In this recipe, we will learn how to tune an Orchestrator appliance. This includes changing IP settings as well as switching off unused services to get more performance out of the appliance.
We need a configured and running Orchestrator appliance as well as a web browser and an SSH tool (such as PuTTY).
There is a lot that could be done to tune the Orchestrator appliance.
When you deployed the Orchestrator appliance, it came in Virtual Hardware Version 7. The best thing to do is to upgrade the Virtual Hardware of the appliance to the most current version. To do this, follow these steps:
The IP and hostname should normally be assigned when the appliance is deployed; however, some aftercare has to be performed when using a DHCP or VMware workstation. Follow these steps to change the IP and hostname:
5480
.You also should consider giving your appliance a new SSL certificate. See the Configuring the Orchestrator service SSL certificate recipe in this chapter.
This is especially important when using encrypted services such as Kerberos and Orchestrator clusters. Follow these steps to set the time:
5480
.It is very important to have the same time settings in the Orchestrator server and vCenter PSC/SSO, as well as the Orchestrator Client. If the drift is too high, some updates, such as the workflow system logs, might not be updated properly. The worst case scenario could be that you lose connectivity between the components.
SSH access to the Orchestrator appliance is by default switched on. If your environment requires stricter security policies, here is how you can switch SSH off:
5480
.
If you are using external authentication and a database, you might as well switch off the database and LDAP services to gain more resources for Orchestrator. If you switch a service off, the service will not start on the next reboot:
chkconfig
[Linux service name]
.chkconfig
[Linux service name] off
.chkconfig
[Linux service name] on
.service [Linux service name] {start|stop|restart}
command.Here is the list of all Linux service names that are relevant for Orchestrator appliances:
Service |
Linux service name |
Orchestrator server |
|
Orchestrator Configurator Tool |
|
Embedded Database |
|
Embedded LDAP |
|
By default, the root account expires after 365 days. To change this setting, follow these steps:
passwd
-x 99999 root
command.Your root password will now never expire, as 99999
(in some 273 years) is the highest value that can be entered.
The Orchestrator appliance comes with a fully working Linux operating system, and therefore, it is highly adaptable to your needs.
If you are into Linux, you also can edit the configuration files. Please note that the SLES licensing used for the appliance might not cover additional packages. Also, installing additional software on the Orchestrator appliance might not be supported by VMware.
The appliance's iptables
firewall is not configured. So, if you want to configure the firewalls, you have to use the iptables
commands.