VMware Cloud Community
itrudeau
Contributor
Contributor
Jump to solution

vRealize Orchestrator 8.0 Crendential attribute type deprecated

Hello group.

In vRO 7.6 we used configuration element with credential Attribute to use as sysprep admin when deploying Windows server.

Now trying to find out the credential type in the attribute it appear that type ha been deprecated from the API Explorer.

pastedImage_0.png

pastedImage_1.png

If this is the case, is someone know what replacement it ?

Thank in advance you the answer.

Regards.

1 Solution

Accepted Solutions
aslk5
Enthusiast
Enthusiast
Jump to solution

Well this is a pain. Seems like VMware broke their own workflow and there's no way to sysprep a windows vm and have it join a domain in version 8?

From what itrudeau said, is the workaround to do something like:

var myVcCustomizationPassword = new VcCustomizationPassword() ;

myVcCustomizationPassword.plainText = true;

myVcCustomizationPassword.value = "mypassword";

and then

identification.domainAdminPassword = myVcCustomizationPassword;

That would mean hard coding a password in plain text though.

Is there a way to feed myVcCustomizationPassword.value with a SecureString (or maybe EncryptedString since it seems a bit more secure to use?)

View solution in original post

Reply
0 Kudos
10 Replies
aslk5
Enthusiast
Enthusiast
Jump to solution

Interesting. I took a look at my setup and if I run the Clone, Windows Sysprep with Single NIC and credential via the Java client in 7.6, I can enter a user/pass to join a windows vm to the domain. if I try in the web client in 7.6 I can enter some test but there's no way that I can see to enter a password.

Since vRO 8 has no java client and the credential type doesn't work, does that mean the Windows sysprep workflow is now broken and can't be used via web client and we can't even create a hardcoded attribute in version 8 with the info?

Reply
0 Kudos
iiliev
VMware Employee
VMware Employee
Jump to solution

Hi,

'Credential' type has never quite worked outside of the old Java client; for example, it was not exposed to REST API so it was not possible to use it in clients that consume REST API like the new Web client or vSphere integration plug-in.

The alternative in vRO 8.x input forms is to use separate input fields of type Text Field (for the user name value) and Password (for the password value).

Existing workflows that use Credential input fields should be modified the same way as above.

Reply
0 Kudos
itrudeau
Contributor
Contributor
Jump to solution

Hello Group.

My problem is how i can pass the credential for adding a server into Active directory in the sysprep unattended now ?

I have identified that the source of the workflow is an action call:

getCustomizationIdentificationFromCredential

The exact lines in this action that are no longer compatible are:

function affectParam() {

    if (joinWorkgroup == null || joinWorkgroup == "") {

        identification.domainAdmin = domainAdmin.username;

       identification.domainAdminPassword = VcPlugin.createCustomizationPasswordFromCredentials(domainAdmin, true);

        identification.joinDomain = joinDomain;

        identification.joinWorkgroup = joinWorkgroup;

     }

So it’s a native object (VcPlugin) function (createCustomizationPasswordFromCredentials(Credential, Boolean)

) that is no longer usable.

Creates VcCustomizationPassword from provided Credential.

Parameters:

credentials : Credential -

plainText : Boolean -

Returns:

VcCustomizationPassword

Is there other ways to proceed, other then using this VcPlugin.createCustomizationPasswordFromCredentials ??

Reply
0 Kudos
aslk5
Enthusiast
Enthusiast
Jump to solution

Well this is a pain. Seems like VMware broke their own workflow and there's no way to sysprep a windows vm and have it join a domain in version 8?

From what itrudeau said, is the workaround to do something like:

var myVcCustomizationPassword = new VcCustomizationPassword() ;

myVcCustomizationPassword.plainText = true;

myVcCustomizationPassword.value = "mypassword";

and then

identification.domainAdminPassword = myVcCustomizationPassword;

That would mean hard coding a password in plain text though.

Is there a way to feed myVcCustomizationPassword.value with a SecureString (or maybe EncryptedString since it seems a bit more secure to use?)

Reply
0 Kudos
itrudeau
Contributor
Contributor
Jump to solution

Hello Aslk5

I have test the code you have suggest and apparently i get the same result:

attribute:

domainAdmin  type credential

password = type secureString

var identification =  {};

identification.domainAdminPassword = VcPlugin.createCustomizationPasswordFromCredentials(domainAdmin, true);

System.log (identification.domainAdminPassword)

var myVcCustomizationPassword = new VcCustomizationPassword() ; 

myVcCustomizationPassword.plainText = true; 

myVcCustomizationPassword.value = password; 

identification.domainAdminPassword2 = myVcCustomizationPassword; 

System.log (identification.domainAdminPassword2)

LOG output:

[2019-11-22 09:25:37.170] [I] DynamicWrapper (Instance) : [VcCustomizationPassword]-[class com.vmware.o11n.plugin.vsphere_gen.Password_Wrapper] -- VALUE : (vim.vm.customization.Password) {

   dynamicType = null,

   dynamicProperty = null,

   value = (not shown),

   plainText = true

}

[2019-11-22 09:25:37.177] [I] DynamicWrapper (Instance) : [VcCustomizationPassword]-[class com.vmware.o11n.plugin.vsphere_gen.Password_Wrapper] -- VALUE : (vim.vm.customization.Password) {

   dynamicType = null,

   dynamicProperty = null,

   value = (not shown),

   plainText = true

}

This should fix the issue

Thank you very much for your help.

Regards,

Reply
0 Kudos
aslk5
Enthusiast
Enthusiast
Jump to solution

That's good news. I would prefer to use an EncryptedString since it can't be output to the console.

iiliev​ do you know if changing the securestring to encryptedstring would work? Would the plugin handle decoding the value and passing it as plain text to the sysprep workflow even if we can't see it as the console?

Reply
0 Kudos
iiliev
VMware Employee
VMware Employee
Jump to solution

I think EncryptedString would not work, but Credential object is still available in the scripting (if I'm not mistaken) so you should be able to instantiate a new Credential object instance using the values from the separate user name / password inputs, and then use the same VcPlugin helper method.

Reply
0 Kudos
serbl
Enthusiast
Enthusiast
Jump to solution

Hi,

Were you able to find a solution for this? Should we duplicate the action (getCustomizationIdentificationFromCredential) and change its code?

Best regards, Rutger
Reply
0 Kudos
Rsasjol
Contributor
Contributor
Jump to solution

HI,

The problem is still there with Orchestrator 8.1.

I find it very strange that VMWare is not able to provide a definitive fix for this wide-spectrum issue.

Do I miss something ?

qc4vmware
Virtuoso
Virtuoso
Jump to solution

I have spent about 5 minutes trying to setup an 8.1 vRO instance and already hit this... I guess I can't call it a bug... I don't know how well publicized this was but it never feels like this stuff is.  I'm way behind anyway these days as all of our stuff is still in the 7.5 realm.  Sigh.  7.5 vRA/vRO to 8.1 is gonna be a lot of work.

Reply
0 Kudos