When you add a PowerShell host to vRealize Orchestrator (vRO) you are able to kick-off PowerShell scripts from your vRO workflows or just from the vSphere WebClient! Which can make your day to day work so much easier. So here is a short post about how you can add a PowerShell host to vRO.







Prerequisites

vRealize Orchestrator

vRO PowerShell Plug-in v1.0.6.2442318 (link)

Windows 2008 R2+ with PowerShell 2.0+



In the past I had some issues with the vRO v1.0.5 Plug-in and the default realm so please check which vRO PowerShell Plug-in you are using!



For a Stand-alone PowerShell host :

Then logon to your PowerShell host and configure Windows Remote Management.

Open an elevated command prompt and run the following commands :

winrm quickconfig winrm set winrm/config/service/auth @{Basic="true"} winrm set winrm/config/service @{AllowUnencrypted="true"} winrm set winrm/config/winrs @{MaxMemoryPerShellMB="2048"} 1 2 3 4 winrm quickconfig winrm set winrm/config/service/auth @{Basic="true"} winrm set winrm/config/service @{AllowUnencrypted="true"} winrm set winrm/config/winrs @{MaxMemoryPerShellMB="2048"}

Now the PowerShell host has been configured the PowerShell host can be added to vRO.



Open the vRO client login and go to :

Design -> Workflows -> Library -> PowerShell -> Configuration -> Add a PowerShell host

Give the PowerShell host a name, fill in the IP or FQDN and select Next.

Leave the settings on default and select Next.

Fill in the local user account, password and select Submit.

For a Domain joined PowerShell host :

The procedure for a Domain joined PowerShell host is almost the same as for the standalone PowerShell host, except you have to configure the kerberos settings on the vRO appliance.

SSH with your favourite SSH client onto your vRO appliance and add the following config file (be sure to replace all domain.local references according to your own domain):

vi /usr/java/jre-vmware/lib/security/krb5.conf 1 vi /usr/java/jre-vmware/lib/security/krb5.conf

[libdefaults] default_realm = DOMAIN.LOCAL udp_preferences_limit = 1 [realms] DOMAIN.LOCAL = { kdc = dc.DOMAIN.LOCAL default_domain = DOMAIN.LOCAL } [domain_realms] .domain.local=DOMAIN.LOCAL domain.local=DOMAIN.LOCAL 1 2 3 4 5 6 7 8 9 10 11 [libdefaults] default_realm = DOMAIN.LOCAL udp_preferences_limit = 1 [realms] DOMAIN.LOCAL = { kdc = dc.DOMAIN.LOCAL default_domain = DOMAIN.LOCAL } [domain_realms] .domain.local=DOMAIN.LOCAL domain.local=DOMAIN.LOCAL

Save the file with :wq and change the security rights for the file with :

chmod 644 /usr/java/jre-vmware/lib/security/krb5.conf 1 chmod 644 /usr/java/jre-vmware/lib/security/krb5.conf

Restart the vRO services or just reboot the appliane (just to be sure ;))

Then logon to your PowerShell host and configure Windows Remote Management.

Open an elevated command prompt and run the following commands :

winrm quickconfig winrm set winrm/config/service/auth @{Kerberos="true"} winrm set winrm/config/service @{AllowUnencrypted="true"} winrm set winrm/config/winrs @{MaxMemoryPerShellMB="2048"} 1 2 3 4 winrm quickconfig winrm set winrm/config/service/auth @{Kerberos="true"} winrm set winrm/config/service @{AllowUnencrypted="true"} winrm set winrm/config/winrs @{MaxMemoryPerShellMB="2048"}

Now the PowerShell host has been configured the PowerShell host can be added to vRO.

Open the vRO client login and go to :

Design -> Workflows -> Library -> PowerShell -> Configuration -> Add a PowerShell host

Give the PowerShell host a name, fill in the FQDN (NOT IP!) and select Next.

Select Kerberos as Authentication and select Next.

Fill in the domain user account, password and select Submit.