You can now configure your Automation Orchestrator options such as the authentication provider with the Automation Orchestrator Appliance command line interface (CLI). This does not replace the existing configuration options in the Control Center. To use these commands, you must log in to the Automation Orchestrator Appliance as a root user.

Prerequisite for configuring the authentication provider

To configure your Automation Orchestrator authentication provider by using the CLI commands, the db-configuration profile must be activated. You can activate the profile by running the following script:
Note: Applying the db-configuration profile will remove the option to configure the authentication provider from the Control Center.
vracli cluster exec -- bash -c 'base64 -d <<< IyBDcmVhdGUgY3VzdG9tIHByb2ZpbGUgZGlyZWN0b3J5Cm1rZGlyIC1wIC9ldGMvdm13YXJlLXByZWx1ZGUvcHJvZmlsZXMvdmNvLWRiLWNmZy1wcm9maWxlLwoKIyBDcmVhdGUgdGhlIHJlcXVpcmVkIGRpcmVjdG9yeSB0cmVlIHRoYXQgd2lsbCBiZSB1c2VkIHdoZW4gdGhlIHByb2ZpbGUgaXMgYWN0aXZlCm1rZGlyIC1wIC9ldGMvdm13YXJlLXByZWx1ZGUvcHJvZmlsZXMvdmNvLWRiLWNmZy1wcm9maWxlL2hlbG0vcHJlbHVkZV92Y28vCgojIENyZWF0ZSAiY2hlY2siIGZpbGUgdGhhdCBpcyBhbiBleGVjdXRhYmxlIGZpbGUgcnVuIGJ5IGRlcGxveSBzY3JpcHQuCmNhdCA8PEVPRiA+IC9ldGMvdm13YXJlLXByZWx1ZGUvcHJvZmlsZXMvdmNvLWRiLWNmZy1wcm9maWxlL2NoZWNrCiMhL2Jpbi9iYXNoCmV4aXQgMApFT0YKY2htb2QgNzU1IC9ldGMvdm13YXJlLXByZWx1ZGUvcHJvZmlsZXMvdmNvLWRiLWNmZy1wcm9maWxlL2NoZWNrCgojIENvcHkgdlJPIHJlc291cmNlIG1ldHJpY3MgZmlsZSB0byB5b3VyIGN1c3RvbSBwcm9maWxlCmNhdCA8PEVPRiA+IC9ldGMvdm13YXJlLXByZWx1ZGUvcHJvZmlsZXMvdmNvLWRiLWNmZy1wcm9maWxlL2hlbG0vcHJlbHVkZV92Y28vOTAtcmVzb3VyY2VzLnlhbWwKc2VydmVySmF2YU9wdHM6CiAgInNwcmluZy5wcm9maWxlcy5hY3RpdmUiOiAiZGItY29uZmlndXJhdGlvbiIKCmNvbnRyb2xDZW50ZXJKYXZhT3B0czoKICAic3ByaW5nLnByb2ZpbGVzLmFjdGl2ZSI6ICJkYi1jb25maWd1cmF0aW9uIgpFT0YKY2htb2QgNjQ0IC9ldGMvdm13YXJlLXByZWx1ZGUvcHJvZmlsZXMvdmNvLWRiLWNmZy1wcm9maWxlL2hlbG0vcHJlbHVkZV92Y28vOTAtcmVzb3VyY2VzLnlhbWwK | bash'

After making any authentication changes, you must run the /opt/scripts/deploy.sh script so the change to the Automation Orchestrator Appliance is applied.

Retrieving the current authentication provider

You can retrieve the current authentication provider by running the following command:

vracli vro authentication

Configure the authentication provider by using a guided wizard

To configure the authentication provider by using a guided configuration wizard, run the following command:

vracli vro authentication wizard

After running the authentication wizard command, you are prompted to provide the necessary authentication provider information such as the type of authentication provider, hostname, and password.

Configure the authentication provider by using predefined parameters

To configure the authentication provider by using predefined configuration parameters, run the vracli vro authentication set command. The command can have the following parameters:

Parameter Importance Description
-p or --provider Required This parameter defines the authentication provider type. The parameter value can be either vsphere or vra depending on the authentication provider you want to configure: vSphere or VMware Aria Automation.
-hn or --hostname Required The hostname or URL of the authentication provider you want to configure. Both options are applicable.
-u or --username Required The username of the administrator associated with the authentication provider.
--password-file Optional The path to a file containing the password of the administrator account for the authentication provider. If left empty, you receive a prompt for adding the password data. The password file must be stored inside the /data/vco/usr/lib/vco directory of the Automation Orchestrator Appliance. When adding the parameter in the command, exclude the /data/vco part of the filepath.
--admin-group Required for vSphere authetnication providers. Ignored for VMware Aria Automation authentication providers. Parameter for adding the Automation Orchestrator administrators group of the specified vSphere deployment.
--admin-group-domain Required for vSphere authetnication providers. Ignored for VMware Aria Automation authentication providers. This parameter defines the administrator group domain.
--tenant Required for vSphere authetnication providers. Ignored for VMware Aria Automation authentication providers. This parameter defines the vSphere tenant.
-k or --ignore-certificate Optional Using this parameter, the authentication process is configured to automatically trust the certificate of the authentication provider.
-f or --force Optional Using this parameter, you are not prompted for confirmation if the specified authentication provider is already configured.
--fqdn Optional This parameter defines the external address of the Automation Orchestrator server.
Note: You can retrieve the FQDN address for your environment by running the nslookup <your_orchestrator_IP> command.

Example authentication configurations

echo "my-pass" > /data/vco/usr/lib/vco/password_file
 vracli vro authentication set -p vra -hn https://my-aria-automation.local -u [email protected] --password-file /usr/lib/vco/password_file
vracli vro authentication set -p vsphere -hn https://my-vsphere.local -u [email protected] --tenant vsphere.local --admin-group Administrators --admin-group-domain vsphere.local

Unregister an authentication provider

You can unregister the current authentication provider by running the vracli vro authentication unregister command. This command can have the following parameters:

Parameter Importance Description
-u or --username Required The username of the administrator associated with the authentication provider.
--password-file Optional The path to a file containing the password of the administrator account for the authentication provider. If left empty, you receive a prompt for adding the password data. The password file must be stored inside the /data/vco/usr/lib/vco directory of the appliance. When including the parameter in the command, exclude the /data/vco part of the filepath.

CLI command logs

Automation Orchestrator CLI commands print their logs in the /services-logs/prelude/vco-app/file-logs/vco-server-app_cfg-cli.log file. When a command returns a result different than zero and the standard output does not show a specific error, the exception is visible in this file.

Additional configuration options

Aside from configuring the authentication provider of your Automation Orchestrator deployment, you can use CLI commands for:

  • License configuration
  • System properties configuration
  • Extension configuration
  • Troubleshooting
  • Retrieving system information
  • Logging configuration

For more information on these additional configuration options, go to Additional command line interface configuration options.