Configure the VMware Cloud Provider Lifecycle Manager Appliance

After deploying the VMware Cloud Provider Lifecycle Manager appliance, you must configure the repositories for the product OVA files and the VMware Cloud Provider Lifecycle Manager certificate.

To access the virtual appliance management interface (VAMI) page of the VMware Cloud Provider Lifecycle Manager appliance, in a Web browser, navigate to https://vcplcm-host-name:5480/.

Product Repository

During the first boot of a newly deployed VMware Cloud Provider Lifecycle Manager appliance, the system automatically creates the product directories and sets their permissions. You can either upload the product binaries to the respective directories or mount an existing pre-configured repository directory.

On VMware Cloud Provider Lifecycle Manager, you must store the product deployment and upgrade files in the respective product directories.

VMware Cloud Provider Lifecycle Manager API Certificate Management

After deploying the VMware Cloud Provider Lifecycle Managerappliance, VMware Cloud Provider Lifecycle Manager generates a self-signed certificates for the API and the internally used vault.

You can configure VMware Cloud Provider Lifecycle Manager to either use the self-signed certificate or your own custom certificate by providing a PKCS12 keystore containing the certificate.

VMware Cloud Provider Lifecycle Manager stores the properties for the alias, keystore name, type, and password in the /opt/vmware/cplcm/config/application.properties file. To change these settings, you must update the application.properties file.

VMware Cloud Provider Lifecycle Manager UI Certificate Management

After deploying the VMware Cloud Provider Lifecycle Managerappliance, VMware Cloud Provider Lifecycle Manager generates a self-signed certificates for the UI.

You can configure VMware Cloud Provider Lifecycle Manager to either use the self-signed certificate or your own custom certificate by providing the custom certificate and key files in PEM format.

VMware Cloud Provider Lifecycle Manager stores the files with the certificate and key under the /opt/vmware/cplcm/security/certs/ directory. To change the certificate, you must replace the vcplcm-gui.pem and vcplcm-gui.key files, and restart the nginx service.

Log in to the VMware Cloud Provider Lifecycle Manager Appliance Using SSH

You can log in to the VMware Cloud Provider Lifecycle Manager appliance by using vSphere Client or an SSH client.

The SSH access to the appliance is disabled for the root user account.

Procedure

Log in to the VMware Cloud Provider Lifecycle Manager console.
To log in as vcplcm, run the command and enter the user password for the vcplcm user account.
```
ssh vcplcm@appliance_ip_address
```
(Optional) To run a command as root, you must first log in as vcplcm and use the su command.
```
ssh vcplcm@appliance_ip_address
```
```
su root -c "command"
```

Upload the Product OVA Files to the VMware Cloud Provider Lifecycle Manager Appliance

You must upload the product OVA files and product update files to a specific pre-defined file structure.

After the first boot, VMware Cloud Provider Lifecycle Manager creates a separate repository directory for every product that the appliance can manage by using the following schema.

Directory Schema	Description
/cplcmrepo/`product-type`/`version-number`/ova	Used for the product deployment OVA files.
/cplcmrepo/`product-type`/`version-number`/update	Used for the product update OVA files.

VMware Cloud Provider Lifecycle Manager creates the directories empty. If you want to deploy or upgrade a specific product, you must first upload the respective OVA file to the \cplcmrepo directory.

At a later stage, if you add a new file to a product directory, the new file does not inherit the permissions from the directory and you must configure the 755 permissions on a directory level again.

What to do next

To obtain the OVA for VMware Cloud Director, go to https://my.vmware.com.
To obtain the OVA for vCloud Usage Meter, go to https://my.vmware.com.
To obtain the OVA for VMware Chargeback, go to https://marketplace.cloud.vmware.com/services/details/vmware-chargeback-8-10-1-1-1?slug=true.
To obtain the OVA for RabbitMQ, go to https://marketplace.cloud.vmware.com/services/details/rabbitmq?slug=true.
Note: Starting from VMware Cloud Provider Lifecycle Manager interoperability bundle 1.6.19, VMware Cloud Provider Lifecycle Manager supports the deployment of RabbitMQ 3.9.17 because the OVA files for versions 3.8.6 and 3.8.14 are no longer available.

