VMware vCenter Orchestrator - 4.2.1 Administrator’s Guide
Administering VMware vCenter
Orchestrator
vCenter Orchestrator 4.2
This document supports the version of each product listed and
supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of this
document, see http://www.vmware.com/support/pubs.
EN-000467-02
Administering VMware vCenter Orchestrator
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2008 – 2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and
intellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Administering VMware vCenter Orchestrator 7
Updated Information 9
The Orchestrator Client 11
1
Log in to the Orchestrator Client 11
Access the Orchestrator API Explorer 12
User Preferences 13
My Orchestrator View 14
Configurations View 15
Packages View 15
Scheduler View 16
Workflows View 16
Components of the Workflows View 16
Actions View 17
Resources View 17
Inventory View 18
Web Views View 18
Weboperator Web View 18
Start the Weboperator Web View 18
Policies 19
Managing Workflows 21
2
Standard Workflows in the Workflow Library 21
Workflow Name Changes 22
Key Concepts of Workflows 23
Workflow User Permissions 23
Workflow Credentials 24
Workflow Attributes 24
Workflow Parameters 24
Workflow Schema 25
View Workflow Schema 25
Workflow Tokens 25
Workflow Token States 26
Locking Mechanism 26
Set User Permissions on a Workflow 27
Run a Workflow 27
Respond to a Request for a User Interaction 28
Scheduling Workflows 29
Schedule a Workflow 29
Edit the Workflow Recurrence Pattern 30
VMware, Inc.
3
Administering VMware vCenter Orchestrator
Creating Resource Elements 31
3
View a Resource Element 31
Import an External Object to Use as a Resource Element 32
Edit the Resource Element Information and Access Rights 32
Save a Resource Element to a File 33
Update a Resource Element 33
Add a Resource Element to a Workflow 33
Add a Resource Element to a Web View 34
Managing Actions 37
4
Create an Action 37
Duplicate an Action 38
Export an Action 38
Import an Action 39
Move an Action 39
Find Elements That Implement an Action 39
Using Packages 41
5
Create a Package 41
Set User Permissions on a Package 42
Export a Package 43
Import a Package 44
Get and Synchronize a Remote Package 44
Remove a Package 45
Setting System Properties 47
6
Disable Access to the Orchestrator Client By Nonadministrators 47
Disable Access to Workflows from Web Service Clients 48
Setting Server File System Access from Workflows and JavaScript 48
Set Server File System Access for Workflows and JavaScript 49
Manually Create the js-io-rights.conf File 50
Set JavaScript Access to Operating System Commands 51
Set JavaScript Access to Java Classes 51
Set Custom Timeout Property 52
Modify the Number of Objects a Plug-In Search Obtains 53
Modify the Number of Concurrent and Pending Workflows 54
Maintenance and Recovery 55
7
Orchestrator Server Fails to Start 56
Revert to the Default Password for Orchestrator Configuration 56
Change the Web View SSL Certificate 57
Orchestrator Log Files 58
Logging Persistence 59
Define the Server Log Level 60
Change the Size of Server Logs 60
Export Orchestrator Log Files 61
Loss of Server Logs 62
Maintaining the Orchestrator Database 62
4 VMware, Inc.
Index 63
Contents
VMware, Inc. 5
Administering VMware vCenter Orchestrator
6 VMware, Inc.
Administering VMware vCenter Orchestrator
Administering VMware vCenter Orchestrator provides information and instructions about using and maintaining
VMware® vCenter Orchestrator. It also describes how to manage workflows, plug-ins, packages, and
inventory.
Intended Audience
This information is intended for advanced vSphere administrators and experienced system administrators
who are familiar with virtual machine technology and datacenter operations, as well as anyone who wants to:
n
Automate frequently repeated processes related to the management of the virtual environment.
n
Manage multiple automated processes across and among heterogeneous systems.
n
Provide transparency in IT processes by centralizing automated scripts.
n
React faster to unplanned changes in the virtual environment.
VMware, Inc.
7
Administering VMware vCenter Orchestrator
8 VMware, Inc.
Updated Information
Administering VMware vCenter Orchestrator is updated with each release of the product or when necessary.
This table provides the update history of Administering VMware vCenter Orchestrator.
Revision Description
EN-000467-02
EN-000467-01 Removed a note regarding policy development from “Policies,” on page 19. Orchestrator 4.2 supports
EN-000467-00 Initial release.
n
Updated Step 3 in “Set Server File System Access for Workflows and JavaScript,” on page 49.
n
Added topic “Manually Create the js-io-rights.conf File,” on page 50.
policy development.
