appliance vcenter settings v1: desired state

The desired_state structure defines the configuration about different components in vCenter. Warning: This structure is available as Technology Preview. These are early access APIs provided to test, automate and provide feedback on the feature. Since this can change based on feedback, VMware does not guarantee backwards compatibility and recommends against using them in production environments. Some Technology Preview APIs might only be applicable to specific environments.

Representation:

{
    "authmgmt"{
        "global_permission_list"[
            {
                "principal"{
                    "name""string",
                    "group"true
                },
                "propagate"true,
                "role_ids"[
                    1,
                    1
                ]
            },
            {
                "principal"{
                    "name""string",
                    "group"true
                },
                "propagate"true,
                "role_ids"[
                    1,
                    1
                ]
            }
        ],
        "token_policy"{
            "clock_tolerance"1,
            "token_delegation"1,
            "token_renewal"1,
            "bearer_refresh"1,
            "hok_refresh"1
        },
        "lockout_policy"{
            "failed_login_attempts"1,
            "failure_interval"1,
            "unlock_time"1
        },
        "password_policy"{
            "uppercase_chars"1,
            "min_length"1,
            "alpha_chars"1,
            "max_life"1,
            "special_chars"1,
            "lowercase_chars"1,
            "numeric_chars"1,
            "adj_identical_chars"1,
            "password_reuse"1,
            "max_length"1
        },
        "role_list"[
            {
                "privilege_id"[
                    "string",
                    "string"
                ],
                "name""string",
                "description""string",
                "id"1
            },
            {
                "privilege_id"[
                    "string",
                    "string"
                ],
                "name""string",
                "description""string",
                "id"1
            }
        ],
        "privileges_list"[
            {
                "is_on_parent"true,
                "description""string",
                "id""string",
                "group""string"
            },
            {
                "is_on_parent"true,
                "description""string",
                "id""string",
                "group""string"
            }
        ]
    },
    "appliance"{
        "software_update_policy"{
            "password""secret string",
            "auto_stage""DISABLED",
            "certificate_check"true,
            "default_URL""string",
            "check_schedule"{
                "hour""string",
                "day""MONDAY",
                "minute""string"
            },
            "custom_URL""string",
            "username""string"
        },
        "time_sync"{
            "mode""DISABLED"
        },
        "smtp"{
            "relay_port""string",
            "mail_server""string"
        },
        "ssh"{
            "enabled"true
        },
        "local_accounts_policy"{
            "warn_days"1,
            "max_days"1,
            "min_days"1
        },
        "console_cli"{
            "enabled"true
        },
        "ntp"{
            "servers"[
                "string",
                "string"
            ]
        },
        "syslog"[
            {
                "hostname""string",
                "protocol""TLS",
                "port"1
            },
            {
                "hostname""string",
                "protocol""TLS",
                "port"1
            }
        ],
        "time_zone"{
            "name""string"
        },
        "network"{
            "dns_server_configuration"{
                "mode""DHCP",
                "servers"[
                    "string",
                    "string"
                ]
            },
            "firewall_rule_policies"[
                {
                    "address""string",
                    "prefix"1,
                    "interface_name""string",
                    "policy""IGNORE"
                },
                {
                    "address""string",
                    "prefix"1,
                    "interface_name""string",
                    "policy""IGNORE"
                }
            ],
            "proxy_configuration"[
                {
                    "server""string",
                    "protocol""HTTP",
                    "password""secret string",
                    "port"1,
                    "enabled"true,
                    "username""string"
                },
                {
                    "server""string",
                    "protocol""HTTP",
                    "password""secret string",
                    "port"1,
                    "enabled"true,
                    "username""string"
                }
            ]
        },
        "backup_schedules"[
            {
                "recurrence_info"{
                    "hour"1,
                    "days"[
                        "MONDAY",
                        "MONDAY"
                    ],
                    "minute"1
                },
                "backup_password""secret string",
                "enable"true,
                "parts"[
                    "string",
                    "string"
                ],
                "location""http://myurl.com",
                "location_password""secret string",
                "schedule_id""string",
                "location_user""string",
                "retention_info"{
                    "max_count"1
                }
            },
            {
                "recurrence_info"{
                    "hour"1,
                    "days"[
                        "MONDAY",
                        "MONDAY"
                    ],
                    "minute"1
                },
                "backup_password""secret string",
                "enable"true,
                "parts"[
                    "string",
                    "string"
                ],
                "location""http://myurl.com",
                "location_password""secret string",
                "schedule_id""string",
                "location_user""string",
                "retention_info"{
                    "max_count"1
                }
            }
        ],
        "shell"{
            "enabled"true,
            "timeout"1
        },
        "root_local_account"{
            "warn_days_before_password_expiration"1,
            "password""secret string",
            "min_days_between_password_change"1,
            "roles"[
                "string",
                "string"
            ],
            "password_expires_at""2015-01-01T22:13:05.651Z",
            "fullname""string",
            "last_password_change""2015-01-01T22:13:05.651Z",
            "enabled"true,
            "email""string",
            "has_password"true,
            "max_days_between_password_change"1
        },
        "dcui"{
            "enabled"true
        }
    }
}