Mount an Existing Shared Directory to VMware Cloud Provider Lifecycle Manager

You can mount an existing pre-configured repository directory to the VMware Cloud Provider Lifecycle Manager appliance.

If you do not specify the OVF property during the OVA deployment, after the deployment, you can configure the NFS by using the following commands.

Procedure

Configure the automatic mounting of the NFS share with VMware Cloud Provider Lifecycle Manager.
```
 echo "nfs-server:nfs_dir_path /cplcmrepo nfs defaults 0 0" >> /etc/fstab
```
Mount the NFS share to VMware Cloud Provider Lifecycle Manager.
```
mount /cplcmrepo
```

Configure a custom API certificate on VMware Cloud Provider Lifecycle Manager

You can configure VMware Cloud Provider Lifecycle Manager to use a custom API certificate.

To configure a custom API certificate on VMware Cloud Provider Lifecycle Manager, you must provide a PKCS12 keystore containing the certificate. You can either use the default keystore password from the server.ssl.key-store-password property defined at /opt/vmware/cplcm/config/application.properties or set a new password to the CPLCM_KEYSTORE_PW environment variable.

Procedure

(Optional) Set a new keystore password using the CPLCM_KEYSTORE_PW environment variable by editing the server.ssl.key-store-password property at /opt/vmware/cplcm/config/application.properties or by running the following commands.
```
CPLCM_KEYSTORE_PW=my-new-ks-pw
```
```
su -c "echo CPLCM_KEYSTORE_PW=$CPLCM_KEYSTORE_PW >> /etc/environment"
```

Generate the custom certificate and create the keystore.

CPLCM_CERT_DIR=/opt/vmware/cplcm/security/certs

mkdir -p $CPLCM_CERT_DIR

key_alias=vcplcm

keystore_password=$CPLCM_KEYSTORE_PW

subj="/CN=VCPLCM, O=VMware\, Inc, c=US"

openssl req -x509 -newkey rsa:4096 -subj "$subj" -keyout $CPLCM_CERT_DIR/tmpKey.pem -out $CPLCM_CERT_DIR/tmpCert.pem -days 365 -nodes

openssl pkcs12 -export -out $CPLCM_CERT_DIR/vcplcm.p12 -name $key_alias -passout "pass:$keystore_password" -inkey $CPLCM_CERT_DIR/tmpKey.pem -in $CPLCM_CERT_DIR/tmpCert.pem

After importing the keystore, remove the tmp key and certificate.
```
rm $CPLCM_CERT_DIR/tmpKey.pem
```
```
rm $CPLCM_CERT_DIR/tmpCert.pem
```

Configure a custom UI certificate on VMware Cloud Provider Lifecycle Manager

You can configure VMware Cloud Provider Lifecycle Manager to use a custom UI certificate.

To configure a custom UI certificate on VMware Cloud Provider Lifecycle Manager, you must replace the old certificate and the old key file with the new certificate file in PEM format and the new key file.

Note: By default, the old key has no passphrase. If you use an encrypted key for the new certificate, you must configure the passphrase in the user interface's nginx configuration file at /opt/vmware/cplcm/config/nginx.conf. For more information, see the ssl_password_file directive under ngx_http_ssl_module modules reference in the official NGINX documentation.

Procedure

Back up the old certificate and the old key file.

CPLCM_CERT_DIR=/opt/vmware/cplcm/security/certs

cp $CPLCM_CERT_DIR/vcplcm-gui.pem $CPLCM_CERT_DIR/vcplcm-gui.pem.backup

cp $CPLCM_CERT_DIR/vcplcm-gui.key $CPLCM_CERT_DIR/vcplcm-gui.key.backup

Generate the new custom certificate and the new key file.

