vSphere Management Assistant Guide

vSphere 5.0

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN-000570-00

vSphere Management Assistant Guide

You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com

Copyright 20082011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

VMware, Inc.

Contents

AboutThisBook

1 IntroductiontovMA 7
vMACapabilities 7 vMAComponentOverview 8 vSphereAuthenticationMechanism 8 vMASamples 9 vMAUseCases 9 WritingorConvertingScripts 9 WritingorConvertingAgents 9

2 GettingStartedwithvMA 11
HardwareRequirements 12 SoftwareRequirements 12 RequiredAuthenticationInformation 12 DeployvMA 13 ConfigurevMAatFirstBoot 13 vMAConsoleandWebUI 14 ConfigurevMAforActiveDirectoryAuthentication 14 ConfigureUnattendedAuthenticationforActiveDirectoryTargets TroubleshootingUnattendedAuthentication 16 EnabletheviuserAccount 16 vMAUserAccountPrivileges 16 AddTargetServerstovMA 17 RunningvSphereCLIfortheTargets 19 ReconfigureaTargetServer 19 RemoveTargetServersfromvMA 20 ModifyingScripts 20 ConfigurevMAtoUseaStaticIPAddress 21 ConfigureaStaticIPAddressfromtheConsole 21 ConfigureaStaticIPAddressfromtheWebUI 22 ConfigurevMAtoUseaDHCPServer 22 ConfigurevMAtoUseaDHCPServerfromtheConsole 22 ConfigurevMAtoUseaDHCPServerfromtheWebUI 22 SettingtheTimeZone 22 SettingtheTimeZonefromtheConsole 23 SettingtheTimeZonefromtheWebUI 23 ShutDownvMA 23 DeletevMA 23 TroubleshootingvMA 24 UpdatevMA 24 ConfigureAutomaticvMAUpdates 25

15

3 vMAInterfaces 27
vMAInterfaceOverview 27 vifptargetCommandforvifastpassInitialization 27

VMware, Inc.

vSphere Management Assistant Guide

vifpTargetManagementCommands 28 vifpaddserver 28 vifpremoveserver 29 vifprotatepassword 30 vifplistservers 31 vifpreconfigure 32 TargetManagementExampleSequence 32 UsingtheVmaTargetLibLibrary 33 VmaTargetLibReference 33 EnumeratingTargets 33 QueryingTargets 33 ProgrammaticLogin 34 ProgrammaticLogout 34

Index 35

VMware, Inc.

About This Book

ThevSphereManagementAssistantGuideexplainshowtodeployandusevMAandincludesreference informationforvMACLIsandlibraries. Toviewthecurrentversionofthisbook,aswellasallVMwareAPIandSDKdocumentation,goto http://www.vmware.com/support/pubs/sdk_pubs.html. NOTEThetopicsinwhichthisdocumentationusestheproductnameESXiareapplicabletoallsupported releasesofESXandESXi.

Revision History
Thisbook,thevSphereManagementAssistantGuide,isrevisedwitheachreleaseoftheproductorwhen necessary.Arevisedversioncancontainminorormajorchanges.Table 1summarizesthesignificantchanges ineachversionofthisbook. Table 1. Revision History
Revision 24AUG2011 13JUL2010 16NOV2009 Description vMA5.0release. vMA4.1release Chapter1isenhancedtoprovidedetailsaboutvMAsenhancedcapabilities,authenticationmechanisms andthechangestothesamples. Chapter2providesinformationaboutconfiguringvMAforActiveDirectory.Italsoexplainshowto reconfigureatargetserver. Chapter3providesinformationaboutthenewvifptargetandvifp reconfigurecommands.Italso describestheVmaTargetLiblibrary. 21MAY2009 27OCT2008 vMA4.0documentation VIMA1.0documentation

Intended Audience
ThisbookisforadministratorsanddeveloperswithsomeexperiencesettingupaLinuxsystemandworking inaLinuxenvironment.AdministratorscanusethevMAautomatedauthenticationfacilitiesandthesoftware packagedwithvMAtointeractwithESXihostsandvCenterServersystems.Developerscancreateagentsthat interactwithESXihostsandvCenterServersystems.

VMware Technical Publications Glossary

VMwareTechnicalPublicationsprovidesaglossaryoftermsthatmightbeunfamiliartoyou.Fordefinitions oftermsastheyareusedinVMwaretechnicaldocumentationgotohttp://www.vmware.com/support/pubs.

VMware, Inc.

vSphere Management Assistant Guide

Document Feedback
VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Sendyourfeedbackto docfeedback@vmware.com.

Technical Support and Education Resources

Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Toaccessthecurrentversions ofotherVMwarebooks,gotohttp://www.vmware.com/support/pubs.

Online and Telephone Support

Touseonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and registeryourproducts,gotohttp://www.vmware.com/support.

Support Offerings
TofindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds,goto http://www.vmware.com/support/services.

VMware Professional Services

VMwareEducationServicescoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerials designedtobeusedasonthejobreferencetools.Coursesareavailableonsite,intheclassroom,andlive online.Foronsitepilotprograms andimplementationbestpractices,VMwareConsultingServicesprovides offeringsto helpyouassess,plan,build,andmanageyourvirtualenvironment.Toaccessinformationabout educationclasses,certificationprograms,andconsultingservices,gotohttp://www.vmware.com/services.

VMware, Inc.

Introduction to vMA

ThevSphereManagementAssistant(vMA)isaSUSELinuxEnterpriseServer11basedvirtualmachinethat includesprepackagedsoftwaresuchasthevSpherecommandlineinterface,andthevSphereSDKforPerl. vMAallowsadministratorstorunscriptsoragentsthatinteractwithESXihostsandvCenterServersystems withouthavingtoauthenticateeachtime. Thechapterincludesthefollowingtopics:

vMACapabilitiesonpage 7 vMAComponentOverviewonpage 8 vMAUseCasesonpage 9

TogetstartedwithvMArightaway,gotoGettingStartedwithvMAonpage 11.

vMA Capabilities
vMAprovidesaflexibleandauthenticatedplatformforrunningscriptsandprograms.

Asadministrator,youcanaddvCenterServersystemsandESXihostsastargetsandrunscriptsand programsonthesetargets.Onceyouhaveauthenticatedwhileaddingatarget,youneednotloginagain whilerunningavSphereCLIcommandoragentonanytarget. Asadeveloper,youcanusetheAPIsprovidedwiththeVmaTargetLiblibrarytoprogrammatically connecttovMAtargetsbyusingPerlorJava. vMAenablesreuseofserviceconsolescriptsthatarecurrentlyusedforESXiadministration,though minormodificationstothescriptsareusuallynecessary. vMAcomespreconfiguredwithtwouseraccounts,namely,viadminandviuser.

Asviadmin,youcanperformadministrativeoperationssuchasadditionandremovaloftargets. You canalsorunvSphereCLIcommandsandagentswithadministrativeprivilegesonthe added targets. Asviuser,youcanrunthevSphereCLIcommandsandagentswithreadonlyprivilegesonthe target.

YoucanmakevMAjoinanActiveDirectorydomainandloginasanActiveDirectoryuser.Whenyourun commandsfromsuchauseraccount,theappropriateprivilegesgiventotheuseronthevCenterServer systemortheESXihostwouldbeapplicable. vMAcanrunagentcodethatmakeproprietaryhardwareorsoftwarecomponentscompatiblewith VMwareESX.ThesecodecurrentlyrunintheserviceconsoleofexistingESXhosts.Youcanmodifymost oftheseagentcodetoruninvMA,bycallingthevSphereAPI,ifnecessary.Developersmustmoveany agentcodethatdirectlyinterfaceswithhardwareintoaprovider.

VMware, Inc.

vSphere Management Assistant Guide

vMA Component Overview

WhenyouinstallvMA,youarelicensedtousethevirtualmachinethatincludesallvMAcomponents. vMAincludesthefollowingcomponents.