VMware, Inc. 9
Administering VMware vCenter Orchestrator
10 VMware, Inc.
The Orchestrator Client 1
The Orchestrator client is an easy-to-use desktop application that allows you to perform daily administration
tasks such as importing packages, running and scheduling workflows, and managing user permissions. The
Orchestrator client also serves as an IDE for creating or customizing workflows.
This chapter includes the following topics:
n
“Log in to the Orchestrator Client,” on page 11
n
“Access the Orchestrator API Explorer,” on page 12
n
“User Preferences,” on page 13
n
“My Orchestrator View,” on page 14
n
“Configurations View,” on page 15
n
“Packages View,” on page 15
n
“Scheduler View,” on page 16
n
“Workflows View,” on page 16
n
“Actions View,” on page 17
n
“Resources View,” on page 17
n
“Inventory View,” on page 18
n
“Web Views View,” on page 18
n
“Weboperator Web View,” on page 18
n
“Policies,” on page 19
Log in to the Orchestrator Client
To perform general administration tasks or to edit and create workflows, you must log in to the Orchestrator
client interface.
NOTE The Orchestrator client interface is designed for developers with administrative rights who want to
develop workflows, actions, and other custom elements.
Prerequisites
All components of the Orchestrator server must be configured and the Orchestrator server service must be
running.
VMware, Inc.
11
Administering VMware vCenter Orchestrator
Procedure
1 Log in as an administrator to the machine on which the Orchestrator client is installed.
2 Click Start > Programs > VMware > vCenter Orchestrator Client.
3 In the Host name field, type the IP address to which Orchestrator server is bound.
To check the IP address, log in to the Orchestrator configuration interface and check the IP settings on the
Network tab.
4 Log in by using the Orchestrator user name and password.
To check the credentials, log in to the Orchestrator configuration interface and check the credentials on
the LDAP tab.
5 In the Security Warning window select an option to handle the certificate warning.
The Orchestrator client communicates with the Orchestrator server by using an SSL certificate. A trusted
CA does not sign the certificate during installation. Because of this, you receive a certificate warning each
time you connect to the Orchestrator server.
Option Description
Ignore
Cancel
Install this certificate and do not
display any security warnings for it
anymore.
You can change the default SSL certificate with a certificate signed by CA. For more information about
changing SSL certificates, see Installing and Configuring VMware vCenter Orchestrator.
Click Ignore to continue using the current SSL certificate.
The warning message appears again when you reconnect to the same
Orchestrator server, or when you try to synchronize a workflow with a
remote Orchestrator server.
Click Cancel to close the window and stop the login process.
Select this check box and click Ignore to install the certificate and stop
receiving security warnings.
The My Orchestrator view appears. This view summarizes the recent activities on the server, shows pending
and running workflows, running policies, scheduled tasks, completed workflows, and elements you recently
edited.
What to do next
You can import a package, start a workflow, or set root access rights on the system.
Access the Orchestrator API Explorer
Orchestrator provides an API Explorer to allow you to search the Orchestrator API and see the documentation
for JavaScript objects that you can use in scripted elements.
You can consult an online version of the Scripting API for the vCenter Server plug-in on the Orchestrator
documentation home page.
Procedure
u
Access the API Explorer from either the Orchestrator client or from the Scripting tabs of the workflow,
policy, and action editors.
n
To access the API Explorer from the Orchestrator client, click Tools > API Explorer in the Orchestrator
client tool bar.
n
To access the API Explorer from the Scripting tabs of the workflow, policy, and action editors, click
Search API on the left.
The API Explorer appears, allowing you to search all the objects and functions of the Orchestrator API.
12 VMware, Inc.
What to do next
Use the API Explorer to write scripts for scriptable elements.
User Preferences
You can customize aspects of the Orchestrator client by using the User preferences tool.
Your preferences are saved on the client side in the C:\Documents and
Settings\
client to a running Orchestrator server.
To access the tool, select Tools > User preferences in the Orchestrator client toolbar.
From the User preferences tool you can change the following preferences.
General Preferences
Table 1-1. Orchestrator Client Customization Options
Option Description
Auto-edit new inserted The new elements that you add open in an editor.
Script compilation delay The frequency of the background task that compiles the scripts and reports
Show decision scripts You can see the decision script of the implemented decision functions.
Delete non empty folder permitted You can delete a folder together with its subfolders and contents.
