Link Search Menu Expand Document

Configure Orchestrator Using the CLI Utility

Start the Utility Option in the CLI

  1. Open a CLI session (SSH or hypervisor console) to the Orchestrator.

  2. Log in as admin or a user with administrator privileges.

    Log in with the admin password you set in Change the SSH Shell Admin and Root Passwords

    TIP: To log in as root user, enter su - root (for on-prem Orchestrator) or sudo su - root (for Orchestrator-as-a-Service). When prompted, enter the root password. If you are not logged in as a root user, you will be prompted for the root password after each selection.

  3. Enter /home/gms/gms/orch-setup -h to display the optional arguments.

    usage: orch-setup [-h] (-u | -c | -p | -m)

    Utility to do config changes/apply patches/upgrade via CLI

    Field Description
    -h, --help Show this help message and exit
    -u, --upgrade Upgrade to a different Orchestrator release
    -c, --change-config Config change like IP, hostname, DNS, timezone or NTP
    -p, --apply-patches Apply patches using dnf/yum update
    -m, --change-mode Configure VM as Orchestrator-only, Stats Collector-only or both

NOTE: At this point, the Orchestrator VM is running and needs to be configured. There are no appliances, key, or common name.

Change Configuration Settings

NOTE: For NTP Symmetric Key Authentication, the key ID must be listed in the /etc/chrony.keys file.

  1. Enter /home/gms/gms/orch-setup -c

    admin@Orch-Rocky ~]$ /home/gms/gms/orch-setup -c

    OS version: Rocky Linux release 9.3 (Blue Onyx)

    Sudo password for admin:

  2. Enter the admin password. Admin user has sudo privileges.

    =========================================================================================
    Would you like to change timezone information [y/n] y

  3. Enter y to change timezone.

    =========================================================================================
    Current timezone is America/Los_Angeles
    New timezone:

  4. Enter a timezone.

    TIP: To display a list of valid time zones, enter timedatectl list-timezone

    Timezone set to America/Phoenix
    =========================================================================================
    =========================================================================================
    Would you like to set up NTP servers to synchronize date and time across Orchestrator and EdgeConnect appliances? [y/n]:

  5. Enter y to set up an NTP server.

    Setting up NTP server
    NTP server(IP/name):

  6. Enter a valid NTP server, for example time.nist.gov. The NTP server will synchronize the date and time for Orchestrator and all associated EdgeConnect appliances.

    NTP server(s) added time.nist.gov =========================================================================================
    =========================================================================================

    NOTE: To enter an additional NTP server, you will need to run /home/gms/gms/orch-setup -c again or you can add another NTP server in the Orchestrator application after you complete the configuration.

    Would you like to change network configuration and hostname via GUI? [y/n]

  7. Enter n.

    ***************************************************************************
    *Configuring via CLI *
    ***************************************************************************
    Would you like to change the Orchestrator hostname? [y/n]

  8. Enter y.

    New hostname:

  9. Enter a descriptive name to identify this VM.

    ***************************************************************************
    *In order for the hostname to change permanently, you would need to reboot*
    *>su -c "shutdown -r now" *
    ***************************************************************************
    Would you like to change the IP address? [y/n]

    NOTE: The default IP address is a dynamic IP address. If you change the IP address, it will become a static IP address. HPE Aruba Networking recommends that you set a static IP address.

  10. Enter y.

    IP address:

  11. Enter the IP address.

    Netmask:

  12. Enter the netmask.

    Gateway:

  13. Enter the gateway.

    Would you like to change primary and secondary DNS servers used in a static IP address? [y/n]

  14. Enter y.

    DNS Server1:

  15. Enter the DNS server name, for example 8.8.8.8.

    DNS Server2(optional):

  16. Enter a second DNS server name. This step is optional.

    Choose from any of the following system configuration changes if you would like to perform

    Would you like to set up symmetric NTP authetication? Enter 1.

    Would you like to change fail2ban settings? Enter 2.

    Would you like to change SSH config? Enter 3.

    Would you like to setup password quality? Enter 4.

    Would you like to set up Message Of The Day? Enter 5.

    Would you like to set up Banner text? Enter 6.

    Would you like to set up rsyslog client to send longs from orchestartor? Enter 7.

    NOTE: You can exit the utility at any time by pressing Enter.

  17. To set up symmetric NTP authentication, enter 1.

    Setting up symmetric NTP configuration

    Enter comma or space separated pairs of NTP and key in this format - NTPServer:key 10.81.71.92:8

    1. Enter the comma or space separated pairs of NTP and key, for example 10.81.71.92:8

      NTP symmetric authentication added 10.81.71.92:8

      ===========================================================================

      System configuration prompts will display, but are removed from these steps for brevity.