SUSELinuxEnterpriseServer11SP1vMArunsSUSELinuxEnterpriseServeronthevirtualmachine. YoucanmovefilesbetweentheESXihostandthevMAconsolebyusingthevifsvSphereCLIcommand. VMwareToolsInterfacetothehypervisor. vSphereCLICommandsformanagingvSpherefromthecommandline.SeethevSphereCommandLine InterfaceInstallationandReferenceGuide. vSphereSDKforPerlClientsidePerlframeworkthatprovidesascriptinginterfacetothevSphereAPI. TheSDKincludesutilityapplicationsandsamplesformanycommontasks. JavaJREversion1.6RuntimeengineforJavabasedapplicationsbuiltwithvSphereWebServicesSDK. vifastpassAuthenticationcomponent.

vSphere Authentication Mechanism

vMAsauthenticationinterfaceallowsusersandapplicationstoauthenticatewiththetargetserversusing vifastpassorActiveDirectory.Whileaddingaserverasatarget,theAdministratorcandetermineifthetarget needstousevifastpassorActiveDirectoryauthentication.Forvifastpassauthentication,thecredentialsthat auserhasonthevCenterServersystemorESXihostarestoredinalocalcredentialstore.ForActiveDirectory authentication,theuserisauthenticatedwithanActiveDirectoryserver. WhenyouaddanESXihostasafastpasstargetserver,vifastpasscreatestwouserswithobfuscated passwordsonthetargetserverandstoresthepasswordinformationonvMA:

viadminwithadministratorprivileges viuserwithreadonlyprivileges

ThecreationofviadminandviuserdoesnotapplyforActiveDirectoryauthenticationtargets.Whenyouadd asystemasanActiveDirectorytarget,vMAdoesnotstoreanyinformationaboutthecredentials.Tousethe ActiveDirectoryauthentication,theadministratormustconfigurevMAforActiveDirectory.Formore informationonhowtoconfigurevMAforActiveDirectory,seeConfigurevMAforActiveDirectory Authenticationonpage 14. Afteraddingatargetserver,youmustinitializevifastpasssothatyoudonothavetoauthenticateeachtime yourunvSphereCLIcommands.IfyourunavSphereCLIcommandwithoutinitializingvifastpass,youwill beaskedforusernameandpassword. Youcaninitializevifastpassbyusingoneofthefollowingmethods:

Runvifptarget.Formoreinformationaboutthisscript,seevifptargetCommandforvifastpass Initializationonpage 27. CalltheLoginmethodinaPerlorJavaprogram.Formoreinformationaboutthismethod,see VmaTargetLibReferenceonpage 33.

Aftersettingupatargetusingthevifptargetcommand,youcanrunvSphereCLIcommandsorscriptsthat usevSphereSDKforPerlwithoutprovidinganyauthenticationinformation.Toruncommandsagainstan ESXihostthatismanagedbyavCenterServer,youcanusethe--vihostoption. EachtimeyoulogintovMA,youmustrunthevifptargetcommandortheLoginmethodonce.Thetarget thatyouspecifyinthevifptargetcommandisthedefaulttarget.Targetserversremaintargetsacross reboots.Youcanoverrideitbyusingthe--serveroptionofthevSphereCLIcommandsasshowninthe followingexample:

vifptarget -s esx1.foo.com vicfg-nics -l #lists the nics on esx1.foo.com vicfg-nics -l --server esx2.foo.com #lists the nics on esx2.foo.com

VMware, Inc.

Chapter 1 Introduction to vMA

vMA Samples
vMAsamplesillustratethevMACLIsandtheVmaTargetLiblibrary.ThesamplesareavailableinvMAat /opt/vmware/vma/samples.

bulkAddServers.plPerlsamplethataddsmultipletargetstovMA. mcli.plPerlsamplethatrunsavSphereCLIcommandonmultiplevMAtargetsspecifiedinafile suppliedasanargument.Youmustrunvifptargetbeforerunningthisscript. listTargets.pl PerlsamplethatretrievesinformationandversionofvMAtargetsusing VmaTargetLib. listTargets.sh JavasamplethatdemonstratesuseofVmaTargetLib.

vMA Use Cases

Thissectionlistsafewtypicalusecases.

Writing or Converting Scripts

YoucanrunexistingvSphereCLIorvSphereSDKforPerlscriptsfromvMA.Tosettargetserversandinitialize vifastpass,thescriptcanusetheVmaTarget.login() methodofVmaTargetLib.

Writing or Converting Agents

PartnersorcustomerscanusevMAtowriteorconvertagents.

ApartnerorcustomerwritesanewagentinPerl. WhenapartnerorcustomerwritesanewagentinPerl,thePerlscriptmustimporttheVmaTargetLib PerlmoduleandallvSphereSDKforPerlmodules.InsteadofcallingthevSphereSDKforPerlsubroutine Util::Connect(targetUrl, username, password),theagentcalls VmaTargetLib::VmaTarget.login().

ApartnerorcustomerrunsanagentwritteninPerlorJavaintheserviceconsoleandwantstoportthe agenttovMA. TheagentusescodesimilartothefollowingPerllikepseudocodetologintoESXihosts:

LoginToMyEsx() { SessionManagerLocalTicket tkt = SessionManager.AcquireLocalTicket(userName); UserSession us = sm.login(tkt.userName, tkt.passwordFilePath); }

Thepartnerchangestheagenttousecodesimilartothefollowingpseudocodeinstead:
LoginToMyEsx(String myESXName) { VmaTarget target = VmaTargetLib.query_target(myESXName); UserSession us = target.login(); }

ThispseudocodeassumesonlyonevMAtarget.Formultipletargetservers,thecodecanspecifyany targetserverorloopthroughalistoftargetservers.

ApartnerorcustomerrunsanagentwritteninPerloutsidetheESXihostandportstheagenttovMA. InsteadofcallingthevSphereSDKforPerlmethodUtil::Connect(),theagentcallsthevifplibrary methodVmaTargetLib::VmaTarget.login().

VMware, Inc.

vSphere Management Assistant Guide

10

VMware, Inc.

Getting Started with vMA

YoushouldhavesomeexperiencesettingupaLinuxsystemandworkinginaLinuxenvironment.This chapterexplainshowtodeployandconfigurevMA,howtoaddandremovetargetservers,andhowto prepareandrunscripts.Thechapteralsoincludestroubleshootinginformation. ReadChapter 1,IntroductiontovMA,onpage 7forbackgroundinformationonvMAfunctionalityand availablevMAcomponents. IMPORTANTYoucannotupgradeapreviousversionofvMAtovMA5.0.YoumustinstallafreshvMA5.0 instance. Thischapterincludesthefollowingtopics:

HardwareRequirementsonpage 12 SoftwareRequirementsonpage 12 RequiredAuthenticationInformationonpage 12 DeployvMAonpage 13 ConfigurevMAatFirstBootonpage 13 vMAConsoleandWebUIonpage 14 ConfigurevMAforActiveDirectoryAuthenticationonpage 14 ConfigureUnattendedAuthenticationforActiveDirectoryTargetsonpage 15 EnabletheviuserAccountonpage 16 vMAUserAccountPrivilegesonpage 16 AddTargetServerstovMAonpage 17 RunningvSphereCLIfortheTargetsonpage 19 ReconfigureaTargetServeronpage 19 RemoveTargetServersfromvMAonpage 20 ModifyingScriptsonpage 20 ConfigurevMAtoUseaStaticIPAddressonpage 21 ConfigurevMAtoUseaDHCPServeronpage 22 SettingtheTimeZoneonpage 22 ShutDownvMAonpage 23 DeletevMAonpage 23 TroubleshootingvMAonpage 24

VMware, Inc.

11

vSphere Management Assistant Guide

UpdatevMAonpage 24 ConfigureAutomaticvMAUpdatesonpage 25

Hardware Requirements
TosetupvMA,youmusthaveanESXihost.BecausevMArunsa64bitLinuxguestoperatingsystem,the ESXihostonwhichitrunsmustsupport64bitvirtualmachines. TheESXihostmusthaveoneofthefollowingCPUs:

AMDOpteron,revEorlater IntelprocessorswithEM64TsupportwithVTenabled.

