5.5
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Hardware Requirements for Orchestrator
- Hardware Requirements for the Orchestrator Appliance
- Operating Systems Supported by Orchestrator
- Supported Directory Services
- Browsers Supported by Orchestrator
- Orchestrator Database Requirements
- Software Included in the Orchestrator Appliance
- Level of Internationalization Support
- Setting Up Orchestrator Components
- Installing and Upgrading Orchestrator
- Download the vCenter Server Installer
- Install Orchestrator Standalone
- Install the Orchestrator Client on a 32-Bit Machine
- Install the Client Integration Plug-In in the vSphere Web Client
- Download and Deploy the Orchestrator Appliance
- Upgrade Orchestrator 4.2.x and 5.1.x Standalone
- Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine
- Upgrading Orchestrator 4.0.x and Migrating the Configuration Data
- Upgrading the Orchestrator Appliance
- Uninstall Orchestrator
- Configuring the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Selecting the Authentication Type
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Importing the vCenter Server License
- Selecting the Orchestrator Server Mode
- Start the Orchestrator Server
- Configuring vCenter Orchestrator in the Orchestrator Appliance
- Configuring Orchestrator by Using the Configuration Plug-In and the REST API
- Configure Network Settings by Using the REST API
- Configuring Authentication Settings by Using the REST API
- Configure the Database Connection by Using the REST API
- Create a Self-Signed Server Certificate by Using the REST API
- Managing SSL Certificates Through the REST API
- Importing Licenses by Using the REST API
- Additional Configuration Options
- Change the Password of the Orchestrator Configuration Interface
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Import Licenses for a Plug-In
- Orchestrator Log Files
- Configuration Use Cases and Troubleshooting
- Configuring a Cluster of Orchestrator Server Instances
- Registering Orchestrator with vCenter Single Sign-On in the vCenter Server Appliance
- Setting Up Orchestrator to Work with the vSphere Web Client
- Check Whether Orchestrator Is Successfully Registered as an Extension
- Unregister Orchestrator from vCenter Single Sign-On
- Enable Orchestrator for Remote Workflow Execution
- Changing SSL Certificates
- Back Up the Orchestrator Configuration and Elements
- Unwanted Server Restarts
- Orchestrator Server Fails to Start
- Revert to the Default Password for Orchestrator Configuration
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access for Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Where to Go From Here
- Index
4 Save the vmo.properties file.
5 Restart the Orchestrator server.
You granted permissions to Orchestrator applications to run local commands in the Orchestrator server host
operating system.
NOTE By setting the com.vmware.js.allow-local-process system property to true, you allow the Command
scripting class to write anywhere in the file system. This property overrides any file system access
permissions that you set in the js-io-rights.conf file for the Command scripting class only. The file system
access permissions that you set in the js-io-rights.conf file still apply to all scripting classes other than
Command.
Set JavaScript Access to Java Classes
By default, Orchestrator restricts JavaScript access to a limited set of Java classes. If you require JavaScript
access to a wider range of Java classes, you must set an Orchestrator system property to allow this access.
Allowing the JavaScript engine full access to the Java virtual machine (JVM) presents potential security
issues. Malformed or malicious scripts might have access to all of the system components to which the user
who runs the Orchestrator server has access. Consequently, by default the Orchestrator JavaScript engine
can access only the classes in the java.util.* package.
If you require JavaScript access to classes outside of the java.util.* package, you can list in a configuration
file the Java packages to which to allow JavaScript access. You then set the com.vmware.scripting.rhino-
class-shutter-file system property to point to this file.
Procedure
1 Create a text configuration file to store the list of Java packages to which to allow JavaScript access.
For example, to allow JavaScript access to all the classes in the java.net package and to the
java.lang.Object class, you add the following content to the file.
java.net.*
java.lang.Object
2 Save the configuration file with an appropriate name and in an appropriate place.
3 On the Orchestrator server system, navigate to the folder that contains configuration files.
Option Action
If you installed Orchestrator with
the vCenter Server installer
Go to
install_directory\VMware\Infrastructure\Orchestrator\app-
server\conf.
If you installed the standalone
version of Orchestrator
Go to install_directory\VMware\Orchestrator\app-server\conf.
If you downloaded and deployed
the virtual appliance
Go to /etc/vco/app-server/.
4 Open the vmo.properties configuration file in a text editor.
5 Set the com.vmware.scripting.rhino-class-shutter-file system property by adding the following line
to the vmo.properties file.
com.vmware.scripting.rhino-class-shutter-file=path_to_your_configuration_file
6 Save the vmo.properties file.
7 Restart the Orchestrator server.
Chapter 10 Setting System Properties
VMware, Inc. 113