter orchestrator is one of the tools which is most underestimated however very, very powerful. vCO brings automation to the next level and helps admins, engineers to orchestrate and integrate your cloud with the rest of management systems.
In general vCO is available in few versions:
- on Windows platform as standalone server – download vCO installer and run it on Windows box
- as a virtual appliance – configuration
- installed along with vCenter server on Windows box
- deployed along with vCloud Automation Centre Appliance – big advantage of enabling vCO on vCAC appliance are:
- quicker configuration
- always up to date plugins for vCenter server and vCloud Automation Center
- higher level of integration with vCAC
Quick how to configure vCenter Orchestrator Appliance standalone server.
- Download and deploy vCO virtual appliance
[box type=”warning”] Note: Remember initial password, you will needed during configuration process[/box]
- Log in to vCO:
- Administration Interface https://vco01.lab.local:5480 with root user name and initial password
- vCO configuration interface https://vco01.lab.local:8283 with vmware user name and initial password
Import a vCenter Server SSL Certificate and License
vCO appliance is deployed with default 90 days license, The Orchestrator configuration interface uses a secure connection to communicate with vCenter Server. You can import the required SSL certificate from a URL or a file
Import Certificate
- Log in to the Orchestrator configuration interface as vmware.
- Click Network.
- In the right pane, click the SSL Certificate tab.
- Load the vCenter Server SSL certificate in Orchestrator from a URL or a file.
- Import from URL <vcenter-server-ip:443>
- Import from a file
- Obtain the vCenter Server certificate file. The file is usually available at the following locations:
- Widows vCenter server default path is – C:\Documents and Settings\AllUsers\ApplicationData\VMware\VMware VirtualCenter\SSL\rui.crt
- vCenter server appliance – /etc/vmware/ssl/rui.crt
Import License
- Log in to the Orchestrator configuration interface as vmware.
- On the vCenter Server License tab, click Use vCenter Server license.
- Set the details about the vCenter Server machine on which Orchestrator must verify the license key.
- Click Apply to import license from vCenter server
Configure authentication
vCO supports several authentication methods such as:
- LDAP
- eDirectory
- Active Directory
- openLDAP
- build in openLDAP
- SSO
By default vCO is configured to use build in openLDAP
[box type=”warning”] NOTE: Before you start, make sure SSO certificate is already imported to vCO, if not – follow import procedure from a top of the post.[/box]
- Log in to the Orchestrator configuration interface as vmware.
- On the vCenter Server Authentication tab,
- From authentication method choose SSO Authentication
- Click on advance button and replace localhost with vCenter server SSO IP or vCloud Identity appliance IP like on the screen below
[box type=”info”] Choose the same SSO which is used by vCenter server, otherwise you will not be able to conect vCO to vCenter server :-/[/box]
- Click on register orchestrator to apply configuration
Assign rights to vCO
There are several authentication sources you can choose from when configuring admin access rights to vCO. You can use, SSO groups, AD groups or vCenter local host groups.
- On the same page as above scroll down and from drop-down menu choose group which members will have administrator rights to vCO
- Click update orchestrator configuration, in below example vco-admins in domain lab.local will have an admin access to vCenter Orchestrator.
Register Orchestrator in vCenter server to Work with the vSphere Web Client
- Log in to vCenter server via web client as a vCenter Orchestrator administrator
- From home page go to vCenter orchestrator plugin –> Orchestrator servers –> Manage
- Click on the vCenter server and edit configuration and provide FQDN or IP of vCO server.
- That’s it, after this operation you can manage workflows from vSphere Web Client.
Configure vCenter Orchestrator on vCloud Automation Center appliance.
During vCO configuration on vCAC, most of the steps are exactly the same like if you would configure
- Log in to vCloud Automation Center appliance and type service vco-configurator start
vca01:~ # service vco-configurator start Starting tcServer Using CATALINA_BASE: /var/lib/vco/configuration Using CATALINA_HOME: /usr/local/tcserver/vfabric-tc-server-standard/tomcat-7.0.35.B.RELEASE Using CATALINA_TMPDIR: /var/lib/vco/configuration/temp Using JRE_HOME: /usr/java/jre-vmware Using CLASSPATH: /usr/local/tcserver/vfabric-tc-server-standard/tomcat-7.0.35.B.RELEASE/bin/bootstrap.jar:/usr/local/tcserver/vfabric-tc-server-standard/tomcat-7.0.35.B.RELEASE/bin/tomcat-juli.jar Using CATALINA_PID: /var/lib/vco/configuration/logs/tcserver.pid Status: RUNNING as PID=4926
- verify if service status, type service vco-configurator status
vca01:~ # service vco-configurator status Status-ing tcServer Instance name: configuration Runtime version: 7.0.35.B.RELEASE tc Runtime Base: /var/lib/vco/configuration Status: RUNNING as PID=4926
- verify vCO server runs and its run level is 3:on
vca01:~ # chkconfig --list |grep vco* vcac-server 0:off 1:off 2:off 3:on 4:off 5:on 6:off vco-configurator 0:off 1:off 2:off 3:off 4:off 5:off 6:off vco-server 0:off 1:off 2:off 3:on 4:off 5:on 6:off
- Log in to vCO configuration Web GUI, https://<vCAC Appliance IP>:8283/ in my example it will be https://vca01.lab.local:8283 , default user name is vmware and password vmware
- import vCenter server certificate
- import SSO certificate
- Optional – register vCO to SSO, if your vCAC appliance use vCenter server SSO there is no need to register vCO into SSO.
- import vCenter server license
- add vCenter server to vCO
- Assign administrator right to vCO
[box type=”warning”] By default vCO service in vCloud Automation Center Appliance is stopped, before connection vCO to vCenter server make sure service is started 🙂[/box]
- Register vCO server into vCenter server