4.2
Table Of Contents
- Administering VMware vCenter Orchestrator
- Contents
- Administering VMware vCenter Orchestrator
- Updated Information
- The Orchestrator Client
- Managing Workflows
- Creating Resource Elements
- Managing Actions
- Using Packages
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access from Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Maintenance and Recovery
- Index
3 Open the js-io-rights.conf configuration file in a text editor.
The following code extract shows the default content of the js-io-rights.conf configuration file:
-rwx c:/
+rwx c:/orchestrator
+rx ../../configuration/jetty/logs/
+rx ../server/vmo/log/
+rx ../bin/
+rx ./boot.properties
+rx ../server/vmo/conf/
+rx ../server/vmo/conf/plugins/
+rx ../server/vmo/deploy/vmo-server/vmo-ds.xml
+rx ../../apps/
+r ../../version.txt
The default settings in the js-io-rights.conf file allow full read, write, and execute access to all of the
file system under c:\orchestrator, but deny all access to the rest of the file system.
4 Add the necessary lines to the js-io-rights.conf file to allow or deny access to parts of the file system.
For example, the following line denies the execution rights in the c:/orchestrator/noexec directory:
-x c:/orchestrator/noexec
By adding the preceding line, c:/orchestrator/foo retains execution rights, but
c:/orchestrator/noexec/bar does not. Both directories remain readable and writable.
You modified the access rights to the file system from workflows and from the Orchestrator API.
Set JavaScript Access to Operating System Commands
The Orchestrator API provides a scripting class, Command, that runs commands in the Orchestrator server host
operating system. To prevent unauthorized access to the Orchestrator server host, by default, Orchestrator
applications do not have permission to run the Command class. If Orchestrator applications require permission
to run commands on the host operating system, you can activate the Command scripting class.
You grant permission to use the Command class by setting a system property in the vmo.properties properties
file.
Procedure
1 Navigate to the following folder on the Orchestrator server system.
Option Action
If you installed Orchestrator with the
vCenter Server installer
Go to
install_directory
\VMware\Infrastructure\Orchestrator\app-
server\server\vmo\conf.
If you installed the standalone
version of Orchestrator
Go to
install_directory
\VMware\Orchestrator\app-
server\server\vmo\conf.
2 Open the vmo.properties configuration file in a text editor.
3 Set the com.vmware.js.allow-local-process system property by adding the following line to the
vmo.properties file.
com.vmware.js.allow-local-process=true
4 Save the vmo.properties file.
5 Restart the Orchestrator server.
Administering VMware vCenter Orchestrator
50 VMware, Inc.