vCloud Director – Installation Iteration

I do know that there is a plethora of blogs around this topic, but again this blog is at first my personal reference and its a reference to anyone whom wishes it to be :-).

In relation to the same idea, above I believe that any implementation no matter how complex it is, if  properly dissected and organized, you would end up with a clean infrastructure with no remorses, this blog tackles the installation while taking into consideration some details that are not known to people whom are not familiar with Linux administration.

vCloud Director Installation (First Cell):
================================

  1. Applies to any vCD cell you want to install or add:
    1. Create the VM (CentOS or RHEL) and add two vNICs (use nmtui for the graphic user interface for this):
      1. If you’re not familiar with SE Linux, you’d better disable it (/etc/sysconfig/selinux <- vi then set SELINUX=disabled and reboot).
      2. For FirewallD, I prefer to use NSX DFW to protect the VMs network traffic (systemctl disable firewalld / systemctl stop firewalld).
    2. vi /etc/sysctl.conf -> net.ipv4.conf.all.rp_filter = 2 <- In case you have the two vNICs on the same subnet, I found this applicable only to CentOS as I did not face this issue with RHEL.
    3. If there is no internet access modify the repo list for offline installations to point to the mounted CD-ROM and enable the repo (this section).
    4. yum install alsa-lib bash chkconfig coreutils indutils glibc grep initscripts krb5-libs libgcc libICE libSM libstdc libX11 libXau libXdmcp libXext libXi libXt libXtst module-init-tools net-tools pciutils procps redhat-lsb sed tar which nfs-utils nfs-utils-lib cifs-utils
    5. wget https://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-DSA-KEY.pub (No Internet: just grab the file and upload it).
    6. wget https://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub (No Internet: just grab the file and upload it).
    7. rpm –import VMWARE-PACKAGING-GPG-DSA-KEY.pub
    8. rpm –import VMWARE-PACKAGING-GPG-RSA-KEY.pub
    9. Have an NFS share ready and give permissions to the server/s IPs (go to vCD NFS Share section).
    10. Upload vCloud Director setup.
    11. chmod 777 vcd-installer.bin
    12. Run the vcd-installer -> ./vcd-installer.bin <- Select No when opted to run the script
  2. Done ONCE: Configure the database (MSSQL is straight forward, for Oracle go to the vCD DB on Oracle section).
  3. Done ONCE from the first vCD cell: We need to create the SSL certificates first (go to vCD SSL Certificates section).
  4. Done ONCE from the first vCD cell: cd /opt/vmware/vcloud-director/bin and run ./configure <- fill in the required values as you go and you’re done.
  5. Once you access the vCD web portal, perform intial configuration before adding the second cell.

vCloud Director Installation (Second Cell):
===================================

  1. Have the second cell ready as you’ve done with the first cell (steps 1 to 12).
  2. Upload the keystore to the cell and copy the keystore to /opt/vmware/vcloud-director/ and chmod it.
  3. Get the responses.properties file from the first cell from this path /opt/vmware/vcloud-director/etc
  4. Upload the responses.properties file to the second vCD cell, chmod it to 777.
  5. Run the configuration utility: /opt/vmware/vcloud-director/bin/configure -r /vCDInstallation/responses.properties

===================================

===================================

  • RedHat add DVD to Yum Repository (applies to CentOS as well):
  1. ip addr show
  2. vi /etc/yum/pluginconf.d/subscription-manager.conf <- set this to disabled.
  3. mount /dev/cdrom /mnt
  4. cp /mnt/media.repo /etc/yum.repos.d/rhel7dvd.repo
  5. chmod 644 /etc/yum.repos.d/rhel7dvd.repo
  6. vi /etc/yum.repos.d/rhel7dvd.repo (do not copy the hereunder, make sure that the properties are their and have values):
    1. #
    2. [InstallMedia]
    3. name=Red Hat Enterprise Linux 7.2
    4. baseurl=file:///mnt
    5. mediaid=1446216863.790260
    6. metadata_expire=-1
    7. gpgcheck=0
    8. enabled=1
    9. cost=500
    10. #

================================

================================

  • vCD DB on Oracle:
  1. The official doc is here, the details are there but they presume that you have an Oracle DBA guru on your side, what if there is none :-P?
  2. Using the oracle user -> sqlplus “/as sysdba”
  3. – Create Tablespace CLOUD_DATA datafile ‘/oradata/cloud_data01.dbf’ size 1500M autoextend on;
  4. Create user vcloud identified by ZEEPASSWORD default tablespace CLOUD_DATA;
  5. alter user vcloud DEFAULT TABLESPACE CLOUD_DATA quota unlimited on CLOUD_DATA;
  6. GRANT CONNECT TO vcloud;
  7. GRANT RESOURCE TO vcloud;
  8. GRANT CREATE TRIGGER TO vcloud;
  9. GRANT CREATE TYPE TO vcloud;
  10. GRANT CREATE VIEW TO vcloud;
  11. GRANT CREATE MATERIALIZED VIEW TO vcloud;
  12. GRANT CREATE PROCEDURE TO vcloud;
  13. GRANT CREATE SEQUENCE TO vcloud;
  14. if you run the vCD installation and you’re still getting permissions related errors -> grant all privileges to vcloud;
  15. alter system set processes=200 scope=spfile; <- values depends on the sizing.
  16. alter system set sessions=225 scope=spfile; <- values depends on the sizing.
  17. alter system set transactions=248 scope=spfile; <- values depends on the sizing.
  18. alter system set open_cursors=225 scope=spfile; <- values depends on the sizing.
  19. shutdown immediate;
  20. startup;
  21. Test connectivity -> CONNECT vcloud/ZEEPASSWORD@10.10.10.2:1521/VCDDB
  22. Verify system values (one query):
    1. column c1 heading “Name” Format a50
    2. column c2 heading “Value” Format a10
    3. select name c1,value c2 from v$spparameter order by name;

