vCloud director 5.1.X is on the market for a quite long time, since VMworld 2012 event. Unfortunately I had no time to give a try and install it, especially when I had in my mind problems during vCloud Director 5.1 installation – it was a nightmare. But finally I decided to give a shoot and install it on my homelab – just to see how the things works and what has changed since vCD 15 times. Second reason is to connect my vCAC 5.2 with vCD and test it.
Requirements:
- Hardware:
- 1vCPU
- 2GB RAM
- 20GB disk drive
- 2vNIC
- Operating system
- officially only RedHat is supported as operating system for vCD 5.1.X installation
- Red Hat Enterprise Linux 5 (64-bit), Update 4
- Red Hat Enterprise Linux 5 (64-bit), Update 5
- Red Hat Enterprise Linux 5 (64-bit), Update 6
- Red Hat Enterprise Linux 5 (64-bit), Update 8
- Red Hat Enterprise Linux 6 (64-bit), Update 1
- Red Hat Enterprise Linux 6 (64-bit), Update 2
- Red Hat Enterprise Linux 6 (64-bit), Update 3
- Red Hat Enterprise Linux 6.3 (64-bit)
- I will install vCD on CentOS 6.3 with all required packages
[box type=”warning”] NOTE: CentOS is not officially supported for vCloud Director deployments[/box]
- officially only RedHat is supported as operating system for vCD 5.1.X installation
- Packages required:
- See VMware KB article KB Installing vCloud Director 5.1.x best practices (2034092)
- Prepare DNS entries for vCD cell:
- DNS for console
- DNS entry for http interface
- vCenter server installed and configured
- vShield manager deployed and configured.
Preparation
Repeat steps for second vCloud director Cell in implementation and proceed to vCloud Director Installation and Configuration.Step 2 – CentOS installation and configuration
- prepare virtual machine with hardware specs (see point above) and 2 vNIC cards
- Install CentOS – choose server system installation profile
- After reboot you have to modify /etc/sysconfig/network-scripts/ifcfg-eth0 and make ONBOOT=no to ONBOOT=yes
[root@vcd01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static HWADDR=00:50:56:BD:7B:0F TYPE=Ethernet UUID=c1d042c6-d1df-4f07-85e8-354ca3c919c8 ONBOOT=yes NM_CONTROLLED=yes IPADDR=192.168.137.20 NETMASK=255.255.255.0 GATEWAY=192.168.137.100 IPV6INIT=no
It is CentOS “security feature” and default behaviour when OS detects more than 2 network adapters – 🙂
- restart network services : service network restart
- Repeat above steps for second network adapter.
- Add DNS servers into /etc/resolv.conf
[root@vcd01 ~]# cat /etc/resolv.conf search lab.local nameserver 192.168.137.200 [root@vcd01 ~]#
- Stop firewall, run below commands:
- service iptables save
- service iptables stop
- chkconfig iptables off
- Stop SELinux
[root@vcd01 ~]# cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
- Add required packages using yum
Step 3 – MSSQL DB preparation
vCloud director 5.1.X supports MSSQL 2008 and Oracle
- Create vCloud DB – Execute below SQL scripts – MSSQL
USE [master] GO CREATE DATABASE [vcd01] ON PRIMARY (NAME = N'vcd01', FILENAME = N'E:\DB\vcd01.mdf', SIZE = 100MB, FILEGROWTH = 10% ) LOG ON (NAME = N'vcd01_log', FILENAME = N'E:\DB\vcd01.ldf', SIZE = 1MB, FILEGROWTH = 10%) COLLATE Latin1_General_CS_AS GO --Set the transaction isolation level USE [vcd01] GO ALTER DATABASE [vcd01] SET SINGLE_USER WITH ROLLBACK IMMEDIATE; ALTER DATABASE [vcd01] SET ALLOW_SNAPSHOT_ISOLATION ON; ALTER DATABASE [vcd01] SET READ_COMMITTED_SNAPSHOT ON WITH NO_WAIT; ALTER DATABASE [vcd01] SET MULTI_USER; GO --> Create the vcd01 Director database user account. USE [vcd01] GO CREATE LOGIN [vcd01] WITH PASSWORD = 'vcd01pass', DEFAULT_DATABASE =[vcd01], DEFAULT_LANGUAGE =[us_english], CHECK_POLICY=OFF GO CREATE USER [vcd01] for LOGIN [vcd01] GO --> Assign permissions to the vcd01 Director database user account. USE [vcd01] GO sp_addrolemember [db_owner], [vcd01] GO
Step 4 – configure NFS export for transfer between vCloud Directors cells
That share will be used for transfer files between vCloud Director cells, mostly for sharing application catalogues. In my Homelab I have Nexenta storage as a virtual appliance.
- From Nexenta web GUI go to DataManagement –> Data Sets –> Folders –> Create :
- Volume
- Folder name
- Description
- Record Size
- and more
- Enable NFS protocol on new folder
- Edit NFS share permission and enable root access from vCD cells to NFS share, otherwise you will get an error cpio: chown failed – Operation not permitted during vCloud director installation.
