The retrieveVMwareCertificate.py script
can complete all of the steps that are needed to configure VMware Infrastructure 3 platforms and Intelligent Management. However, you can also
complete these steps manually by creating the signer certificate and
required custom properties in the administrative console.
Before you begin
- Your VMware Infrastructure 3 platforms environment
must be on servers that are running Solaris Operating Environment
on Intel hardware, Windows, or Linux x86
operating systems.
- You must use VMware products
that support VMware Infrastructure 3 platforms.
The supported versions are:
- VMware VirtualCenter
Version 2.5
- VMware ESX Versions
5.0 and 5.5
- VMware vSphere Version
5.0 andVersion 5.5 all of which include VMware ESXi and VMware vCenter Server
The documentation generically refers to these servers with the
following terminology:- ESX server:
Refers to VMware ESX Versions
5.0 and 5.5 or a VMware ESXi server in VMware vSphere Version 5.0
and Version 5.5.
- vCenter server:
Refers to VMware VirtualCenter
Version 2.5 or a VMware vCenter
server in VMware vSphere
Version 5.0 and Version 5.5.
About this task
You can retrieve a signer certificate with a script or in
the administrative console, and then define the required custom properties
in the administrative console. You can also complete these steps with
the script only. For more information, read about configuring VMware
Infrastructure 3 platforms and
Intelligent Management.
Procedure
- If you are configuring Intelligent Management to communicate with
a vCenter server:
- Retrieve a signer from the vCenter server
and store the signers in the CellDefaultTrustStore key
store. To retrieve the signer, you can either use the
administrative console or run the retrieveVMwareCertificate.py script.
To retrieve the signer certificate by running the script:
./wsadmin.sh -lang jython -f retrieveVMwareCertificate.py
-host:<vmware_virtual_center_host_name> -port:<vmware_virtual_center_ssl_port_number>
Where <vmware_virtual_center_host_name> is
the host name of the vCenter and <vmware_virtual_center_ssl_port_number> is
the secure SSL port of the vCenter.
To
retrieve the signer certificate using the administrative console:
- Navigate to the signer certificates administrative console panel.
In the administrative console, click .
- Enter the host and port information for the vCenter server
and an alias or name for the certificate. The alias should follow
the syntax: <vmware_virtual_center_short_host>-vmware.
For example, if the hostname of the vCenter server
is myvmwarevc.foo.net, the alias name would
be myvmwarevc-vmware. For Hypertext Transfer
Protocol Secure (HTTPS), the default port value is 443.
- Click Retrieve signer information.
- Click Apply. This action indicates that
you accept the credentials of the signer.
The signer certificate that is retrieved from the vCenter server
is stored in the CellDefaultTrustStore keystore.
- Configure custom properties for the vCenter server
so that Intelligent Management can use
Web services to communicate with the VMware Infrastructure SDK (VI SDK). In
the administrative console, click . Create the following cell-wide custom properties:
- vmware.service.unique_id.url
- vmware.service.unique_id.userid
- vmware.service.unique_id.password
- vmware.service.unique_id.importMachinesWithWASNodesOnly
Note: For the vmware.service.
unique_id.userid
custom property, the following privileges are required by
Intelligent Management to read certain
properties and to perform various operations:
- System.Anonymous
- System.Read
- System.View
- Sessions.TerminateSession
The unique_id value is a unique identifier
that represents the vCenter. For
example, if the host name of the vCenter server
is myvmwarevc.foo.net and the port is 443,
the unique_id value would be myvmwarevc_foo_net_443.
Following the same example, the names of the custom properties would
be: vmware.service.myvmwarevc_foo_net_443.url
vmware.service.myvmwarevc_foo_net_443.userid
vmware.service.myvmwarevc_foo_net_443.password
vmware.service.myvmwarevc_foo_net_443.importMachinesWithWASNodesOnly
- If you are configuring Intelligent Management to communicate with ESX servers:
- Retrieve a signer from the ESX server and store
the signers in the CellDefaultTrustStore key
store. To retrieve the signer, you can either use the
administrative console or run the retrieveVMwareCertificate.py script.
To retrieve the signer certificate by running the script:
./wsadmin.sh -lang jython -f retrieveVMwareCertificate.py
-host:<vmware_esx_server_host_name> -port:<vmware_esx_server_ssl_port_number>
Where <vmware_esx_server_host_name> is
the host name of the ESX server
and <vmware_esx_server_ssl_port_number> is the
secure SSL port of the ESX server.
To
retrieve the signer certificate using the administrative console:
- Navigate to the signer certificates administrative console panel.
In the administrative console, click .
- Enter the host and port information for the ESX server and an alias
name for the certificate. The alias should follow the syntax: <vmware_esx_server_short_host>-vmware.
For example, if the hostname of the ESX server is myvmwareesx.foo.net,
the alias name would be myvmwareesx-vmware.
For Hypertext Transfer Protocol Secure (HTTPS), the default port
value is 443.
- Click Retrieve signer information.
- Click Apply. This action indicates that
you accept the credentials of the signer.
The signer certificate that is retrieved from the ESX server is stored
in the CellDefaultTrustStore keystore.
- Configure custom properties for the ESX servers so that Intelligent Management can use Web services
to communicate with the VMware Infrastructure SDK (VI SDK). In
the administrative console, click . Create the following cell-wide custom properties:
- vmware.service.unique_id.url
- vmware.service.unique_id.userid
- vmware.service.unique_id.password
- vmware.service.unique_id.importMachinesWithWASNodesOnly
The unique_id value is a unique identifier
that represents the ESX server.
For example, if the host name of the ESX server is myvmwareesx.foo.net and
the port is 443, the unique_id value
would be myvmwareesx_foo_net_443. Following
the same example, the names of the custom properties would be: vmware.service.myvmwareesx_foo_net_443.url
vmware.service.myvmwareesx_foo_net_443.userid
vmware.service.myvmwarevc_foo_net_443.importMachinesWithWASNodesOnly
Repeat these steps for each ESX server in your
configuration.