Opteron64bitprocessorsearlierthanrevE,andIntelprocessorsthathaveEM64Tsupportbutdonothave VTsupportenabled,donotsupporta64bitguestoperatingsystem.Fordetailedhardwarerequirements,see theHardwareCompatibilityListontheVMwareWebsite. Bydefault,vMAusesonevirtualprocessor,andrequires3GBofstoragespaceforthevMAvirtualdisk.The recommendedmemoryforvMAis600MB.

Software Requirements
YoucandeployvMAonthefollowingsystems:

vSphere5.0 vSphere4.1orlater vSphere4.0Update2orlater vCenterApplication5.0

YoucandeployvMAbyusingavSphereClientconnectedtoanESXihostorbyusingavSphereClient connectedtovCenterServer5.0,vCenterServer4.1orlater,vCenterServer4.0Update2orlater,orvCenter Application5.0. YoucanusevMAtotargetESX/ESXi3.5Update5,ESX/ESXi4.0Update2orlater,ESX/ESXi4.1orlater,ESXi 5.0,vCenterServer4.0Update2orlater,vCenterServer4.1orlater,andvCenterServer5.0systems. Atruntime,thenumberoftargetsasinglevMAinstancecansupportdependsonhowitisused.

Required Authentication Information

BeforeyoubeginvMAconfiguration,obtainthefollowingusernameandpasswordinformation:

vCenterServersystemIfyouwanttouseavCenterServersystemasthetargetserver,youmustbeable toconnecttothatsystem. IfyouareusingavCenterServertarget,youdonotneedpasswordsfortheESXihoststhatthevCenter Serversystemmanages,unlessyouruncommandsthatdonotsupportvCenterServertargets.

ESXihostYoumusthavetherootpasswordortheusernameandpasswordforauserwith administrativeprivilegesforeachESXihostyouaddasavMAtarget.Youdonotneedtheauthentication informationwhenyouremoveatargethost. vMAWhenyoufirstconfigurevMA,vMApromptsforapasswordfortheviadminuser.Specifya passwordandrememberitforsubsequentlogins.TheviadminuserhasrootprivilegesonvMA. IMPORTANTTherootuseraccountisdisabledonvMA.Torunprivilegedcommands,typesudo <command>.Bydefault,onlyviadmincanruncommandsthatrequiresudo.

12

VMware, Inc.

Chapter 2 Getting Started with vMA

Deploy vMA
YoucandeployvMAbyusingafileorfromaURL.Ifyouwanttodeployfromafile,downloadandunzipthe vMAZIPfilebeforeyoustartthedeploymentprocess. IMPORTANTYoucannotupgradeanearlierversionofvMAtovMA5.0.YoumustinstallafreshvMA5.0 instance. To deploy vMA 1 2 3 UseavSphereClienttoconnecttoasystemthatisrunningthesupportedversionofESXiorvCenter Server. IfconnectedtoavCenterServersystem,selectthehosttowhichyouwanttodeployvMAintheinventory pane. SelectFile>DeployOVFTemplate. TheDeployOVFTemplatewizardappears. 4 5 6 7 8 SelectDeployfromafileorURLifyouhavealreadydownloadedandunzippedthevMAvirtual appliancepackage. Click Browse,selecttheOVF,andclickNext. ClickNextwhentheOVFtemplatedetailsaredisplayed. AcceptthelicenseagreementandclickNext. Specifyanameforthevirtualmachine. Youcanalsoacceptthedefaultvirtualmachinename. 9 Selectaninventorylocationforthevirtualmachinewhenprompted. IfyouareconnectedtoavCenterServersystem,youcanselectafolder. 10 IfconnectedtoavCenterServersystem,selecttheresourcepoolforthevirtualmachine. Bydefault,thetoplevelrootresourcepoolisselected. 11 12 13 Ifprompted,selectthedatastoretostorethevirtualmachineonandclickNext. SelecttherequireddiskformatoptionandclickNext. SelectthenetworkmappingandclickNext. IMPORTANTEnurethatvMAisconnectedtothemanagementnetworkonwhichthevCenterServer systemandtheESXihoststhatareintendedvMAtargetsarelocated. 14 ReviewtheinformationandclickFinish. ThewizarddeploysthevMAvirtualmachinetothehostthatyouselected.The deployprocesscantake severalminutes. NextyouconfigureyourvMAvirtualmachine.YouperformthistaskwhenyoulogintovMAthefirsttime.

Configure vMA at First Boot

WhenyoustartthevMAvirtualmachinethefirsttime,youcanconfigureit. To configure vMA 1 2 3 InthevSphereClient,rightclickthevirtualmachine,andclickPowerOn. SelecttheConsoletab. Answerthenetworkconfigurationprompts.

VMware, Inc.

13

vSphere Management Assistant Guide

Whenprompted,specifyahostnameforvMA. Thenamecancontain64alphanumericcharacters.YoucanchangethevMAhostnamelaterbymodifying the/etc/HOSTNAME and/etc/hostsfiles,asyouwouldforaLinuxhost.YoucanalsousethevMA consoletochangethehostname. ForaDHCPconfiguration,thehostnameisobtainedfromtheDNSserver.

Whenprompted,specifyapasswordfortheviadminuser. Ifpromptedforanoldpassword,pressEnterandcontinue. ThenewpasswordmustconformtothevMApassword policy.Thepasswordmusthaveatleast:

Eightcharacters Oneuppercasecharacter Onelowercasecharacter Onenumeralcharacter Onesymbolsuchas#,$

YoucanlaterchangethepasswordfortheviadminuserusingtheLinuxpasswdcommand. Thisuserhasrootprivileges. vMAisnowconfiguredandthevMAconsoleappears.TheconsoledisplaystheURLfromwhichyoucan accesstheWebUI.

vMA Console and Web UI

vMAprovidestwointerfaces,theconsole,whichisacommandlineinterfaceandthebrowserbasedWebUI. Fromtheconsole,youcandothefollowingtasks:

Loginasviadmin AddserverstovMA RuncommandsfromthevMAconsole Configurethenetworksettingsandproxyserversettings Configurethetimezonesettings.

ThewebUIenablesyoutodothefollowingtasks:

Loginasviadmin Configurethenetworksettingsandproxyserversettings Configurethetimezonesettings. UpdatevMA

Configure vMA for Active Directory Authentication

ConfigurevMAforActiveDirectoryauthenticationsothatESXihostsandvCenterServersystemsaddedto ActiveDirectorycanbeaddedtovMAwithouthavingtostorethepasswordsinvMAscredentialstore.This isamoresecurewayofaddingtargetstovMA. EnsurethattheDNSserverconfiguredforvMAisthesameastheDNSserverofthedomain.Youcanchange theDNSserverbyusingthevMAConsoleortheWebUI. EnsurethatthedomainisaccessiblefromvMA.Also,ensurethatyoucanpingtheESXiandvCenterserver systemsthatyouwanttoaddtovMAandthatpingingresolvestheIPaddressto <targetservername.domainname>,wheredomainnameisthedomaintowhichvMAistobeadded.

14

VMware, Inc.

Chapter 2 Getting Started with vMA

To add vMA to a domain 1 FromthevMAconsole,runthefollowingcommand:

sudo domainjoin-cli join <domain-name> <domain-admin-user>

Whenprompted,providetheActiveDirectoryadministratorspassword. Onsuccessfulauthentication,thecommandaddsvMAasamemberofthedomain.Thecommandalso addsentriesinthe/etc/hostsfilewithvmaHostname.domainname.

RestartvMA. Now,youcanaddanActiveDirectorytargettovMA.Forstepstodothis,seeAddTargetServersto vMAonpage 17.

To check vMA's domain settings FromthevMAconsole,runthefollowingcommand:

sudo domainjoin-cli query

ThecommanddisplaysthenameofthedomaintowhichvMAhasjoined. To remove vMA from the domain FromthevMAconsole,runthefollowingcommand:

sudo domainjoin-cli leave

ThevMAconsoledisplaysamessagestatingwhethervMAhaslefttheActiveDirectorydomain.

