vRealize 8.1 Embedded vRO - Add PowerShell Host using Kerberos Auth
Prepare the PowerShell Host WinRM Configuration:
winrm quickconfig
winrm set winrm/config/service/auth @{Kerberos="true"}
winrm set winrm/config/service @{AllowUnencrypted="true"}
winrm set winrm/config/winrs @{MaxMemoryPerShellMB="2048"}Create a krb5.conf file with the following contents:
[libdefaults]
default_realm = DOMAIN.COM
[realms]
DOMAIN.COM = {
kdc = dc.domain.com
default_domain = domain.com
}
[domain_realm]
.domain.com=DOMAIN.COM
domain.com=DOMAIN.COMCopy or create the krb5.conf file at the following location on the vRA appliance: /data/vco/usr/lib/vco/app-server/conf/krb5.conf
Finally you need to chmod 644 the file you just uploaded.
Now you need to redeploy the vRO pod
kubectl -n prelude get pods
You are looking for an entry like this:
vco-app-<hash>-<hash>
Then you want to issue the following command to destroy the pod, after a few seconds a new one will be deployed in it’s place:
kubectl -n prelude delete pod vco-app-<hash>-<hash>
Don’t forget to use the name of the pod you got in the previous command and not just copy and paste what is shown here.
Now go to the vRealize Orchestrator web interface, go to Workflows, run the Add Powershell Host Workflow and when you specify the credentials to use make sure to use the UPN (user@domain) format.