Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
vSphere 5.1
EN-000852-00
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright 20082012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and
intellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
VMware, Inc.
Contents
AboutThisBook
1 IntroductiontovMA 7
vMACapabilities 7
vMAComponentOverview 8
vSphereAuthenticationMechanism 8
vMASamples 9
vMAUseCases 9
WritingorConvertingScripts 9
WritingorConvertingAgents 9
2 GettingStartedwithvMA 11
HardwareRequirements 12
SoftwareRequirements 12
RequiredAuthenticationInformation 12
DeployvMA 13
ConfigurevMAatFirstBoot 13
vMAConsoleandWebUI 14
ConfigurevMAforActiveDirectoryAuthentication 15
ConfigureUnattendedAuthenticationforActiveDirectoryTargets
TroubleshootingUnattendedAuthentication 16
EnabletheviuserAccount 16
vMAUserAccountPrivileges 17
AddTargetServerstovMA 17
RunningvSphereCLIfortheTargets 20
ReconfigureaTargetServer 20
RemoveTargetServersfromvMA 21
ModifyingScripts 21
ConfigurevMAtoUseaStaticIPAddress 22
ConfigureaStaticIPAddressfromtheConsole 22
ConfigureaStaticIPAddressfromtheWebUI 23
ConfigurevMAtoUseaDHCPServer 23
ConfigurevMAtoUseaDHCPServerfromtheConsole 23
ConfigurevMAtoUseaDHCPServerfromtheWebUI 23
SettingtheTimeZone 24
SettingtheTimeZonefromtheConsole 24
SettingtheTimeZonefromtheWebUI 24
ShutDownvMA 24
DeletevMA 24
TroubleshootingvMA 25
UpdatevMA 26
ConfigureAutomaticvMAUpdates 26
15
3 vMAInterfaces 27
vMAInterfaceOverview 27
vifptargetCommandforvifastpassInitialization 27
VMware, Inc.
vifpTargetManagementCommands 28
vifpaddserver 28
vifpremoveserver 29
vifprotatepassword 30
vifplistservers 31
vifpreconfigure 32
TargetManagementExampleSequence 32
UsingtheVmaTargetLibLibrary 33
VmaTargetLibReference 33
EnumeratingTargets 33
QueryingTargets 33
ProgrammaticLogin 34
ProgrammaticLogout 34
Index 35
VMware, Inc.
ThevSphereManagementAssistantGuideexplainshowtodeployandusevMAandincludesreference
informationforvMACLIsandlibraries.
Toviewthecurrentversionofthisbook,aswellasallVMwareAPIandSDKdocumentation,goto
http://www.vmware.com/support/pubs/sdk_pubs.html.
NOTEThetopicsinwhichthisdocumentationusestheproductnameESXiareapplicabletoallsupported
releasesofESXandESXi.
Revision History
Thisbook,thevSphereManagementAssistantGuide,isrevisedwitheachreleaseoftheproductorwhen
necessary.Arevisedversioncancontainminorormajorchanges.Table 1summarizesthesignificantchanges
ineachversionofthisbook.
Table 1. Revision History
Revision
Description
10SEP2012
vMA5.1release
20JAN2012
Chapter2,sectionConfigureUnattendedAuthenticationforActiveDirectoryTargetsisupdated.
24AUG2011
vMA5.0release.
13JUL2010
vMA4.1release
16NOV2009
Chapter1isenhancedtoprovidedetailsaboutvMAsenhancedcapabilities,authenticationmechanisms
andthechangestothesamples.
Chapter2providesinformationaboutconfiguringvMAforActiveDirectory.Italsoexplainshowto
reconfigureatargetserver.
Chapter3providesinformationaboutthenewvifptargetandvifp reconfigurecommands.Italso
describestheVmaTargetLiblibrary.
21MAY2009
vMA4.0documentation
27OCT2008
VIMA1.0documentation
Intended Audience
ThisbookisforadministratorsanddeveloperswithsomeexperiencesettingupaLinuxsystemandworking
inaLinuxenvironment.AdministratorscanusethevMAautomatedauthenticationfacilitiesandthesoftware
packagedwithvMAtointeractwithESXihostsandvCenterServersystems.Developerscancreateagentsthat
interactwithESXihostsandvCenterServersystems.
VMware, Inc.
Document Feedback
VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Sendyourfeedbackto
docfeedback@vmware.com.
Support Offerings
TofindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds,goto
http://www.vmware.com/support/services.
VMware, Inc.
Introduction to vMA
ThevSphereManagementAssistant(vMA)isaSUSELinuxEnterpriseServer11basedvirtualmachinethat
includesprepackagedsoftwaresuchasthevSpherecommandlineinterface,andthevSphereSDKforPerl.
vMAallowsadministratorstorunscriptsoragentsthatinteractwithESXihostsandvCenterServersystems
withouthavingtoauthenticateeachtime.
Thechapterincludesthefollowingtopics:
vMACapabilitiesonpage 7
vMAComponentOverviewonpage 8
vMAUseCasesonpage 9
TogetstartedwithvMArightaway,gotoGettingStartedwithvMAonpage 11.
vMA Capabilities
vMAprovidesaflexibleandauthenticatedplatformforrunningscriptsandprograms.
Asadministrator,youcanaddvCenterServersystemsandESXihostsastargetsandrunscriptsand
programsonthesetargets.Onceyouhaveauthenticatedwhileaddingatarget,youneednotloginagain
whilerunningavSphereCLIcommandoragentonanytarget.
Asadeveloper,youcanusetheAPIsprovidedwiththeVmaTargetLiblibrarytoprogrammatically
connecttovMAtargetsbyusingPerlorJava.
vMAenablesreuseofserviceconsolescriptsthatarecurrentlyusedforESXiadministration,though
minormodificationstothescriptsareusuallynecessary.
vMAcomespreconfiguredwithtwouseraccounts,namely,viadminandviuser.
Asviadmin,youcanperformadministrativeoperationssuchasadditionandremovaloftargets.
You canalsorunvSphereCLIcommandsandagentswithadministrativeprivilegesonthe
added targets.
Asviuser,youcanrunthevSphereCLIcommandsandagentswithreadonlyprivilegesonthe
target.
YoucanmakevMAjoinanActiveDirectorydomainandloginasanActiveDirectoryuser.Whenyourun
commandsfromsuchauseraccount,theappropriateprivilegesgiventotheuseronthevCenterServer
systemortheESXihostwouldbeapplicable.
vMAcanrunagentcodethatmakeproprietaryhardwareorsoftwarecomponentscompatiblewith
VMwareESX.ThesecodecurrentlyrunintheserviceconsoleofexistingESXhosts.Youcanmodifymost
oftheseagentcodetoruninvMA,bycallingthevSphereAPI,ifnecessary.Developersmustmoveany
agentcodethatdirectlyinterfaceswithhardwareintoaprovider.
VMware, Inc.
SUSELinuxEnterpriseServer11SP1vMArunsSUSELinuxEnterpriseServeronthevirtualmachine.
YoucanmovefilesbetweentheESXihostandthevMAconsolebyusingthevifsvSphereCLIcommand.