Size of run logs (number of lines) The maximum number of lines in the system log that Orchestrator displays
Server log fetch limit The maximum number of lines in the server logs that Orchestrator fetches
Finder maximum size The maximum number of results that the searches return when you search
Check usage when deleting an element Orchestrator checks if the element you are trying to delete is referenced
Check OGNL expression Orchestrator validates the OGNL expressions in the workflow
Current_User
Chapter 1 The Orchestrator Client
\.vmware\vmware-vmo.cfg file. The .vmware folder is created when you first connect the
errors in edit mode.
when you select a workflow run in the Orchestrator client and click
Logs on the Schema tab.
The value must be greater than 0.
from the database and displays when you click any of the Events tabs in
the Orchestrator client.
The value must be greater than 0.
for elements such as actions or workflows.
The value must be greater than 0.
by other elements. If the element is used by another workflow, policy, or
action, a warning message appears.
presentations.
NOTE The use of OGNL expressions in workflow presentations is
deprecated as of Orchestrator 4.1. Using OGNL expressions in workflow
presentations is not supported in Orchestrator 4.1 and later.
Workflows Preferences
Table 1-2. Workflow Editor Customization Options
Option Description
Check task/decision IN/OUT parameters Orchestrator checks if the input and output parameters of an activity are
correctly bound to the corresponding input or output attribute of the
workflow.
Check error in task's scripts Orchestrator validates the script in scriptable task elements.
VMware, Inc. 13
Administering VMware vCenter Orchestrator
Table 1-2. Workflow Editor Customization Options (Continued)
Option Description
Check workflow termination Orchestrator checks if each terminal transition of a workflow with
Check unreachable items Orchestrator checks if all activities are reachable.
Check unused workflow's
parameters/attributes
Check unknown types from plug-ins Orchestrator checks if all parameters and attributes of a workflow are of
Check for legacy 'Action' scripting call (slow) Orchestrator detects legacy actions calls and displays a warning message.
Use direct lines as workflow diagram links The connector tool uses direct lines to link the workflow schema elements.
Choose workflow in tree view The workflow selector displays a hierarchical tree viewer instead of the
Validate workflow before running it Orchestrator validates each workflow before allowing it to run.
different possible outcomes is connected to an End Workflow schema
element.
Orchestrator checks if all parameters and attributes of a workflow are
used.
a known type.
default list panel.
Inventory Preferences
You can enable the Use contextual menu in inventory option to display the workflows that are available for
an inventory object. When the option is enabled and you right-click an object in the Orchestrator inventory,
all workflows applicable to the selected object type are displayed.
Script Editor Preferences
You can customize the scripting engine from the Script Editor option of the User preferences menu. You can
disable automatic completion of lines, and change the default code formatting options.
My Orchestrator View
The My Orchestrator view in the Orchestrator client interface summarizes the most recent activities on the
Orchestrator server, such as recently modified elements, pending and running workflows, running policies,
completed workflows, and workflows that are waiting for user interaction.
From the My Orchestrator view you can perform common administrative tasks, such as running a workflow,
importing a package, and setting root access rights.
The My Orchestrator view presents the following tabs.
Today
Workflow Tokens
Waiting for Input
Tasks
Permissions
Displays the most recent workflow runs and modified elements.
Provides details about the different workflow runs. This information includes
the workflow's running status, the user who started it, and the time and date
when the workflow started and ended.
Displays a list of the workflows that are waiting for user inputs that you or
members of your user group have permission to provide.
Displays information about the scheduled workflows, including name,
running state, last run, and next run.
Displays the users and user groups who have root access rights to all published
Web views and the workflows in the Orchestrator library. The possible
permissions are View, Execute, Inspect, Edit, and Admin.
14 VMware, Inc.
Configurations View
The Configurations view in the Orchestrator client allows you to create configuration elements. Creating
configuration elements allows you to define common attributes across an Orchestrator server.
The Configurations view consists of a set of tabs that show information about a configuration element that
you select. You can edit a configuration element by right-clicking the element and selecting Edit.
Chapter 1 The Orchestrator Client
General
Attributes
Events
Permissions
Packages View
The Packages view in the Orchestrator client interface allows you to add, import, export, and synchronize
packages.
The Packages view consists of a set of tabs that show different types of information about a package that you
select. You can insert and remove elements on each tab in Edit Package mode. To access Edit Package mode,
right-click a package and select Edit.
General
Workflows
Policies
Displays general information about the configuration element, including its
name and description, version number, and the user permissions.
