Updating the vCenter credentials
search cancel

Updating the vCenter credentials

book

Article ID: 325420

calendar_today

Updated On:

Products

VMware Telco Cloud Automation

Issue/Introduction

This document is intended to provide the steps required to update the credentials across the various Telco Cloud Automation (TCA) components after vCenter (vC) credentials have been updated.

Environment

TCA 2.0.1, 2.1, 2.0, 2.1.1, 2.2, 2.3

Resolution

Resolved in TCA 3.0.

Additional Information

This procedure involves updating the vCenter credentials in various components:

  • TCA Manager (TCA-M), Virtual Infrastructure Manager (VIM), and the Telco Cloud Automation Control Plane (TCA-CP) (for all versions of TCA 2.x)
  • TCA Infrastructure Automation / Host Configuration / Hyperscale Cloud Provider (HCP) (seperate directions for 2.0 and 2.1.x+)
  • Container-as-a-Service (CaaS) (only for TCA 2.1+)

Updating TCA-M, VIM, and TCA-CP Credentials

For all versions of TCA 2.x.

These steps need to be completed on all TCA Manager and TCA-CP appliances.

Update TCA-Manager

    1. Log into the TCA-M Appliance Management UI (VAMI).
      e.g. https://TCA-M_IP_address_or_FQDN:9443
    2. Go to Configuration > vCenter.
    3. Click on Edit and update the vCenter credentials.
    4. Click Save.
    5. Go to Appliance Summary.
    6. Click the Restart button for the Application Service. Wait for the service to restart and get back to a running state.
    7. Click on the Restart button for the Web Service. Wait for the service to restart and get back to a running state.
      Note: This step will log you out from the TCA Appliance Management UI.

Update VIM

The following steps need to be repeated for each VIM to update the credentials.

    1. Log into the TCA-M UI.
    2. Go to Infrastructure > Virtual Infrastructure.
    3. Click on the kebab (three-dots) menu next to the VIM and select Edit.
    4. Update the vCenter credentials.
    5. Click Update.

Update TCA-CP

    1. Log into the TCA-CP Appliance Management UI (VAMI).
      e.g. https://TCA-CP_IP_address_or_FQDN:9443
    2. Go to Configuration > vCenter.
    3. Click on Edit and update the vCenter credentials.
    4. Click Save.
    5. (Optional) Update the vRealize Orchestrator (vRO) credentials.
      1. Click vRealize Orchestrator (vRO)
      2. Click Edit and update the vRO credentials.
      3. Click Save.
    6. Go to Appliance Summary.
    7. Click the Restart button for the Application Service. Wait for the service to restart and get back to a running state.
    8. Click on the Restart button for the Web Service. Wait for the service to restart and get back to a running state.
      Note: This step will log you out from the TCA Appliance Management UI.

TCA Infrastructure Automation / Host Configuration

For TCA 2.0.

Note: Up to version 2.0 of TCA Infrastructure Automation, Host provisioning and deletion operations require the use of the administrator account.
These steps are to be followed if the domain attributes i.e., vSphere SSO domain-name & password, need to be updated.

Updating the Global vC Password

These are the same credentials used for TCA UI log in.

    1. Log into the TCA UI.
    2. Go to Infrastructure > Virtual Infrastructure.
    3. Go to Appliance Configuration > Configuration.
    4. Click on Edit.
    5. Expand vCenter and update the credentials.
    6. Click Save.

Updating the SSO domain-name

    1. Log into the TCA UI.
    2. Go to Infrastructure > Virtual Infrastructure.
    3. Go to Domains.
    4. Select the domain to be updated.
    5. Expand Appliance Overrides.
    6. Enable the override attribute for vSphere SSO Domain and specify the new vSphere SSO Domain under Override value.
    7. Click Save

Updating the vC password

    1. Log into the TCA UI.
    2. Go to Infrastructure > Virtual Infrastructure.
    3. Go to Domains.
    4. Select the domain to be updated.
    5. Expand Appliance Overrides.
    6. Enable the override attribute for Virtual Center and specify the new root and admin passwords under Override value.
    7. Click Save

Confirming Host Config Profile (HCP) Credentials

The following steps ensure that HCP operations use the correct credentials.
Note: HCP requires TCA SSO credentials.

    1. SSH into the TCA Manager using the admin account.
    2. Log into the TCF Manager docker container CLI.
      docker exec –it tcf-manager /bin/bash
    3. Backup the tca_web_rest_client.py file.
      cd /opt/vmware/tcf/rest_api;
      cp tca_web_rest_client.py tca_web_rest_client.pyBAK
    4. Use a text editor open the tca_web_rest_client.py script and update the username and password.
      1. Locate the  method def __init__(self) section.
      2. Update the user and password values:
        user = "TCA SSO username"
        password = "TCA SSO password"
        Note: This need not always be the administrator account. Use the TCA SSO credential.

For all versions of TCA 2.1.x+

These are the steps to be followed if the domain attributes such as (vSphere SSO domain-name & password) need to be updated.

Updating Global vC Password

These are the same credentials used to log into the TCA UI.

    1. Log into the TCA UI.
    2. Go to Infrastructure > Virtual Infrastructure.
    3. Go to Appliance Configuration > Configuration.
    4. Click on Edit.
    5. Expand vCenter and update the credentials.
    6. Click Save. 

Updating SSO domain-name

    1. Log into the TCA UI.
    2. Go to Infrastructure > Infrastructure Automation.
    3. Go to Domains.
    4. Select the domain to be updated.
    5. Expand Appliance Overrides.
    6. Enable the override attribute for vSphere SSO Domain name and specify the new vSphere SSO Domain name under Override value.
    7. Click Save.  

Updating vSphere SSO Username

    1. Log into the TCA UI.
    2. Go to Infrastructure > Infrastructure Automation.
    3. Go to Domains.
    4. Select the domain to be updated.
    5. Expand Appliance Overrides.
    6. Enable the override attribute for vSphere SSO Username and specify the new vSphere SSO Username under Override value.
    7. Click Save

Updating vC password

    1. Log into the TCA UI.
    2. Go to Infrastructure > Infrastructure Automation.
    3. Go to Domains.
    4. Select the domain to be updated.
    5. Expand Appliance Overrides.
    6. Enable the override attribute for Virtual Center and enter the new root and admin password under Override value.
    7. Click Save

Confirming Host Config Profile (HCP) Credentials

The following steps ensure that HCP operation has the correct credentials.
Note: HCP requires TCA SSO credentials.

    1. SSH into the TCA Manager using the admin account.
    2. Change to root
    3. Log into the TCF Manager docker container CLI.
      docker exec -it tcf-manager /bin/bash
    4. Backup the tca_web_rest_client.py file.
      cd /opt/vmware/tcf/rest_api
      cp tca_web_rest_client.py tca_web_rest_client.pyBAK
    5. Use a text editor to open the tca_web_rest_client.py script and update the username and password.
      1. Locate the  method def __init__(self) section.
      2. Add the user and password configuration lines with the proper values:
        user = "TCA SSO username"
        Note: This should be the TCA SSO credentials, the same username that allows access to the TCA Manager UI.
        password = "TCA SSO password"
        Note: This is the password associated with the TCA SSO username.
    6. Comment out the four lines under the yellow lines for user and password with a hashtag (#) symbol as seen below:
    7. Exit docker
    8. Restart the tcf-manager container:
      docker restart tcf-manager

 

Update CaaS Credentials

For all versions of TCA 2.1.x+

This section provides steps to update the vCenter credentials for the management and workload clusters controlled by TCA 2.0.x and TCA 2.1.x +.

  1. SSH into the TCA-CP that controls the management clusters using the admin credentials.
    ssh admin@tca-cp-ip
  1. Change user to root.
    su root
  1. Check connectivity to retrieve the update-vc-credentials script.
    curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/update-vc-credentials | bash -s -- -h

    This script is used to update vC password for management clusters and workload clusters. It should only be run on TCA-CP within root user directly.
update-vc-credentials

Usage:
   update-vc-credentials [option...]

Options:
  -f, --config                 Config file for VC accounts. Should be JSON format.
  -w, --workload-cluster       Only run on specific workload cluster.
  -v, --version                Show current script version.

Note: For airgap environments, download and copy over the script from a location with Internet access to the TCA-CP.

  1. Prepare a JSON file to provide the management clusters list and the vC servers and accounts information.
    Use the following template:
{
  "tca_version": "2.0.0",
  "managementclusters": [ # Management cluster name list
    "managementcluster_name1",# Optional
    "managementcluster_name2"
  ],
  "vcenters": [
    {
      "server": "vc-1-address", #vCenter server address
      "accounts": [ # vC credentials. Multiple accounts are supported.         {
          "username": "username-1",
          "password": "password-1"
        },# Optional
        {
          "username": "username-2",
          "password": "password-2"
        }
      ]
    },# Optional
    {
      "server": "vc-2-address",
      "accounts": [
        {
          "username": "username-1",
          "password": "password-1"
        }
      ]
    }
  ]
}

Note: JSON does not support comments. As a pure data format, the final JSON file must only contain data.

  1. Run the script to update the vC credentials on the management clusters and across all or a specific workload cluster:
    Note: Only run the script once at a time.  
    • Update management clusters and all the associated workload clusters
      curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/update-vc-credentials | bash -s -- -f input_json_file_path
    • Update specific workload cluster
      curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/update-vc-credentials | bash -s -- -f input_json_file_path -w workload_cluster_name
  1. Once the script is done, it will dump a summary about failed and successful updated clusters, which are grouped by the management cluster name.
2022-05-11 04:37:23 [INFO] VC credentials update process is done.
2022-05-11 04:37:23 [INFO] VC passwords on these following clusters are updated successfully.
- <mgmt_name_1>: <mgmt_name_1> <wc1> <wc2>
2022-05-11 04:37:23 [ERROR] VC passwords on these following clusters are updated in failure.
- <mgmt_name_1>: <wc3>
  1. (Optional) Run a cluster diagnosis to review for any errors.

 

XNF LCM

  • xNF Life Cycle Management functionality requires no additional change if all the steps listed in this document have been carried out.
  • Failing to do so will impact vRO Workflows, node customizations functionalities.
  • CNFs that depend only on Helm will have no impact due to vC credentials change.