Configure Unattended Authentication for Active Directory Targets

Toconfigureunattendedauthentication(authenticationfromviadminorrootcontext)toActiveDirectory targets,youmustrenewtheKerberosticketsforthedomainuserusingwhichthetargetisadded.Unattended authenticationissupportedforESXi4.1Update3andlater. To configure unattended authentication for Active Directory targets 1 2 OnanyWindowsServer2003computerthatispartofthedomaintowhichvMAisadded,downloadand installtheKtpasstoolfromtheMicrosoftwebsite. Openthecommandpromptandrunthefollowingcommand:
ktpass /out foo.keytab /princ foo@VMA-DC.ENG.VMWARE.COM /pass ca... /ptype KRB5_NT_PRINCIPAL -mapuser <vma-dc>\<foo>

where,<vmadc>isthenameofthedomainandfooistheuserhavingpermissionsforthevCenter administration. Thiscommandcreatesafilecalledfoo.keytab. 3 Movethefoo.keytabfileto/home/local/VMA-DC/foo. YoucanuseWinSCPandloginasuservma-dc\footomovethefile. 4 (Optional)Makesurethattheuservmadc\fooonvMAownsthefoo.keytabfilebyusingthefollowing commands:

ls -l /home/local/VMA-DC/foo/foo.keytab chown vma-dc\foo/home/local/VMA-DC/foo/foo.keytab

OnvMA,createascriptin/etc/cron.hourly/kticket-renewwiththefollowingcontents:
#!/bin/sh su - vma-dc\\foo -c '/usr/bin/kinit -k -t /home/local/VMA-DC/foo/foo.keytab foo'

Thisscriptwillrenewtheticketfortheuserfooeveryhour. Youcanalsoaddtheabovescripttoaservicein/etc/init.dtorefreshtheticketswhenvMAisbooted.

VMware, Inc.

15

vSphere Management Assistant Guide

Troubleshooting Unattended Authentication

IfyouarenotabletoauthenticatefromvMAorcannotaddvMAtothedomaincontroller,verifythefollowing conditions:

YourDNSserversetupinvMAresolvestheIPaddressorhostnameofthevCenterservertoafully qualifieddomainname(FQDN)andthattheFQDNcontainsthedomainnametowhichvMAisadded. Thecommandvifp listservershowsthenameofvCenterserverastheFQDNthatcontainsthe domainnametowhichvMAisaddedasthesuffix. ThedateandtimesettingsonvMA,thedomaincontrollerandthevCenterserverarethesame.Verifythe timezoneaswell.Thetimemayvarybyanhour,butalargetimeskewmightcauseauthentication problems.

Enable the vi-user Account

Aspartofconfiguration,vMAcreatesaviuseraccountwithnopassword.However,youcannotusethe viuseraccountuntilyouhavespecifiedaviuserpassword. IMPORTANTTheviuseraccounthaslimitedprivilegesonthetargetESXihostsandcannotrunany commandsthatrequiresudoexecution.YoucannotuseviusertoruncommandsforActiveDirectorytargets (ESXiorvCenterServer).ToruncommandsfortheActiveDirectorytargets,usethevi-adminuserorlogin asanActiveDirectoryusertovMA. To enable the vi-user account 1 2 LogintovMAasviadmin. RuntheLinuxpasswdcommandforviuserasfollows:
sudo passwd vi-user

IfthisisthefirsttimeyouusesudoonvMA,amessageaboutrootuserprivilegesappears,andyouare promptedfortheviadminpassword. 3 4 Specifytheviadminpassword. Whenprompted,typeandconfirmthepasswordforviuser.

AftertheviuseraccountisenabledonvMA,ithasnormalprivilegesonvMAbutisnotinthesudoerslist. WhenyouaddESXitargetservers,vMAcreatestwousersoneachtarget:

viadminhasadministrativeprivilegesonthetargetsystem. viuserhasreadonlyprivilegesonthetargetsystem.vMAcreatesviuseroneachtargetthatyouadd, evenifviuserisnotcurrentlyenabledonvMA.

WhenauserisloggedintovMAasviuser,vMAusesthataccountontargetESXihosts,andtheusercanrun onlycommandsontargetESXihoststhatdonotrequireadministrativeprivileges.

vMA User Account Privileges

Table 21liststheprivilegesthatthedifferentuseraccountshaveforvCLIusageagainstdifferenttargets. Table 2-1. Account Privileges for vCLI Usage
Target ESXi ESXi vCenterServer vCenterServer Authentication Policy fpauth adauth fpauth adauth vi-admin Y Y Y Y vi-user Y N N N domain user N Y N Y

16

VMware, Inc.

Chapter 2 Getting Started with vMA

Add Target Servers to vMA

AfteryouconfigurevMA,youcanaddtargetserversthatrunthesupportedvCenterServerorESXiversion. ForvCenterServerandESXisystemtargets,youmusthavethenameandpasswordofauserwhocanconnect tothatsystem. Seevifpaddserveronpage 28forthecompletesyntax. To add a vCenter Server system as a vMA target for Active Directory Authentication 1 2 LogintovMAasviadmin. AddaserverasavMAtargetbyrunningthefollowingcommand:
vifp addserver vc1.mycomp.com --authpolicy adauth --username ADDOMAIN\\user1

Here,--authpolicy adauthindicatesthatthetargetneedstousetheActiveDirectoryauthentication. Ifyourunthiscommandwithoutthe--usernameoption,vMApromptsforthenameoftheuserthatcan connecttothevCenterServersystem.Youcanspecifythisusernameasshowninthefollowingexample:

Enter username for machinename.example.com: ADDOMAIN\user1

If--authpolicyisnotspecifiedinthecommand,thenfpauthistakenasthedefaultauthentication policy. 3 Verifythatthetargetserverhasbeenadded. Thedisplayshowsalltargetserversandtheauthenticationpolicyusedforeachtarget.

vifp listservers --long server1.mycomp.com server2.mycomp.com server3.mycomp.com vc1.mycomp.com ESX ESX ESXi vCenter adauth fpauth adauth adauth

Setthetargetasthedefaultforthecurrentsession:
vifptarget --set | -s <server>

VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommandonone oftheESXihosts,forexample:
esxcli --server <VC_server> --vihost <esx_host> network nic list

Thecommandrunswithoutpromptingforauthenticationinformation. IMPORTANTIfthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifp removeserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname. To add a vCenter Server system as a vMA target for fastpass Authentication 1 2 LogintovMAasviadmin. AddaserverasavMAtargetbyrunningthefollowingcommand:
vifp addserver vc2.mycomp.com --authpolicy fpauth

Here,--authpolicy fpauthindicatesthatthetargetneedstousethefastpassauthentication. 3 Specifytheusernamewhenprompted:

Enter username for machinename.example.com: MYDOMAIN\user1

Specifythepasswordforthatuserwhenprompted.
user1@machine.company.com's password: <not echoed to screen>

Reviewandacceptthesecurityriskinformation.

VMware, Inc.

17

vSphere Management Assistant Guide

Verifythatthetargetserverhasbeenadded. Thedisplayshowsalltargetserversandtheauthenticationpolicyusedforeachtarget.
vifp listservers --long server1.mycomp.com server2.mycomp.com server3.mycomp.com vc1.mycomp.com vc2.mycomp.com ESX ESX ESXi vCenter vCenter adauth fpauth adauth adauth fpauth

Setthetargetasthedefaultforthecurrentsession.
vifptarget --set | -s <server>

VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommandonone oftheESXihosts,forexample:
esxcli --server <VC_server> --vihost <esx_host> network nic list

Thecommandrunswithoutpromptingforauthenticationinformation. IMPORTANTIfthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifp removeserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname. To add an ESXi host as a vMA target 1 2 LogintovMAasviadmin. RunaddservertoaddaserverasavMAtarget.
vifp addserver <servername>

Youarepromptedforthetargetserversrootuserpassword.
root@<servername>s password:

SpecifytherootpasswordfortheESXihostthatyouwanttoadd. vMAdoesnotretaintherootpassword.Instead,vMAaddsviadminandviusertotheESXihost,and storestheobfuscatedpasswordsthatitgeneratesforthoseusersintheVMwarecredentialstore. InavSphereclientconnectedtothetargetserver,theRecentTaskspaneldisplaysinformationaboutthe usersthatvMAadds.ThetargetserversUsersandGroupspaneldisplaystheusersifyouselectit. CAUTIONRemoveusersaddedbyvMAfromthetargetserveronlyifyoudeletedthevMAvirtual machinebutdidnotremovethetargetservers.