VMwareToolsInterfacetothehypervisor.
vSphereCLICommandsformanagingvSpherefromthecommandline.SeethevSphereCommandLine
InterfaceInstallationandReferenceGuide.
vSphereSDKforPerlClientsidePerlframeworkthatprovidesascriptinginterfacetothevSphereAPI.
TheSDKincludesutilityapplicationsandsamplesformanycommontasks.
JavaJREversion1.6RuntimeengineforJavabasedapplicationsbuiltwithvSphereWebServicesSDK.
vifastpassAuthenticationcomponent.
viadminwithadministratorprivileges
viuserwithreadonlyprivileges
ThecreationofviadminandviuserdoesnotapplyforActiveDirectoryauthenticationtargets.Whenyouadd
asystemasanActiveDirectorytarget,vMAdoesnotstoreanyinformationaboutthecredentials.Tousethe
ActiveDirectoryauthentication,theadministratormustconfigurevMAforActiveDirectory.Formore
informationonhowtoconfigurevMAforActiveDirectory,seeConfigurevMAforActiveDirectory
Authenticationonpage 15.
Afteraddingatargetserver,youmustinitializevifastpasssothatyoudonothavetoauthenticateeachtime
yourunvSphereCLIcommands.IfyourunavSphereCLIcommandwithoutinitializingvifastpass,youwill
beaskedforusernameandpassword.
Youcaninitializevifastpassbyusingoneofthefollowingmethods:
Runvifptarget.Formoreinformationaboutthisscript,seevifptargetCommandforvifastpass
Initializationonpage 27.
CalltheLoginmethodinaPerlorJavaprogram.Formoreinformationaboutthismethod,see
VmaTargetLibReferenceonpage 33.
Aftersettingupatargetusingthevifptargetcommand,youcanrunvSphereCLIcommandsorscriptsthat
usevSphereSDKforPerlwithoutprovidinganyauthenticationinformation.Toruncommandsagainstan
ESXihostthatismanagedbyavCenterServer,youcanusethe--vihostoption.
EachtimeyoulogintovMA,youmustrunthevifptargetcommandortheLoginmethodonce.Thetarget
thatyouspecifyinthevifptargetcommandisthedefaulttarget.Targetserversremaintargetsacross
reboots.Youcanoverrideitbyusingthe--serveroptionofthevSphereCLIcommandsasshowninthe
followingexample:
vifptarget -s esx1.foo.com
vicfg-nics -l
#lists the nics on esx1.foo.com
vicfg-nics -l --server esx2.foo.com #lists the nics on esx2.foo.com
VMware, Inc.
vMA Samples
vMAsamplesillustratethevMACLIsandtheVmaTargetLiblibrary.ThesamplesareavailableinvMAat
/opt/vmware/vma/samples.
bulkAddServers.plPerlsamplethataddsmultipletargetstovMA.
mcli.plPerlsamplethatrunsavSphereCLIcommandonmultiplevMAtargetsspecifiedinafile
suppliedasanargument.Youmustrunvifptargetbeforerunningthisscript.
listTargets.pl PerlsamplethatretrievesinformationandversionofvMAtargetsusing
VmaTargetLib.
listTargets.sh JavasamplethatdemonstratesuseofVmaTargetLib.
ApartnerorcustomerwritesanewagentinPerl.
WhenapartnerorcustomerwritesanewagentinPerl,thePerlscriptmustimporttheVmaTargetLib
PerlmoduleandallvSphereSDKforPerlmodules.InsteadofcallingthevSphereSDKforPerlsubroutine
Util::Connect(targetUrl, username, password),theagentcalls
VmaTargetLib::VmaTarget.login().
ApartnerorcustomerrunsanagentwritteninPerlorJavaintheserviceconsoleandwantstoportthe
agenttovMA.
TheagentusescodesimilartothefollowingPerllikepseudocodetologintoESXihosts:
LoginToMyEsx() {
SessionManagerLocalTicket tkt = SessionManager.AcquireLocalTicket(userName);
UserSession us = sm.login(tkt.userName, tkt.passwordFilePath);
}
Thepartnerchangestheagenttousecodesimilartothefollowingpseudocodeinstead:
LoginToMyEsx(String myESXName) {
VmaTarget target = VmaTargetLib.query_target(myESXName);
UserSession us = target.login();
}
ThispseudocodeassumesonlyonevMAtarget.Formultipletargetservers,thecodecanspecifyany
targetserverorloopthroughalistoftargetservers.
ApartnerorcustomerrunsanagentwritteninPerloutsidetheESXihostandportstheagenttovMA.
InsteadofcallingthevSphereSDKforPerlmethodUtil::Connect(),theagentcallsthevifplibrary
methodVmaTargetLib::VmaTarget.login().
VMware, Inc.
10
VMware, Inc.
YoushouldhavesomeexperiencesettingupaLinuxsystemandworkinginaLinuxenvironment.This
chapterexplainshowtodeployandconfigurevMA,howtoaddandremovetargetservers,andhowto
prepareandrunscripts.Thechapteralsoincludestroubleshootinginformation.
ReadChapter 1,IntroductiontovMA,onpage 7forbackgroundinformationonvMAfunctionalityand
availablevMAcomponents.
IMPORTANTYoucannotupgradeapreviousversionofvMAtovMA5.1.YoumustinstallafreshvMA5.1
instance.
Thischapterincludesthefollowingtopics:
HardwareRequirementsonpage 12
SoftwareRequirementsonpage 12
RequiredAuthenticationInformationonpage 12
DeployvMAonpage 13
ConfigurevMAatFirstBootonpage 13
vMAConsoleandWebUIonpage 14
ConfigurevMAforActiveDirectoryAuthenticationonpage 15
ConfigureUnattendedAuthenticationforActiveDirectoryTargetsonpage 15
EnabletheviuserAccountonpage 16
vMAUserAccountPrivilegesonpage 17
AddTargetServerstovMAonpage 17
RunningvSphereCLIfortheTargetsonpage 20
ReconfigureaTargetServeronpage 20
RemoveTargetServersfromvMAonpage 21
ModifyingScriptsonpage 21
ConfigurevMAtoUseaStaticIPAddressonpage 22
ConfigurevMAtoUseaDHCPServeronpage 23
SettingtheTimeZoneonpage 24
ShutDownvMAonpage 24
DeletevMAonpage 24
TroubleshootingvMAonpage 25
VMware, Inc.
11
UpdatevMAonpage 26
ConfigureAutomaticvMAUpdatesonpage 26
Hardware Requirements
TosetupvMA,youmusthaveanESXihost.BecausevMArunsa64bitLinuxguestoperatingsystem,the
ESXihostonwhichitrunsmustsupport64bitvirtualmachines.
TheESXihostmusthaveoneofthefollowingCPUs:
AMDOpteron,revEorlater
IntelprocessorswithEM64TsupportwithVTenabled.
Opteron64bitprocessorsearlierthanrevE,andIntelprocessorsthathaveEM64Tsupportbutdonothave
VTsupportenabled,donotsupporta64bitguestoperatingsystem.Fordetailedhardwarerequirements,see
theHardwareCompatibilityListontheVMwareWebsite.
Bydefault,vMAusesonevirtualprocessor,andrequires3GBofstoragespaceforthevMAvirtualdisk.The
recommendedmemoryforvMAis600MB.
