System Properties are special attributes that give users the ability to change Orchestrator internal system behavior directly by modifying\adding those properties from the Control Centre. These properties are basically part of a configuration file in Orchestrator. In this post, we will some of the important system properties that can help you to enhance your Orchestrator experience.
Process of adding these properties will be same as mentioned below. You don’t really have to add them until needed.
List of System Properties
| Usage | Description | Key | Value (example) |
|---|---|---|---|
| vRO API Call Issue | If the authentication provider has been registered using vracli vro authentication commands, this may fix the API related issues of Orchestrator | com.vmware.o11n.sso.svcaccount.ephemeral-cert-lifetime-ms | 7776000000 |
| Disable Automatic Import of Trusted Certificates | It disables importing the trusted certificates into Polyglot Runtime. Resolves ERROR rehash: warning: skipping duplicate certificate in imported-{SHA256}.pem | com.vmware.o11n.polyglot.import-trusted-certificates | false |
| Number of concurrent running policies | The number of policies that run simultaneously | com.vmware.o11n.policy.executor_queue_size | 300 |
| OGNL Validator | This property enables the OGNL expression evaluation inside Orchestrator | com.vmware.o11n.forms.evalognl-validator.enabled | false |
| Set the number of vAPI Metamodels | This property will set the number of the vAPI metamodels that can be added from Orchestrator vAPI Plug-in. Adding more that 20 may use excessive memory and cause instability | vapi.metamodels.count | 20 (default) |
| Enable safe mode | If safe mode is enabled, all running workflows are canceled and are not resumed on the next Orchestrator node start. | ch.dunes.safe-mode | false |
| Number of concurrent running workflows | The number of workflows that run simultaneously. | com.vmware.vco.workflow-engine.executors-count | 300 |
| Maximum amount of running workflows in the queue | The number of workflow run requests that the Orchestrator server accepts before becoming unavailable. | com.vmware.vco.workflow-engine.executors-max-queue-size | 10000 |
| Maximum number of preserved runs per workflow | The maximum number of finished workflow runs that are kept as history per workflow. If the number is exceeded, the oldest workflow runs are deleted. | ch.dunes.task.max-workflow-tokens | 100 |
| Log events expiration days | The number of days that log events are kept in the database before they are purged. | com.vmware.o11n.log-events-expiration-days | 15 |
| Set JavaScript Access to Java Classes | Allow the JavaScript engine full access to the Java virtual machine (JVM) | com.vmware.scripting.rhino-class-shutter-file | vco/usr/lib/vco/your_configuration_file_subdirectory |
| Adding a JDBC Connector for the vRealize Orchestrator SQL Plug-In | Provides the path to the JDBC connector | o11n.plugin.SQL.classpath | /var/run/vco/plugins/SQL/lib/your_mysql_connector.jar |
| Set Custom Timeout Property | The number of milliseconds Orchestrator will wait for the response from vCenter | com.vmware.vmo.plugin.vi4.waitUpdatesTimeout | 30000 |
| Access to Operating System Commands for Workflows and Actions | Grant permission to use the Command class | com.vmware.js.allow-local-process | true |
| Scheduled Task and Policy Authentication Token Renewal | To make sure that the scheduled workflows or policies in the Orchestrator deployment continue running even after eight hours | com.vmware.o11n.auth.csp.renewTokens | true (link) |
| Enables Basic Authentication | enables basic authentication in Orchestrator for Multi-Node plugin and REST API. | com.vmware.o11n.sso.basic-authentication.enabled | true |
| Purge workflow tokens at set interval | The cron syntax to purge/delete workflow tokens automatically, changes the frequency of purging | com.vmware.o11n.purge.execution.cron | 0 0/5 * * * ? |
| Enable Workflow Profiler in the vRealize Orchestrator Client | Enables profiler service to gather useful metric data about your workflow runs | com.vmware.vro.extensions.profiler.enabled | true |
| Enable Profiler for Every Workflow Run | After you enable the Profile all workflow runs option, Workflow Profiler will generate statistics for every workflow run | com.vmware.o11n.extensions.profiler.profile-all-workflow-runs | true |
| Enable Profiler for Scripting API | Should the profiler record metrics for scripting API calls | com.vmware.o11n.extensions.profiler.record-scripting | true |
| Enable Profiler for Action Runs | Should the profiler record metrics for standalone action runs | com.vmware.o11n.extensions.profiler.record-action-runs | true |
| Enable TokenReplay | enables tokenreplay service by setting it to true | com.vmware.vro.extensions.tokenreplay.enabled | true |
| Record token replay for all workflow runs | After you enable the TokenReplay, it will record for every workflow run | com.vmware.o11n.extensions.tokenreplay.record-all-workflow-runs | true |
| Record scripting API calls | it will record for every Scripting API call | com.vmware.o11n.extensions.tokenreplay.recordScripting | true |
| Enable Debugging for Kerberos | This will enable debugging for Kerberos Authentication mode | sun.security.krb5.debug | true |
| Socket Read Timeout period | The number of milliseconds Orchestrator will wait for the read timeout during REST call | com.vmware.vmo.plugin.vi4.socketReadTimeout | 180000 |
| Controls the delegation of authentication tokens | Allowing scheduled tasks or policies to use the same credentials as the user who initiated them | com.vmware.o11n.auth.csp.delegate_tokens | true |
| Increase Max Upload Size | Increase the Maximum Upload Size from 50MB to 100MB (applies to vRO packages, resource elements, etc.) | com.vmware.o11n.rest.maxUploadSize=100000000 | |
| Reduce the allowed maximum size of persisted token content (MB) | https://knowledge.broadcom.com/external/article?articleNumber=369686 | com.vmware.o11n.token.content-size-hard-limit | 32 * 1024 * 1024 = 33554432 (actual value) |
| Reduce the allowed maximum size of persisted token content (MB) | https://knowledge.broadcom.com/external/article?articleNumber=369686 | com.vmware.o11n.token.content-size-soft-limit | 4 * 1024 * 1024 = 4194304 (actual value) |
Procedure to add in Orchestrator
For Aria Automation 8.18.1 and above
As Control Center is removed , use vracli command to set the value from CLI. Run the bellow command.