Displays the attributes that are added to the configuration element. All
elements that are running in the server can call on the attributes that are set in
a configuration element.
Displays all the events that are associated with this configuration element.
Displays the users and user groups which have permission to access the
configuration element.
Displays general information about the package, including its name, legal
owner, and description.
Displays all the workflows that the selected package contains.
Displays the policy templates that the selected package contains.
Actions
Web View
Configurations
Resources
Used Plug-Ins
Permissions
VMware, Inc. 15
Displays the actions that the selected package contains.
Displays the Web views that the selected package contains.
Displays the configuration elements that the selected package contains.
Displays the external resources embedded in the selected package.
Displays information about the plug-ins associated with the selected package.
Plug-ins can have one or more packages associated with them.
Displays the permissions granted to users or groups of users to interact with
the package. The possible permissions are View, Inspect, Edit, and Admin.
Administering VMware vCenter Orchestrator
Scheduler View
The Scheduler view in the Orchestrator client displays a list of all scheduled workflows in the system. The
workflows are sorted by name or date, together with their status. You can use the Scheduler view to create,
edit, suspend, resume, and cancel scheduled workflows.
The Scheduler view consists of a set of tabs that show different types of information about scheduled workflow
that you select. You can edit a scheduled workflow by right-clicking the workflow and selecting Edit.
General
Recurrence
Workflow Runs
Permissions
Workflows View
The Orchestrator client interface features a Workflows view that provides access to the Orchestrator libraries
of workflows.
The Workflows view allows you to view information about each workflow, create, edit, run workflows, and
interact with the workflows.
The Orchestrator client uses the following icon to identify workflows:
Displays general information about the scheduled workflow, including task
name, start behavior, description, start date, startup user, the name of the
scheduled workflow, and a list of the input values for the workflow.
Displays details about the recurrence pattern of the scheduled workflow.
Displays details about the different runs of a particular scheduled workflow.
This information includes the running status of the workflow, its start and end
date, and the user who started it. When you cancel a scheduled workflow, its
log information is removed from the system. When you suspend a workflow,
the log information is kept.
Displays the permissions accorded to users or groups of users to interact with
the workflow. The possible permissions are View, Execute, Inspect, Edit, and
Admin.
Components of the Workflows View
The Workflows view consists of a set of tabs that show information about the selected workflow.
General
Inputs
Outputs
Schema
Presentation
16 VMware, Inc.
Displays general information about the workflow, including its name, its
version number, the permissions, a description, and a list of the workflow's
global attributes.
Lists all the input parameters that the workflow needs when it runs.
Lists the types of values that the workflow returns when it runs.
Shows a graphical representation of the workflow. Clicking an element in the
schema shows information about that element in the bottom half of the
Workflows view.
Constructs the input parameters dialog box that users see when they run a
workflow. You define the groups in which the input parameters appear in the
dialog box and provide descriptions to help users provide the correct
parameters. You also define any parameter properties or constraints.
Chapter 1 The Orchestrator Client
Parameters Reference
Workflow Tokens
Events
Permissions
Actions View
The Actions view in the Orchestrator client interface allows you to access the libraries of predefined actions.
In the Actions view, you can duplicate actions, export them to a file, or move them to a different module in
the actions hierarchical list.
By expanding the nodes of the actions hierarchical list, you can browse available actions. When you select an
action in the list, the right pane displays details about that action.
Shows all the input and output parameters in a single view. The tab also
identifies the schema element that consumes or generates a parameter. You can
optionally view the workflow attributes in this tab by clicking Show
Attributes. When you right-click an attribute or a parameter and select Show
in schema, the corresponding schema element is highlighted.
Provides details about the different runs of the selected workflow. This
information includes the workflow's running status, the user who started it,
and the time and date when the workflow started and ended.
Provides information about each event that occurs while the workflow is
running. This information includes the event's running status, the user who
started it, and the time and date when the event was issued. The information
is stored in the VMO_LogEvent table in the Orchestrator database.
Lists the permissions accorded to users or groups of users to interact with the
workflow. The possible permissions are View, Execute, Inspect, Edit, and
Admin.
The Actions view presents the following tabs.
General
Scripting
Events
Permissions
Resources View
The Resources view in the Orchestrator client allows you to import external objects such as images, sysprep
files, custom scripts, and HTML and XML templates and use them as resource elements in workflows and Web
views.
The Resources view consists of a set of tabs that show information about a particular resource element.
