In this recipe, we will learn how to tune an Orchestrator appliance. This includes changing IP settings as well as switching off unused services to get more performance out of the appliance.
We need a configured and running Orchestrator appliance as well as a web browser and an SSH tool (such as PuTTY).
There is a lot that could be done to tune the Orchestrator appliance.
When you deployed the Orchestrator appliance, it came in Virtual Hardware Version 7. The best thing to do is to upgrade the Virtual Hardware of the appliance to the most current version. To do this, follow these steps:
- Open the vCenter vSphere Web Client and find the Orchestrator VM.
- Right-click the VM and select Compatibility.
- If your VM is running, use Schedule VM Compatibility Upgrade, if the VM is powered off, choose Upgrade VM Compatibility.
- Acknowledge the upgrade and select the compatibility you wish to use. Use the highest Virtual Hardware setting.
- If your VM was running, restart it.
The IP and hostname should normally be assigned when the appliance is deployed; however, some aftercare has to be performed when using a DHCP or VMware workstation. Follow these steps to change the IP and hostname:
- Open the virtual appliance management interface (VAMI) area on port
5480. - Click on Network and select Address.
- Change all settings as required.
- Click on Save Settings.
- Reconnect the browser to the new IP.
You also should consider giving your appliance a new SSL certificate. See the Configuring the Orchestrator service SSL certificate recipe in this chapter.
This is especially important when using encrypted services such as Kerberos and Orchestrator clusters. Follow these steps to set the time:
- Open the VAMI area on port
5480. - Click on System and then on Time Zone.
- Set the correct time zone and click on Save settings.
- Click on Admin and then select Time Settings.
- Set Time Sync. Mode to Use Time Server.
- Enter NTP servers in Time Server fields and click on Save Settings.
It is very important to have the same time settings in the Orchestrator server and vCenter PSC/SSO, as well as the Orchestrator Client. If the drift is too high, some updates, such as the workflow system logs, might not be updated properly. The worst case scenario could be that you lose connectivity between the components.
SSH access to the Orchestrator appliance is by default switched on. If your environment requires stricter security policies, here is how you can switch SSH off:
- Open the VAMI area on port
5480. - Click on Admin and then select Admin.
- You can switch on general SSH connectivity as well as root access separately:
If you are using external authentication and a database, you might as well switch off the database and LDAP services to gain more resources for Orchestrator. If you switch a service off, the service will not start on the next reboot:
- Using SSH, log in to your Orchestrator appliance.
- To see the status of a service, type
chkconfig[Linux service name]. - To switch off a service, type
chkconfig[Linux service name] off. - To switch the service back on, type
chkconfig[Linux service name] on. - To stop, start, or restart the service immediately, use the
service [Linux service name] {start|stop|restart}command.
Here is the list of all Linux service names that are relevant for Orchestrator appliances:
|
Service |
Linux service name |
|
Orchestrator server |
|
|
Orchestrator Configurator Tool |
|
|
Embedded Database |
|
|
Embedded LDAP |
|
By default, the root account expires after 365 days. To change this setting, follow these steps:
- Using SSH, log in to your Orchestrator appliance as root.
- Use the
passwd-x 99999 rootcommand.
Your root password will now never expire, as 99999 (in some 273 years) is the highest value that can be entered.
The Orchestrator appliance comes with a fully working Linux operating system, and therefore, it is highly adaptable to your needs.
If you are into Linux, you also can edit the configuration files. Please note that the SLES licensing used for the appliance might not cover additional packages. Also, installing additional software on the Orchestrator appliance might not be supported by VMware.
The appliance's iptables firewall is not configured. So, if you want to configure the firewalls, you have to use the iptables commands.