5.1
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Updated Information
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Orchestrator Components Setup
- Installing and Upgrading Orchestrator
- Configuring the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Selecting the Authentication Type
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Importing the vCenter Server License
- Start the Orchestrator Server
- Additional Configuration Options
- Change the Password of the Orchestrator Configuration Interface
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Import the Plug-In Licenses
- Orchestrator Log Files
- Configuration Use Cases and Troubleshooting
- Registering Orchestrator with vCenter Single Sign On in the vCenter Server Appliance
- Setting Up Orchestrator to Work with the vSphere Web Client
- Check Whether Orchestrator Is Successfully Registered as an Extension
- Unregister Orchestrator from vCenter Single Sign On
- Enable Orchestrator for Remote Workflow Execution
- Changing SSL Certificates
- Back Up the Orchestrator Configuration and Elements
- Unwanted Server Restarts
- Orchestrator Server Fails to Start
- Revert to the Default Password for Orchestrator Configuration
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access for Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Where to Go From Here
- Index
Rules in the js-io-rights.conf File Permitting Write Access to the Orchestrator
System
The js-io-rights.conf file contains rules that permit write access to defined directories in the server file
system.
Mandatory Content of the js-io-rights.conf File
Each line of the js-io-rights.conf file must contain the following information.
n
A plus (+) or minus (-) sign to indicate whether rights are permitted or denied
n
The read (r), write (w), and execute (x) levels of rights
n
The path on which to apply the rights
Default Content of the js-io-rights.conf File
The default content of the js-io-rights.conf configuration file is:
-rwx c:/
+rwx c:/orchestrator
+rx ../../configuration/jetty/logs/
+rx ../server/vmo/log/
+rx ../bin/
+rx ./boot.properties
+rx ../server/vmo/conf/
+rx ../server/vmo/conf/plugins/
+rx ../server/vmo/deploy/vmo-server/vmo-ds.xml
+rx ../../apps/
+r ../../version.txt
The first two entries in the default js-io-rights.conf configuration file allow the following access rights:
-rwx c:/
All access to the file system is denied.
+rwx c:/orchestrator
Read, write, and execute access is permitted in the c:/orchestrator directory.
Rules in the js-io-rights.conf File
Orchestrator resolves access rights in the order they appear in the js-io-rights.conf file. Each line can override
the previous lines.
In the default js-io-rights.conf configuration file, the second line partially overrides the first line because
c:/orchestrator is after c:/, which allows read, write, and execute access to c:/orchestrator but denies access
to the rest of the file system under c:/.
The default configuration allows workflows and the Orchestrator API to write to the c:/orchestrator
directory, but nowhere else.
IMPORTANT You can permit access to all parts of the file system by setting +rwx / in the js-io-rights.conf
file. However, doing so represents a high security risk.
Chapter 8 Setting System Properties
VMware, Inc. 85