General
Viewer
Events
Permissions
Displays general information about the action, including its name, its version
number, the operations the user is allowed to perform, and a description.
Displays the action’s return type, input parameters, and the JavaScript code
that defines the action's function.
Displays all of the events associated with this action.
Displays which users and user groups have permission to access the action.
Displays general information about the resource element, including its name,
MIME type, description, version number, and the user permissions.
Displays the contents of the resource element.
Displays all of the events that are associated with this resource element.
Displays which users and user groups have permission to access the resource
element.
VMware, Inc. 17
Administering VMware vCenter Orchestrator
Inventory View
The Inventory view in the Orchestrator client interface displays the objects of the plugged-in applications that
are enabled in Orchestrator. You can use the Inventory view to run workflows on an inventory object.
If the Use contextual menu in inventory option is enabled, all of the workflows that you can run on the selected
inventory object appear in a contextual menu.
Web Views View
The Web Views view in the Orchestrator client allows you to create, publish, and export Web views to a
working folder for modification or as templates from which to create other Web views. You can use Web views
to access Orchestrator functions from a Web browser.
The Web Views view consists of a set of tabs that show information about a particular Web view.
General
Elements
Attributes
Events
Displays general information about the Web view, including its name,
description, version number, the URL on which the Web view is published,
and the user permissions.
Displays the HTML files and Web view components associated with the
selected Web view.
Displays the attributes that direct the Web view to the objects in the
Orchestrator server on which it performs tasks.
Displays all of the events that are associated with the Web view.
Weboperator Web View
Orchestrator provides a standard Web view called weboperator that allows users to run workflows from a
browser.
The weboperator Web view provides an example of the orchestration functions that Web views can provide
to end users in browsers, without requiring that those users use the Orchestrator client.
Start the Weboperator Web View
You start the weboperator Web view from the Orchestrator client.
Procedure
1 Click the Web Views view in the Orchestrator client.
The weboperator Web view and any other Web views that you have imported into Orchestrator appear.
2 Right-click weboperator and select Publish.
3 Open a browser and go to http://
In the URL, orchestrator_server is the DNS name or IP address of the Orchestrator server, and 8280 is the
default port number where Orchestrator publishes Web views.
4 On the Orchestrator home page, click Web View List.
5 Click weboperator.
6 Log in using your Orchestrator user name and password.
7 Expand the hierarchical list of workflows to navigate through the workflows in the Orchestrator library.
8 Click a workflow in the hierarchical list to display information about the workflow in the right pane.
18 VMware, Inc.
orchestrator_server
:8280.
Chapter 1 The Orchestrator Client
9 In the right pane, select whether to run the workflow now or at a later time.
Option Action
Run the workflow now
Run the workflow at a later time
a Click Start Workflow to run the workflow.
b Provide the required input parameters and click Submit to run the
workflow.
a Click Schedule Workflow to run the workflow at a later time.
b Provide the time, date, and recurrence information to set when and how
often to run the workflow and click Next.
c Provide the required input parameters and click Submit to schedule the
workflow.
You can use the weboperator Web view to run workflows on objects in your inventory from a Web browser
rather than from the Orchestrator client.
What to do next
If you only need a Web view to access the inventory and run workflows, the standard weboperator Web view
should meet your requirements. If you require more complex functionality from a Web view, you can use the
Web components and default Web view template that Orchestrator provides to develop custom Web views.
Policies
Policies are event triggers that monitor the activity of the system. Policies respond to predefined events issued
by changes in the status or performance of certain defined objects.
Policies are a series of rules, gauges, thresholds and event filters that run certain workflows or scripts when
specific predefined events occur in Orchestrator or in the technologies that Orchestrator accesses through plugins. Orchestrator constantly evaluates the policy rules as long as the policy is running. For instance, you can
implement policy gauges and thresholds that monitor the behavior of vCenter Server objects of the
VC:HostSystem and VC:VirtualMachine types.
Orchestrator defines the following types of policy:
Policy Templates
Policies
You can organize policy templates into folders, for easier navigation.
Master policies. Policy templates are not linked to real objects. They are abstract
sets of rules that define the behavior to implement if a certain abstract event
occurs. You can see existing policy templates and create templates in the Policy
Templates view in the Orchestrator client.
Policies are instances of a template or standalone event triggers that are linked
to real objects, and that are triggered by real-life events. You can see existing
policies and create policies in the Policies view in the Orchestrator client.
VMware, Inc. 19
Administering VMware vCenter Orchestrator
20 VMware, Inc.
Loading...