Recently, while testing the new Container Service Extension 2.0 Beta release, I found myself needing a quick (and easily replicable) instantiation of vCloud Director in my lab environment. Being this needed to be deployed in my lab environment, I wanted to do this while using the least amount of resources and virtual machines possible to keep things simple. I decided to deploy a single CentOS virtual machine that housed the postgresdb, rabbitmq server (for my subsequent deployment of CSE), and the actual vCD server itself. I also decided to deploy using a single network interface to keep things simple.
Before we get started, I want to lay out some assumptions I’ve made in this environment that will need to be taken in consideration if you’d like to replicate this deployment as documented:
All of my servers hostnames are resolvable (I’m using dnsmasq to easily provide DNS/dhcp support in my lab)
I’ve disabled firewalld as well as this lab is completely isolated from outside traffic. This is NOT secure and NOT recommend for a production deployment. See the installation documentation for port requirements for vCD.
I’ve also persistently disabled SElinux. Again, this is NOT secure and NOT recommending for production but just wanted one less thing to troubleshoot barring config issues.
I’ve configured an NTP server in my lab that all the servers connect to. NTP is a requirement for vCD installation.
I am going to use the tooling provided by vCD to create self-signed SSL certs for use with vCD. Again, this is NOT secure and NOT recommending for production, but better suited for quick test deployments in a controlled lab environment.
I’ve configured a CentOS 7.6 server with 4 vCPU, 8GB of memory and a 20GB hard drive. After installation of my OS, I verify the configuration stated above and update my server to the latest and greatest:
yum update -y
At this point, we are ready to install and configure our PostgreSQL database (note: vCD requires PostgreSQL 10).
First, we’ll need to configure our server to have access to the PostgreSQL repo:
# rpm -Uvh https://yum.postgresql.org/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm
Now that we have configured the repo, we need to install the PostgreSQL 10 packages:
# yum install -y postgresql10-server postgresql10
Now that the database packages are installed, we need to initialize the database, start the service, and ensure it starts automatically at boot:
# /usr/pgsql-10/bin/postgresql-10-setup initdb # systemctl start postgresql-10.service # systemctl enable postgresql-10.service
Now that Postgres is installed, let’s verify the installation by logging in to the database with the “postgres” user (created during installation) and set the password:
# su - postgres -c "psql" psql (10.0) Type "help" for help. postgres=# \password postgres **enter pw at prompt** postgres=# \q
We can run the createuser command as the postgres OS user to create the vcloud postgres user:
# su - postgres -bash-4.2$ createuser vcloud --pwprompt
Log back into the psql prompt to create the database the vCD instance will utilize (vcloud), as well as setting the vcloud user password:
-bash-4.2$ psql postgres=# create database vcloud owner vcloud; CREATE DATABASE postgres=# alter user vcloud password ‘your-password’; ALTER ROLE
Next, we’ll need allow our vcloud user to login to the database:
postgres=# alter role vcloud with login; ALTER ROLE postgres=# \q
Finally, we need to allow logins to the Postgres DB with a username/pw combination. Since I’m deploying this in a controlled lab environment, I’m going to open connections up to all IP addresses. Add the following lines to the bottom of the ~/10/data/pg_hba.conf file (editing as the postgres user):
-bash-4.2$ vi ~/10/data/pg_hba.conf host all all 0.0.0.0/0 md5
We also need to ensure that the database is listening for connections. Edit the postgresql.conf file and ensure the following line is not commented out and change ‘localhost’ to ‘*’:
-bash-4.2$ vi 10/data/postgresql.conf listen_addresses = '*'
Now that we’ve made these changes, return to the root user and restart the psql service:
-bash-4.2$ exit # systemctl restart postgresql-10
Now that we’ve got our PostgreSQL DB configured, we need to configure RabbitMQ on the server. AMQP, the Advanced Message Queuing Protocol, is an open standard for message queuing that supports flexible messaging for enterprise systems. vCloud Director uses the RabbitMQ AMQP broker to provide the message bus used by extension services, object extensions, and notifications.