CPLCM_CERT_DIR=/opt/vmware/cplcm/security/certs

mkdir -p $CPLCM_CERT_DIR

subj="/CN=VCPLCM, O=VMware\, Inc, c=US"

openssl req -x509 -newkey rsa:4096 -subj "$subj" -keyout $CPLCM_CERT_DIR/vcplcm-gui.key -out $CPLCM_CERT_DIR/vcplcm-gui.pem -days 365 -node

Join or leave the VMware Customer Experience Improvement Program

When deploying the VMware Cloud Provider Lifecycle Manager appliance, you can select whether to join or leave the VMware Customer Experience Improvement Program.

This product participates in VMware’s Customer Experience Improvement Program (CEIP). Details regarding the data collected through CEIP and the purposes for which it is used by VMware are set forth in the Trust & Assurance Center at http://www.vmware.com/trustvmware/ceip.html. You can use the cell management tool to join or leave VMware's CEIP for this product at any time.

The settings for CEIP participation are stored in the /opt/vmware/cplcm/config/vcplcm_instance.json configuration file.

Note: If the VMware Cloud Provider Lifecycle Manager appliance does not have a direct connection to the Internet, in the OVF property or on the VAMI page, you must specify a proxy server. To access the VAMI page for VMware Cloud Provider Lifecycle Manager, in a Web browser, navigate to https://vcplcm-host-name:5480/.

Join the VMware Customer Experience Improvement Program

To join the CEIP, in the /opt/vmware/cplcm/config/vcplcm_instance.json file, set the value for the enableTelemetry parameter to true.

"enableTelemetry": true

Note: After applying the change, you must restart the VMware Cloud Provider Lifecycle Manager appliance by running the command.

sudo systemctl restart vcplcm-api.service

Leave the VMware Customer Experience Improvement Program

To leave the CEIP, set the value for the enableTelemetry parameter to false.

"enableTelemetry": false

Note: After applying the change, you must restart the VMware Cloud Provider Lifecycle Manager appliance by running the command.

sudo systemctl restart vcplcm-api.service

Client Data Collected for the CEIP

Through CEIP, upon specific events, VMware Cloud Provider Lifecycle Manager collects and sends the following telemetry data.

Event Collected Data

Event	Collected Data
Starting the VMware Cloud Provider Lifecycle Manager appliance	VMware Cloud Provider Lifecycle Manager sends notification about a successful start. The notification contains the following data: VMware Cloud Provider Lifecycle Manager `version number` VMware Cloud Provider Lifecycle Manager `build number` VMware Cloud Provider Lifecycle Manager `interoperability bundle version number` VMware Cloud Provider Lifecycle Manager `interoperability bundle build number` VMware Cloud Provider Lifecycle Manager unique instance ID in a SHA-256 hash format Appliance start time The type of action, such as `action=VCPLCM_STARTUP`
Deploying, registering, and upgrading a product Updating a certificate Any node management operation, such as adding, updating, redeploying, and deleting a node	VMware Cloud Provider Lifecycle Manager version number VMware Cloud Provider Lifecycle Manager build number VMware Cloud Provider Lifecycle Manager `interoperability bundle version number` VMware Cloud Provider Lifecycle Manager `interoperability bundle build number` VMware Cloud Provider Lifecycle Manager unique instance ID in a SHA-256 hash format Appliance start time The type of action, such as `action=TASK_TYPE` Product name Product version number Environment type The result status for the task The internal ID of the product. In case of VMware Cloud Director, the notification contains the `phonehome.token` which is an identifier that VMware Cloud Director uses CEIP as well. In case of vCloud Usage Meter, the notification contains the vCloud Usage Meter instance ID in a SHA-256 hash format. Task details, such as the start and end time of the operation, error messages, rollback steps, and others Node information, such as CPU and memory Integration details In case of a product upgrade, the notification contains an indication from which version the product is upgraded to the specified product version. Client data for API requests, such as client type, URI path, HTTP status.

