After deploying the VMware Cloud Provider Lifecycle Manager appliance, you must configure the repositories for the product OVA files and the VMware Cloud Provider Lifecycle Manager certificate.

To access the virtual appliance management interface (VAMI) page of the VMware Cloud Provider Lifecycle Manager appliance, in a Web browser, navigate to https://vcplcm-host-name:5480/.

Product Repository

During the first boot of a newly deployed VMware Cloud Provider Lifecycle Manager appliance, the system automatically creates the product directories and sets their permissions. You can either upload the product binaries to the respective directories or mount an existing pre-configured repository directory.

On VMware Cloud Provider Lifecycle Manager, you must store the product deployment and upgrade files in the respective product directories.

VMware Cloud Provider Lifecycle Manager API Certificate Management

After deploying the VMware Cloud Provider Lifecycle Managerappliance, VMware Cloud Provider Lifecycle Manager generates a self-signed certificates for the API and the internally used vault.

You can configure VMware Cloud Provider Lifecycle Manager to either use the self-signed certificate or your own custom certificate by providing a PKCS12 keystore containing the certificate.

VMware Cloud Provider Lifecycle Manager stores the properties for the alias, keystore name, type and password in the /opt/vmware/cplcm/config/application.properties file. To change these settings, you must update the application.properties file.

In /etc/environment, you can set the keystore password for the custom certificate by configuring the CPLCM_KEYSTORE_PWenvironment variable. Alternatively, you can configure it in the application.properties file for the server.ssl.key-store-password property.

VMware Cloud Provider Lifecycle Manager UI Certificate Management

After deploying the VMware Cloud Provider Lifecycle Managerappliance, VMware Cloud Provider Lifecycle Manager generates a self-signed certificates for the UI.

You can configure VMware Cloud Provider Lifecycle Manager to either use the self-signed certificate or your own custom certificate by providing the custom certificate and key files in PEM format.

VMware Cloud Provider Lifecycle Manager stores the files with the certificate and key under the /opt/vmware/cplcm/security/certs/ directory. To change the certificate, you must replace the vcplcm-gui.pem and vcplcm-gui.key files, and restart the nginx service.

Log in to the VMware Cloud Provider Lifecycle Manager appliance by using SSH

You can log in to the VMware Cloud Provider Lifecycle Manager appliance by using vSphere Client or an SSH client.

The SSH access to the appliance is disabled for the root user account.

Procedure

  1. Log in to the VMware Cloud Provider Lifecycle Manager console.
  2. To log in as vcplcm, run the command and enter the user password for the vcplcm user account. 
    ssh vcplcm@appliance_ip_address
  3. (Optional) To run a command as root, you must first log in as vcplcm and use the su command. 
    ssh vcplcm@appliance_ip_address
    su root -c "command"

Upload the Product OVA Files to the VMware Cloud Provider Lifecycle Manager Appliance

You must upload the product OVA files and product update files to a specific pre-defined file structure.

After the first boot, VMware Cloud Provider Lifecycle Manager creates a separate repository directory for every product that the appliance can manage by using the following schema.
Directory Schema Description
/cplcmrepo/product-type/version-number/ova Used for the product deployment OVA files.
/cplcmrepo/product-type/version-number/update Used for the product update OVA files.
VMware Cloud Provider Lifecycle Manager creates the directories empty. If you want to deploy or upgrade a specific product, you must first upload the respective OVA file to the respective product repository directory.

At a later stage, if you add a new file to a product directory, the new file does not inherit the permissions from the directory and you must configure the 755 permissions on a directory level again.

Mount an Existing Shared Directory to VMware Cloud Provider Lifecycle Manager

You can mount an existing pre-configured repository directory to the VMware Cloud Provider Lifecycle Manager appliance.

If you do not specify the OVF property during the OVA deployment, after the deployment, you can configure the NFS by using the following commands.

Procedure

  1. Configure the automatic mounting of the NFS share with VMware Cloud Provider Lifecycle Manager. 
     echo "nfs-server:nfs_dir_path /cplcmrepo nfs defaults 0 0" >> /etc/fstab
  2. Mount the NFS share to VMware Cloud Provider Lifecycle Manager. 
    mount /cplcmrepo

Configure custom certificate on VMware Cloud Provider Lifecycle Manager

You can configure VMware Cloud Provider Lifecycle Manager to use a custom certificate.

To configure a custom certificate on VMware Cloud Provider Lifecycle Manager, you must provide a PKCS12 keystore containing the certificate.

Procedure

  1. Generate the custom certificate and create the keystore. 
    CPLCM_CERT_DIR=/opt/vmware/cplcm/security/certs
    mkdir -p $CPLCM_CERT_DIR
    key_alias=vcplcm
    keystore_password=$CPLCM_KEYSTORE_PW
    subj="/CN=VCPLCM, O=VMware\, Inc, c=US"
    openssl req -x509 -newkey rsa:4096 -subj "$subj" -keyout $CPLCM_CERT_DIR/tmpKey.pem -out $CPLCM_CERT_DIR/tmpCert.pem -days 365 -nodes
    openssl pkcs12 -export -out $CPLCM_CERT_DIR/vcplcm.p12 -name $key_alias -passout "pass:$keystore_password" -inkey $CPLCM_CERT_DIR/tmpKey.pem -in $CPLCM_CERT_DIR/tmpCert.pem
  2. After importing the keystore, remove the tmp key and certificate. 
    rm $CPLCM_CERT_DIR/tmpKey.pem
    rm $CPLCM_CERT_DIR/tmpCert.pem

Join or leave the VMware Customer Experience Improvement Program

When deploying the VMware Cloud Provider Lifecycle Manager appliance, you can select whether to join or leave the VMware Customer Experience Improvement Program.