  18. Enter root@orchestrator:/home/gms/gms$ ./orch-setup -c

    OS version: Rocky Linux release 9.3 (Blue Onyx)

    System configuration prompts will display, but are removed from these steps for brevity.

  19. To change the fail2ban settings, enter 2.

    Enter the bantime in seconds when a user with multiple failed login attempts is banned from logging in:

    1. Enter the time in seconds to ban the user from logging in after multiple failed login attempts.

      Enter the max number of failed login attempts before the user is banned for a bantime:

    2. Enter the maximum number of failed login attempts before the user is banned for a bantime.

      ===========================================================================

  20. Enter root@orchestrator:/home/gms/gms$ ./orch-setup -c

    OS version: Rocky Linux release 9.3 (Blue Onyx)

    System configuration prompts will display, but are removed from these steps for brevity.

  21. To change the SSH config, enter 3

    Would you like to change SSH client timeout? [y/n]

    1. Enter y

      SSH client timeout(seconds):

    2. Enter the time in seconds for the SSH timeout.

      Would you like to change SSH Server timeout? [y/n]

    3. Enter y

      ***************************************************************************

      SSH Server timeout is ClientAliveInterval multiplied by ClientAliveCount

      ***************************************************************************

      SSH server ClientAliveInterval(seconds): xx

      SSH server ClientAliveCountMax: xx

      Would you like to change the RekeyLimit? [y/n]

    4. Enter y

      Enter traffic threshold after which a rekey is issued (specified in bytes and may have a suffix of K, M, or G to indicate Kilobytes, Megabytes, or Gigabytes, respectively):

    5. Enter the traffic threshold in bytes.

      Enter time based threshold after which a rekey is issued (in seconds and may use any of the units documented in the TIME FORMATS section):

    6. Enter the time in seconds after which a rekey is issued.

      =========================================================================================

  22. Enter root@orchestrator:/home/gms/gms$ ./orch-setup -c

    OS version: Rocky Linux release 9.3 (Blue Onyx)

    System configuration prompts will display, but are removed from these steps for brevity.

  23. To change the setup password quality, enter 4

    Enter the minimum length of the password that would be enforced:

    ========================================================================================

    1. Enter the minimum length of the password. For example, 10.
  24. Enter root@orchestrator:/home/gms/gms$ ./orch-setup -c

    OS version: Rocky Linux release 9.3 (Blue Onyx)

    System configuration prompts will display, but are removed from these steps for brevity.

  25. To change the Message of the Day, enter 5

    Enter the filename which will contain the MOTD text(under /etc/motd.d):

    1. Enter the filename, for example GM

      Enter as many lines of text as you want for MOTD.

      When you're done, enter a single period on a line by itself.

    2. Enter a message of the day, for example Greetings! This is Orchestrator.

    3. Enter a single period.

      .

      =========================================================================================

  26. Enter root@orchestrator:/home/gms/gms$ ./orch-setup -c

    OS version: Rocky Linux release 9.3 (Blue Onyx)

    System configuration prompts will display, but are removed from these steps for brevity.

  27. To set up banner text, enter 6

    Enter as many lines of text as you want for Banner.

    When you're done, enter a single period on a line by itself.

    1. Enter the banner you want to display. For example, Greetings! Authenticate as admin user to orchestrator

    2. Enter a period on a line by itself.

      .

  28. Enter root@orchestrator:/home/gms/gms$ ./orch-setup -c

    OS version: Rocky Linux release 9.3 (Blue Onyx)

    System configuration prompts will display, but are removed from these steps for brevity.

  29. To set up rsyslog client to send longs from orchestartor, enter 7

    Enter the IP address of the rsyslog server you are trying to send logs to:

    1. Enter the IP address of the rsyslog server to send logs to. For example, 8.8.8.8

      Default port:514. Enter an alternate port to override default[514]:

    2. Enter an alternate port. For example, 514

      Place the pem files under the default directory: /home/gms/syslog_helper. Enter an alternate directory if the pem files are in another directory[/home/gms/syslog_helper]:

    3. Enter an alternate directory. For example, /home/gms/syslog_helper2

      input.remote_host=8.8.8.8

      =========================================================================================

  30. Press Enter to exit the utility.

    Choose from any of the following system configuration changes if you would like to perform

    Would you like to set up symmetric NTP authetication? Enter 1.

    Would you like to change fail2ban settings? Enter 2.

    Would you like to change SSH config? Enter 3.

    Would you like to setup password quality? Enter 4.

    Would you like to set up Message Of The Day? Enter 5.

    Would you like to set up Banner text? Enter 6.

    Would you like to set up rsyslog client to send longs from orchestartor? Enter 7.

    =========================================================================================

    [admin@Orch-Rocky ~]$

    The configuration is complete. You can run this script any time to change configuration settings.


Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP.

For third-party trademark acknowledgements, go to Trademark Acknowledgements. All third-party marks are property of their respective owners.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America