Verifythatthetargetserverhasbeenadded:
vifp listservers

Setthetargetasthedefaultforthecurrentsession.
vifptarget --set | -s <server>

VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommand,forexample:
esxcli network nic list

IMPORTANTIfthenameofatargetserverchanges,youmustremovethetargetserverusingvifp removeserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname.

18

VMware, Inc.

Chapter 2 Getting Started with vMA

Running vSphere CLI for the Targets

Ifyouhaveaddedmultipletargetservers,bydefault,vMAexecutescommandsonthefirstserverthatyou added.Youshouldspecifytheserverexplicitlywhenrunningcommands. To run vSphere CLI for the targets 1 AddserversasvMAtargets.
vifp addserver <server1> vifp addserver <server2>

Verifythatthetargetserverhasbeenadded:
vifp listservers

Runvifptarget.
vifptarget -s <server2>

Thecommandinitializesthespecifiedtargetserver.Now,thisserverwillbetakenasthedefaulttargetfor thevSphereCLIorvSphereSDKforPerlscripts. 4 RunvSphereCLIorvSphereSDKforPerlscripts,byspecifyingthetargetserver.Forexample:

esxcli --server server2 network nic list

Reconfigure a Target Server

Youcanreconfigureatargetserverifyouwanttoperformanyofthefollowingtasks:

ChangetheauthenticationmodeofavMAtargetfromvifastpasstoActiveDirectoryorviceversa. ChangetheconfigureduserfortheActiveDirectorytarget. Recoverusersforthevifastpasstarget.AuserneedstoberecoveredifthecredentialstoreonvMAis corruptedorifthecredentialsofuserscorrespondingtovMAusersaremodifiedandnotreflectedinvMA.

To change the authentication policy 1 2 LogintovMAasviadmin. Runreconfigure

vifp reconfigure <servername> --authpolicy <authpolicy>

Whenprompted,provideyourcredentials.

IfyoureconfigureanActiveDirectorytargettovifastpassauthentication,thenspecifytheroot passwordforESXitargetsandtherootusernameandpasswordforvCentertargets. IfyoureconfigureavifastpasstargettoActiveDirectoryauthentication,thenspecifytheroot usernameforthetarget.

To change the configured user or to recover users 1 2 LogintovMAasviadmin. Runreconfigure.

vifp reconfigure <servername>

Whenprompted,provideyourcredentials.

IfyoureconfigureanActiveDirectorytarget,specifyausernameforthetarget. Ifyoureconfigureavifastpasstarget,specifytherootpasswordoftheESXitarget,andthepassword forusernameusedtoaddthevCenterServertarget.

VMware, Inc.

19

vSphere Management Assistant Guide

Example 2-1. Adding and Reconfiguring a Target

vi-admin@example-dhcp:~> vifp addserver 90.100.110.120 Enter username for 90.100.110.120: administrator administrator@90.100.110.120's password: This will store username and password in credential store which is a security risk. Do you want to continue?(yes/no): yes vi-admin@example-dhcp:~> vifp reconfigure 90.100.110.120 administrator@90.100.110.120's password: vi-admin@example-dhcp:~>

Remove Target Servers from vMA

BeforeyoudeleteavMAvirtualmachine,removealltargetserversfromvMA.Ifyoudonotremovetarget ESXihosts,theviadminandviuserusersremainonthetargetservers. To remove a vCenter Server system from vMA 1 2 LogintovMAasviadmin. ToremoveatargetvCenterServersystemfromvMA,runthefollowingcommand:
vifp removeserver <servername>

ThevCenterServersystemisnolongeravMAtarget. To remove an ESXi host from vMA 1 2 LogintovMAasviadmin. ToremoveanESXihostthatisavMAtarget,runthefollowingcommand:

vifp removeserver <host>

TheRecentTaskspanelofthetargetserverdisplaysinformationabouttheviadminandviuserusersthat arebeingremoved.TheUsersandGroupspanelofthetargetservernolongerdisplaystheusers.

Modifying Scripts
YoucanmodifyserviceconsolescriptstorunfromvMA.

LinuxcommandsScriptsrunninginvMAcannotuseLinuxcommandsinthewaythattheydoonthe ESXserviceconsolebecausetheLinuxcommandsarerunningonvMAandnotontheESXhost. AccesstoESXifilesIfyouneedaccesstofoldersorfilesonanESXihost,youcanmakethathostatarget serverandusethevifsvSphereCLIcommandtoview,retrieve,ormodifyfoldersandfiles. ReferencestolocalhostScriptscannotrefertolocalhost.

Ifvifastpassisinitialized,allcommandsthatdonotspecify--serverapplytothedefaulttarget. Ifvifastpassisinitialized,allcommandsthatspecifyhostnameorIPofthetargetapplytothetarget specified.

ProgrammaticconnectionInPerlscriptsorJavaprograms,youcancallVmaTarget.login() method of VmaTargetLibandspecifythehosttoconnectto.Thedirectory/opt/vmware/vma/samplescontains examplesinPerlandJava.vMAhandlesauthenticationiftheserverhasbeenestablishedasatarget server.ProgramscanuseVmaTargetLiblibrarycommands.SeeUsingtheVmaTargetLibLibraryon page 33. NoprocnodesSomeserviceconsolescriptsstilluseVMwareprocnodes,whichwereofficiallymade obsoletewithESXServer3.0andarenotavailableinESX/ESXi4.0andlater.Youcanextractinformation thatwasavailableinVMwareprocnodesusingthevSphereCLIcommandsavailableonvMA. TargetspecificationYoumustspecifythetargetserverwhenyouruncommandsorscripts.

20

VMware, Inc.

Chapter 2 Getting Started with vMA

Table 22liststhevMAcomponentsthatyoucanuseformodifyingscriptsthatincludeprocnodesandLinux commands. Table 2-2. vMA Components for Use in Scripts
vMA Component vSphereCLIcommands vifsvSphereCLI command vSphereSDKforPerl Description ManageESXihostsandvirtualmachines. Performcommonoperations,suchascopy,remove, get,andput,onfilesanddirectories. AccessthevSphereAPI,aWebservicesbasedAPIfor managing,monitoring,andcontrollingthelifecycleof allvSpherecomponents. Performcommonadministrativetasks. For more information vSphereCommandLineInterface InstallationandReferenceGuide. vSphereCommandLineInterface InstallationandReferenceGuide. vSphereSDKforPerlProgramming Guide. vSphereSDKforPerlUtility ApplicationsReference. CommandsareonvMAin /usr/lib/vmware-vcli/apps vSphereSDKforPerlWS Managementcomponent AccessCIM/SMASHdata.ESXisupportsmany SystemsManagementArchitectureforServer Hardware(SMASH)profiles,enablingsystem managementclientapplicationstocheckthestatusof underlyingservercomponentssuchasCPU,fans, powersupplies,andsoon. vSphereSDKforPerlProgramming Guide.

vSphereSDKforPerl utilityapplications

Configure vMA to Use a Static IP Address

Duringthefirstboot,vMApromptsyoutospecifywhethertouseaDHCPserverorastaticIPaddresswhen itstarts.TheDHCPserverassignsanetworkaddress,allowingyoutorunthevirtualmachinewithoutsetup. ThisnetworkaddressmightchangeafterthevirtualmachinehasbeenpoweredofflongerthantheDHCP leasetime.Mostserverapplicationsshouldbeconfiguredtoastaticnetworkaddressthatisconstantand wellknown.