Starting the VMware Cloud Provider Lifecycle Manager appliance

VMware Cloud Provider Lifecycle Manager sends notification about a successful start. The notification contains the following data:

VMware Cloud Provider Lifecycle Manager version number
VMware Cloud Provider Lifecycle Manager build number
VMware Cloud Provider Lifecycle Manager interoperability bundle version number
VMware Cloud Provider Lifecycle Manager interoperability bundle build number
VMware Cloud Provider Lifecycle Manager unique instance ID in a SHA-256 hash format
Appliance start time
The type of action, such as action=VCPLCM_STARTUP

Deploying, registering, and upgrading a product
Updating a certificate
Any node management operation, such as adding, updating, redeploying, and deleting a node

VMware Cloud Provider Lifecycle Manager version number
VMware Cloud Provider Lifecycle Manager build number
VMware Cloud Provider Lifecycle Manager interoperability bundle version number
VMware Cloud Provider Lifecycle Manager interoperability bundle build number
VMware Cloud Provider Lifecycle Manager unique instance ID in a SHA-256 hash format
Appliance start time
The type of action, such as action=TASK_TYPE
Product name
Product version number
Environment type
The result status for the task
The internal ID of the product.
- In case of VMware Cloud Director, the notification contains the phonehome.token which is an identifier that VMware Cloud Director uses CEIP as well.
- In case of vCloud Usage Meter, the notification contains the vCloud Usage Meter instance ID in a SHA-256 hash format.
Task details, such as the start and end time of the operation, error messages, rollback steps, and others
Node information, such as CPU and memory
Integration details
In case of a product upgrade, the notification contains an indication from which version the product is upgraded to the specified product version.
Client data for API requests, such as client type, URI path, HTTP status.

Configure the Maximum Number of Threads VMware Cloud Provider Lifecycle Manager Can Run in Parallel

You can configure the maximum thread number that VMware Cloud Provider Lifecycle Manager can run in parallel.

The best practice recommendation is to configure VMware Cloud Provider Lifecycle Manager to run up to five parallel threads.

If you need to configure a value greater than five, first you must increase the CPU and memory of the VMware Cloud Provider Lifecycle Manager appliance.

Procedure

SSH to the VMware Cloud Provider Lifecycle Manager appliance console and log in as vcplcm.
Navigate to the /opt/vmware/cplcm/config directory.
```
cd /opt/vmware/cplcm/config
```
Configure the maximum number of parallel threads.
1. Open the application.properties file for editing.
```
vi application.properties
```
2. Configure the maximum number of parallel threads by editing the value for the execution.max.thread.count parameter.
  By default, the value is set to 0. To configure a new value, you must use a numeric character.
  Note: Remove the # symbol before the execution.max.thread.count parameter.
3. Save the application.properties file.
```
:wq!
```

Change the Root Password of the VMware Cloud Provider Lifecycle Manager Appliance

You can change the root account password due to security restrictions or other reasons.

Prerequisites

Verify that you can log in to the VMware Cloud Provider Lifecycle Manager console as root.

Procedure

Log in directly to the VMware Cloud Provider Lifecycle Manager appliance console as root.
Run the passwd command and change the password for the root user.
```
passwd root
```
- At least eight characters
- One uppercase character
- One lowercase character
- One numeric digit
- One special character.
The password must not contain a dictionary word.

Change the VCPLCM Password of the VMware Cloud Provider Lifecycle Manager Appliance

You can change the vcplcm password.

Starting with VMware Cloud Provider Lifecycle Manager 1.6, you can update the password for the local vcplcm user by using the UI or directly from the appliance.

Updating the password using the UI

In the top navigation bar, click Administration.
Click the User Management tab.
In the left panel, click Users and Groups.
In the Users table, select the vcplcm user and click Change Password.
Enter the old and new passwords, and click Change.
Note: The password must contain:
- At least eight characters
- One uppercase character
- One lowercase character
- One numeric digit
- One special character.

Updating the password directly on the appliance

Log in directly to the VMware Cloud Provider Lifecycle Manager appliance console as vcplcm.
To change the vcplcm password, run the command.
```
passwd vcplcm
```
Note: The password must contain:
- At least eight characters
- One uppercase character
- One lowercase character
- One numeric digit
- One special character.