Apr 28

How bout we let users set their default admin or root password?

As many of you may know one of the features that was available in vCD was the ability to have a unique password when the consumers requested the vApps. Obviously this was great for security but wasn’t always loved by the users. Enter vCAC which gives you some more flexibility and can be augmented so that during the request process you can provide the users access to create their own passwords.

This post is a bit long as there are many steps but it’s something simple that can be repeatable for really anything that you may want to take from user input and make a decision. Also if you don’t want to create the vCO workflow from scratch here is my vCO workflow that you can import directly in and edit as you see fit.

Start in the vCAC web console as an Infrastructure Admin
Go to -> Infrastructure tab -> Blueprints
01 First step

Go to -> Property Dictionary
02 Property Dictionary

New Property Definition

  • Name – make sure to choose a name that is very unique. You will use this in multiple steps including the vCO workflow
  • Display Name – this is what the users will see on their request page
  • Description – optional
  • Control Type – Password
  • Check Required

03 Add Prop Dict

Now we are going to create rules around what the password should be, there’s no way we want our users selecting the passkey that’s on their luggage 12345 !
Click on the edit link under Property Attributes
04 Edit Attribute

New Property Attribute

  • Select the RegEx, this is the regular expression that will force the users to meet specific password requirements
  • Name – enter the name you wish to use for the password regex
  • Value – I have used the following, in this example it requires 1 special character, 1 upper case, 1 lowercase, and is between 8-16 characters long

^(?=.*d)(?=.*[a-z])(?=.*[A-Z]).{8,16}$

05 RegEx

This is how it should look once complete
06 Attribute

Copy the name you created for the property definition
07 copy the prop def name

Go to -> Build Profiles
New Build Profile
08 New build profile

  • Give the new profile a name (this will be what you enable in the blueprint)
  • Description – optional
  • Name – add the property definition name that you copied in the previous step
  • Value – set the default value (can be left blank)
  • Check Prompt User

09 Build profile config

Now we will assign that to one of the blueprints
Go to -> Blueprints -> select the blueprint of choice and click edit
10 edit blueprint

Go to -> Properties tab of that blueprint and check the build profile name you just created
Create a new Custom Property and assign a value of Linux or Windows (case sensitive)
12 set custom prop and add password build profile

Go to -> vCenter Orchestrator and login -> Select your workflow template, if you haven’t created that yet please see this post
13 Orchestrator duplicate workflow

  • Name – create a name for this workflow
  • Folder – select the folder you want this workflow in
  • Copy version – optional

14 workflow options

Click on the newly created workflow and edit
15 edit new workflow

Start in the general tab and add an Attribute
Name – OS (this will be the placeholder for your custom property that you defined on the blueprint)
16 Add attribute and go to schema

Go to -> Schema tab
Drag Decision into the workflow after the Display Inputs
Click the pencil to edit
17 decision

Go to -> Decision tab
Click on Not set(NULL)
Select the OS attribute
18 choose the OS variable

Set it to equals Linux
Close
19 OS Linux

Search for SSH
Drag “run ssh” into the canvas after the decision
Click setup
20 SSH

Set all the bindings to Value accept path and passphrase which we will skip
Click promote
21 SSH setup

Search for Program
Drag “run a program” into the canvas on the other branch of the decision
Click setup
22 program

Set programPath to Value and click on the Input value
23 Progarm setup

Set this to c:windowssystem32net.exe
24 path

This should be the final view before clicking promote
25 program setup complete

Go to -> General tab
Add new attribute
Set the name to newPassword
30 add new attribute

Click on the string type and change it to SecureString
31 set secure string

Go to -> Schema tab
Click on the pencil to edit Display inputs
32 edit Display Inputs

Go to -> OUT tab and select the following

  • OS
  • hostnameOrIP
  • username
  • password
  • cmd
  • arguments
  • newPassword

33 outputs

Go to -> Scripting tab
This is where we put the logic together that passes into either Linux or Windows decision. As you can see in the highlighted area we get the os that is passed by the custom property, then we get the password that the user entered. Based on which OS is is defined in the blueprint we then set the username, password, and specific commands that need to be run on either OS. *notice if you are using my workflow you will want to alter the lines in this script with your custom properties and default username and password. In order to set the passwords we need to use those to log onto the systems.
34 scripting

Now that all of this is complete you can take this workflow and assign it to the blueprints you wish to execute against on MachineProvisioned. To learn how to assign workflows go to my previous post

gary.coburn

Pure technologist at heart, founder of Extendingclouds, and is considered to be a cloud expert in the IT field with over 15 years experience in Virtualization, Automation, and Cloud technologies. Gary Coburn started in the industry designing and implementing large scale enterprise server and desktop virtualization environments for a global manufacturing firm in West Michigan. Later went on to become a key pre-sales/post sales resource for a Regional SI. In Aug 2010 moved to VMware and have progressively moved from Michigan Enterprise SE, to Regional Specialist, and now a National Specialist
Gary has helped dozens of fortune 100 and 500 enterprises successfully adopt both private and public cloud strategies as part of their IT offerings. The result of which was large operational and capital savings for his customers. Gary continues to help large enterprise customers reach their hybrid cloud strategies at VMware. On Extendingclouds you will find exclusive content that will help you learn how to adopt a successful cloud strategy through the use of VMware Cloud Automation Center, Open Stack, and other industry recognized cloud solutions.

6 comments

Skip to comment form

    • Danny on December 17, 2014 at 9:38 am
    • Reply

    Thank you for this post, it was just what I was looking for and works perfectly apart from Linux cmd. I had to do this to make it work for me:-

    cmd=’echo -e “‘ + newPassword + ‘” | passwd –stdin root’;

    • AutomateTHEthings on February 16, 2015 at 11:22 pm
    • Reply

    Looks like the workflow referenced at the top of the blog links to a dead dropbox link. Any chance we could get an updated link?

    1. Updated the link in the post, thanks for letting me know!

    • Steven Adams on December 17, 2015 at 8:41 pm
    • Reply

    Hey Gary, I know this is a year old but hopefully you still ready it. Can you show how you pulled the OS variable in vCAC? I understand its a property definition but I can’t find how to make it just read Linux or Windows

    1. Steven, if you notice in this image I’m assigning the extendingclouds.os at the actual blueprint properties. That way you have the OS definition define per each blueprint you want to execute the workflow on. https://gcoburn2010.files.wordpress.com/2014/04/12-set-custom-prop-and-add-password-build-profile.png?w=1200&h=790
      Let me know if you have questions still!

        • Steven Adams on December 17, 2015 at 8:58 pm
        • Reply

        Totally missed that, thanks!

Leave a Reply

Your email address will not be published.