Configure a Static IP Address from the Console

YoucanconfigureastaticIPaddressfromthevMAconsoleorthewebUI. To configure a static IP address from the console 1 2 3 Intheconsole,selectConfigureNetworkandpressEnter. AttheUseaDHCPserverinsteadofastaticIPaddressprompt,typeno. Whenprompted,providethefollowinginformation:

IPAddress Netmask Gateway DNSServer1 DNSServer2 Hostname

4 5

Whenprompted,specifywhetheryouneedaproxyservertoreachtheInternet.Ifyouansweryes,type theIPaddressandtheportnumberofyourproxyserver. Typeyifthevaluesonthereviewscreenarecorrect.Ifthevaluesareincorrect,enternoandrepeatthe procedure.

VMware, Inc.

21

vSphere Management Assistant Guide

Configure a Static IP Address from the Web UI

YoucanconfigureastaticIPaddressfromthevMAconsoleorthewebUI. To configure a static IP address from the web UI 1 2 3 LogintothewebUI. OpentheNetworkpageandclicktheAddresstab. SelecttheUsethefollowingIPsettingsoptionandprovidetheIPaddressesforthefollowing:

IPAddress Netmask Gateway PreferredDNSServer AlternateDNSServer Hostname

ClickSaveSettings.

Configure vMA to Use a DHCP Server

YoucanreconfigurevMAtouseaDHCPserverinsteadofusingastaticIPaddress.

Configure vMA to Use a DHCP Server from the Console

To configure vMA to use a DHCP server from the console 1 2 3 OnthevMAconsole,selectConfigureNetworkandpressEnter. AttheUseaDHCPserverinsteadofastaticIPaddressprompt,typey. Whenprompted,specifywhetheryouneedaproxyservertoreachtheInternet. Ifyouansweryes,typetheIPaddressandportnumberofyourproxyserver. Areviewofthenetworksettingsappears. 4 Typeyifthevaluesonthereviewscreenarecorrect.

Configure vMA to Use a DHCP Server from the Web UI

To configure vMA to use a DHCP server from the web UI 1 2 3 4 LogintothewebUI. OpentheNetworkpageandclicktheAddresstab. SelecttheObtainconfigurationfromDHCPserveroption. ClickSaveSettings.

Setting the Time Zone

Bydefault,thevirtualhardwareclockismaintainedinCoordinatedUniversalTime(UTC),whichvMA convertstolocaltime.Youcan,however,setittoalocaltime,whichisimportantfortheupdaterepositoryand VMwarevCenterUpdateManager.

22

VMware, Inc.

Chapter 2 Getting Started with vMA

Setting the Time Zone from the Console

Youcansettimezonefromtheconsoleasdescribedhere. To set the time zone from the console 1 2 3 Ontheconsole,selectSetTimezoneandpressEnter. Whenprompted,selectyourcontinentorregionandpressEnter. Whenprompted,selectyourcountryandpressEnter. Thescreendisplaystheinformationthatyouhaveselectedandthetimethatwillbeset. 4 Type1iftheinformationiscorrect. vMAsetsthetimezone.

Setting the Time Zone from the Web UI

YoucansetthetimezonefromthewebUIbyusingthefollowingsteps. To set the time zone from the Web UI 1 1 2 3 AccessthewebUIandlogin. ClicktheSystemtabthenclicktheTimeZonebutton. FromtheTimeZoneSettingslist,selectyourcountryandcity. ClickSaveSettings.

Shut Down vMA

BeforeyoupoweroffvMA,shutdownthevirtualmachine. To shut down vMA from vSphere Client 1 2 ShutdowntheoperatingsystemusingaLinuxcommandsuchasthehaltcommandonthevMA commandline. PoweroffthevMAvirtualmachineusingthevSphereClient.

To shut down vMA from the Web UI 3 4 LogintotheWebUIasviadmin. IntheInformationtab,clickShutdown.

Delete vMA
IfyouintendtodeployanewerversionofvMA,orifyounolongerneedvMA,youcandeletethevMAvirtual machine. IMPORTANTIfyoudeletevMAwithoutremovingallservers,theviadminandviuserusersremainonthe targetESXihosts.ThenexttimeyouaddthehosttoavMAinstance,vMAcreatesausernamewithadifferent numericextension. To delete the vMA virtual machine 1 2 3 4 RemoveallvMAtargetserversyouadded.SeeRemoveTargetServersfromvMAonpage 20. ShutdownvMA. PoweroffthevirtualmachinebyusingthevSphereClient. InthevSphereClient,rightclickthevirtualmachineandselectDeletefromDisk.

VMware, Inc.

23

vSphere Management Assistant Guide

Troubleshooting vMA
YoucanfindtroubleshootinginformationforallVMwareproductsinVMwareKnowledgeBasearticlesand informationaboutvMAknownissuesinthereleasenotes.Table 23explainsafewcommonlyencountered issuesthatareeasilyresolved. Table 2-3. Troubleshooting vMA
Issue YoucandeployvMAbutwhenyoustartupthevirtual machine,anerroroccurs. YouaddaserverbutthevSphereCLIcommandorPerl scriptstillpromptsforauthentication. Youhaveaddedmultipleservers.Youdonotknow wherevMArunsvSphereCLIcommandsifyoudonot specify--server. YouwanttoenableDNSresolutioninvMA. Resolution Checkwhetheryoursetupmeetsthehardwareandsoftware requirementslistedinHardwareRequirementson page 12. Runviftargetforthetargetserver. Afteracalltovifptarget,yourpromptchangestoinclude thecurrenttarget. YoucanconfiguretheDNSresolutionnameserverforvMA byupdatingthe/etc/resolv.conffile.Addthefollowing lineforeachDNSserverinyournetwork: nameserver <dns server ip address> Typeman resolv.conffordetailsonthatfile. IfvMAissetupforDHCP,andthenetworkisrestarted, changesyoumadeto/etc/resolv.confarelost. ProblemswhileaddingActiveDirectorytarget orconfiguringvMAforActiveDirectory. IfyouareunabletoauthenticatefromvMAorcannotadd vMAtothedomaincontroller,checkthefollowing:

YourDNSserversetupinvMAresolvestheIPaddressor hostnameofthevCenterservertoanFQDNandthe FQDNcontainsthedomainnametowhichvMAis added. Thevifp listservercommandshowsthenameof vCenterastheFQDNthatcontainsthedomainnameto whichvMAisaddedasthesuffix. ThedateandtimesettingsonvMA,thedomain controllerandvCenterServerareidentical.Checkthe timezoneaswell.Thetimemaynotexactlybethesame butmayvarybyanhour.However,alargeskewinthe timemaycauseauthenticationproblems.

ThisreleaseofvMAprovidesthevma-supportscriptthatenablesyoutocollectvarioussystemconfiguration informationandotherlogs.Youcanrunthisscriptbyissuingthefollowingcommand:
> sudo vma-support

Thescriptgeneratestheinformationandlogbundleandappendsittothevmware.logfileontheESXihost onwhichvMAisdeployed.

Update vMA
YoucandownloadsoftwareupdatesincludingsecurityfixesfromVMwareandcomponentsincludedinvMA, suchastheSUSELinuxEnterpriseServerupdatesandJRE. IMPORTANTYoucannotupgradeapreviousversionofvMAtovMA5.0.YouneedtoinstallvMA5.0. To update vMA 1 2 3 AccesstheWebUI. Loginasviadmin. ClicktheUpdatetabandthentheStatustab.

24

VMware, Inc.

Chapter 2 Getting Started with vMA

4 5 6

OpentheSettingstabandthenfromtheUpdateRepositorysection,selectarepository. ClickCheckUpdates. ClickInstallUpdates.

Configure Automatic vMA Updates

YoucanconfigureautomaticdownloadofvMAupdates. To configure automatic updates 1 2 3 4 5 6 7 AccesstheWebUI. Loginasviadmin. ClicktheUpdatetabandthentheSettingstab. ClickAutomaticcheckforupdates. Setthescheduleforperformingtheautomaticchecksbyselectingadayandtimefromthedropdown lists. IntheUpdateRepositorysection,selectarepository. ClickSaveSettings.