Bash
vracli vro properties set -k com.vmware.o11n.sso.basic-authentication.enabled -v trueOnce this is done, the vro-app POD will be recreated.
For Aria Automation 8.18 and below
- Log in to Control Center as root.
- Click System Properties.
- Click New.
- In the Key text box, enter property.name (for eg.
com.vmware.o11n.auth.csp.renewTokens). - In the Value text box, enter
value(for eg. true). - In the Description text box, enter a description for the system property.
- Click Add.
- Click Save changes from the pop-up menu. A message indicates that you have saved successfully.
- Wait for the vRealize Orchestrator server to restart.
Procedure to add using REST Method (for 8.18 and below only)
You can also change these settings by control-center REST API.
HTTP
POST https://[vro-server]/vco-controlcenter/api/properties
Content-Type: application/json
Authorization: Basic [base64-encoded-credentials]
{
"properties": [
{
"key": "com.vmware.js.allow-local-process",
"value": "true"
}
]
}Properties File location
Bash
root@VRO [/data/vco/usr/lib/vco/app-server/conf]# cat vmo.properties
database.username=vco-db
database.url=jdbc:postgresql://pgpool:5432/vco-db
database.driverClassName=org.postgresql.Driver
encoded.vco.db.password=vcoencrypted:{riv}j8qSq+JDLEfzHhqf83KMHyb+XyLLrrZJBt2pfSYNYZP9kWpKLNh0F1NvAOtsbUBlLMxVkwiTVwXgtAra4CQ4mg==
com.vmware.o11n.policy.executor_queue_size=300
database.hibernate.dialect = org.hibernate.dialect.PostgreSQLDialect
vco.vsphere.lookup-service.url = https://X.X.X.X/lookupservice/sdk
vco.vsphere.lookup-service.cert.alias = vco.vsphere.lookup-service.ssl.certificate
ch.dunes.net.jboss-server.port = 8230
ch.dunes.authentication.provider = vsphere
ch.dunes.vso.client-keep-alive-disable = true
ch.dunes.task.max-workflow-tokens = 100
com.vmware.o11n.log-events-expiration-days = 15
com.vmware.vmo.plugin.vi4.socketReadTimeout = 180000Discover more from Cloud Blogger
Subscribe to get the latest posts sent to your email.
sun.security.krb5.debug = true for Kerberos debugging
com.vmware.vmo.plugin.vi4.cache.main.expirationSeconds – default value: 14400 seconds
com.vmware.vmo.plugin.vi4.cache.live.objects.expirationSeconds – default value: 14400 seconds
com.vmware.vmo.plugin.vi4.cache.clearOnSessionRefresh – default value: false
com.vmware.vmo.plugin.vi4.cache.main.max.size.mb – default value: 100
com.vmware.vmo.plugin.vi4.list.unusable.sdkConnections – default value: true
You can also change these settings by control-center API
POST : https:///vco-controlcenter/api/properties
Payload:
{
“error”: “”,
“id”: “”,
“properties”: [
{
“description”: “”,
“key”: “com.vmware.js.allow-local-process”,
“value”: “true”
}
],
“warning”: “”
}
how do you upload/install a new certificate with the cli like you did with the vro control center
Use this link: https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-automation/8-16/vco-installing-and-configuring-8-16/initial-configuration/manage-orchestrator-certificates/set-a-custom-tls-certificate-for-vrealize-orchestrator.html