Attributes:

Name Type Description
Required
appliance.software_update_policy.auto_stage string Check for update at the pre-configured repository URL.

Defines state for automatic update notification. auto_update_notification enumerated type Value is one of:
DISABLED: Automatic update notification is disabled. Disable periodically query the configured url for updates.
ENABLED: Automatic update notification is enabled. Enable periodically query the configured url for updates.Only set if auto stage is enable.

appliance.software_update_policy.certificate_check boolean Indicates whether certificates will be checked during patching.

Warning: If this field is set to false, an insecure connection is made to the update repository which can potentially put the appliance security at risk.

appliance.backup_schedules[].location URI URL of the backup location.

Only set if URL is set in BackupSchedule.

appliance.backup_schedules[].recurrence_info.minute long Minute when backup should run.

Only set if minute is present in Recurrence Info of backup schedule.

appliance.backup_schedules[].recurrence_info.hour long Hour when backup should run. The hour should be specified in 24-hour clock format.

Only set if hour is present in Recurrence Info of backup schedule.

appliance.backup_schedules[].retention_info.max_count long Number of backups which should be retained. If retention is not set, all the backups will be retained forever.

appliance.backup_schedules[].schedule_id string Identifier of the schedule.

appliance.ssh ssh Get/Set enabled state of SSH-based controlled CLI. ssh service provides operations

appliance.ssh.enabled boolean Set enabled state of the SSH-based controlled CLI.

appliance.dcui dcui Get/Set enabled of Direct Console User Interface (DCUI TTY2). dcui service provides operations

appliance.dcui.enabled boolean Set enabled state of Direct Console User Interface (DCUI).

appliance.console_cli consolecli Get/Set enabled state of the console-based controlled CLI. consolecli service provides operations

appliance.console_cli.enabled boolean Set enabled state of the console-based controlled CLI (TTY1).

appliance.shell shell Get/Set enabled state of BASH. shell service provides operations

appliance.shell.enabled boolean Enabled can be set to true or false

appliance.shell.timeout long The timeout (in seconds) specifies how long you enable the Shell access. The maximum timeout is 86400 seconds(1 day).

appliance.time_sync.mode string Defines time synchronization modes Value is one of:
DISABLED: Time synchronization is disabled.
NTP: NTP-based time synchronization.
HOST: VMware Tool-based time synchronization.
appliance.ntp.servers string[] Set NTP servers. This variable updates old NTP servers from configuration and sets the input NTP servers in the configuration.

appliance.root_local_account.enabled boolean Flag indicating if the account is enabled

appliance.root_local_account.has_password boolean Is the user password set.

appliance.network.dns_server_configuration.mode string Define how to determine the DNS servers. Leave the servers argument empty if the mode argument is "DHCP". Set the servers argument to a comma-separated list of DNS servers if the mode argument is "static". The DNS server are assigned from the specified list.