Installing the VMware vCloud Director RPMs... warning: vmware-vcloud-director-5.1.2-1068441.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID 66fd4949: NOKEY Preparing... ########################################### [100%] 1:vmware-vcloud-director ########################################### [100%] error: unpacking of archive failed on file /opt/vmware/vcloud-director/data/transfer: cpio: chown failed - Operation not permitted ERROR: Installation of the RPMs failed. Please try running the installer again.
On non Nexenta NFS share set no_root_squash option on transfer NFS export. However on Nexenta you have to edit NFS export and grand root access to export from clients. On below example I give root access to NFS export from all hosts in network range 192.168.137.X
Step 6 – Mount NFS on vCloud Directory Cell
- Log into vCD cell as a root
- create directory mkdir -p /opt/vmware/vcloud-director/data/transfer
[box type=”warning”] Make sure that before installation of the first vCD cell, NFS share which will be used as a transfer between cells in mounted under $VCLOUD_HOME/data/transfer which points to /opt/vmware/vcloud-director/data/transfer[/box]
- Modify /etc/fstab add line to mount transfer NFS share automatically during vCloud director cell boot.
# /etc/fstab # Created by anaconda on Sun Jul 28 15:31:56 2013 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/vg_vcd01-lv_root / ext4 defaults 1 1 UUID=022ef932-f73d-4dd5-bf13-04d39d3312c3 /boot ext4 defaults 1 2 /dev/mapper/vg_vcd01-lv_swap swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 san01:/volumes/vCD/vCloud01 /opt/vmware/vcloud-director/data/transfer nfs nfsvers=3 0 0
- run command mount -a to mount all mount points from /etc/fstab and verify if NFS was mounted by run mount -l
[root@vcd01 ~]# mount -a [root@vcd01 ~]# mount -l /dev/mapper/vg_vcd01-lv_root on / type ext4 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw) /dev/sda1 on /boot type ext4 (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) san01:/volumes/vCD/vCloud01 on /opt/vmware/vcloud-director/data/transfer type nfs (rw,nfsvers=3,addr=192.168.137.30) [root@vcd01 ~]#
Step 7 – prepare certificates
You can create keystore either on vCloud Director Cell or on any OS with JAVA installed.
- keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey -keyalg RSA –validity 731 -alias consoleproxy
- keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey -keyalg RSA -validity 731 -alias http
- What is your first and last name? [Unknown]:vcd01.lab.local
- What is the name of your organizational unit? [Unknown]:LAB
- What is the name of your organization? [Unknown]:vmwaremine.com
- What is the name of your City or Locality? [Unknown]:FFM
- What is the name of your State or Province? [Unknown]:HE
- What is the two-letter country code for this unit? [Unknown]:DE
- keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -list
[box type=”warning”] NOTE: file with the certificates (certificates.ks) will get created in the path where you executed command from. If it is /root home folder, move certificates.ks file into different location.[/box]
[root@vcd01 mnt]# keytool -storetype JCEKS -storepass password -keystore certificates.ks -list Keystore type: JCEKS Keystore provider: SunJCE Your keystore contains 2 entries consoleproxy, Jul 29, 2013, PrivateKeyEntry, Certificate fingerprint (SHA1): 3C:F3:2E:14:5F:23:A6:EC:0A:46:91:3A:5D:5A:C4:5B:E5:A0:B0:EE http, Jul 29, 2013, PrivateKeyEntry, Certificate fingerprint (SHA1): 6B:AF:6E:3D:C4:A6:3A:D3:90:FB:F8:53:E8:06:3E:0D:26:63:4E:27
Repeat above steps on each and every vCD cell in implementation or if you run on workstation then repeat above steps for all server and copy certificates.ks to all vCD cells ot to NFS share. You will need the keystore path name when you run the configuration script.
[box type=”info”] Because the vCloud Director configuration script does not run with a privileged identity, the keystore file and the directory in which it is stored must be readable by any user.[/box]
Repeat steps for second vCloud director Cell in implementation and proceed to vCloud Director Installation and Configuration.
Step 8 – Install and configure vShield Manager
- Download vShield MAnager OVF image from VMware
- Deploy VM from OVF template
- Power on vSield Manager and log in to console with:
- username: admin
- password: default
- at the manager prompt type: enable and password default to enable vShield Manager setup mode
- at the manager# prompt type setup to begin with vShield Manager networking configuration provide:
- IP address
- subnet mask
- default getways
- DNS details
- Save networking configuration
[box type=”info”] It is not necessary to synchronize vShield Manager with vCenter or register the vShield Manager as a vSphere Client plug-in when you use vShield Manager with vCloud Director[/box]
Step 9 – Integrate vShield Manager with vCenter server – Optional
- Use web browser and log in to vShield Manager administrator console
- From Setting and Reporting in configuration tab type:
- SSO lookup service FQDN and credentials
- vCenter server FQDN and credentials
- NTP server – Optional
- Syslog server – Optional
- Next, log in to vCenter server via vSphere client and verify if vShield tab appear on cluster and ESXi hosts