This product participates in VMware’s Customer Experience Improvement Program (CEIP). Details regarding the data collected through CEIP and the purposes for which it is used by VMware are set forth in the Trust & Assurance Center at http://www.vmware.com/trustvmware/ceip.html. You can use the cell management tool to join or leave VMware's CEIP for this product at any time.

The settings for CEIP participation are stored in the /opt/vmware/cplcm/config/vcplcm_instance.json configuration file.
Note: If the VMware Cloud Provider Lifecycle Manager appliance does not have a direct connection to the Internet, in the OVF property or on the VAMI page, you must specify a proxy server. To access the VAMI page for VMware Cloud Provider Lifecycle Manager, in a Web browser, navigate to https://vcplcm-host-name:5480/.

Join the VMware Customer Experience Improvement Program

To join the CEIP, in the /opt/vmware/cplcm/config/vcplcm_instance.json file, set the value for the enableTelemetry parameter to true.

"enableTelemetry": true
Note: After applying the change, you must restart the VMware Cloud Provider Lifecycle Manager appliance by running the command. 
sudo systemctl restart vcplcm-api.service

Leave the VMware Customer Experience Improvement Program

To leave the CEIP, set the value for the enableTelemetry parameter to false. 
"enableTelemetry": false
Note: After applying the change, you must restart the VMware Cloud Provider Lifecycle Manager appliance by running the command. 
sudo systemctl restart vcplcm-api.service

Client Data Collected for the CEIP

Through CEIP, upon specific events, VMware Cloud Provider Lifecycle Manager collects and sends the following telemetry data.
Event Collected Data
Starting the VMware Cloud Provider Lifecycle Manager appliance VMware Cloud Provider Lifecycle Manager sends notification about a successful start. The notification contains the following data:
  • VMware Cloud Provider Lifecycle Manager version number
  • VMware Cloud Provider Lifecycle Manager build number
  • VMware Cloud Provider Lifecycle Manager interoperability bundle version number
  • VMware Cloud Provider Lifecycle Manager interoperability bundle build number
  • VMware Cloud Provider Lifecycle Manager unique instance ID in a SHA-256 hash format
  • Appliance start time
  • The type of action, e.g. action=VCPLCM_STARTUP
  • Deploying and upgrading a product
  • Updating a certificate
  • Any node management operation, e.g. adding, updating, redeploying, and deleting a node
  • VMware Cloud Provider Lifecycle Manager version number
  • VMware Cloud Provider Lifecycle Manager build number
  • VMware Cloud Provider Lifecycle Manager interoperability bundle version number
  • VMware Cloud Provider Lifecycle Manager interoperability bundle build number
  • VMware Cloud Provider Lifecycle Manager unique instance ID in a SHA-256 hash format
  • Appliance start time
  • The type of action, e.g. action=TASK_TYPE
  • Product name
  • Product version number
  • The result status for the task
  • The internal ID of the product.
    • In case of VMware Cloud Director, the notification contains the phonehome.token which is an identifier that VMware Cloud Director uses for CEIP as well.
    • In case of vCloud Usage Meter, the notification contains the vCloud Usage Meter instance ID in a SHA-256 hash format.
  • In case of a product upgrade, the notification contains an indication from which version the product is upgraded to the specified product version.

Configure the Maximum Number of Threads VMware Cloud Provider Lifecycle Manager Can Run in Parallel

You can configure the maximum thread number that VMware Cloud Provider Lifecycle Manager can run in parallel.

The best practice recommendation is to configure VMware Cloud Provider Lifecycle Manager to run up to five parallel threads.

If you need to configure a value greater than five, first you must increase the CPU and memory of the VMware Cloud Provider Lifecycle Manager appliance.

Procedure

  1. SSH to the VMware Cloud Provider Lifecycle Manager appliance console and log in as vcplcm.
  2. Navigate to the /opt/vmware/cplcm/config directory. 
    cd /opt/vmware/cplcm/config
  3. Configure the maximum number of parallel threads.
    1. Open the application.properties file for editing. 
      vi application.properties
    2. Configure the maximum number of parallel threads by editing the value for the execution.max.thread.count parameter.
      By default, the value is set to 0. To configure a new value, you must use a numeric character.
    3. Save the application.properties file. 
      :wq!

Change the Root Password of the VMware Cloud Provider Lifecycle Manager Appliance

You can change the root account password due to security restrictions or other reasons.

Prerequisites

Verify that you can log in to the VMware Cloud Provider Lifecycle Manager console as root.

Procedure

  1. Log in directly to the VMware Cloud Provider Lifecycle Manager appliance console as root.
  2. Run the passwd command and change the password for the root user. 
    passwd root

    The password must contain at least eight characters, one uppercase character, one lowercase character, one numeric digit, and one special character. The password must not contain a dictionary word.

Change the VCPLCM Password of the VMware Cloud Provider Lifecycle Manager Appliance

After you change the vcplcm password for the VMware Cloud Provider Lifecycle Manager appliance, you must also run a script to encrypt the key that VMware Cloud Provider Lifecycle Manager uses to access the vault on the appliance.

Procedure

  1. Log in directly to the VMware Cloud Provider Lifecycle Manager appliance console as root.
  2. Run the passwd command and change the password for the vcplcm user. 
    passwd vcplcm

    The password must contain at least eight characters, one uppercase character, one lowercase character, one numeric digit, and one special character.

  3. Run the encryption command as root. 
    /opt/vmware/cplcm/scripts/change-password.sh --old_password='old-pw' --new_password='new-pw' --already_changed --force