vCenter Server Apliance のデプロイ
5.x 時代はただの OVA で、各種設定はコンソールや VAMI で投入してようやく動いていた具合で割と面倒。
それが 6.0 になって html + (謎の)クライアント統合プラグインでの GUI デプロイで大分楽になり、6.5/6.7 は専用 exe による GUI デプロイで、クライアントにプラグインを追加することなくデプロイできるように。
特に何事もなければそれを使っている人が多そう。
GUI ベースだったら特にそれで問題ないんですが、
作業環境が Linux(CUI) 環境が主だったり、
GUI 環境は共用なので クライアント統合プラグインのインストールで環境汚すのが…
みたいな話などなど、 GUI デプロイはなぁ…という状況に対応できるようなツールとして
CLI 用のデプロイツールvcsa-cli-installerがあったりします。
自分はすっかりこちらに慣れてしまったおかげで、
最近は GUI あろうとなかろうとコレでデプロイしています。
なんだかんだでファイルにパラメータが残っているとレビューや振り返りがしやすい。
ちなみに別に Linux に限らず、Windows や Mac でもそれぞれに対応したバイナリがあります。
vcsa-cli-installer のありか
vCSA の ISO イメージの中に入ってます。
% sudo mount -t iso9660 -o loop /tmp/VMware-VCSA-all-6.7.0-11726888.iso /mnt/cdrom mount: /mnt/cdrom: WARNING: device write-protected, mounted read-only. % ls /mnt/cdrom dbschema/ readme-de.txt* readme-fr.txt* readme-ko.txt* readme-zh-TW.txt* umds/ vcsa-cli-installer/ vcsa-ui-installer/ migration-assistant/ readme-es.txt* readme-ja.txt* readme-zh-CN.txt* readme.txt* vcsa/ vcsa-converge-cli/
中身を取り出す際はvcsa-cli-installerディレクトリだけ持って行ってもダメで、
ISO イメージ直下をまるごともっていく必要があります。
※ vCSA の ova 自体がvcsaディレクトリ下にあったり、他も何か使われていそう…(?)
デプロイの流れ
設定用 json ファイル作成
GUI で入力しているパラメータ値はあらかじめ json ファイルに記述しておく。
json ファイルのテンプレートが以下のディレクトリにあるので、それを埋めていく。
% ls ./vcsa-cli-installer/templates install/ migrate/ upgrade/
新規インストール、Windows 版 vCenterServer からのマイグレーション、アップグレードでそれぞれ異なる。
さらに
% ls /mnt/cdrom/vcsa-cli-installer/templates/install PSC_first_instance_on_ESXi.json* PSC_replication_on_ESXi.json* embedded_vCSA_on_ESXi.json* embedded_vCSA_replication_on_ESXi.json* vCSA_on_ESXi.json* PSC_first_instance_on_VC.json* PSC_replication_on_VC.json* embedded_vCSA_on_VC.json* embedded_vCSA_replication_on_VC.json* vCSA_on_VC.json*
インスール形態で微妙に template が変わってくる。
- embedded_* ・・・ vCenter と Platform Services Controller を同じ VM にデプロイ
- PSC_* ・・・ Platform Services Controller のみが稼働する VM をデプロイ
- vCSA_* ・・・ vCenter のみが稼働する VM をデプロイ
- _first* ・・・ Primary となる VM をデプロイ (多分 vCenter HA)
- _replication* ・・・ レプリカ先となる VM をデプロイ (多分 vCenter HA)
- *_on_ESXi.json ・・・ ESXi 上に直で vCSA VM をデプロイ
- *_on_VC.json ・・・ どこかの vCenter 管理下に vCSA VM をデプロイ
アップレードやマイグレーションについても大体同じ prefix ルール。
ちなみにこの json 、メジャーバージョンや Update 、時にはマイナーバージョンでも
書式が変わっていることがあり、異バージョン間での互換性は無いので注意…
基本的には再利用は考えず、テンプレートから作っていく方が無難。
バージョンの見分け方は json 内に書いてある通り。
{
"__version": "2.13.0", ←←←←← コレ
"__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.",
"new_vcsa": {
"esxi": {
"hostname": "<FQDN or IP address of the ESXi host on which to deploy the new appliance>",
"username": "root",
【以下略】
vcsa-cli-installer の実行
vcsa-cli-installerディレクトリ下に各 OS 毎のバイナリvcsa-deployがあるので、
作成した json とその他もろもろをオプションに与える感じでバイナリを叩く。
自信があれば一発実行で良いが、json の validation check や
dry run を行うだけのオプションもあったりするので、事前に試してみた方が確実かと。
細かい usage は--helpを参照だが、とりあえず--accept-eulaはしないと始まらない。
今回使った embedded_vCSA_on_ESXi.json
{
"__version": "2.13.0",
"__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.",
"new_vcsa": {
"esxi": {
"hostname": "192.168.0.51",
"username": "root",
"password": "esxihogehoge",
"deployment_network": "VM Network",
"datastore": "datastore-hdd"
},
"appliance": {
"__comments": [
"You must provide the 'deployment_option' key with a value, which will affect the VCSA's configuration parameters, such as the VCSA's number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deployment-sizes"
],
"thin_disk_mode": true,
"deployment_option": "small",
"name": "Embedded-vCenter-Server-Appliance"
},
"network": {
"ip_family": "ipv4",
"mode": "static",
"ip": "192.168.0.50",
"dns_servers": [
"192.168.0.52"
],
"prefix": "24",
"gateway": "192.168.0.1",
"system_name": "vcsa01.home.lab"
},
"os": {
"password": "osfugafuga",
"ntp_servers": "time.nist.gov",
"ssh_enable": true
},
"sso": {
"password": "vcenterhogehoge",
"domain_name": "vsphere.local"
}
},
"ceip": {
"description": {
"__comments": [
"++++VMware Customer Experience Improvement Program (CEIP)++++",
"VMware's Customer Experience Improvement Program (CEIP) ",
"provides VMware with information that enables VMware to ",
"improve its products and services, to fix problems, ",
"and to advise you on how best to deploy and use our ",