Describes DNS Server source (DHCP,static). Value is one of:
DHCP: DNS address is automatically assigned by a DHCP server.
STATIC: DNS address is static.

appliance.network.dns_server_configuration.servers string[] List of the currently used DNS servers. DNS server configuration.

authmgmt.privileges_list privileges[] List of Privileges.

authmgmt.global_permission_list global_permission[] List of Global Permission.

authmgmt.role_list roles[] List of Roles.

authmgmt.password_policy.special_chars long Minimum special characters.

authmgmt.password_policy.alpha_chars long Minimum alphabetic characters.

authmgmt.password_policy.uppercase_chars long Minimum uppercase characters.

authmgmt.password_policy.lowercase_chars long Minimum lowercase characters.

authmgmt.password_policy.numeric_chars long Minimum numeric characters.

authmgmt.password_policy.adj_identical_chars long Maximum adjacent identical characters.

authmgmt.password_policy.password_reuse long Previous password reuse restriction.

authmgmt.password_policy.max_life long Maximum lifetime.

authmgmt.password_policy.max_length long Maximum length.

authmgmt.password_policy.min_length long Minimum length.

authmgmt.token_policy.clock_tolerance long Clock tolerance ms.

authmgmt.token_policy.token_renewal long Maximum token renewal count.

authmgmt.token_policy.token_delegation long Maximum token delegation count.

authmgmt.token_policy.bearer_refresh long Maximum Bearer RefreshToken lifetime.

authmgmt.token_policy.hok_refresh long Maximum HoK RefreshToken lifetime.

authmgmt.lockout_policy.failed_login_attempts long Maximum number of failed login attempts.

authmgmt.lockout_policy.failure_interval long Time interval between failures.

authmgmt.lockout_policy.unlock_time long Unlock time.

Optional
appliance appliance_management Appliance Management component desired spec. Warning: This attribute is available as Technology Preview. These are early access APIs provided to test, automate and provide feedback on the feature. Since this can change based on feedback, VMware does not guarantee backwards compatibility and recommends against using them in production environments. Some Technology Preview APIs might only be applicable to specific environments.

Optional.

appliance.software_update_policy software_update_policy Policy to update vCenter.

Optional. Only set if the SoftwareUpdatePolicy is set inside vCenter.

appliance.software_update_policy.custom_URL string Current appliance update repository URL. Enter "default" to reset the url to the default url.

Optional. Only set if custom URL required.

appliance.software_update_policy.default_URL string Default appliance update repository URL.

Optional. Only set if default URL required.

appliance.software_update_policy.check_schedule time The time structure defines day and time the automatic check for new updates will be run.

Optional. Only set if Time required.

appliance.software_update_policy.check_schedule.hour string Time to query for updates Format: HH:MM:SS Military (24 hour) Time Format

Optional. Only set if hour is present in SoftwareUpdatePolicy.

appliance.software_update_policy.check_schedule.minute string Time to query for updates Format: HH:MM:SS Military (24 hour) Time Format

Optional. Only set if minute is present in SoftwareUpdatePolicy.

appliance.software_update_policy.check_schedule.day string Day to query for updates

Optional. Only set if minute is present in SoftwareUpdatePolicy.

appliance.software_update_policy.username string Username for the url update repository

Optional. Only set if SoftwareUpdatePolicy requires username.

appliance.software_update_policy.password secret Password for the url update repository

Optional. Only set if SoftwareUpdatePolicy requires password.

appliance.backup_schedules backup_schedule[] Backup schedule of vCenter.

Optional. Only set if the Backup is schedule for vCenter.

appliance.backup_schedules[].parts string[] List of optional parts to be backed up. Use the list operation to get information about the supported parts.

Optional. If unset all the optional parts will not be backed up.

appliance.backup_schedules[].backup_password secret Password for a backup piece. The backupPassword must adhere to the following password requirements: At least 8 characters, cannot be more than 20 characters in length. At least 1 uppercase letter. At least 1 lowercase letter. At least 1 numeric digit. At least 1 special character (i.e. any character not in [0-9,a-z,A-Z]). Only visible ASCII characters (for example, no space).

Optional. If unset the backup piece will not be encrypted.

appliance.backup_schedules[].location_user string Username for the given location.

Optional. If unset authentication will not be used for the specified location.

appliance.backup_schedules[].location_password secret Password for the given location.

Optional. If unset authentication will not be used for the specified location.

appliance.backup_schedules[].enable boolean Enable or disable a schedule.

Optional. If unset the schedule will be enabled.

appliance.backup_schedules[].recurrence_info recurrence_info Recurrence information for the schedule.