Software Requirements
YoucandeployvMAonthefollowingsystems:
vSphere5.1
vSphere5.0andlater
vSphere4.1andlater
vCenterApplication5.0andlater
YoucandeployvMAbyusingavSphereClientconnectedtoanESXihostorbyusingavSphereClient
connectedtovCenterServer5.1,vCenterServer5.0orlater,vCenterServer4.1orlater,orvCenterApplication
5.0andlater.
YoucanusevMAtotargetvSphere4.1andlater,vSphere5.0andlater,andvSphere5.1systems.
Atruntime,thenumberoftargetsasinglevMAinstancecansupportdependsonhowitisused.
vCenterServersystemIfyouwanttouseavCenterServersystemasthetargetserver,youmustbeable
toconnecttothatsystem.
IfyouareusingavCenterServertarget,youdonotneedpasswordsfortheESXihoststhatthevCenter
Serversystemmanages,unlessyouruncommandsthatdonotsupportvCenterServertargets.
ESXihostYoumusthavetherootpasswordortheusernameandpasswordforauserwith
administrativeprivilegesforeachESXihostyouaddasavMAtarget.Youdonotneedtheauthentication
informationwhenyouremoveatargethost.
vMAWhenyoufirstconfigurevMA,vMApromptsforapasswordfortheviadminuser.Specifya
passwordandrememberitforsubsequentlogins.TheviadminuserhasrootprivilegesonvMA.
IMPORTANTTherootuseraccountisdisabledonvMA.Torunprivilegedcommands,typesudo
<command>.Bydefault,onlyviadmincanruncommandsthatrequiresudo.
12
VMware, Inc.
Deploy vMA
YoucandeployvMAbyusingafileorfromaURL.Ifyouwanttodeployfromafile,downloadandunzipthe
vMAZIPfilebeforeyoustartthedeploymentprocess.
IMPORTANTYoucannotupgradeanearlierversionofvMAtovMA5.1.YoumustinstallafreshvMA5.1
instance.
To deploy vMA
1
UseavSphereClienttoconnecttoasystemthatisrunningthesupportedversionofESXiorvCenter
Server.
IfconnectedtoavCenterServersystem,selectthehosttowhichyouwanttodeployvMAintheinventory
pane.
SelectFile>DeployOVFTemplate.
TheDeployOVFTemplatewizardappears.
SelectDeployfromafileorURLifyouhavealreadydownloadedandunzippedthevMAvirtual
appliancepackage.
Click Browse,selecttheOVF,andclickNext.
ClickNextwhentheOVFtemplatedetailsaredisplayed.
AcceptthelicenseagreementandclickNext.
Specifyanameforthevirtualmachine.
Youcanalsoacceptthedefaultvirtualmachinename.
Selectaninventorylocationforthevirtualmachinewhenprompted.
IfyouareconnectedtoavCenterServersystem,youcanselectafolder.
10
IfconnectedtoavCenterServersystem,selecttheresourcepoolforthevirtualmachine.
Bydefault,thetoplevelrootresourcepoolisselected.
11
Ifprompted,selectthedatastoretostorethevirtualmachineonandclickNext.
12
SelecttherequireddiskformatoptionandclickNext.
13
SelectthenetworkmappingandclickNext.
IMPORTANTEnsurethatvMAisconnectedtothemanagementnetworkonwhichthevCenterServer
systemandtheESXihoststhatareintendedvMAtargetsarelocated.
14
ReviewtheinformationandclickFinish.
ThewizarddeploysthevMAvirtualmachinetothehostthatyouselected.The deployprocesscantake
severalminutes.
NextyouconfigureyourvMAvirtualmachine.YouperformthistaskwhenyoulogintovMAthefirsttime.
InthevSphereClient,rightclickthevirtualmachine,andclickPowerOn.
SelecttheConsoletab.
VMware, Inc.
13
Selecttheappropriatemenuoptiontoconfigurethenetworksettings.
YoucanindividuallyconfigurethevariousnetworksettingssuchasIPaddress,hostname,DNS,proxy
server,anddefaultgateway,byselectingtheappropriatemenuoption.
Thehostnamecancontain64alphanumericcharacters.YoucanchangethevMAhostnamelaterby
modifyingthe/etc/HOSTNAME and/etc/hostsfiles,asyouwouldforaLinuxhost.Youcanalsousethe
vMAconsoletochangethehostname.ForaDHCPconfiguration,thehostnameisobtainedfromthe
DNSserver.
IfyouuseastaticIPv4networkconfigurationtoconfiguretheIPaddress,DNS,defaultgateway,and
hostname,thenyoumustalsoconfigureadefaultIPv6gatewayduringthefirstbootnetwork
configuration,elsethevMAmightbeunreachableinthenetworkafterlogin.
Ensurethatyoucompletethenetworkconfigurationatthefirstboot.Ifyouskipthenetwork
configuration,theappliancetakesthedefaultnetworkconfigurationfromtheguestoperatingsystem,
whichmayleadtosomeinconsistencies.
NOTEYoucanconfigureonlyonenetworkadapterinvMA.Youcannotaddandconfiguremultiplenetwork
adaptersinvMA.
4
Whenprompted,specifyapasswordfortheviadminuser.
Ifpromptedforanoldpassword,pressEnterandcontinue.
ThenewpasswordmustconformtothevMApassword policy.Thepasswordmusthaveatleast:
Ninecharacters
Oneuppercasecharacter
Onelowercasecharacter
Onenumeralcharacter
Onesymbolsuchas#,$
YoucanlaterchangethepasswordfortheviadminuserusingtheLinuxpasswdcommand.
Thisuserhasrootprivileges.
vMAisnowconfiguredandthevMAconsoleappears.TheconsoledisplaystheURLfromwhichyoucan
accesstheWebUI.
Loginasviadmin
AddserverstovMA
RuncommandsfromthevMAconsole
Configurethenetworksettingsandproxyserversettings
Configurethetimezonesettings.
ThewebUIenablesyoutodothefollowingtasks:
14
Loginasviadmin
Configurethenetworksettingsandproxyserversettings
Configurethetimezonesettings.
UpdatevMA
VMware, Inc.
FromthevMAconsole,runthefollowingcommand:
sudo domainjoin-cli join <domain-name> <domain-admin-user>
Whenprompted,providetheActiveDirectoryadministratorspassword.
Onsuccessfulauthentication,thecommandaddsvMAasamemberofthedomain.Thecommandalso
addsentriesinthe/etc/hostsfilewithvmaHostname.domainname.
RestartvMA.
Now,youcanaddanActiveDirectorytargettovMA.Forstepstodothis,seeAddTargetServersto
vMAonpage 17.
ThecommanddisplaysthenameofthedomaintowhichvMAhasjoined.
To remove vMA from the domain
FromthevMAconsole,runthefollowingcommand:
sudo domainjoin-cli leave
ThevMAconsoledisplaysamessagestatingwhethervMAhaslefttheActiveDirectorydomain.
OnanyWindowsServer2003computerthatispartofthedomaintowhichvMAisadded,downloadand
installtheKtpasstoolfromtheMicrosoftwebsite.
Openthecommandpromptandrunthefollowingcommand:
ktpass /out foo.keytab /princ foo@VMA-DC.ENG.VMWARE.COM /pass ca... /ptype KRB5_NT_PRINCIPAL
-mapuser <vma-dc>\<foo>
where,<vmadc>isthenameofthedomainandfooistheuserhavingpermissionsforthevCenter
administration.
