Updating vCenter Credentials for TKG clusters in TCA 3.0
search cancel

Updating vCenter Credentials for TKG clusters in TCA 3.0


Article ID: 325378


Updated On:


VMware VMware Telco Cloud Automation


This document is intended to provide the steps required to update the credentials for Cluster as a Service (CaaS)


VMware Telco Cloud Automation 3.0


Update CaaS Credentials

This section provides steps to update the vCenter credentials for the management and workload clusters controlled by TCA 3.0.x

Step 1.SSH into the TCA-CP that controls the management clusters using the admin credentials.
ssh admin@<tca-cp-ip>
Step 2: Check connectivity to retrieve the update-vc-credentials script.
curl -kfsSL https://vmwtec.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-credentials.sh | bash -s -- -h
This script is used to update VC password for management clusters and workload clusters. It should only be run on TCA-CP within admin user directly.

Supported TCA Versions TCA 3.0.0. Note that, all the clusters must be upgraded to TCA 3.0.0 supported version before running this script to change the vCenter credential.
admin@tcacp14 [ ~/test ]$ curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-credentials.sh | bash -s -- -h
This script is used to update VC credential for management clusters and workload clusters. It should only be ran on TCA-CP admin user directly. Supported TCA Version 3.0.0
   bash [option...]
  -f, --config                 Config file for VC accounts. Should be JSON format.
  -c, --check                  Check whether cluster resources are updated.
  -F, --force                  Force applying the config instead of waiting for existing updating job completed.
  -v, --verbose                Run script in verbose mode.
  -V, --version                Show current script version.
NOTE: For Airgap environments, users should download the script to another location first, then copy it to the TCA-CP. 

Step 3: Prepare a JSON file to provide VC servers and accounts information.

The content should follow this format:

  "tca_version": "3.0.0",
  "vcenters": [
      "server": "<vc-1-address>", # VC server address
      "accounts": [ # VC accounts information. Multiple accounts are supported.
          "component": "clusters",
          "username": "<username-1>",
          "password": "<password-1>"
      "server": "<vc-2-address>",
      "accounts": [
          "component": "clusters",
          "username": "<username-1>",
          "password": "<password-1>"

Step 4: Run the script to update VC credentials.

Note: Ensure there is only one script running at a time. 

Update all management clusters and all the controlled workload clusters:

curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-credentials.sh | bash -s -- -f <input_json_file_path>


curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-credentials.sh | bash -s -- -f ./adm1.json

Once the script is done, it will dump a summary about failed and successful updated accounts which are grouped by management cluster name.

Step 5 (Optional): Monitor the relevant accounts are updated as expected.

Step 4 may report some accounts are not updated, it is normal that on the backend, some accounts are still under realization. You can monitor the account updating with following command to check whether all the accounts are updated in next minutes.

curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-credentials.sh | bash -s -- -f ./adm1.json --check

Step 6 (Optional): Run a cluster diagnosis for any errors.

Additional Information: For Updating the vCenter credentials in Telco Cloud Automation (TCA) 2.X, please visit the following VMware KnowledgeBase: