Updating the vCenter credentials in Telco Cloud Automation (TCA) 2.X
search cancel

Updating the vCenter credentials in Telco Cloud Automation (TCA) 2.X

book

Article ID: 325420

calendar_today

Updated On:

Products

VMware VMware Telco Cloud Automation

Issue/Introduction

This document is intended to provide the steps required to update the credentials across the various Telco Cloud Automation (TCA) components after vCenter (VC) credentials have been updated.

Environment

VMware Telco Cloud Automation 2.0.1
VMware Telco Cloud Automation 2.1
VMware Telco Cloud Automation 2.0
VMware Telco Cloud Automation 2.1.1
VMware Telco Cloud Automation 2.2
VMware Telco Cloud Automation 2.3

Resolution

Issue is addressed in TCA 3.0.

Additional Information

This procedure involves updating the credentials in various components:

  • TCA, Virtual Infrastructure Management (VIM), and TCA-CP (Telco Cloud Automation Control Plane) Appliances
  • TCA Infrastructure Automation / Host Configuration / Hyperscale Cloud Provider (HCP)
  • Container-as-a-Service (CaaS)

Updating TCA, VIM, and TCA-CP Credentials

These steps need to be completed on all TCA Manager and TCA-CP appliances.
 

TCA-Manager

  1. Log into the TCA Appliance Management UI.
  1. Go to Configuration > vCenter.
  2. Click on Edit and update the vCenter credentials.
  3. Click Save.
  4. Go to Appliance Summary.
  5. Click the Restart button for the Application Service. Wait for the service to restart and get back to a running state.
  6. Click on the Restart button for the Web Service. Wait for the service to restart and get back to a running state.
Note: This step will log you out from the TCA Appliance Management UI.

 

VIM

The following steps need to be repeated for each VIM to update the credentials.
  1. Log into the TCA UI.
  2. Go to Infrastructure > Virtual Infrastructure.
  3. Click on the kebab (three-dots) menu next to the VIM and select Edit.
  4. Update the vCenter credentials.
  5. Click Update.
 

TCA-CP

  1. Log into the TCA-CP Appliance Management UI.
  1. Go to Configuration > vCenter.
  2. Click on Edit and update the vCenter credentials.
  3. Click Save.
  4. If required, update the vRealize Orchestrator (vRO) credentials.
    1. Click vRealize Orchestrator (vRO)
    2. Click Edit and update the vRO credentials.
    3. Click Save.
  5. Go to Appliance Summary.
  6. Click the Restart button for the Application Service. Wait for the service to restart and get back to a running state.
  7. Click on the Restart button for the Web Service. Wait for the service to restart and get back to a running state.
Note: This step will log you out from the TCA Appliance Management UI.


TCA Infrastructure Automation / Host Configuration

Version: TCA 2.0

Note: Up to version 2.0 of TCA Infrastructure Automation, Host provisioning and deletion operations require the use of the administrator account.

These steps are to be followed if the domain attributes i.e., vSphere SSO domain-name & password, need to be updated.
 

Updating the Global VC Password

These are the same credentials used for TCA UI log in.
  1. Log into the TCA UI.
  2. Go to Infrastructure > Virtual Infrastructure.
  3. Go to Appliance Configuration > Configuration.
  4. Click on Edit.
  5. Expand vCenter and update the credentials.
  6. Click Save.
 

Updating the SSO domain-name

  1. Log into the TCA UI.
  2. Go to Infrastructure > Virtual Infrastructure.
  3. Go to Domains.
  4. Select the domain to be updated.
  5. Expand Appliance Overrides.
  6. Enable the override attribute for vSphere SSO Domain and specify the new vSphere SSO Domain under Override value.
  7. Click Save
 

Updating the VC password

  1. Log into the TCA UI.
  2. Go to Infrastructure > Virtual Infrastructure.
  3. Go to Domains.
  4. Select the domain to be updated.
  5. Expand Appliance Overrides.
  6. Enable the override attribute for Virtual Center and specify the new root and admin passwords under Override value.
  7. Click Save
 

Confirming Host Config Profile (HCP) Credentials

The following steps ensure that HCP operation has the correct credentials.
Note: HCP requires TCA SSO credentials.
 
  1. SSH into the TCA Manager using the admin account.
  2. Log into the TCF Manager docker container CLI.
docker exec –it tcf-manager /bin/bash
  1. Change directory to /opt/vmware/tcf/rest_api and make a backup of the tca_web_rest_client.py file.
cd /opt/vmware/tcf/rest_api;cp tca_web_rest_client.py tca_web_rest_client.pyBAK
  1. Use a text editor open the tca_web_rest_client.py script and update the username and password.
    1. Locate the section for method def __init__(self)
    2. Change the username and password values:
user = "<TCA SSO username>"
Note: This need not be administrator account always (use TCA SSO credentials)
password = "<TCA SSO password>"
   

Versions: TCA 2.1 / TCA 2.1.1

These are the steps to be followed if the domain attributes such as (vSphere SSO domain-name & password) need to be updated.
 

Updating Global VC Password

These are the same credentials used for TCA UI log in.
  1. Log into the TCA UI.
  2. Go to Infrastructure > Virtual Infrastructure.
  3. Go to Appliance Configuration > Configuration.
  4. Click on Edit.
  5. Expand vCenter and update the credentials.
  6. Click Save.
 