"products. As part of CEIP, VMware collects technical ",
"information about your organization's use of VMware ",
"products and services on a regular basis in association ",
"with your organization's VMware license key(s). This ",
"information does not personally identify any individual. ",
"",
"Additional information regarding the data collected ",
"through CEIP and the purposes for which it is used by ",
"VMware is set forth in the Trust & Assurance Center at ",
"http://www.vmware.com/trustvmware/ceip.html . If you ",
"prefer not to participate in VMware's CEIP for this ",
"product, you should disable CEIP by setting ",
"'ceip_enabled': false. You may join or leave VMware's ",
"CEIP for this product at any time. Please confirm your ",
"acknowledgement by passing in the parameter ",
"--acknowledge-ceip in the command line.",
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
]
},
"settings": {
"ceip_enabled": false
}
}
}
で、実際の実行時コンソールは下記に。
環境にもよるが、新規デプロイであれば30分程度。
アップグレードだと1時間以上は要する。
(マイグレーションはやったことないのであしからず…)
% ./vcsa-deploy install --accept-eula --no-esx-ssl-verify ~/embedded_vCSA_on_ESXi.json
Run the installer with "-v" or "--verbose" to log detailed information
Updating log file location, copying '/tmp/vcsaCliInstaller-2019-03-24-14-57-k0e5zx7f/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2019-03-24-14-57-k0e5zx7f/workflow_1553439472833/vcsa-cli-installer.log.bak'
Workflow log-dir /tmp/vcsaCliInstaller-2019-03-24-14-57-k0e5zx7f/workflow_1553439472833
==================================================================== [START] Start executing Task: To validate CLI options at 14:57:52 ====================================================================
Deprecation Warning: The command parameter '--no-esx-ssl-verify' is deprecated. You must use the new parameter '--no-ssl-certificate-verification' in the next deployment.
Command line arguments verfied.
========================== [SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI optionsValidation task' in TaskFlow 'template_validation' at 14:57:52 ==========================
============================================================ [START] Start executing Task: To validate the syntax of the template. at 14:57:52 ============================================================
Template syntax validation for template '/home/jan/embedded_vCSA_on_ESXi.json' succeeded.
Syntax validation for all templates succeeded.
========================== [SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing Template Syntax Validation task' in TaskFlow 'template_validation' at 14:57:52 ==========================
[START] Start executing Task: To check the version of each template, and for each older template that supports CEIP, convert it to the latest template format, and save it to the Template Blackboard at
14:57:53
Deprecation Warning: The command parameter '--no-esx-ssl-verify' is deprecated. You must use the new parameter '--no-ssl-certificate-verification' in the next deployment.
CEIP is not enabled because the template key 'ceip_enabled' in section 'ceip', subsection 'settings' in template '/home/jan/embedded_vCSA_on_ESXi.json' was set to 'false'.
CEIP is not enabled because the template key 'ceip_enabled' in section 'ceip', subsection 'settings' in template '/home/jan/embedded_vCSA_on_ESXi.json' was set to 'false'.
CEIP is not enabled because the template key 'ceip_enabled' in section 'ceip', subsection 'settings' in template '/home/jan/embedded_vCSA_on_ESXi.json' was set to 'false'.
Template version processing for template '/home/jan/embedded_vCSA_on_ESXi.json' succeeded.
Version processing for all templates succeeded.
========================= [SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing Template Version Processing task' in TaskFlow 'template_validation' at 14:57:53 =========================
=============================== [START] Start executing Task: To validate the template structure against the rules specified by a corresponding template schema. at 14:57:53 ===============================
Template structure validation for template '/home/jan/embedded_vCSA_on_ESXi.json' succeeded.