================================

================================

  • vCD SSL Certificates:
  1. HTTP (Keystore creation) -> /opt/vmware/vcloud-director/jre/bin/keytool –keystore vcdcertificates.ks -alias http -storepass ZEEPASS -keypass ZEEPASS -storetype JCEKS -genkeypair -keyalg RSA -keysize 2048 -validity 365 -dname “CN=brm-vcd-c.br00mwalker.net, OU=IT, O=NFVI, L=Lebanon S=BR C=LB” -ext “san=dns:brm-vcd-c1.br00mwalker.net,dns:brm-vcd-c2.br00mwalker.net,dns:brm-vcd-c.br00mwalker.net,dns:brm-vcd-c1,dns:brm-vcd-c2,dns:brm-vcd-c,ip:192.168.134.1,ip:192.168.134.2,ip:192.168.134.3”
  2. CONSOLEPROXY (added to the previously created keystore)-> /opt/vmware/vcloud-director/jre/bin/keytool –keystore vcdcertificates.ks -alias consoleproxy -storepass ZEEPASS -keypass ZEEPASS -storetype JCEKS -genkeypair -keyalg RSA -keysize 2048 -validity 365 -dname “CN=brm-vcd-rc.br00mwalker.net, OU=IT, O=NFVI, L=Lebanon S=BR C=LB” -ext “san=dns:brm-vcd-rc1.br00mwalker.net,dns:brm-vcd-rc2.br00mwalker.net,dns:brm-vcd-rc.br00mwalker.net,dns:brm-vcd-rc1,dns:brm-vcd-rc2,dns:brm-vcd-rc,ip:192.168.134.4,ip:192.168.134.5,ip:192.168.134.6”
  3. VERIFICATION -> /opt/vmware/vcloud-director/jre/bin/keytool -storetype JCEKS -storepass ZEEPASS -keystore vcdcertificates.ks -list
  4. HTTP Create Certificate Request -> /opt/vmware/vcloud-director/jre/bin/keytool -keystore vcdcertificates.ks -storetype JCEKS -storepass ZEEPASS -certreq -alias http -file http.csr -ext “san=dns:brm-vcd-c.br00mwalker.net,dns:brm-vcd-c1.br00mwalker.net,dns:brm-vcd-c2.br00mwalker.net,dns:brm-vcd-c.br00mwalker.net,dns:brm-vcd-c1,dns:brm-vcd-c2,dns:brm-vcd-c,ip:192.168.134.1,ip:192.168.134.2,ip:192.168.134.3”
  5. CONSOLEPROXY Create Certificate Request -> /opt/vmware/vcloud-director/jre/bin/keytool -keystore vcdcertificates.ks -storetype JCEKS -storepass ZEEPASS -certreq -alias consoleproxy -file consoleproxy.csr -ext “san=dns:brm-vcd-rc1.br00mwalker.net,dns:brm-vcd-rc2.br00mwalker.net,dns:brm-vcd-rc.br00mwalker.net,dns:brm-vcd-rc1,dns:brm-vcd-rc2,dns:brm-vcd-rc,ip:192.168.134.4,ip:192.168.134.5,ip:192.168.134.6”
  6. Issue the certificate using the CA (WebServer, Base64, download the root certificate and rename it to root.cer).
  7. Impor ROOT SSL Certificate/s: /opt/vmware/vcloud-director/jre/bin/keytool -storetype JCEKS -storepass ZEEPASS -keystore vcdcertificates.ks -import -alias root -file root.cer (you will be prompted to accept and trust here).
  8. Import HTTP SSL Certificates -> /opt/vmware/vcloud-director/jre/bin/keytool -storetype JCEKS -storepass ZEEPASS -keystore vcdcertificates.ks -import -alias http -file http.cer
  9. Import CONSOLEPROXY SSL Certificates -> /opt/vmware/vcloud-director/jre/bin/keytool -storetype JCEKS -storepass ZEEPASS -keystore vcdcertificates.ks -import -alias consoleproxy -file consoleproxy.cer
  10. VERIFICATION -> /opt/vmware/vcloud-director/jre/bin/keytool -storetype JCEKS -storepass ZEEPASS -keystore vcdcertificates.ks -list
  11. – chmod +x vcdcertificates.ks
  12. – cp vcdcertificates.ks /opt/vmware/vcloud-director/
  13. – /opt/vmware/vcloud-director/vcdcertificates.ks

================================

================================

  • vCD NFS Share:
  1. Presuming that the NFS share was created and the vCloud Director node/s are granted access to it.
  2. cd /opt/vmware/vcloud-director/data/transfer
  3. mount -t nfs IPofNFS:/Share /opt/vmware/vcloud-director/data/transfer [mount -t nfs 192.168.200.2:/volume1/vcdshare /opt/vmware/vcloud-director/data/transfer]
  4. Add the mount-point to fstab so that on system start it will mount it again.
  5. vi /etc/fstab and add this entry -> 192.168.200.2:/volume1/vcdshare /opt/vmware/vcloud-director/data/transfer nfs rw 0 0
  6. df -h
  7. chown -R vcloud:vcloud /opt/vmware/vcloud-director/data/transfer
  8. chmod -R 775 /opt/vmware/vcloud-director/data/transfer

================================

================================

2142 Total Views 2 Views Today

Abdullah

Knowledge is limitless.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.