Thiscommandcreatesafilecalledfoo.keytab.
3
Movethefoo.keytabfileto/home/local/VMA-DC/foo.
YoucanuseWinSCPandloginasuservma-dc\footomovethefile.
VMware, Inc.
15
(Optional)Makesurethattheuservmadc\fooonvMAownsthefoo.keytabfilebyusingthefollowing
commands:
ls -l /home/local/VMA-DC/foo/foo.keytab
chown vma-dc\foo/home/local/VMA-DC/foo/foo.keytab
OnvMA,createascriptin/etc/cron.hourly/kticket-renewwiththefollowingcontents:
#!/bin/sh
su - vma-dc\\foo -c '/usr/bin/kinit -k -t /home/local/VMA-DC/foo/foo.keytab foo'
Thisscriptwillrenewtheticketfortheuserfooeveryhour.
Youcanalsoaddtheabovescripttoaservicein/etc/init.dtorefreshtheticketswhenvMAisbooted.
YourDNSserversetupinvMAresolvestheIPaddressorhostnameofthevCenterservertoafully
qualifieddomainname(FQDN)andthattheFQDNcontainsthedomainnametowhichvMAisadded.
Thecommandvifp listserversshowsthenameofvCenterserverastheFQDNthatcontainsthe
domainnametowhichvMAisaddedasthesuffix.
ThedateandtimesettingsonvMA,thedomaincontrollerandthevCenterserverarethesame.Verifythe
timezoneaswell.Thetimemayvarybyanhour,butalargetimeskewmightcauseauthentication
problems.
LogintovMAasviadmin.
RuntheLinuxpasswdcommandforviuserasfollows:
sudo passwd vi-user
IfthisisthefirsttimeyouusesudoonvMA,amessageaboutrootuserprivilegesappears,andyouare
promptedfortheviadminpassword.
3
Specifytheviadminpassword.
Whenprompted,typeandconfirmthepasswordforviuser.
AftertheviuseraccountisenabledonvMA,ithasnormalprivilegesonvMAbutisnotinthesudoerslist.
WhenyouaddESXitargetservers,vMAcreatestwousersoneachtarget:
viadminhasadministrativeprivilegesonthetargetsystem.
viuserhasreadonlyprivilegesonthetargetsystem.vMAcreatesviuseroneachtargetthatyouadd,
evenifviuserisnotcurrentlyenabledonvMA.
WhenauserisloggedintovMAasviuser,vMAusesthataccountontargetESXihosts,andtheusercanrun
onlycommandsontargetESXihoststhatdonotrequireadministrativeprivileges.
16
VMware, Inc.
Authentication
Policy
vi-admin
vi-user
domain user
ESXi
fpauth
ESXi
adauth
vCenterServer
fpauth
vCenterServer
adauth
LogintovMAasviadmin.
AddaserverasavMAtargetbyrunningthefollowingcommand:
vifp addserver vc1.mycomp.com --authpolicy adauth --username ADDOMAIN\\user1
Here,--authpolicy adauthindicatesthatthetargetneedstousetheActiveDirectoryauthentication.
Ifyourunthiscommandwithoutthe--usernameoption,vMApromptsforthenameoftheuserthatcan
connecttothevCenterServersystem.Youcanspecifythisusernameasshowninthefollowingexample:
Enter username for machinename.example.com: ADDOMAIN\user1
If--authpolicyisnotspecifiedinthecommand,thenfpauthistakenasthedefaultauthentication
policy.
3
Verifythatthetargetserverhasbeenadded.
Thedisplayshowsalltargetserversandtheauthenticationpolicyusedforeachtarget.
vifp listservers --long
server1.mycomp.com
server2.mycomp.com
server3.mycomp.com
vc1.mycomp.com
ESX
ESX
ESXi
vCenter
adauth
fpauth
adauth
adauth
Setthetargetasthedefaultforthecurrentsession:
vifptarget --set | -s <server>
VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommandonone
oftheESXihosts,forexample:
esxcli --server <VC_server> --vihost <esx_host> network nic list
Thecommandrunswithoutpromptingforauthenticationinformation.
IMPORTANTIfthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifp
removeserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname.
VMware, Inc.
17
LogintovMAasviadmin.
AddaserverasavMAtargetbyrunningthefollowingcommand:
vifp addserver vc2.mycomp.com --authpolicy fpauth
Here,--authpolicy fpauthindicatesthatthetargetneedstousethefastpassauthentication.
3
Specifytheusernamewhenprompted:
Enter username for machinename.example.com: MYDOMAIN\user1
Specifythepasswordforthatuserwhenprompted.
user1@machine.company.com's password: <not echoed to screen>
Reviewandacceptthesecurityriskinformation.
Verifythatthetargetserverhasbeenadded.
Thedisplayshowsalltargetserversandtheauthenticationpolicyusedforeachtarget.
vifp listservers --long
server1.mycomp.com
server2.mycomp.com
server3.mycomp.com
vc1.mycomp.com
vc2.mycomp.com
ESX
ESX
ESXi
vCenter
vCenter
adauth
fpauth
adauth
adauth
fpauth
Setthetargetasthedefaultforthecurrentsession.
vifptarget --set | -s <server>
VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommandonone
oftheESXihosts,forexample:
esxcli --server <VC_server> --vihost <esx_host> network nic list
Thecommandrunswithoutpromptingforauthenticationinformation.
IMPORTANTIfthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifp
removeserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname.
To add an ESXi host as a vMA target for Active Directory Authentication
1
LogintovMAasviadmin.
AddanESXiserverasavMAtargetbyrunningthefollowingcommand:
vifp addserver server3.mycomp.com --authpolicy adauth --username ADDOMAIN\\user1
Here,--authpolicy adauthindicatesthatthetargetneedstousetheActiveDirectoryauthentication.
Ifyourunthiscommandwithoutthe--usernameoption,vMApromptsforthenameoftheuserthatcan
connecttotheESXiServer.Youcanspecifythisusernameasshowninthefollowingexample:
Enter username for machinename.example.com: ADDOMAIN\user1
If--authpolicyisnotspecifiedinthecommand,thenfpauthistakenasthedefaultauthentication
policy.
3
Verifythatthetargetserverhasbeenadded.
Thedisplayshowsalltargetserversandtheauthenticationpolicyusedforeachtarget.
vifp listservers --long
server1.mycomp.com
server2.mycomp.com
server3.mycomp.com
vc1.mycomp.com
18
ESX
ESX
ESXi
vCenter
adauth
fpauth
adauth
adauth
VMware, Inc.
Setthetargetasthedefaultforthecurrentsession:
vifptarget --set | -s <server>
VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommand,forexample:
esxcli network nic list
Thecommandrunswithoutpromptingforauthenticationinformation.
IMPORTANTIfthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifp
removeserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname.
To add an ESXi host as a vMA target for fastpass Authentication
1
LogintovMAasviadmin.
AddanESXiServerasavMAtargetbyrunningthefollowingcommand:
vifp addserver server2.mycomp.com --authpolicy fpauth
Here,--authpolicy fpauthindicatesthatthetargetneedstousethefastpassauthentication.