Structure validation for all templates succeeded.
======================= [SUCCEEDED] Successfully executed Task 'StructureValidationTask: Executing Template Structure Validation task' in TaskFlow 'template_validation' at 14:57:53 =======================
[START] Start executing Task: To create a dependency graph for the provided templates, with an edge pairing two templates that are dependent on each other. Such graph relationships will affect whether
certain templates can be deployed in parallel, or must be deployed sequentially. at 14:57:53
Dependency processing for all templates succeeded.
====================== [SUCCEEDED] Successfully executed Task 'DependencyProcessingTask: Executing Template Dependency Processing task' in TaskFlow 'template_validation' at 14:57:53 ======================
===================================================== [START] Start executing Task: Validate that requirements are met in the source VCSA. at 14:57:53 =====================================================
InstallRequirementCollector: Reached gathering requirement
================================= [SUCCEEDED] Successfully executed Task 'SrcRequirementTask: Running SrcRequirementTask' in TaskFlow 'embedded_vCSA_on_ESXi' at 14:57:53 =================================
==================================================================== [START] Start executing Task: Perform precheck tasks. at 14:57:54 ====================================================================
============================================= [START] Start executing Task: Verify that the provided credentials for the target ESXi/VC are valid at 14:57:54 =============================================
The certificate of server '192.168.0.51' will not be verified because you have provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify' command parameter, which disables
verification for all certificates. Remove this parameter from the command line if you want server certificates to be verified.
============================================== [SUCCEEDED] Successfully executed Task 'Running precheck: TargetCredentials' in TaskFlow 'install' at 14:57:54 ==============================================
================================================ [START] Start executing Task: Precheck CPU, memory and datastore size requirements for a host. at 14:57:54 ================================================
================================================= [SUCCEEDED] Successfully executed Task 'Running precheck: HostConfigs' in TaskFlow 'install' at 14:57:55 =================================================
=============================================== [START] Start executing Task: Verify the target host type matches the one given in the template at 14:57:56 ===============================================
=============================================== [SUCCEEDED] Successfully executed Task 'Running precheck: TargetHostType' in TaskFlow 'install' at 14:57:56 ===============================================
============================================ [START] Start executing Task: Verify that the target ESXi or VC version meets the minimum requirements at 14:57:56 ============================================
================================================ [SUCCEEDED] Successfully executed Task 'Running precheck: TargetVersion' in TaskFlow 'install' at 14:57:56 ================================================
================================================== [START] Start executing Task: Validate that the OVA image has the required OVA properties. at 14:57:56 ==================================================
=============================================== [SUCCEEDED] Successfully executed Task 'Running precheck: OVAProperties.' in TaskFlow 'install' at 14:57:56 ===============================================
======================================================= [START] Start executing Task: Validate the provided ip/fqdn is available to use at 14:57:56 =======================================================
Pinging IPv4 address 192.168.0.50
192.168.0.50 is unreachable.
Unable to resolve address of given host vcsa01.home.lab.
================================================= [SUCCEEDED] Successfully executed Task 'Running precheck: IpFqdnInUse' in TaskFlow 'install' at 14:57:59 =================================================
=========================================================== [START] Start executing Task: Validate the target ESXi management status at 14:58:00 ===========================================================
============================================= [SUCCEEDED] Successfully executed Task 'Running precheck: ESXManagementStatus' in TaskFlow 'install' at 14:58:00 =============================================
================================================ [START] Start executing Task: Validate the provided target appliance name is available to use at 14:58:00 ================================================
================================================ [SUCCEEDED] Successfully executed Task 'Running precheck: ApplianceName' in TaskFlow 'install' at 14:58:00 ================================================
======================================= [START] Start executing Task: Check whether the datastore's free space accommodate the VCSA's deployment option at 14:58:00 =======================================
============================================== [SUCCEEDED] Successfully executed Task 'Running precheck: TargetDsFreespace' in TaskFlow 'install' at 14:58:00 ==============================================
============================================ [START] Start executing Task: Verify the provided SSO info is valid by connecting to the STS service. at 14:58:00 ============================================
=============================================== [SUCCEEDED] Successfully executed Task 'Running precheck: SSOCredentials' in TaskFlow 'install' at 14:58:00 ===============================================
=============================================== [START] Start executing Task: Verify that the provided external SSO (PSC)/Embedded info is valid at 14:58:00 ===============================================
================================================= [SUCCEEDED] Successfully executed Task 'Running precheck: SSOExternal' in TaskFlow 'install' at 14:58:00 =================================================
======================================== [SUCCEEDED] Successfully executed Task 'PrecheckTask: Running prechecks.' in TaskFlow 'embedded_vCSA_on_ESXi' at 14:58:00 ========================================
============================================ [START] Start executing Task: Invoke OVF Tool to deploy VCSA for installation, upgrade, and migration at 14:58:01 ============================================
OVF Tool: Opening OVA source: /mnt/vcsa-cli-installer/lin64/../../vcsa/VMware-vCenter-Server-Appliance-6.7.0.21000-11726888_OVF10.ova
OVF Tool: Opening VI target: vi://root@192.168.0.51:443/
OVF Tool: Deploying to VI: vi://root@192.168.0.51:443/
OVF Tool: Disk progress: 99%
OVF Tool: Transfer Completed
OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance
OVF Tool: Task progress: 60%
OVF Tool: Task Completed
OVF Tool: Waiting for IP address...