Updating SSO domain-name

  1. Log into the TCA UI.
  2. Go to Infrastructure > Infrastructure Automation.
  3. Go to Domains.
  4. Select the domain to be updated.
  5. Expand Appliance Overrides.
  6. Enable the override attribute for vSphere SSO Domain name and specify the new vSphere SSO Domain name under Override value.
  7. Click Save
 

Updating vSphere SSO Username

  1. Log into the TCA UI.
  2. Go to Infrastructure > Infrastructure Automation.
  3. Go to Domains.
  4. Select the domain to be updated.
  5. Expand Appliance Overrides.
  6. Enable the override attribute for vSphere SSO Username and specify the new vSphere SSO Username under Override value.
  7. Click Save
 

Updating VC password

  1. Log into the TCA UI.
  2. Go to Infrastructure > Infrastructure Automation.
  3. Go to Domains.
  4. Select the domain to be updated.
  5. Expand Appliance Overrides.
  6. Enable the override attribute for Virtual Center and specify the new root and password under Override value.
  7. Click Save
 

Confirming Host Config Profile (HCP) Credentials

The following steps ensure that HCP operation has the correct credentials.
Note: HCP requires TCA SSO credentials.
  1. SSH into the TCA Manager using the admin account.
  2. Log into the TCF Manager docker container CLI.
docker exec –it tcf-manager /bin/bash
  1. Change directory to /opt/vmware/tcf/rest_api and make a backup of the tca_web_rest_client.py file.
cd /opt/vmware/tcf/rest_api;cp tca_web_rest_client.py tca_web_rest_client.pyBAK
  1. Use a text editor to open the tca_web_rest_client.py script and update the username and password.
    1. Locate the section for method def __init__(self)
    2. Add the user and password configuration lines with the appropriate values:
user = "<TCA SSO username>"
Note: This should be the TCA SSO credentials, the same username that allows access to the TCA UI.
password = "<TCA SSO password>"
Note: This is the password associated with the TCA SSO username.
  1. Comment out the four lines under the yellow lines for user and password with a hashtag (#) symbol as seen below:image.png

  2. Restart the tcf-manager container by running the following command:

    docker restart tcf-manager

 

Update CaaS Credentials

This section provides steps to update the vCenter credentials for the management and workload clusters controlled by TCA 2.0.x and TCA 2.1.x
  1. SSH into the TCA-CP that controls the management clusters using the admin credentials.
ssh admin@<tca-cp-ip>
  1. Change user to root.
su root
  1. Check connectivity to retrieve the update-vc-credentials script.
curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/update-vc-credentials | bash -s -- -h

This script is used to update VC password for management clusters and workload clusters. It should only be run on TCA-CP within root user directly.

Supported TCA Versions TCA 2.0.x and 2.1.x 
update-vc-credentials

Usage:
   update-vc-credentials [option...]

Options:
  -f, --config                 Config file for VC accounts. Should be JSON format.
  -w, --workload-cluster       Only run on specific workload cluster.
  -v, --version                Show current script version.
For airgap environments, users should download the script to another location first, then copy it to the TCA-CP.
 
  1. Prepare a JSON file to provide the management clusters list and VC servers and accounts information.
The content should follow this format: 
{
  "tca_version": "2.0.0",
  "managementclusters": [ # Management cluster name list
    "<management_cluster_name1>",
    "<management_cluster_name2>"
  ],
  "vcenters": [
    {
      "server": "<vc-1-address>", # VC server address
      "accounts": [ # VC accounts information. Multiple accounts are supported.
        {
          "username": "<username-1>",
          "password": "<password-1>"
        },
        {
          "username": "<username-2>",
          "password": "<password-2>"
        }
      ]
    },
    {
      "server": "<vc-2-address>",
      "accounts": [
        {
          "username": "<username-1>",
          "password": "<password-1>"
        }
      ]
    }
  ]
}
  1. Run the script to update VC credentials.
Note: Ensure there is only one script running at a time. 
  1. Update management clusters and all the controlled workload clusters
    curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/update-vc-credentials | bash -s -- -f <input_json_file_path>
  2. Update specific workload cluster
    curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/update-vc-credentials | bash -s -- -f <input_json_file_path> -w <workload_cluster_name>
  1. Once the script is done, it will dump a summary about failed and successful updated clusters which are grouped by management cluster name.
2022-05-11 04:37:23 [INFO] VC credentials update process is done.
2022-05-11 04:37:23 [INFO] VC passwords on these following clusters are updated successfully.
- <mgmt_name_1>: <mgmt_name_1> <wc1> <wc2>
2022-05-11 04:37:23 [ERROR] VC passwords on these following clusters are updated in failure.
- <mgmt_name_1>: <wc3>
  1. (Optional) Run a cluster diagnosis to review for any errors.
 

XNF LCM

xNF Life Cycle Management functionality requires no additional change if all the steps listed in this document have been carried out.

Failing to do so will impact vRO Workflows, node customizations functionalities. CNFs that depend only on Helm will have no impact due to VC credentials change.

 

 
 


Powered by Wolken Software