Youarepromptedforthetargetserversrootuserpassword.
root@<servername>s password:
SpecifytherootpasswordfortheESXihostthatyouwanttoadd.
vMAdoesnotretaintherootpassword.Instead,vMAaddsviadminandviusertotheESXihost,and
storestheobfuscatedpasswordsthatitgeneratesforthoseusersintheVMwarecredentialstore.
InavSphereclientconnectedtothetargetserver,theRecentTaskspaneldisplaysinformationaboutthe
usersthatvMAadds.ThetargetserversUsersandGroupspaneldisplaystheusersifyouselectit.
CAUTIONRemoveusersaddedbyvMAfromthetargetserveronlyifyouhavedeletedthevMAvirtual
machinebutdidnotremovethetargetservers.
Reviewandacceptthesecurityriskinformation.
Verifythatthetargetserverhasbeenadded.
Thedisplayshowsalltargetserversandtheauthenticationpolicyusedforeachtarget.
vifp listservers --long
server1.mycomp.com
server2.mycomp.com
server3.mycomp.com
vc1.mycomp.com
vc2.mycomp.com
ESX
ESX
ESXi
vCenter
vCenter
adauth
fpauth
adauth
adauth
fpauth
Setthetargetasthedefaultforthecurrentsession.
vifptarget --set | -s <server>
VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommand,forexample:
esxcli network nic list
Thecommandrunswithoutpromptingforauthenticationinformation.
IMPORTANTIfthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifp
removeserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname.
VMware, Inc.
19
AddserversasvMAtargets.
vifp addserver <server1>
vifp addserver <server2>
Verifythatthetargetserverhasbeenadded:
vifp listservers
Runvifptarget.
vifptarget -s <server2>
Thecommandinitializesthespecifiedtargetserver.Now,thisserverwillbetakenasthedefaulttargetfor
thevSphereCLIorvSphereSDKforPerlscripts.
4
RunvSphereCLIorvSphereSDKforPerlscripts,byspecifyingthetargetserver.Forexample:
esxcli --server server2 network nic list
ChangetheauthenticationmodeofavMAtargetfromvifastpasstoActiveDirectoryorviceversa.
ChangetheconfigureduserfortheActiveDirectorytarget.
Recoverusersforthevifastpasstarget.AuserneedstoberecoveredifthecredentialstoreonvMAis
corruptedorifthecredentialsofuserscorrespondingtovMAusersaremodifiedandnotreflectedinvMA.
LogintovMAasviadmin.
Runreconfigure
vifp reconfigure <servername> --authpolicy <authpolicy>
Whenprompted,provideyourcredentials.
IfyoureconfigureanActiveDirectorytargettovifastpassauthentication,thenspecifytheroot
passwordforESXitargetsandtherootusernameandpasswordforvCentertargets.
IfyoureconfigureavifastpasstargettoActiveDirectoryauthentication,thenspecifytheroot
usernameforthetarget.
LogintovMAasviadmin.
Runreconfigure.
vifp reconfigure <servername>
Whenprompted,provideyourcredentials.
20
IfyoureconfigureanActiveDirectorytarget,specifyausernameforthetarget.
VMware, Inc.
Ifyoureconfigureavifastpasstarget,specifytherootpasswordoftheESXitarget,andthepassword
forusernameusedtoaddthevCenterServertarget.
NOTEIfthetargetserverisnotinitializedasthedefaulttarget,thenyoumustrunthevifptarget -s
commandagainstthetargetservertoreinitializeitwiththenewcredentialsafteryoureconfigurethetarget.
Example 2-1. Adding and Reconfiguring a Target
vi-admin@example-dhcp:~> vifp addserver 90.100.110.120
Enter username for 90.100.110.120: administrator
administrator@90.100.110.120's password:
This will store username and password in credential store which is a security risk. Do you want
to continue?(yes/no): yes
vi-admin@example-dhcp:~> vifp reconfigure 90.100.110.120
administrator@90.100.110.120's password:
vi-admin@example-dhcp:~>
LogintovMAasviadmin.
ToremoveatargetvCenterServersystemfromvMA,runthefollowingcommand:
vifp removeserver <servername>
ThevCenterServersystemisnolongeravMAtarget.
To remove an ESXi host from vMA
1
LogintovMAasviadmin.
ToremoveanESXihostthatisavMAtarget,runthefollowingcommand:
vifp removeserver <host>
TheRecentTaskspanelofthetargetserverdisplaysinformationabouttheviadminandviuserusersthat
arebeingremoved.TheUsersandGroupspanelofthetargetservernolongerdisplaystheusers.
Modifying Scripts
YoucanmodifyserviceconsolescriptstorunfromvMA.
LinuxcommandsScriptsrunninginvMAcannotuseLinuxcommandsinthewaythattheydoonthe
ESXserviceconsolebecausetheLinuxcommandsarerunningonvMAandnotontheESXhost.
AccesstoESXifilesIfyouneedaccesstofoldersorfilesonanESXihost,youcanmakethathostatarget
serverandusethevifsvSphereCLIcommandtoview,retrieve,ormodifyfoldersandfiles.
ReferencestolocalhostScriptscannotrefertolocalhost.
Ifvifastpassisinitialized,allcommandsthatdonotspecify--serverapplytothedefaulttarget.
Ifvifastpassisinitialized,allcommandsthatspecifyhostnameorIPofthetargetapplytothetarget
specified.
ProgrammaticconnectionInPerlscriptsorJavaprograms,youcancallVmaTarget.login() method
of VmaTargetLibandspecifythehosttoconnectto.Thedirectory/opt/vmware/vma/samplescontains
examplesinPerlandJava.vMAhandlesauthenticationiftheserverhasbeenestablishedasatarget
server.ProgramscanuseVmaTargetLiblibrarycommands.SeeUsingtheVmaTargetLibLibraryon
page 33.
VMware, Inc.
21
NoprocnodesSomeserviceconsolescriptsstilluseVMwareprocnodes,whichwereofficiallymade
obsoletewithESXServer3.0andarenotavailableinESX/ESXi4.0andlater.Youcanextractinformation
thatwasavailableinVMwareprocnodesusingthevSphereCLIcommandsavailableonvMA.
TargetspecificationYoumustspecifythetargetserverwhenyouruncommandsorscripts.
Table 22liststhevMAcomponentsthatyoucanuseformodifyingscriptsthatincludeprocnodesandLinux
commands.
Table 2-2. vMA Components for Use in Scripts
vMA Component
Description
vSphereCLIcommands
ManageESXihostsandvirtualmachines.
vSphereCommandLineInterface
InstallationandReferenceGuide.
vifsvSphereCLI
command
Performcommonoperations,suchascopy,remove,
get,andput,onfilesanddirectories.
vSphereCommandLineInterface
InstallationandReferenceGuide.
vSphereSDKforPerl
AccessthevSphereAPI,aWebservicesbasedAPIfor
managing,monitoring,andcontrollingthelifecycleof
allvSpherecomponents.
vSphereSDKforPerlProgramming
Guide.
vSphereSDKforPerl
utilityapplications
Performcommonadministrativetasks.
vSphereSDKforPerlUtility
ApplicationsReference.