On our CentOS install, we need to configure access to the EPEL repo, which provides packages and dependencies we’ll need to install RabbitMQ. After configuring the repo, we need to install Erlang, which is the language RabbitMQ is written in:
# yum -y install epel-release # yum -y install erlang socat
For linux installs, RabbitMQ provides an RPM which is precompiled and can be installed directly on the server (once ‘erlang’ in installed). Download and install RabbitMQ via the commands below:
# wget https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.10/rabbitmq-server-3.6.10-1.el7.noarch.rpm # rpm -Uvh rabbitmq-server-3.6.10-1.el7.noarch.rpm
Now that we have installed RabbitMQ on the server, we are ready to start the RabbitMQ server, ensure it automatically starts on boot, and verify that status of the service:
# systemctl start rabbitmq-server # systemctl enable rabbitmq-server # systemctl status rabbitmq-server
Once we’ve verified the status of the RabbitMQ service is “active,” we need to set up an admin user (I’ve used admin in the case, but you can configure any username you’d like) to allow connections to the queue from vCD:
# rabbitmq-plugins enable rabbitmq_management **output omitted** # chown -R rabbitmq:rabbitmq /var/lib/rabbitmq/ # rabbitmqctl add_user admin **your-password** Creating user "admin" # rabbitmqctl set_user_tags admin administrator Setting tags for user "admin" to [administrator] # rabbitmqctl set_permissions -p / admin ".*" ".*" ".*" Setting permissions for user "admin" in vhost "/"
Installing vCloud Director
We’ve got PostgreSQL and RabbitMQ configured on the server, now we are ready to pull down and install the vCD binary. I’ve pulled the vCD install package directly from MyVMware down to my local desktop and copied the file over to my vCD server at /vcloud.bin and modified permissions so I can execute the script. Before we run the script, we need to install a couple of dependencies the script requires to run to completion:
# yum install libXdmcp libXtst redhat-lsb -y
Now we are ready to run the installation script. After the script finishes, decline the option to run the configure script as we will do this manually later:
# chmod u+x /vcloud.bin # ./vcloud.bin **output omitted** Would you like to run the script now? (y/n)? N
Now that we’ve installed the vCD packages, we can use the tooling provided to generate self-signed certificates. If you have existing certs or you’d like to create and sign your own certs, please refer to the installation documentation for the proper prodecure to create signed certs or upload existing certs. The following command creates certificates for the http and console proxy services and stores them in a keystore file at /tmp/cell.ks with a password of mypassword
# cd /opt/vmware/vcloud-director/bin # ./cell-management-tool generate-certs -j -p -o /tmp/cell.ks -w mypassword
We can verify the keystore contains 2 keys with the following command:
# /opt/vmware/vcloud-director/jre/bin/keytool -storetype JCEKS \ -storepass mypassword -keystore /tmp/cell.ks -list **output omitted** consoleproxy, May 6, 2019, PrivateKeyEntry, Certificate fingerprint (SHA1): 7B:FB... http, May 6, 2019, PrivateKeyEntry, Certificate fingerprint (SHA1): 14:DD…
Configuring vCloud Director
Now that we have created our certs, we are ready to configure the vCD server. Since we are using the same interface for http and console proxy, we need to perform an unattended install and define ports for each service. For details on this process, see the installation documentation section for unattended installations. As an example, the following command configures both http and console proxy on the same IP (10.10.10.100), using the default port 443 for secure http access while using 8443 for secure console access. We also define the keystore, created earlier as well as the password for that keystore.
First, let’s change directory into the location of the configure script:
# cd /opt/vmware/vcloud-director/bin
Now we are ready to run the configure command:
# ./configure -ip 10.10.10.100 -cons 10.10.10.100 --primary-port-http 80 \ --console-proxy-port-https 8443 -dbtype postgres \ -dbhost 10.10.10.100 -dbname vcloud -dbuser vcloud \ -dbpassword **db-password** -k /tmp/cell.ks -w mypassword \ --enable-ceip false -unattended ......................................../ Database configuration complete.
We can view the logs for the configuration attempt in the directory /opt/vmware/vcloud-director/logs/ at the configure-timestamp location:
# cd /opt/vmware/vcloud-director/logs/ # less configure-timestamp **outpit omitted** vCloud Director configuration is now complete. Once the vCloud Director server has been started you will be able to access the first-time setup wizard at this URL: https://FQDN
Before starting the vCD service, we’ll also need to configure a system administrator user using the
cell-management-tool. This will allow us to log into the vCloud Director admin portal and being our vCD configuration (you’ll also be asked to specific a password for the system admin user after running the
# cd /opt/vmware/vcloud-director/bin # ./cell-management-tool system-setup --user admin --full-name "VCD System Administrator" \ --email firstname.lastname@example.org --system-name VCD --installation-id 1
--user is our admin user name,
--system-name is the name that is used to create a vCenter folder in each vCenter Server with which it registers, and
--installation-id is the numerical id of the specific instance of VCD. For more information on using the
cell-management-tool to configure the system admin user, please refer to the VMware documentation.
At this point, we are ready to start the vCD service:
# service vmware-vcd start
After confirming the service has started, navigate to https://FQDN to begin your vCD configuration!!