VMware, Inc.

25

vSphere Management Assistant Guide

26

VMware, Inc.

vMA Interfaces

vMAinterfacesallowyoutoinitializevifastpass,add,remove,andlisttargetservers,andmanagepasswords. TheinterfacesareavailableasPerlcommandsandJavamethods. Thischapterincludesthefollowingtopics:

vMAInterfaceOverviewonpage 27 vifptargetCommandforvifastpassInitializationonpage 27 vifpTargetManagementCommandsonpage 28 TargetManagementExampleSequenceonpage 32 UsingtheVmaTargetLibLibraryonpage 33 VmaTargetLibReferenceonpage 33

vMA Interface Overview

Table 31showswhichinterfacesincludewhichcommandandmethod. Table 3-1. vMA Interface Overview
Interface / Library vifptarget vifp (administrative interface) Commands vifptarget addserver removeserver rotatepassword listservers reconfigure VmaTargetLib (library) enumerate_targets query_target login logout enumerateTargets queryTarget login logout UsingtheVmaTargetLibLibraryon page 33. Methods For More Information vifptargetCommandforvifastpass Initializationonpage 27. vifpTargetManagementCommands onpage 28.

vifptarget Command for vi-fastpass Initialization

Youcanrunthiscommandtoperformthefollowingtasks:

InitializevifastpassforthevSphereCLIandthevSphereSDKforPerl. Resetfastpasstarget Displaytheinitializedfastpasstarget

VMware, Inc.

27

vSphere Management Assistant Guide

Usage
vifptarget --set | --clear | --display | --help | -s <server> -c -d -h

Description ThevifptargetcommandenablesseamlessauthenticationforremotevSphereCLIandvSphereSDKforPerl commands. Youcanestablishmultipleserversastargetservers,andthencallvifptargetoncetoinitializeallserversfor vifastpassauthentication.Youcanthenruncommandsagainstanytargetserverwithoutadditional authentication.Youcanusethe--serveroptiontospecifytheservertoruncommandson. ThevMApromptdisplaysthecurrentdefaultexecutionserver.Ifyouremovethatdefaultserver,theserver nameisremovedfromthepromptbutthevifastpassenvironmentisnotclearedandthevCLIcommandscan stillrunseamlesslyagainstallthetargets. WhilehostsremaintargetserversacrossvMAreboots,youmustrunvifptargetaftereachlogouttoenable vifastpassforvSphereCLIandvSphereSDKforPerlcommands. Options
Option set display clear help Description Initializesthefastpasstarget. Displaystheinitializedfastpasstarget. Clearsthevifastpassenvironment. Displayhelpforthecommand.

Example vifptarget --set | -s <server> Initializesthefastpasstarget. vifptarget --display | -d Displaystheinitializedfastpasstarget. vifptarget --clear | -c Clearsthevifastpassenvironment.

vifp Target Management Commands

Thevifpinterfaceallowsadministratorstoadd,list,andremovetargetserversandtomanagetheviadmin userspassword.

vifp addserver
AddsavCenterServersystemorESXihostasavMAtargetserver. Usage
vifp addserver <server> [--authpolicy <fpauth | adauth>] [--protocol <http | https>] [--portnumber <portnum>] [--servicepath <servicepath>] [--username <username>] [--password <password>]

28

VMware, Inc.

Chapter 3 vMA Interfaces

Description AfteraserverisaddedasavMAtarget,youmustrunvifptarget <server>beforeyourunvSphereCLI commandsorvSphereSDKforPerlscriptsagainstthatsystem.ThesystemremainsavMAtargetacrossvMA reboots,butrunningvifptargetagainisrequiredaftereachlogout.SeevifptargetCommandforvifastpass Initializationonpage 27. Afteryourunvifptarget,youcanrunvSphereCLIorvSphereSDKforPerlcommandsandscriptsandyou arenolongerpromptedforauthenticationinformation,asfollows:

IfyouaddavCenterServersystemasavMAtarget,youcanrunmostcommandsonallESXihoststhat thevCenterServersystemmanagesusingthevSphereCLI--vihostoption.ThevSphereCLIInstallation andReferenceGuideincludesatablethatshowswhichcommandscannottargetavCenterServersystem. IfyouaddonlyoneESXihost,youcanruncommandswithoutspecifyingthetarget. IfyouaddmultipleESXihosts,specifythetargettoavoidconfusion.

SeeAddTargetServerstovMAonpage 17andRunningvSphereCLIfortheTargetsonpage 19. IMPORTANTIfyouchangeatargetserversname,youmustremoveit,andthenaddittovMAwiththenew name. Options

Option server authpolicy protocol portnumber servicepath username Description NameorIPaddressoftheESXihostorvCenterServersystemtoaddasavMAtarget. SetstheauthenticationpolicytofastpassauthenticationortheActiveDirectory authentication.Thedefaultvalueisfpauth. Connectionprotocol.HTTPSbydefault. Connectionportnumberofthetargetserver.Thedefaultis443. ServicepathURLofthetargetserver.Thedefaultis/sdk. Userwhoconnectstothetargetserver. IfthetargetserverpointstoanESXihost,thedefaultisroot.Theusermusthave superuserprivilegesontheESXihost. IfthetargetserverpointstoavCenterServersystem,thereisnodefault.Youare promptedforausernameifyoudonotspecifyoneusingthisoption.Theusermusthave privilegestoconnecttothevCenterServersystem. password Passwordoftheuserspecifiedbyusername.

Example
vifp addserver my_vCenter

AddsavCenterServersystemasavMAtarget.Youarepromptedforausernameandpassword.Theuser musthaveloginprivilegesonthevCenterServersystem.
vifp addserver myESX42

AddsanESXihosttovifastpass.Youarepromptedfortherootpasswordforthetargetsystem.

vifp removeserver
RemovesaspecifiedvMAtargetthatwaspreviouslyaddedwithvifp addserver. IfthetargetisanESXisystem,youneedsuperuserprivilegesforremoval.IfthetargetisavCenterServer system,anyuserwithconnectionprivilegescanremovethetarget.Youonlyhavetospecifythe<server> option,withoutthepassword.

VMware, Inc.

29

vSphere Management Assistant Guide

Usage
vifp removeserver <server> [--protocol <http | https>] [--portnumber <portnum>] [--servicepath <servicepath>] [--username <username>] [--password <password>] [--force]

Description Runvifp removeserverforeachvMAtargetbeforeyoudeletethevMAinstance.Ifyoudonotrunvifp removeserver,theviuserandviadminusersremainonthetargetserver.IfyoulaterthisservertovMA, vMAcreatestwomoreaccountsonthisserver.Runvifp removeservertoavoidhavingmultipleusers createdbyvMAoneachtargetserver. Options

Option server protocol portnumber servicepath username Description NameorIPaddressoftheESXihostorthevCenterServersystemtoremove. Connectionprotocol.HTTPSbydefault. Connectionportnumberofthetargetserver.Thedefaultis443. ServicepathURLofthetargetserver.Thedefaultis/sdk. Userwhoconnectstothetargetserver. ForESXihosts,thedefaultisrootandtheusermusthavesuperuserprivilegesonthetarget server. password force Passwordoftheuserspecifiedby--username.Usethepasswordyouusedwhenaddingthe server. Forcesremovaloftheserver.

Examples
vifp removeserver <vCenter_Address>

RemovesavCenterServersystem.Youarenotpromptedforapassword.
vifp removeserver <esxi_Address>

RemovesanESXihost.

vifp rotatepassword
Specifiesviadminandviuserpasswordrotationparameters. IMPORTANTThiscommandappliesonlytoESXitargetserverswiththefpauthauthenticationpolicy.You cannotrotatepasswordsfortargetswithadauthauthenticationpolicyandforvCenterServertargets. Usage
vifp rotatepassword [--now [--server <server>] | --never | --days <days>]

Description vMAchangespasswordsforviadminandviuserbothinthelocalcredentialstoreandonthetargetserver. vMAattemptsthepasswordrotationatmidnight. IfoneormoreofthetargetserversisdownwhenvMAattemptspasswordrotation,vMArepeatstheattempt thenextdayatmidnight.