CommandsareonvMAin
/usr/lib/vmware-vcli/apps
vSphereSDKforPerlWS
Managementcomponent
AccessCIM/SMASHdata.ESXisupportsmany
SystemsManagementArchitectureforServer
Hardware(SMASH)profiles,enablingsystem
managementclientapplicationstocheckthestatusof
underlyingservercomponentssuchasCPU,fans,
powersupplies,andsoon.
vSphereSDKforPerlProgramming
Guide.
Intheconsole,selectConfigureNetworkandpressEnter.
Selectmenuoption6toconfiguretheIPaddress.
IfyouwanttoconfigureanIPv6address,typeyandpressEnter.
22
PressEntertospecifyastaticIPaddressandprovidetheIPaddressandNetmask
TypeyandpressEntertoconfirmtheIPaddress.
IfyouwanttoconfigureanIPv4address,typeyandpressEnter.
a
PressEntertospecifyastaticIPaddressandprovidetheIPaddressandNetmask
TypeyandpressEntertoconfirmtheIPaddress.
Toconfiguretheothernetworksettings,suchasDNSanddefaultgateway,selecttheappropriatemenu
optionandprovidetherequirednetworkconfigurationdetails.
VMware, Inc.
LogintothewebUI.
OpentheNetworkpageandclicktheAddresstab.
SelecttheUsethefollowingIPsettingsoptionandprovidetheIPaddressesforthefollowing:
IPAddress
Netmask
Gateway
PreferredDNSServer
AlternateDNSServer
Hostname
ClickSaveSettings.
OnthevMAconsole,selectConfigureNetworkandpressEnter.
Selectmenuoption6toconfiguretheIPaddress.
IfyouwanttoconfigureanIPv6address,typeyandpressEnter.
TypeyandpressEntertouseaDHCPserver.
ProvidethedetailsoftheDHCPserver.
IfyouwanttoconfigureanIPv4address,typeyandpressEnter.
a
TypeyandpressEntertouseaDHCPserver.
ProvidethedetailsoftheDHCPserver.
Toconfiguretheothernetworksettings,suchasDNSanddefaultgateway,selecttheappropriatemenu
optionandprovidetherequirednetworkconfigurationdetails.
LogintothewebUI.
OpentheNetworkpageandclicktheAddresstab.
SelecttheObtainconfigurationfromDHCPserveroption.
ClickSaveSettings.
VMware, Inc.
23
Ontheconsole,selectSetTimezoneandpressEnter.
Whenprompted,selectyourcontinentorregionandpressEnter.
Whenprompted,selectyourcountryandpressEnter.
Thescreendisplaystheinformationthatyouhaveselectedandthetimethatwillbeset.
Type1iftheinformationiscorrect.
vMAsetsthetimezone.
AccessthewebUIandlogin.
ClicktheSystemtabthenclicktheTimeZonebutton.
FromtheTimeZoneSettingslist,selectyourcountryandcity.
ClickSaveSettings.
ShutdowntheoperatingsystemusingaLinuxcommandsuchasthehaltcommandonthevMA
commandline.
PoweroffthevMAvirtualmachineusingthevSphereClient.
LogintotheWebUIasviadmin.
IntheInformationtab,clickShutdown.
Delete vMA
IfyouintendtodeployanewerversionofvMA,orifyounolongerneedvMA,youcandeletethevMAvirtual
machine.
IMPORTANTIfyoudeletevMAwithoutremovingallservers,theviadminandviuserusersremainonthe
targetESXihosts.ThenexttimeyouaddthehosttoavMAinstance,vMAcreatesausernamewithadifferent
numericextension.
24
VMware, Inc.
RemoveallvMAtargetserversyouadded.SeeRemoveTargetServersfromvMAonpage 21.
ShutdownvMA.
PoweroffthevirtualmachinebyusingthevSphereClient.
InthevSphereClient,rightclickthevirtualmachineandselectDeletefromDisk.
Troubleshooting vMA
YoucanfindtroubleshootinginformationforallVMwareproductsinVMwareKnowledgeBasearticlesand
informationaboutvMAknownissuesinthereleasenotes.Table 23explainsafewcommonlyencountered
issuesthatareeasilyresolved.
Table 2-3. Troubleshooting vMA
Issue
Resolution
YoucandeployvMAbutwhenyoustartupthevirtual
machine,anerroroccurs.
Checkwhetheryoursetupmeetsthehardwareandsoftware
requirementslistedinHardwareRequirementson
page 12.
YouaddaserverbutthevSphereCLIcommandorPerl
scriptstillpromptsforauthentication.
Runviftargetforthetargetserver.
Youhaveaddedmultipleservers.Youdonotknow
wherevMArunsvSphereCLIcommandsifyoudonot
specify--server.
Afteracalltovifptarget,yourpromptchangestoinclude
thecurrenttarget.
YouwanttoenableDNSresolutioninvMA.
YoucanconfiguretheDNSresolutionnameserverforvMA
byupdatingthe/etc/resolv.conffile.Addthefollowing
lineforeachDNSserverinyournetwork:
nameserver <dns server ip address>
Typeman resolv.conffordetailsonthatfile.
IfvMAissetupforDHCP,andthenetworkisrestarted,
changesyoumadeto/etc/resolv.confarelost.
ProblemswhileaddingActiveDirectorytarget
orconfiguringvMAforActiveDirectory.
IfyouareunabletoauthenticatefromvMAorcannotadd
vMAtothedomaincontroller,checkthefollowing:
YourDNSserversetupinvMAresolvestheIPaddressor
hostnameofthevCenterservertoanFQDNandthe
FQDNcontainsthedomainnametowhichvMAis
added.
Thevifp listservercommandshowsthenameof
vCenterastheFQDNthatcontainsthedomainnameto
whichvMAisaddedasthesuffix.
ThedateandtimesettingsonvMA,thedomain
controllerandvCenterServerareidentical.Checkthe
timezoneaswell.Thetimemaynotexactlybethesame
butmayvarybyanhour.However,alargeskewinthe
timemaycauseauthenticationproblems.
ThisreleaseofvMAprovidesthevma-supportscriptthatenablesyoutocollectvarioussystemconfiguration
informationandotherlogs.Youcanrunthisscriptbyissuingthefollowingcommand:
> sudo vma-support
Thescriptgeneratestheinformationandlogbundleandappendsittothevmware.logfileontheESXihost
onwhichvMAisdeployed.
VMware, Inc.
25
Update vMA
YoucandownloadsoftwareupdatesincludingsecurityfixesfromVMwareandcomponentsincludedinvMA,
suchastheSUSELinuxEnterpriseServerupdatesandJRE.
IMPORTANTYoucannotupgradeapreviousversionofvMAtovMA5.1.YouneedtoinstallvMA5.1.
To update vMA
1
AccesstheWebUI.
Loginasviadmin.
ClicktheUpdatetabandthentheStatustab.
OpentheSettingstabandthenfromtheUpdateRepositorysection,selectarepository.
ClickCheckUpdates.
ClickInstallUpdates.
26
AccesstheWebUI.
Loginasviadmin.
ClicktheUpdatetabandthentheSettingstab.
ClickAutomaticcheckforupdates.
Setthescheduleforperformingtheautomaticchecksbyselectingadayandtimefromthedropdown
lists.
IntheUpdateRepositorysection,selectarepository.
ClickSaveSettings.
