Updating vCenter Credentials for TKG clusters in TCA 3.0
Article ID: 325378
Updated On:
Products
Issue/Introduction
This document is intended to provide the steps required to update the credentials for Cluster as a Service (CaaS)
Environment
Resolution
Update CaaS Credentials
This section provides steps to update the vCenter credentials for the management and workload clusters controlled by TCA 3.0.x
Step 1.SSH into the TCA-CP that controls the management clusters using the admin credentials.ssh admin@<tca-cp-ip>Step 2: Check connectivity to retrieve the update-vc-credentials script.
curl -kfsSL https://vmwtec.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-credentials.sh | bash -s -- -hThis script is used to update VC password for management clusters and workload clusters. It should only be run on TCA-CP within admin user directly.
Supported TCA Versions TCA 3.0.0. Note that, all the clusters must be upgraded to TCA 3.0.0 supported version before running this script to change the vCenter credential.
admin@tcacp14 [ ~/test ]$ curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-credentials.sh | bash -s -- -h This script is used to update VC credential for management clusters and workload clusters. It should only be ran on TCA-CP admin user directly. Supported TCA Version 3.0.0 Usage: bash [option...] Options: -f, --config Config file for VC accounts. Should be JSON format. -c, --check Check whether cluster resources are updated. -F, --force Force applying the config instead of waiting for existing updating job completed. -v, --verbose Run script in verbose mode. -V, --version Show current script version.NOTE: For Airgap environments, users should download the script to another location first, then copy it to the TCA-CP.
Step 3: Prepare a JSON file to provide VC servers and accounts information.
The content should follow this format:
{
"tca_version": "3.0.0",
"vcenters": [
{
"server": "<vc-1-address>", # VC server address
"accounts": [ # VC accounts information. Multiple accounts are supported.
{
"component": "clusters",
"username": "<username-1>",
"password": "<password-1>"
}
]
},
{
"server": "<vc-2-address>",
"accounts": [
{
"component": "clusters",
"username": "<username-1>",
"password": "<password-1>"
}
]
}
]
}
Step 4: Run the script to update VC credentials.
Note: Ensure there is only one script running at a time.
Update all management clusters and all the controlled workload clusters:
curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-credentials.sh | bash -s -- -f <input_json_file_path>
Example
curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-credentials.sh | bash -s -- -f ./adm1.json
Once the script is done, it will dump a summary about failed and successful updated accounts which are grouped by management cluster name.
Step 5 (Optional): Monitor the relevant accounts are updated as expected.
Step 4 may report some accounts are not updated, it is normal that on the backend, some accounts are still under realization. You can monitor the account updating with following command to check whether all the accounts are updated in next minutes.
curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-credentials.sh | bash -s -- -f ./adm1.json --check
Step 6 (Optional): Run a cluster diagnosis for any errors.
Additional Information: For Updating the vCenter credentials in Telco Cloud Automation (TCA) 2.X, please visit the following VMware KnowledgeBase:
https://kb.vmware.com/s/article/89925?lang=en_US
Feedback
