VCF 9 – Offline Depot Configuration Iteration

Whether it’s an air-gapped environment or a home lab setup, I have always been a fan of having an offline depot for VCF binaries and packages.

In this blog post, I will go through the configuration iteration for setting up the VCF Download Tool and connecting the VCF Installer Appliance to it.

Prerequisites:

• A virtual machine with Photon OS (v5) with internet access, I prefer to use the ISO image here to make the default disk space 1TB, it is pretty easy to set it up on the fly (instead of deploying the virtual appliance and then editing it).
• A generated download token.

Preparation:

• If it’s a lab environment,t disable the firewall on the Photon OS VM -> systemctl disable iptables
• Enable SSH for root -> Change PermitRootLogin from no to yes in: /etc/ssh/sshd_config -> systemctl restart ssh
• Update the Photon OS installation -> tdnf update --assumeyes -> reboot
• Install Apache (httpd) -> tdnf install httpd --assumeyes
• If it is a lab environment, you don’t need to bother about enabling the server with SSL; this can be bypassed on the appliances later on.
• To configure the offline depot on the appliances, the web server needs to be authenticated; as such htaccess must be configured -> htpasswd -c /etc/httpd/conf/.htpasswd <username> <- You will be prompted for the password.
• Give ownership of the htaccess file to Apache -> chown apache /etc/httpd/conf/.htpasswd.
• Within the <VirtualHost> configuration, add this to the httpd.conf file:

########################
<Directory <CHANGE THIS TO THE CORRECT PATH>/PROD/COMP>
# Basic Auth (VCF 4.x and 5.0)
AuthType Basic
AuthName "Basic Authentication"
AuthUserFile /etc/httpd/conf/.htpasswd
require valid-user
</Directory>
<Directory "<CHANGE THIS TO THE CORRECT PATH>/PROD/COMP/Compatibility/VxrailCompatibilityData.json">
# VxRail VVS Cookie Validation (VCF 5.0)
<If "%{HTTP:Cookie} == 'ngssosession=ngsso-token' ">
Require all granted
</If>
</Directory>
<Directory <CHANGE THIS TO THE CORRECT PATH>/PROD/vsan/hcl>
<If "%{HTTP:X-vmw-esp-clientid} == 'offline-depot-hcl-vcf' ">
Require all granted
</If>
</Directory>
# Those Alias statements are needed only for VCF 5.1.0.0.
Alias /products/v1/bundles/lastupdatedtime /var/www/html/PROD/vsan/hcl/lastupdatedtime.json
Alias /products/v1/bundles/all /var/www/html/PROD/vsan/hcl/all.json
# Needed only if UMDS downloads are presented
<Directory /var/www/html/umds-patch-store>
Require all granted
</Directory>
###################

• Verify the httpd configuration -> httpd -t
• Start the httpd service -> systemctl start httpd
• Enable the httpd service -> systemctl enable httpd
• Give ownership to Apache to the root directory that was specified in the above httpd configuration -> chown apache -R <CHANGE THIS TO THE CORRECT PATH> <- You might need to do this once more once the download tool finishes.
• On the same Web Server VM, create a text file and place in it the download token that was retrieved previously.

VCF Download Tool:

• Download the VCF Download Tool.
• Extract it on the Web Server (tar -zxf).
• Execute the tool -> ./vcf-download-tool binaries download --vcf-version 9.0.0 --automated-install --depot-download-token-file=/path-to-downloadtoken.txt --depot-store=<Root Path for the HTTP Server>
• Once the download starts, you will get continuous updates in the CLI showing the progress. The beautiful thing about the tool is that it is commutative, so if a download fails, it will pick up when you rerun it, and then in the future, when you need to update the packages, it will do the same.

First download run results:

Download rerun results:

Offline Depot Configuration:

• Deploy the VCF Installer appliance.
• If the Web Server is not running behind SSL, then SSH to the appliance and edit this file -> /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties
• Append the application-prod.properties with this -> lcm.depot.adapter.httpsEnabled=false
• Restart the LCM service on the appliance -> systemctl restart lcm
• Once the service is restart, it’ll take a couple of minutes for the UI to pick-up.
• Then you can configure the offline depot (hereunder screenshots for reference).

State before any configuration:

Select “Offline Depot“:

Input the Web Server details and click Configure:

The UI will refresh and you will see the available packages to be synchronized, then you can select all, and click “DOWNLOAD”:

Once the synchronization is completed, the download status will change to “Success”:

Now you can commence with deploying the first VCF 9 instance, the same depot needs to be configured again the SDDC Manager that will be deployed (although the depot is configured via VCF Ops, the SSL check parameters needs to be applied on the SDDC Manager appliance itself).

References:

• https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0/deployment/deploying-a-new-vmware-cloud-foundation-or-vmware-vsphere-foundation-private-cloud-/preparing-your-environment/downloading-binaries-to-the-vcf-installer-appliance/connect-to-an-offline-depot-to-download-binaries.html
• https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0/deployment/deploying-a-new-vmware-cloud-foundation-or-vmware-vsphere-foundation-private-cloud-/preparing-your-environment/downloading-binaries-to-the-vcf-installer-appliance/connect-to-an-offline-depot-to-download-binaries/set-up-an-offline-depot-web-server-for-vmware-cloud-foundation.html