vCD 5.1.X series – Requirements and Preparation

vCloud director 5.1.X is on the market for a quite long time, since VMworld 2012 event. Unfortunately I had no time to give a try and install it, especially when I had in my mind problems during vCloud Director 5.1 installation – it was a nightmare.  But finally I decided to give a shoot and install it on my homelab – just to see how the things works and what has changed since vCD 15 times. Second reason is to connect my vCAC 5.2 with vCD and test it.

Requirements:

• Hardware:
  • 1vCPU
  • 2GB RAM
  • 20GB disk drive
  • 2vNIC

• Operating system
  • officially only RedHat is supported as operating system for vCD 5.1.X installation
    • Red Hat Enterprise Linux 5 (64-bit), Update 4
    • Red Hat Enterprise Linux 5 (64-bit), Update 5
    • Red Hat Enterprise Linux 5 (64-bit), Update 6
    • Red Hat Enterprise Linux 5 (64-bit), Update 8
    • Red Hat Enterprise Linux 6 (64-bit), Update 1
    • Red Hat Enterprise Linux 6 (64-bit), Update 2
    • Red Hat Enterprise Linux 6 (64-bit), Update 3
    • Red Hat Enterprise Linux 6.3 (64-bit)
  • I will install vCD on CentOS 6.3 with all required packages
    

  [box type=”warning”] NOTE: CentOS is not officially supported for vCloud Director deployments[/box]

• Packages required:
  • See VMware KB article KB Installing vCloud Director 5.1.x best practices (2034092)

• Prepare DNS entries for vCD cell:
  • DNS for console
  • DNS entry for http interface
• vCenter server installed and configured
  • vSphere 5.1 vCenter server SSO deployment guide
  • vSphere 5.1 vCenter server inventory installation guide
  • vSphere 5.1 vCenter server  installation guide
  • vSphere 5.1 VMware update manager installation guide
  • vSphere 5.1 vCenter server Simple installation guide
  • vSphere 5.1 Web client installation guide
• vShield manager deployed and configured.

Preparation

Repeat steps for second vCloud director Cell in implementation and proceed to vCloud Director Installation and Configuration.Step 2 – CentOS installation and configuration 

• prepare virtual machine with hardware specs (see point above) and 2 vNIC cards
• Install CentOS  – choose server system installation profile
• After reboot you have to modify /etc/sysconfig/network-scripts/ifcfg-eth0 and make ONBOOT=no to ONBOOT=yes

[root@vcd01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:50:56:BD:7B:0F
TYPE=Ethernet
UUID=c1d042c6-d1df-4f07-85e8-354ca3c919c8
ONBOOT=yes
NM_CONTROLLED=yes
IPADDR=192.168.137.20
NETMASK=255.255.255.0
GATEWAY=192.168.137.100
IPV6INIT=no

It is CentOS “security feature” and default behaviour when OS detects more than 2 network adapters – 🙂

• restart network services : service network restart
• Repeat above steps for second network adapter.
• Add DNS servers into /etc/resolv.conf

[root@vcd01 ~]# cat /etc/resolv.conf
search lab.local
nameserver 192.168.137.200
[root@vcd01 ~]#

• Stop firewall, run below commands:
  • service iptables save
  • service iptables stop
  • chkconfig iptables off
• Stop  SELinux

[root@vcd01 ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

• Add required packages using yum

Step 3 – MSSQL DB preparation

vCloud director 5.1.X supports MSSQL 2008 and Oracle

• Create vCloud DB – Execute below SQL scripts – MSSQL

USE [master]
GO
CREATE DATABASE [vcd01] ON PRIMARY
(NAME = N'vcd01', FILENAME = N'E:\DB\vcd01.mdf', SIZE = 100MB, FILEGROWTH = 10% )
LOG ON
(NAME = N'vcd01_log', FILENAME = N'E:\DB\vcd01.ldf', SIZE = 1MB, FILEGROWTH = 10%)
COLLATE Latin1_General_CS_AS
GO
--Set the transaction isolation level
USE [vcd01]
GO
ALTER DATABASE [vcd01] SET SINGLE_USER WITH ROLLBACK IMMEDIATE;
ALTER DATABASE [vcd01] SET ALLOW_SNAPSHOT_ISOLATION ON;
ALTER DATABASE [vcd01] SET READ_COMMITTED_SNAPSHOT ON WITH NO_WAIT;
ALTER DATABASE [vcd01] SET MULTI_USER;
GO
--> Create the vcd01 Director database user account.
USE [vcd01]
GO
CREATE LOGIN [vcd01] WITH PASSWORD = 'vcd01pass', DEFAULT_DATABASE =[vcd01],
DEFAULT_LANGUAGE =[us_english], CHECK_POLICY=OFF
GO
CREATE USER [vcd01] for LOGIN [vcd01]
GO
--> Assign permissions to the vcd01 Director database user account.
USE [vcd01]
GO
sp_addrolemember [db_owner], [vcd01]
GO

 Step 4 – configure NFS export for transfer between vCloud Directors cells

That share will be used for transfer files between vCloud Director cells, mostly for sharing application catalogues. In my Homelab I have Nexenta storage as a virtual appliance.

• From Nexenta web GUI go to DataManagement –> Data Sets –> Folders –> Create :
  • Volume
  • Folder name
  • Description
  • Record Size
  •  and more
• Enable NFS protocol on new folder

NFS export on Nexenta

• Edit NFS share permission and enable root access from vCD cells to NFS share, otherwise you will get an error cpio: chown failed – Operation not permitted during vCloud director installation.

