In vSphere 6.0, we introduced a new command-line option to allow you to automate both the deployment and upgrade of a vCenter Server Appliance (VCSA) and Platform Services Controller (PSC) using a simple JSON configuration file. This has been a very popular request from customers and one that I have been asking for some time now and was glad to see it was finally made available with the VCSA. One thing that was still missing from an Automation standpoint was being able to some basic post-configurations after the initial deployment. Common operations such as adding additional user accounts, configuring SNMP for monitoring or adding proxy server were available but had to be done interactively and manually.

In vSphere 6.0 Update 1, an enhancement was made to the appliancesh interface which will now allow customers to automate the post-configurations of either a VCSA or PSC by simply re-directing a series of appliancesh commands within a file using SSH. Although SSH may not be ideal for all customers and having a programmatic interface via an API is ultimately where we want to get to; This at least allows customers to automate the end-to-end deployment of both the VCSA and PSC as well as covering any additional post-configurations that might be required to stand up a vSphere environment.

To make use of this feature, you simply create a file that contains the list of appliancesh commands that you wish to run on either the VCSA and/or PSC. Here is an example configuration called psc.config (you can name it anything you want):

Once you have saved the configuration file, you simply SSH to either your VCSA or PSC and re-direct the configuration file by running the following command:

ssh < psc.config

Once authenticated, the series of appliancesh commands will be executed and then you will be automatically logged off as seen in the screenshot below.
If you have any feedback in this particular area, please leave a comment as I know both PM/Engineering are interested in hearing your thoughts and what you might want to see in the future in terms of post-configuration of the VCSA and PSC.

4 thoughts on “Automating post-configurations for both PSC & VCSA 6.0u1 using appliancesh

  1. Hi William,

    Have you found a way to configure SSO (AD integration + Identity) without using the pi shell? (On the vCSA 6.0U1)

    It’s possible to do it in the shell with:
    /opt/likewise/bin/domainjoin-cli join

    I’m trying to do it with vRO but can’t get it to work yet.

    Thanks! (great blog btw!)


  2. Hi Lam,
    I am trying to enable SNMP with community strings to add my VCENTER and EXTERNAL PSC to solarwinds network performance monitoring system.
    But it is not working.
    Solarwinds NPM IP:
    Community string: DSE-Community

    The takss I have done is as followed:

    1. In vcenter web-client I have enabled SNMP receiver with IP, port and Community String.

    vis-vcenter:~ # vi dsevis.config
    vis-vcenter:~ # cat dsevis.config
    snmp.set –communities DSE-Community –targets
    vis-vcenter:~ # ssh Command> Command> vis-vcenter:~ # shell
    bash: shell: command not found
    vis-vcenter:~ # timed out waiting for input: auto-logout


    vis-psc:~ # vi dsevis.config
    vis-psc:~ # cat dsevis.config
    snmp.set –communities DSE-Community –targets
    vis-psc:~ # ssh < dsevis.config
    Pseudo-terminal will not be allocated because stdin is not a terminal.
    The authenticity of host ' (' can't be established.
    ECDSA key fingerprint is b8:d0:cb:9e:fb:3e:4b:41:03:88:9b:88:c4:af:55:9e [MD5].
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added ',' (ECDSA) to the list of known hosts.

    VMware vCenter Server Appliance

    Type: VMware Platform Services Controller

    Last login: Wed Dec 2 15:59:21 BDT 2015 from on pts/0
    Connected to service

    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Enable BASH access: "shell.set –enabled True"
    * Launch BASH: "shell"

  3. Off topic a bit, but how about an article on securing the appliances with the firewall? I am considering making the move from Windows to the Appliance, but the lack of a firewall seems a bit disturbing as some of my locations have no hardware firewall available.

Thanks for the comment!