30

VMware, Inc.

Chapter 3 vMA Interfaces

Options
Option now server never days Description Immediatelyrotatesthepasswordforallserversoraspecifiedserver. ESXihostforwhichyouwanttorotatethepassword.Use--serveronlywith--now. Neverrotatethepasswordforanytargetserver. Rotatethepasswordforalltargetserversafterthespecifiednumberofdays.

Examples
vifp rotatepassword --now

ImmediatelyrotatespasswordsofallESXivMAtargetservers.
vifp rotatepassword --now --server <server_address>

Immediatelyrotatesthepasswordofaspecificserver.
vifp rotatepassword --days 7

SetsthepasswordrotationpolicytorotatethepasswordofallESXivMAtargetseverysevendays. Forexample,ifyouaddserver1on9/1,andserver2on9/2,andrunvifp rotatepassword --days 7,vMA rotatesthepasswordforserver1atmidnighton9/8andthepasswordforserver2atmidnighton9/9.vMA rotatestheserver1passwordagainon9/15andtheserver2passwordagainon9/16.Ifyouthenrunvifp rotatepassword --days 3,vMArotatestheserver1passwordon9/18andtheserver2passwordon9/19.
vifp rotatepassword

Displaysthecurrentpasswordrotationpolicy.

vifp listservers
Liststargetsystems. Usage
listservers [-l | --long]

Description Youcanusethiscommandtoverifythataddserversucceeded.Thiscommanddoesnotrequireadministrator privilegesonvMA. Example

vifp listservers --long

ListsallserversthatarevMAtargets,forexample:
server1.mycomp.com server2.mycomp.com server3.mycomp.com vc42.mycomp.com ESX ESX ESXi vCenter fpauth adauth fpauth adauth

VMware, Inc.

31

vSphere Management Assistant Guide

vifp reconfigure
Reconfigurestargetsystems.ThiscanbedonetochangeauthenticationpolicyortheconfiguredActive Directoryuser. Usage
reconfigure <server> [--authpolicy <fpauth | adauth>] [--protocol <http | https>] [--portnumber <portnum>] [--servicepath <servicepath>] [--username <username>] [--password <password>]

Description Youcanusethiscommandtoreconfiguretheauthenticationpolicyortheusers.Thiscommandcanberunonly byadministrators. Options

Option server authpolicy protocol portnumber servicepath username Description NameorIPaddressoftheESXihostorthevCenterServersystemtobereconfigured. IndicatesifthetargetusesthefastpassauthenticationortheActiveDirectory authentication.Thedefaultvalueisfpauth. Connectionprotocol.HTTPSbydefault. Connectionportnumberofthetargetserver.Thedefaultis443. ServicepathURLofthetargetserver.Thedefaultis/sdk. Userwhoconnectstothetargetserver. IfthetargetserverpointstoanESXihost,thedefaultisroot.Theusermusthave superuserprivilegesonthetargetserver. IfthetargetserverpointstoavCenterServersystem,thedefaultuseristheone configuredforthevCentersystemintheprevioussession.Forexample,ifvCenterwas addedorreconfiguredwiththeusernameadministratorintheprevioussession,the defaultuserforthevifp reconfigurecommandisadministrator. password Passwordoftheuserspecifiedbyusername.

Target Management Example Sequence

ThefollowingsequenceofcommandsaddsanESXihost,listsservers,runsvifptargettoenablevifastpass, runsavSphereCLIcommand,andremovestheESXihost.
vifp addserver server1.company.com root@server1.company.coms password: <password, not echoed to screen> vifp listservers server1.company.com ESX vifptarget --set server1.company.com esxcli storage core path list cdrom vmhba0:1:0 (0MB has 1 paths and policy of fixed Local 0:7:1 vmhba0:1:0 On active preferred ..... vifp removeserver server1.company.com root@server1.company.coms password: <password, not echoed to screen>

32

VMware, Inc.

Chapter 3 vMA Interfaces

Using the VmaTargetLib Library

TheVmaTargetLib libraryallowsyoutoprogrammaticallyconnecttovMAtargetsbyusingPerlorJava. AgentscanlinkwithVmaTargetLib andusevifastpassfunctionality.TheVmaTargetLiblibraryallowsyou toenablevifastpassauthenticationandtoqueryorlistoneormoretargetswiththefollowingcommands:

EnumerateTargetsRetrievesalistofallserversthatarevMAtargets. QueryTargetRetrievesconnectioninformationforatargetserver. LoginConnectstoatargetserver. LogoutLogsyououtofthetargetserver.

SeetheVmaTargetLibjavalibraryforamoredetailedreferencetotheJavainterface.Youcanfindsamplesin /opt/vmware/vma/samples.

VmaTargetLib Reference
YoucanusethefollowingVmaTargetLibcommandsinPerlorJavaprograms.

Enumerating Targets
Usage Perl Java Description ReturnsalistoftargetvCenterServerorESXisystemsaddedtothevMAinstancebyusingvifp addserver. Options None Returns Returnsalistofalltargetservers.
enumerate_targets() enumerateTargets()

Querying Targets
Usage Perl Java Description Allowsthecaller,forexample,anagent,toretrievelogincredentialsfromavMAtargetandusethose credentialstoconnecttothevMAtarget. Options
Option servername Description OneoftheserversaddedtothisvMAinstanceusingvifp addserver.CanbeanESXihostor avCenterServersystem. query_target (<servername>) queryTarget (string <servername>)

Returns ReturnsaspecificvMAtargetserver.

VMware, Inc.

33

vSphere Management Assistant Guide

Programmatic Login
Usage Perl Java Description Allowsaprogramtologintoatargetserverprogrammatically. Options
Option service svcRef servername Language Java Java Java,Perl Description Javaserviceinstance. JavaserviceManagedObjectReference. OneoftheserversaddedtothisvMAinstanceusingvifp addserver. VmaTarget.login() VmaTarget.login()

Returns Returns1ifsuccessfuland0otherwise.

Programmatic Logout
Usage Perl Java Description Allowsaprogramtologoutofatargetserverprogrammatically. Options
Option servername Language Java,Perl Description OneoftheserversaddedtothisvMAinstanceusingvifp addserver. VmaTarget.logout() VmaTarget.logout()

34

VMware, Inc.

Index

A
adding target servers 17 addserver command 28 authentication component 8 authentication prerequisites 12

R
removeservers command 29 removing target servers 20 root user account 12 rotatepassword command 30 rotatepassword example 31

C
configuring vMA 16

S
scripts, modifying 20 shutting down vMA 23 storage required for vMA 12 sudo 12

D
deleting vMA 23 deploying vMA 13 DNS resolution 24

T E
ESXi systems, vMA target 18 example sequence 32 target servers commands 28 multiple 19 name change 17, 18 removing 20 single 17 technical support resources 6 troubleshooting vMA 24

H
hardware prerequisites 12 host name 14

I
initialization 27

U
user account privileges 16

J
Java JRE 8

L
listservers command 31 localhost 20

V
vCenter Server systems, vMA target 17 VI CLI vifptarget 27 vifs 20 without vi-fastpass 19 vi-admin privileges 16 setting password 14 vi-fastpass initialization 27 overview 8 vifp addserver 28 vifp listservers 31 vifp removeserver 29 vifp rotatepassword 30 vifp target management 28 vifptarget command 27 vifs command 20

M
modifying scripts 20 multiple target servers 19

N
name change 17, 18 network configuration 13 network setup 13

P
passwords ESXi hosts 12 vCenter Server systems 12 proc nodes 20

VMware, Inc.

35

vSphere Management Assistant Guide

vi-user privileges 16 setup 16 vMA component overview 8 getting started 11 interface overview 27 samples 9 use cases 9 vMA targets ESXi systems 18 vCenter Server systems 17 VmaTargetLib 33 VMware Tools 8 vSphere CLI 8 vSphere SDK for Perl 8

36

VMware, Inc.