How to replace a vCenter password in vRealize Suite Lifecycle Manager 8.1 using the API

| 3 minutes
VMware vRealize Suite vRealize Suite Lifecycle Manager Swagger API How-To

Following along the theme of one of my previous posts on vRealize Suite Lifecycle Manager (vRSLCM) and its REST API, here’s another on replacing the password for a vCenter Server in a vRSLCM “Datacenter”.

Similar to my previous post, we’ll be doing this in the Swagger UI as the ability to replace the password is not available in the standard vRSLCM UI (v8.1). The APIs used in this post are private and, as such, not supported by VMware.

The gist of what we’re doing:

1) Retrieve the new password’s alias from the Locker 1) Retrieve existing vCenter details 1) “Create” a new vCenter Server with the same details as the original, but replacing the password value with our new password from the locker.

This workflow is one you’d expect when a service account has aged out, or someone entered incorrect credentials when adding the vCenter Server.

I’ve currently got two passwords defined in my vRSLCM Locker. One is the active password (funkycloudmedina-old-vcenter-password), and the other is the new password (funkycloudmedina-new-vcenter-password) I want to use.

Note: I’m assuming you already have the new password added to your vRSLCM Locker.

  1. Log in to vRealize Suite Lifecycle Manager
  2. Click the User drop-down at the top right of the page and select API. Having already logged in to vRealize Suite Lifecycle Manager, we don’t have to authenticate using the APIs.
  3. Find the Locker Password and License API heading. Click to expand it.
  4. Find the GET /lcm/locker/api/passwords API. Click to expand it.

  5. Click the Try it out button then click the Execute button.
  6. In the response body, locate your new password using the alias value. For me, the alias was funkycloudmedina-new-vcenter-password.

  7. Copy the vmid and alias values and keep a note of it.
  8. Find the data-center-controller heading. Click to expand it.
  9. Find the GET /lcm/lcops/api/datacenters/{dataCenterName}/regions/{regionName}/zones/{zoneName}/vCenters API. Click to expand it.

  10. Click the Try it out button.
  11. Complete the request form that displays:
    1. dataCenterName - the name of the vRSLCM datacenter containing the target vCenter Server.
    2. region - Use ‘default’ as the value.
    3. zoneName - Use ‘default’ as the value.
  12. Click the Execute button.

    The response body will list the vCenter Servers for that datacenter.
  13. Locate the target vCenter server in the response, and copy all of the values returned for it.

  14. Below this API, you will find the POST /lcm/lcops/api/datacenters/{dataCenterName}/regions/{regionName}/zones/{zoneName}/vCenters API. Click to expand it.

  15. Click the Try it out button.
  16. Complete the request form that displays:
    1. dataCenterName - the name of the vRSLCM datacenter containing the target vCenter Server.
    2. region - Use ‘default’ as the value.
    3. zoneName - Use ‘default’ as the value.
    4. vCenterRequestDTO - We need to modify the values of each of these properties to reflect, identically, the target vCenter Server except for the vcPassword property. The following snippet is my returned vCenter Server details from step 13 with the old password reference:
      {
          "vCenterName": "vCenter",
          "vCenterHost": "vcsa-01.williams.lab",
          "vcUsername": "[email protected]",
          "vcPassword": "locker:password:bd6acc02-be6c-4763-8257-15261dec8ee3:funkycloudmedina-old-vcenter-password",
          "vcUsedAs": "CONSOLIDATED",
          "vcDataCollectionStatus": "SUCCESS"
      }
      And here you’ll see the new JSON body I will use for the vCenterRequestDTO body.
      {
          "vCenterHost": "vcsa-01.williams.lab",
          "vCenterName": "vCenter",
          "vcDataCollectionStatus": "SUCCESS",
          "vcPassword": "locker:password:8072f0f5-156a-42fd-8bc3-47c0bc2d9711:funkycloudmedina-new-vcenter-password",
          "vcUsedAs": "CONSOLIDATED",
          "vcUsername": "[email protected]"
      }
      Notice they are almost identical, except for the vcPassword field. I’ve used the vmid and the alias of the Locker Password response in step 7 to create a new reference for the vcPassword field. The structure for a Locker Password reference is locker:password:$vmid:$passwordalias.
  17. With the vCenter details in the vCenterRequestDTO field, click the Execute button.

    The response will be a request ID that you can track in vRSLCM’s Lifecycle Operations section. When the request is complete, you can use the API from step 9 to get the new vcPassword value:
    {
        "vCenterName": "vCenter",
        "vCenterHost": "vcsa-01.williams.lab",
        "vcUsername": "[email protected]",
        "vcPassword": "locker:password:bd6acc02-be6c-4763-8257-15261dec8ee3:funkycloudmedina-old-vcenter-password",
        "vcUsedAs": "CONSOLIDATED",
        "vcDataCollectionStatus": "SUCCESS"
    }

I hope this post has been useful. If you have any questions or suggestions, please feel free to leave a comment.

Share this on:
About Stellios Williams
Technical Account Manager VMware
This is my personal tech related blog for anything private and public cloud - including homelabs! My postings are my own and don’t necessarily represent VMware’s positions, strategies or opinions. Any technical guidance or advice is given without warranty or consideration for your unique issues or circumstances.
Comments
comments powered by Disqus