Installing the VMware vCloud Director RPMs...
warning: vmware-vcloud-director-5.1.2-1068441.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID 66fd4949: NOKEY
Preparing...                ########################################### [100%]
   1:vmware-vcloud-director ########################################### [100%]
error: unpacking of archive failed on file /opt/vmware/vcloud-director/data/transfer: cpio: chown failed - Operation not permitted
ERROR: Installation of the RPMs failed.
Please try running the installer again.

On non Nexenta NFS share set no_root_squash option on transfer NFS export. However on Nexenta you have to edit NFS export and grand root access to export from clients. On below example I give root access to NFS export from all hosts in network range 192.168.137.X

root access to NFS export in Nexenta

Step 6 – Mount NFS on vCloud Directory Cell

• Log into vCD cell as a root
• create directory  mkdir -p /opt/vmware/vcloud-director/data/transfer

[box type=”warning”] Make sure that before installation of the first vCD cell, NFS share which will be used as a transfer between cells in mounted under  $VCLOUD_HOME/data/transfer which points to  /opt/vmware/vcloud-director/data/transfer[/box]

• Modify /etc/fstab add line to mount transfer NFS share automatically during vCloud director cell boot.

# /etc/fstab
# Created by anaconda on Sun Jul 28 15:31:56 2013
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_vcd01-lv_root /                       ext4    defaults        1 1
UUID=022ef932-f73d-4dd5-bf13-04d39d3312c3 /boot                   ext4    defaults        1 2
/dev/mapper/vg_vcd01-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
san01:/volumes/vCD/vCloud01  /opt/vmware/vcloud-director/data/transfer  nfs     nfsvers=3       0 0

• run command mount -a to mount all mount points from /etc/fstab and verify if NFS was mounted by run mount -l

[root@vcd01 ~]# mount -a
[root@vcd01 ~]# mount -l
/dev/mapper/vg_vcd01-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
san01:/volumes/vCD/vCloud01 on /opt/vmware/vcloud-director/data/transfer type nfs (rw,nfsvers=3,addr=192.168.137.30)
[root@vcd01 ~]#

 Step 7 – prepare certificates

You can create keystore either on vCloud Director Cell or on any OS with JAVA installed.

• keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey -keyalg RSA –validity 731 -alias consoleproxy
• keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey -keyalg RSA -validity 731 -alias http
  • What is your first and last name? [Unknown]:vcd01.lab.local
  • What is the name of your organizational unit? [Unknown]:LAB
  • What is the name of your organization? [Unknown]:vmwaremine.com
  • What is the name of your City or Locality? [Unknown]:FFM
  • What is the name of your State or Province? [Unknown]:HE
  • What is the two-letter country code for this unit? [Unknown]:DE

• keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -list

[box type=”warning”] NOTE: file with the certificates (certificates.ks) will get created in the path where you executed command from. If it is /root home folder, move certificates.ks file into different location.[/box]

[root@vcd01 mnt]# keytool -storetype JCEKS -storepass password -keystore certificates.ks -list
 Keystore type: JCEKS
 Keystore provider: SunJCE
 Your keystore contains 2 entries
 consoleproxy, Jul 29, 2013, PrivateKeyEntry,
 Certificate fingerprint (SHA1): 3C:F3:2E:14:5F:23:A6:EC:0A:46:91:3A:5D:5A:C4:5B:E5:A0:B0:EE
 http, Jul 29, 2013, PrivateKeyEntry,
 Certificate fingerprint (SHA1): 6B:AF:6E:3D:C4:A6:3A:D3:90:FB:F8:53:E8:06:3E:0D:26:63:4E:27

Repeat above steps on each and every vCD cell in implementation or if you run on workstation then repeat above steps for all server and copy certificates.ks to all vCD cells ot to NFS share. You will need the keystore path name when you run the configuration script.

[box type=”info”] Because the vCloud Director configuration script does not run with a privileged identity, the keystore file and the directory in which it is stored must be readable by any user.[/box]

Repeat steps for second vCloud director Cell in implementation and proceed to vCloud Director Installation and Configuration.

Step 8 – Install and configure vShield Manager

• Download vShield MAnager OVF image from VMware
• Deploy VM from OVF template
• Power on vSield Manager and log in to console with:
  • username: admin
  • password: default

vShield Manager login

• at the manager prompt type: enable and password default to enable vShield Manager setup mode
• at the manager# prompt type setup to begin with vShield Manager networking configuration provide:
  • IP address
  • subnet mask
  • default getways
  • DNS details
• Save networking configuration

vShield Manager networking configuration

[box type=”info”] It is not necessary to synchronize vShield Manager with vCenter or register the vShield Manager as a vSphere Client plug-in when you use vShield Manager with vCloud Director[/box]

Step 9 – Integrate vShield Manager with vCenter server – Optional

• Use web browser and log in to vShield Manager administrator console

vShield Manager log in screen

• From Setting and Reporting in configuration tab type:
  • SSO lookup service FQDN and credentials
  • vCenter server FQDN and credentials
  • NTP server – Optional
  • Syslog server – Optional
  

  vCenter connection data in vShield manager configuration tab

• Next, log in to vCenter server via vSphere client and verify if vShield tab appear on cluster and ESXi hosts

vShield manager tab on ESXi host