DRaaS dreams come true! vCloud Availability for vCloud Director (vCAV) – Appendix
As the Appendix of the captioned blog series, here I would provide the steps in “Preparing the vCloud Director” Step. As mentioned, there are few things we need to enable our existing vCloud Director Deployment before we can deploy the vCAV. To recap, they are:
- Use Wildcard certificate for the vCloud Director if you are not using it (I’m not…)
- Migrate your Single Cell vCloud Director to a Multiple Cell Configuration (as for deploying the Cloud Proxy for vCAV).
- Deploy and Configure MQ with SSL (This is not default for RabbitMQ).
- Join the vCloud Director to the lookup services
Generate Wildcard Certificate for vCloud Director Cells
I’m using Active Directory CA in my environment, so I use one of my domain joint machine to request for a wildcard certificate. This can be done at the MMC with the Certificate Snap-in import. Do request for a “Legacy Key” Template with PKCS#10 format.
Friendly name doesn’t have to be the wildcard, i use here just for easy in identification
Input the Subject Detail, CN = wildcard is a critical entry
Enable the Extensions as following
Make the Private Key Exportable
Then proceed to generate the certificate request
Copy the Certificate request content
And request the certificate from the AD
Generate as a Web Server Certificate
Download the Certificates from the AD
And Import it back to the machine we request the certificate
You can then see the wildcard certificate being available on the machine
We then can export it out to the vCloud Director Cells
Upload the Wildcard certificate onto the vCloud Director Cells and you can replace the existing certificates with it according to the VMware KB HERE.
Don’t forget to replicate the wildcard certificate at the vCloud Director Portal
Migrate from Single Cell to Multiple Cell vCloud Director Deployment
As there are numbers of blogs discussing about this. What I would like to recap here will be more high level steps:
- Create a NFS share for sharing between target vCD Cells
- Copy the files under /opt/vmware/vcloud-director/data/transfer of the existing vCD cell
- Stop the vCD service by “service vmware-vcd stop”
- Mount the NFS share to the vCD cell at the /opt/vmware/vcloud-director/data/transfer
- Start the vCD service by “service vmware-vcd start”
- Share the /opt/vmware/vcloud-director/etc/response.properites and certificate keystore among the hosts
- Install new vCD cells by mounting the same NFS share and using the response.properites and Certificate keystore
Deploy a Rabbit MQ server with SSL enabled (NOT Container)
I’ve come across a very good blog HERE for configuring the Rabbit MQ with SSL. I am not repeating it.
Join the vCloud Director to vSphere Lookup services
This may not be difficult for you, as you can follow the standard procedure to add the federation setting at the vCloud Director Admin UI. But remember the following caveats, you would need to put “/cloud” after this URL in the vCloud Director setting. ***Even the hints under the text box didn’t said so*** I’m checking with support team on this cosmetic error.
Then you can just add the Lookup service URL under the Federation Tab
On succeed you would see this and you would have to login with SSO user. So do add SSO users as your system admin by granting the user right. Or if you want to login thru’ local user, do go to the URL at https://vCDFQDN/cloud/login.jsp.
So on completing all the above, your vCloud Director environment is being prepared well and you can continue the vCAV setup!!! Wish this is helpful for you!