VMware, Inc.
vMA Interfaces
vMAinterfacesallowyoutoinitializevifastpass,add,remove,andlisttargetservers,andmanagepasswords.
TheinterfacesareavailableasPerlcommandsandJavamethods.
Thischapterincludesthefollowingtopics:
vMAInterfaceOverviewonpage 27
vifptargetCommandforvifastpassInitializationonpage 27
vifpTargetManagementCommandsonpage 28
TargetManagementExampleSequenceonpage 32
UsingtheVmaTargetLibLibraryonpage 33
VmaTargetLibReferenceonpage 33
Commands
Methods
vifptarget
vifptarget
vifptargetCommandforvifastpass
Initializationonpage 27.
vifp
addserver
(administrative
interface)
removeserver
vifpTargetManagementCommands
onpage 28.
rotatepassword
listservers
reconfigure
VmaTargetLib
enumerate_targets
enumerateTargets
(library)
query_target
queryTarget
login
login
logout
logout
UsingtheVmaTargetLibLibraryon
page 33.
InitializevifastpassforthevSphereCLIandthevSphereSDKforPerl.
Resetfastpasstarget
Displaytheinitializedfastpasstarget
VMware, Inc.
27
Usage
vifptarget
--set
|
--clear
|
--display |
--help
|
-s <server>
-c
-d
-h
Description
ThevifptargetcommandenablesseamlessauthenticationforremotevSphereCLIandvSphereSDKforPerl
commands.
Youcanestablishmultipleserversastargetservers,andthencallvifptargetoncetoinitializeallserversfor
vifastpassauthentication.Youcanthenruncommandsagainstanytargetserverwithoutadditional
authentication.Youcanusethe--serveroptiontospecifytheservertoruncommandson.
ThevMApromptdisplaysthecurrentdefaultexecutionserver.Ifyouremovethatdefaultserver,theserver
nameisremovedfromthepromptbutthevifastpassenvironmentisnotclearedandthevCLIcommandscan
stillrunseamlesslyagainstallthetargets.
WhilehostsremaintargetserversacrossvMAreboots,youmustrunvifptargetaftereachlogouttoenable
vifastpassforvSphereCLIandvSphereSDKforPerlcommands.
Options
Option
Description
set
Initializesthefastpasstarget.
display
Displaystheinitializedfastpasstarget.
clear
Clearsthevifastpassenvironment.
help
Displayhelpforthecommand.
Example
vifptarget --set | -s <server>
Initializesthefastpasstarget.
vifptarget --display | -d
Displaystheinitializedfastpasstarget.
vifptarget --clear | -c
Clearsthevifastpassenvironment.
vifp addserver
AddsavCenterServersystemorESXihostasavMAtargetserver.
Usage
vifp addserver <server>
[--authpolicy <fpauth | adauth>]
[--protocol <http | https>]
[--portnumber <portnum>]
[--servicepath <servicepath>]
[--username <username>]
[--password <password>]
28
VMware, Inc.
Description
AfteraserverisaddedasavMAtarget,youmustrunvifptarget <server>beforeyourunvSphereCLI
commandsorvSphereSDKforPerlscriptsagainstthatsystem.ThesystemremainsavMAtargetacrossvMA
reboots,butrunningvifptargetagainisrequiredaftereachlogout.SeevifptargetCommandforvifastpass
Initializationonpage 27.
Afteryourunvifptarget,youcanrunvSphereCLIorvSphereSDKforPerlcommandsandscriptsandyou
arenolongerpromptedforauthenticationinformation,asfollows:
IfyouaddavCenterServersystemasavMAtarget,youcanrunmostcommandsonallESXihoststhat
thevCenterServersystemmanagesusingthevSphereCLI--vihostoption.ThevSphereCLIInstallation
andReferenceGuideincludesatablethatshowswhichcommandscannottargetavCenterServersystem.
IfyouaddonlyoneESXihost,youcanruncommandswithoutspecifyingthetarget.
IfyouaddmultipleESXihosts,specifythetargettoavoidconfusion.
Description
server
NameorIPaddressoftheESXihostorvCenterServersystemtoaddasavMAtarget.
authpolicy
SetstheauthenticationpolicytofastpassauthenticationortheActiveDirectory
authentication.Thedefaultvalueisfpauth.
protocol
Connectionprotocol.HTTPSbydefault.
portnumber
Connectionportnumberofthetargetserver.Thedefaultis443.
servicepath
ServicepathURLofthetargetserver.Thedefaultis/sdk.
username
Userwhoconnectstothetargetserver.
IfthetargetserverpointstoanESXihost,thedefaultisroot.Theusermusthave
superuserprivilegesontheESXihost.
IfthetargetserverpointstoavCenterServersystem,thereisnodefault.Youare
promptedforausernameifyoudonotspecifyoneusingthisoption.Theusermusthave
privilegestoconnecttothevCenterServersystem.
password
Passwordoftheuserspecifiedbyusername.
Example
vifp addserver my_vCenter
AddsavCenterServersystemasavMAtarget.Youarepromptedforausernameandpassword.Theuser
musthaveloginprivilegesonthevCenterServersystem.
vifp addserver myESX42
AddsanESXihosttovifastpass.Youarepromptedfortherootpasswordforthetargetsystem.
vifp removeserver
RemovesaspecifiedvMAtargetthatwaspreviouslyaddedwithvifp addserver.
IfthetargetisanESXisystem,youneedsuperuserprivilegesforremoval.IfthetargetisavCenterServer
system,anyuserwithconnectionprivilegescanremovethetarget.Youonlyhavetospecifythe<server>
option,withoutthepassword.
VMware, Inc.
29
Usage
vifp removeserver
<server>
[--protocol <http | https>]
[--portnumber <portnum>]
[--servicepath <servicepath>]
[--username <username>]
[--password <password>]
[--force]
Description
Runvifp removeserverforeachvMAtargetbeforeyoudeletethevMAinstance.Ifyoudonotrunvifp
removeserver,theviuserandviadminusersremainonthetargetserver.IfyoulaterthisservertovMA,
vMAcreatestwomoreaccountsonthisserver.Runvifp removeservertoavoidhavingmultipleusers
createdbyvMAoneachtargetserver.
Options
Option
Description
server
NameorIPaddressoftheESXihostorthevCenterServersystemtoremove.
protocol
Connectionprotocol.HTTPSbydefault.
portnumber
Connectionportnumberofthetargetserver.Thedefaultis443.
servicepath
ServicepathURLofthetargetserver.Thedefaultis/sdk.
username
Userwhoconnectstothetargetserver.
ForESXihosts,thedefaultisrootandtheusermusthavesuperuserprivilegesonthetarget
server.
password
Passwordoftheuserspecifiedby--username.Usethepasswordyouusedwhenaddingthe
server.
force
Forcesremovaloftheserver.
Examples
vifp removeserver <vCenter_Address>
RemovesavCenterServersystem.Youarenotpromptedforapassword.
vifp removeserver <esxi_Address>
RemovesanESXihost.
vifp rotatepassword
Specifiesviadminandviuserpasswordrotationparameters.
IMPORTANTThiscommandappliesonlytoESXitargetserverswiththefpauthauthenticationpolicy.You
cannotrotatepasswordsfortargetswithadauthauthenticationpolicyandforvCenterServertargets.
