You can now configure your Automation Orchestrator options such as the authentication provider with the Automation Orchestrator Appliance command line interface (CLI). This does not replace the existing configuration options in the Control Center. To use these commands, you must log in to the Automation Orchestrator Appliance as a root user.
Prerequisite for configuring the authentication provider
db-configuration
profile must be activated. You can activate the profile by running the following script:
db-configuration
profile will remove the option to configure the authentication provider from the Control Center.
vracli cluster exec -- bash -c 'base64 -d <<< IyBDcmVhdGUgY3VzdG9tIHByb2ZpbGUgZGlyZWN0b3J5Cm1rZGlyIC1wIC9ldGMvdm13YXJlLXByZWx1ZGUvcHJvZmlsZXMvdmNvLWRiLWNmZy1wcm9maWxlLwoKIyBDcmVhdGUgdGhlIHJlcXVpcmVkIGRpcmVjdG9yeSB0cmVlIHRoYXQgd2lsbCBiZSB1c2VkIHdoZW4gdGhlIHByb2ZpbGUgaXMgYWN0aXZlCm1rZGlyIC1wIC9ldGMvdm13YXJlLXByZWx1ZGUvcHJvZmlsZXMvdmNvLWRiLWNmZy1wcm9maWxlL2hlbG0vcHJlbHVkZV92Y28vCgojIENyZWF0ZSAiY2hlY2siIGZpbGUgdGhhdCBpcyBhbiBleGVjdXRhYmxlIGZpbGUgcnVuIGJ5IGRlcGxveSBzY3JpcHQuCmNhdCA8PEVPRiA+IC9ldGMvdm13YXJlLXByZWx1ZGUvcHJvZmlsZXMvdmNvLWRiLWNmZy1wcm9maWxlL2NoZWNrCiMhL2Jpbi9iYXNoCmV4aXQgMApFT0YKY2htb2QgNzU1IC9ldGMvdm13YXJlLXByZWx1ZGUvcHJvZmlsZXMvdmNvLWRiLWNmZy1wcm9maWxlL2NoZWNrCgojIENvcHkgdlJPIHJlc291cmNlIG1ldHJpY3MgZmlsZSB0byB5b3VyIGN1c3RvbSBwcm9maWxlCmNhdCA8PEVPRiA+IC9ldGMvdm13YXJlLXByZWx1ZGUvcHJvZmlsZXMvdmNvLWRiLWNmZy1wcm9maWxlL2hlbG0vcHJlbHVkZV92Y28vOTAtcmVzb3VyY2VzLnlhbWwKc2VydmVySmF2YU9wdHM6CiAgInNwcmluZy5wcm9maWxlcy5hY3RpdmUiOiAiZGItY29uZmlndXJhdGlvbiIKCmNvbnRyb2xDZW50ZXJKYXZhT3B0czoKICAic3ByaW5nLnByb2ZpbGVzLmFjdGl2ZSI6ICJkYi1jb25maWd1cmF0aW9uIgpFT0YKY2htb2QgNjQ0IC9ldGMvdm13YXJlLXByZWx1ZGUvcHJvZmlsZXMvdmNvLWRiLWNmZy1wcm9maWxlL2hlbG0vcHJlbHVkZV92Y28vOTAtcmVzb3VyY2VzLnlhbWwK | bash'
After running the profile script, you must run the /opt/scripts/deploy.sh
script so the change to the Automation Orchestrator Appliance is applied.
Retrieving the current authentication provider
You can retrieve the current authentication provider by running the following command:
vracli vro authentication
Configure the authentication provider by using a guided wizard
To configure the authentication provider by using a guided configuration wizard, run the following command:
vracli vro authentication wizard
After running the authentication wizard command, you are prompted to provide the necessary authentication provider information such as the type of authentication provider, hostname, and password.
Configure the authentication provider by using predefined parameters
To configure the authentication provider by using predefined configuration parameters, run the vracli vro authentication set command. The command can have the following parameters:
Parameter | Importance | Description |
---|---|---|
-p or --provider |
Required | This parameter defines the authentication provider type. The parameter value can be either vsphere or vra depending on the authentication provider you want to configure: vSphere or VMware Aria Automation. |
-hn or --hostname |
Required | The hostname or URL of the authentication provider you want to configure. Both options are applicable. |
-u or --username |
Required | The username of the administrator associated with the authentication provider. |
--password-file |
Optional | The path to a file containing the password of the administrator account for the authentication provider. If left empty, you receive a prompt for adding the password data. The password file must be stored inside the /data/vco/usr/lib/vco directory of the Automation Orchestrator Appliance. When adding the parameter in the command, exclude the /data/vco part of the filepath. |
--admin-group |
Required for vSphere authetnication providers. Ignored for VMware Aria Automation authentication providers. | Parameter for adding the Automation Orchestrator administrators group of the specified vSphere deployment. |
--admin-group-domain |
Required for vSphere authetnication providers. Ignored for VMware Aria Automation authentication providers. | This parameter defines the administrator group domain. |
--tenant |
Required for vSphere authetnication providers. Ignored for VMware Aria Automation authentication providers. | This parameter defines the vSphere tenant. |
-k or --ignore-certificate |
Optional | Using this parameter, the authentication process is configured to automatically trust the certificate of the authentication provider. |
-f or --force |
Optional | Using this parameter, you are not prompted for confirmation if the specified authentication provider is already configured. |
--fqdn |
Optional | This parameter defines the external address of the Automation Orchestrator server.
Note: You can retrieve the FQDN address for your environment by running the
nslookup <your_orchestrator_IP> command.
|
Example authentication configurations
echo "my-pass" > /data/vco/usr/lib/vco/password_file
vracli vro authentication set -p vra -hn https://my-aria-automation.local -u [email protected] --password-file /usr/lib/vco/password_file
vracli vro authentication set -p vsphere -hn https://my-vsphere.local -u [email protected] --tenant vsphere.local --admin-group Administrators --admin-group-domain vsphere.local
Unregister an authentication provider
You can unregister the current authentication provider by running the vracli vro authentication unregister command. This command can have the following parameters:
Parameter | Importance | Description |
---|---|---|
-u or --username |
Required | The username of the administrator associated with the authentication provider. |
--password-file |
Optional | The path to a file containing the password of the administrator account for the authentication provider. If left empty, you receive a prompt for adding the password data. The password file must be stored inside the /data/vco/usr/lib/vco directory of the appliance. When including the parameter in the command, exclude the /data/vco part of the filepath. |
CLI command logs
Automation Orchestrator CLI commands print their logs in the /services-logs/prelude/vco-app/file-logs/vco-server-app_cfg-cli.log file. When a command returns a result different than zero and the standard output does not show a specific error, the exception is visible in this file.
Additional configuration options
Aside from configuring the authentication provider of your Automation Orchestrator deployment, you can use CLI commands for:
- License configuration
- System properties configuration
- Extension configuration
- Troubleshooting
- Retrieving system information
- Logging configuration
For more information on these additional configuration options, go to Additional command line interface configuration options.