slideshow 6 slideshow 4 slideshow 8 slideshow 1 slideshow 2 slideshow 3 slideshow 5 slideshow 7

Orchestrator workflow to register ssh public key on an ESXi host

The SSH plugin for vRealize Orchestrator allows you to execute SSH commands on a host or copy files to a host. This also works well with an ESXi host if SSH is enabled on that host. Unfortunately it only works by default by using a username and password. There also is a workflow to create a key pair and register the vCO server public key on an SSH-host which allows you to run SSH commands without the need of entering a password. But that workflow tries to store the key in a file location that does not exist on the ESXi host. In this article I describe how to update your system to store the public key in the right location.

The path used in the workflow is ~/.ssh/authorized_keys and should be
/etc/ssh/keys-root/authorized_keys.

You can also perform the action to register the key manually. If you have enough skills with SSH and Linux then you understand this: create the key pair on vCO with the existing workflow and add the contents of the public key file from the vCO server (/etc/vco/app-server/vco_key.pub) to the authorized keys file on the ESXi server (/etc/ssh/keys-root/authorized_keys)

Download the complete package

Download the complete package with the modified workflow and action here (download)

WarningBefore executing this workflow first run the already existing workflow in the SSH folder to create a key pair for your vCO Server

Create the modified workflow yourself

Folow these steps if you want to modify the existing action and workflow to add the public key to the right file location.

In the vRealize Orchestrator client first execute the workflow to generate a key pair so that you can't forget that later.

Next go to the actions and duplicate the action named registerVSOonHost. In the example below I have used a new name of registerVSOonESXiHost

Duplicate action

Now modify the scripting part of this new action. Find the path where the public key is normally stored (~/etc/.ssh/authorized_keys) and change that to /etc/ssh/root-keys/authorized_keys) which is the correct path for an ESXi host. See the image below.

Modify action

Next duplicate the existing workflow that registers the public key on a remote host. In the example below I have named the workflow Register vCO public key on ESXi-host

Duplicate workflow

Now edit the new workflow and remove the action element with the name of registerVSOonHost and replace it by your new workflow registerVSOonESXiHost.

Modify workflow

Don't forget to bind the input parameters for this action to the workflow input parameters.

Bind parameters of workflow

Now it's time to execute the workflow. As you can see in the image below you could first check the current contents of the authorized_keys file and then check the contents after running the workflow.

Workflow result

When this workflow had been executed successfully you can start running SSH commands on your ESXi host without the need of specifying a password by using the key pair.

Follow us on LinkedIn