Optional. If unset backup job will not be scheduled. See appliance.vcenter.settings.v1.config.components.applmgmt.recurrence_info.

appliance.backup_schedules[].recurrence_info.days string[] Day of week when the backup should be run. Days can be specified as list of days.

Optional. If unset the backup will be run everyday.

appliance.backup_schedules[].retention_info retention_info Retention information for the schedule.

Optional. If unset all the completed backup jobs will be retained forever. See appliance.vcenter.settings.v1.config.components.applmgmt.retention_info.

appliance.time_zone timezone The timezone service provides operations to get and set the appliance timezone.

Optional. Only set if the Timezone is set in vCenter.

appliance.time_zone.name string Set time zone.

Optional.

appliance.time_sync timesync timesync service provides operations Performs time synchronization configuration.

Optional. Only set if the time sync mode is set in vCenter.

appliance.ntp ntp ntp service provides operations Gets NTP configuration status and tests connection to ntp servers.

Optional. Only set if the ntp server are set in vCenter.

appliance.syslog log_forwarding[] The syslog service provides operations to manage forwarding of log messages to remote logging servers.

Optional. Only set if log forwarding to remote server are set in vCenter.

appliance.local_accounts_policy local_accounts_policy The localAccountsPolicy service provides operations to manage local user accounts.

Optional. Only set if Password Policy is set to manage local user accounts.

appliance.local_accounts_policy.max_days long Maximum number of days a password may be used. If the password is older than this, a password change will be forced.

Optional. If unset then the restriction will be ignored.

appliance.local_accounts_policy.min_days long Minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected.

Optional. If unset then the restriction will be ignored.

appliance.local_accounts_policy.warn_days long Number of days warning given before a password expires. A zero means warning is given only upon the day of expiration.

Optional. If unset then no warning will be provided.

appliance.root_local_account local_accounts The local_accounts service provides operations to manage local user account.

Optional.

appliance.root_local_account.fullname string Full name of the user

Optional. If unset, the value was never set.

appliance.root_local_account.roles string[] User roles

Optional.

appliance.root_local_account.last_password_change date_time Date and time password was changed.

Optional. If unset, the password was never set.

appliance.root_local_account.password_expires_at date_time Date when the account's password will expire

Optional. If unset, the password never expires.

appliance.root_local_account.min_days_between_password_change long Minimum number of days between password change

Optional. If unset, pasword can be changed any time.

appliance.root_local_account.max_days_between_password_change long Maximum number of days between password change

Optional. If unset, password never expires.

appliance.root_local_account.warn_days_before_password_expiration long Number of days of warning before password expires

Optional. If unset, a user is never warned.

appliance.root_local_account.password secret Password

Optional. If unset, value will not be changed.

appliance.root_local_account.email string Email address of the local account

Optional. If unset, value will not be changed.

appliance.smtp smtp The local_accounts service provides operations to manage local user account.

Optional.

appliance.smtp.mail_server string Mail server IP address.

Optional. If unset then the value will be ignored.

appliance.smtp.relay_port string Relay port number.

Optional. If unset then the value will be ignored.

appliance.network appliance_network Network configurations to be applied.

Optional. Only set if the network configurations are set in vCenter.

appliance.network.firewall_rule_policies firewall_rule_policy[] List of Firewall Rules to be applied.

Optional. Only set if the FirewallRulePolicy is set in vCenter.

appliance.network.dns_server_configuration dns_server_configuration DNS configuration to be applied.

Optional. Only set if the DnsServerConfiguration is set in vCenter.

appliance.network.proxy_configuration proxy_configuration[] Proxy configuration to be applied.

Optional. Only set if the Proxy server configuration is set in vCenter.

authmgmt authentication_management Authentication Management component desired spec. Warning: This attribute is available as Technology Preview. These are early access APIs provided to test, automate and provide feedback on the feature. Since this can change based on feedback, VMware does not guarantee backwards compatibility and recommends against using them in production environments. Some Technology Preview APIs might only be applicable to specific environments.

Optional.

authmgmt.password_policy password_policy Password Policy.

Optional.

authmgmt.token_policy token_policy Token Policy.

Optional.

authmgmt.lockout_policy lockout_policy Lockout Policy.

Optional.