5.1
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Updated Information
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Orchestrator Components Setup
- Installing and Upgrading Orchestrator
- Configuring the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Selecting the Authentication Type
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Importing the vCenter Server License
- Start the Orchestrator Server
- Additional Configuration Options
- Change the Password of the Orchestrator Configuration Interface
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Import the Plug-In Licenses
- Orchestrator Log Files
- Configuration Use Cases and Troubleshooting
- Registering Orchestrator with vCenter Single Sign On in the vCenter Server Appliance
- Setting Up Orchestrator to Work with the vSphere Web Client
- Check Whether Orchestrator Is Successfully Registered as an Extension
- Unregister Orchestrator from vCenter Single Sign On
- Enable Orchestrator for Remote Workflow Execution
- Changing SSL Certificates
- Back Up the Orchestrator Configuration and Elements
- Unwanted Server Restarts
- Orchestrator Server Fails to Start
- Revert to the Default Password for Orchestrator Configuration
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access for Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Where to Go From Here
- Index
Set Server File System Access for Workflows and JavaScript
To change the parts of the server file system that workflows and the Orchestrator API can access, modify the
js-io-rights.conf configuration file. The js-io-rights.conf file is created when a workflow tries to access
the Orchestrator server file system.
If the js-io-rights.conf file does not exist on your system, you can create it manually with the default content.
For more information, see “Manually Create the js-io-rights.conf File,” on page 86.
Orchestrator has read, write, and execute rights to a folder named orchestrator, at the root of the server system.
Although workflows have permission to read, write, and execute in this folder, you must create the folder on
the server system.
Procedure
1 Create the c:/orchestrator folder at the root of the Orchestrator server system.
2 Navigate to the following folder on the Orchestrator server system.
Option Action
If you installed Orchestrator with the
vCenter Server installer
Go to
install_directory
\VMware\Infrastructure\Orchestrator\app-
server\server\vmo\conf.
If you installed the standalone
version of Orchestrator
Go to
install_directory
\VMware\Orchestrator\app-
server\server\vmo\conf.
3 Open the js-io-rights.conf configuration file in a text editor.
4 Add the necessary lines to the js-io-rights.conf file to allow or deny access to parts of the file system.
For example, the following line denies the execution rights in the c:/orchestrator/noexec directory:
-x c:/orchestrator/noexec
By adding the preceding line, c:/orchestrator/exec retains execution rights, but
c:/orchestrator/noexec/bar does not. Both directories remain readable and writable.
You modified the access rights to the file system from workflows and from the Orchestrator API.
Manually Create the js-io-rights.conf File
You can extend access to other parts of the Orchestrator server file system by modifying the js-io-
rights.conf Orchestrator configuration file. If the js-io-rights.conf file does not exist on your system, you
can create it manually with the default content.
IMPORTANT Manually creating the js-io-rights.conf file is applicable only for Windows systems. The
recommended way to generate the js-io-rights.conf file is to run a workflow attempting to access the
Orchestrator server file system, for example, the Export logs and application settings workflow from the
Troubleshooting folder in the Orchestrator workflow library.
Procedure
1 Log in as an administrator to the machine on which the Orchestrator server is installed.
Installing and Configuring VMware vCenter Orchestrator
86 VMware, Inc.