Alright here we go the vMA – I promised you I would bounce around topics which don't relate to each other whatsoever.
So, first off, let's get started with installing and configuring the vMA. Installation really doesn't even need to be described. It comes as an ovf and it's as simple as just importing that…
Configuration can get a bit tricky, especially if you haven't used IP Pools before. We will cover IP Pools in another blog post so I'll just leave it at that. For the moment, I just went into the vMA VM settings and disabled all of the vApp options!
Anyways, once you finally get the appliance booted up you will be prompted to enter in some network information – pretty simple stuff, menu driven, and then prompted to change the default password for vi-admin. Easy stuff thus far. Speaking of authentication the vMA utilizes 'sudo' to execute commands. This basically allows vi-admin to execute commands under the root user account. A bit of a security and safeguard mechanism utilized in some Linux OSes.
Alright, so we are now up and running so let's just go over some common tasks that we might perform in relation to the vSphere Management Assistant. Probably a good idea to know all of these for the exam as vMA does have its very own objective and is referenced in many others.
vMA and your domain!
Certainly we may want to join the appliance to our domain. This will give us plenty of benefits security wise, the biggest being we will not have to store any of our target hosts passwords within the vMA credential store – so long as the hosts are a member of the domain as well. Commands related to vMA and domains are as follows…
To join vMA to a domain, obviously substituting your domain name and authentication…requires a restart of the appliance afterwards.
sudo domainjoin-cli join FQDN user_with_priveledges
And, to remove the vMA it's the same command, different parameters
sudo domainjoin-cli leave
And to view information
sudo domainjoin-cli query
So as mentioned above we can do some un-attended active directory authentication to our hosts. This is a pretty long drawn out process so I doubt it will be asked, but then again I'm wrong 100% of 50% of the time – I'd just know where this information is in the vSphere Management Assistant user guide (HINT: Page 15).
Before we can use the vMA to execute commands on hosts we need to, well, add hosts to our vMA. Within vMA terms, our hosts are called targets; targets on which we can execute commands. So when adding hosts we have to provide the hostname and some credentials. Thus we have a couple of options in regards to how we authenticate; adauth of fpauth (Default). Examples of adding a host with both authentication types are below…along with some other host options..
Using local ESXi credentials
vifp addserver HOSTNAME
Using AD credentials
vifp addserver HOSTNAME --authpolicy adauth
Viewing the hosts we have added
Removing a server
vifp removeserver HOSTNAME
Set a host as the target server – meaning set it up so you can run a command on the host without authentication
vifptarget -s HOSTNAME
To clear the current target
Security and user related functions
The vMA also has a few commands we can run to help better secure our systems. When you add a host to vMA, it actually creates a vi-admin and vi-user account on your ESXi host. You can tell vMA to rotate these passwords using the following command.
vifp rotatepassword (--now, --never or --days #)
vMA also has a vi-user account locally, which by default is disabled, since it has no password. This account can be used to run commands on an ESXi host that would not normally require administrative priviledges. Enabling this account is as easy as simply setting a password on it using the following
sudo passwd vi-user
For now that's it – That's all I can think of that is vMA related – Now we will be using it for some other components in the futre, like setting up snmp and different things, but I wanted to keep this post strictly about vMA specific commands. Happy Studying!