Usage
vifp rotatepassword
[--now [--server <server>] |
--never |
--days <days>]
Description
vMAchangespasswordsforviadminandviuserbothinthelocalcredentialstoreandonthetargetserver.
vMAattemptsthepasswordrotationatmidnight.
IfoneormoreofthetargetserversisdownwhenvMAattemptspasswordrotation,vMArepeatstheattempt
thenextdayatmidnight.
30
VMware, Inc.
Options
Option
Description
now
Immediatelyrotatesthepasswordforallserversoraspecifiedserver.
server
ESXihostforwhichyouwanttorotatethepassword.Use--serveronlywith--now.
never
Neverrotatethepasswordforanytargetserver.
days
Rotatethepasswordforalltargetserversafterthespecifiednumberofdays.
Examples
vifp rotatepassword --now
ImmediatelyrotatespasswordsofallESXivMAtargetservers.
vifp rotatepassword --now --server <server_address>
Immediatelyrotatesthepasswordofaspecificserver.
vifp rotatepassword --days 7
SetsthepasswordrotationpolicytorotatethepasswordofallESXivMAtargetseverysevendays.
Forexample,ifyouaddserver1on9/1,andserver2on9/2,andrunvifp rotatepassword --days 7,vMA
rotatesthepasswordforserver1atmidnighton9/8andthepasswordforserver2atmidnighton9/9.vMA
rotatestheserver1passwordagainon9/15andtheserver2passwordagainon9/16.Ifyouthenrunvifp
rotatepassword --days 3,vMArotatestheserver1passwordon9/18andtheserver2passwordon9/19.
vifp rotatepassword
Displaysthecurrentpasswordrotationpolicy.
vifp listservers
Liststargetsystems.
Usage
listservers [-l | --long]
Description
Youcanusethiscommandtoverifythataddserversucceeded.Thiscommanddoesnotrequireadministrator
privilegesonvMA.
Example
vifp listservers --long
ListsallserversthatarevMAtargets,forexample:
server1.mycomp.com
server2.mycomp.com
server3.mycomp.com
vc42.mycomp.com
VMware, Inc.
ESX
ESX
ESXi
vCenter
fpauth
adauth
fpauth
adauth
31
vifp reconfigure
Reconfigurestargetsystems.ThiscanbedonetochangeauthenticationpolicyortheconfiguredActive
Directoryuser.
Usage
reconfigure <server>
[--authpolicy <fpauth | adauth>]
[--protocol <http | https>]
[--portnumber <portnum>]
[--servicepath <servicepath>]
[--username <username>]
[--password <password>]
Description
Youcanusethiscommandtoreconfiguretheauthenticationpolicyortheusers.Thiscommandcanberunonly
byadministrators.
Options
Option
Description
server
NameorIPaddressoftheESXihostorthevCenterServersystemtobereconfigured.
authpolicy
IndicatesifthetargetusesthefastpassauthenticationortheActiveDirectory
authentication.Thedefaultvalueisfpauth.
protocol
Connectionprotocol.HTTPSbydefault.
portnumber
Connectionportnumberofthetargetserver.Thedefaultis443.
servicepath
ServicepathURLofthetargetserver.Thedefaultis/sdk.
username
Userwhoconnectstothetargetserver.
IfthetargetserverpointstoanESXihost,thedefaultisroot.Theusermusthave
superuserprivilegesonthetargetserver.
IfthetargetserverpointstoavCenterServersystem,thedefaultuseristheone
configuredforthevCentersystemintheprevioussession.Forexample,ifvCenterwas
addedorreconfiguredwiththeusernameadministratorintheprevioussession,the
defaultuserforthevifp reconfigurecommandisadministrator.
password
Passwordoftheuserspecifiedbyusername.
32
VMware, Inc.
EnumerateTargetsRetrievesalistofallserversthatarevMAtargets.
QueryTargetRetrievesconnectioninformationforatargetserver.
LoginConnectstoatargetserver.
LogoutLogsyououtofthetargetserver.
SeetheVmaTargetLibjavalibraryforamoredetailedreferencetotheJavainterface.Youcanfindsamplesin
/opt/vmware/vma/samples.
VmaTargetLib Reference
YoucanusethefollowingVmaTargetLibcommandsinPerlorJavaprograms.
Enumerating Targets
Usage
Perl
enumerate_targets()
Java
enumerateTargets()
Description
ReturnsalistoftargetvCenterServerorESXisystemsaddedtothevMAinstancebyusingvifp addserver.
Options
None
Returns
Returnsalistofalltargetservers.
Querying Targets
Usage
Perl
query_target (<servername>)
Java
Description
Allowsthecaller,forexample,anagent,toretrievelogincredentialsfromavMAtargetandusethose
credentialstoconnecttothevMAtarget.
Options
Option
Description
servername
OneoftheserversaddedtothisvMAinstanceusingvifp addserver.CanbeanESXihostor
avCenterServersystem.
Returns
ReturnsaspecificvMAtargetserver.
VMware, Inc.
33
Programmatic Login
Usage
Perl
VmaTarget.login()
Java
VmaTarget.login()
Description
Allowsaprogramtologintoatargetserverprogrammatically.
Options
Option
Language
Description
service
Java
Javaserviceinstance.
svcRef
Java
JavaserviceManagedObjectReference.
servername
Java,Perl
OneoftheserversaddedtothisvMAinstanceusingvifp addserver.
Returns
Returns1ifsuccessfuland0otherwise.
Programmatic Logout
Usage
Perl
VmaTarget.logout()
Java
VmaTarget.logout()
Description
Allowsaprogramtologoutofatargetserverprogrammatically.
Options
34
Option
Language
Description
servername
Java,Perl
OneoftheserversaddedtothisvMAinstanceusingvifp addserver.
VMware, Inc.
Index
removeservers command 29
removing target servers 21
root user account 12
rotatepassword command 30
rotatepassword example 31
C
configuring vMA 16
D
deleting vMA 24
deploying vMA 13
DNS resolution 25
S
scripts, modifying 21
shutting down vMA 24
storage required for vMA 12
sudo 12
T
E
ESXi systems, vMA target 18
example sequence 32
H
hardware prerequisites 12
I
initialization 27
J
Java JRE 8
L
listservers command 31
localhost 21
M
modifying scripts 21
multiple target servers 20
N
name change 17, 18, 19
network configuration 14
network setup 14
P
passwords
ESXi hosts 12
vCenter Server systems 12
proc nodes 22
VMware, Inc.
target servers
commands 28
multiple 20
name change 17, 18, 19
removing 21
single 17
technical support resources 6
troubleshooting vMA 25
U
user account
privileges 17
V
vCenter Server systems, vMA target 17
VI CLI
vifptarget 27
vifs 21
without vi-fastpass 20
vi-admin
privileges 16
vi-fastpass
initialization 27
overview 8
vifp addserver 28
vifp listservers 31
vifp removeserver 29
vifp rotatepassword 30
vifp target management 28
vifptarget command 27
vifs command 21
vi-user
35
privileges 16
setup 16
vMA
component overview 8
getting started 11
interface overview 27
samples 9
use cases 9
vMA targets
ESXi systems 18
vCenter Server systems 17
VmaTargetLib 33
VMware Tools 8
vSphere CLI 8
vSphere SDK for Perl 8
36
VMware, Inc.