OVF Tool: Received IP address: 192.168.0.50
OVF Tool: Completed successfully
======================================= [SUCCEEDED] Successfully executed Task 'Deploying vCenter Server Appliance' in TaskFlow 'embedded_vCSA_on_ESXi' at 15:02:19 =======================================
================================================== [START] Start executing Task: Monitor the entire VCSA deployment using appliance REST API at 15:02:19 ==================================================
Checking if the target VCSA is powered on and ready for operations...
Successfully verified that the target VCSA 'Embedded-vCenter-Server-Appliance' has been powered on and is now ready for operations
Checking if the target VCSA appliance API is available for query
The certificate of server '192.168.0.50' will not be verified because you have provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify' command parameter, which disables
verification for all certificates. Remove this parameter from the command line if you want server certificates to be verified.
Successfully verified that the target VCSA appliance API is available for query
Start monitoring target VCSA deployment, deployment status will be written into: /tmp/vcsaCliInstaller-2019-03-24-14-57-k0e5zx7f/workflow_1553439472833/embedded_vCSA_on_ESXi/vcsa_deployment.json
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(RUNNING 5/100) - Setting up storage
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(RUNNING 56/100) - Installed vmware-directory-client-6.7.0.3781-11338774.x86_64.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(RUNNING 59/100) - Installed vmware-identity-sts-6.7.0.4892-11338777.noarch.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(RUNNING 59/100) - Installed vmware-identity-sts-6.7.0.4892-11338777.noarch.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(RUNNING 59/100) - Installed vmware-identity-sts-6.7.0.4892-11338777.noarch.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(RUNNING 77/100) - Installed VMware-vpxd-svcs-6.7.0-11726888.x86_64.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(RUNNING 87/100) - Installed vmware-vsm-6.7.0-11726888.x86_64.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(RUNNING 89/100) - Installed VMware-perfcharts-6.7.0-11726888.x86_64.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 2/100) - Starting VMware Authentication Framework...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 2/100) - Starting VMware Authentication Framework...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 10/100) - Starting VMware Single Sign-On User Creation...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 21/100) - Starting VMware Component Manager...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 28/100) - Starting VMware vAPI Endpoint...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 44/100) - Starting VMware Appliance Management Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 60/100) - Starting VMware vCenter Server...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 60/100) - Starting VMware vCenter Server...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 60/100) - Starting VMware vCenter Server...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 63/100) - Starting VMware Content Library Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 65/100) - Starting VMware ESX Agent Manager...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 73/100) - Starting VMware Update Manager...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 84/100) - Starting VMware VSAN Health Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(RUNNING 97/100) - Starting VMware Performance Charts...
VCSA Deployment is still running
==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot
scripts.(SUCCEEDED 100/100) - Task has completed successfully.
Successfully completed VCSA deployment. VCSA Deployment Start Time: 2019-03-25T00:00:39.279Z VCSA Deployment End Time: 2019-03-25T00:13:14.011Z
================================== [SUCCEEDED] Successfully executed Task 'MonitorDeploymentTask: Monitoring Deployment' in TaskFlow 'embedded_vCSA_on_ESXi' at 15:13:37 ==================================
Monitoring VCSA Deploy task completed
======================================================= [START] Start executing Task: Provide the login information about new appliance. at 15:13:37 =======================================================
Appliance Name: Embedded-vCenter-Server-Appliance
System Name: vcsa01.home.lab
System IP: 192.168.0.50
Log in as: Administrator@vsphere.local
========================= [SUCCEEDED] Successfully executed Task 'ApplianceLoginSummaryTask: Provide appliance login information.' in TaskFlow 'embedded_vCSA_on_ESXi' at 15:13:37 =========================
================================================================================================= 15:13:37 =================================================================================================
Result and Log File Information...
WorkFlow log directory: /tmp/vcsaCliInstaller-2019-03-24-14-57-k0e5zx7f/workflow_1553439472833
コンソール上にも出ているが、デフォルトだと/tmp以下にログを出力してくれるので、
faild となった場合はコンソールやログから原因を探していく。
