vCloud Director 8.10.1, best way to learn cloud AND… – Part 1
vCloud Director has been chosen by many Service Providers in public cloud building around the world. While vCloud Director is also the engine behind the VMware vCloud Air, a Public Cloud Service from VMware. Personally, I think vCloud Director is an intuitive tool providing an easy way for setup, operation and consuming. Even though there are critics saying vCloud Director is too complicate to use for End User, I think for Technical Users it would always be the finest tool to learn what’s under the hood in a cloud and how should a cloud be composed. I mean, yes AWS, Azure or GCE may be the bigger head in public cloud nowadays, but you won’t know what and how stuffs are working actually and even you know, it would be very impossibly your can build one yourself according to their design.
Instead, vCloud Director is just as simple as the logical architecture above. vCloud Director is a thin but powerful tool let you easily setup on top of vSphere environment and integrate with VMware’s network virtualization engine, NSX. You could then learn the design and methodology on how VMware design a Cloud and how these similar skills and design principles are also being adopted by other Cloud Management Portal or tools. And I also agree that vCloud Director did not cover the Business Logics which would usually needed to be equipped in a Cloud Business and this is why we have 3rd party solution like AirVM and OnApp to make the solution complete.
vCloud Director GUI
So you can actually see the native vCloud Director is more technical focus and this is actually aligned with the direction of VMware in Developing vCloud Director. VMware would like to offer the cloud orchestration engine while leaving the front end and top up solution development to 3rd party solution provider.
So let’s get started deploying a vCloud Director. As said, you would need to have vSphere and NSX in your environment as prerequisites. While vSAN is optional but it provides a very flexible Software Defined Storage that the VCD can leverage further. There is a VMware blog post discussing this briefly.
OS and IP Preparation
While most of the VMware solutions are being packaged into virtual appliance format, vCloud Director is still an application running on top of traditional OS. You can choose either CentOS or Redhat Linux for vCloud Director 8.10.1, while the detail supported OS version and edition are as following:
- CentOS 6 (I’m using CentOS 6.5 in this setup)
- CentOS 7
- Red Hat Enterprise Linux 5, update 4-10
- Red Hat Enterprise Linux 6, updates 1-7
- Red Hat Enterprise Linux 7
We don’t need a lot of customisation in the installation, “Basic Server” option would be good enough. The only requirement is to have two service IPs. Yes, I know that you may have read the What’s New white paper and vCloud Director 8.10 installation guide which telling you can setup 8.10 with one single IP.
From What’s New white paper:
You have to use unattended installation for all the VCD nodes with the following command from the Installation Guide.
From vCloud Director 8.10 installation guide:
You can see from the above single IP unattended installation command, rather than using port 443 of two service IPs in a normal deployment, you would have to provide two Ports over a shared IP. But in this lab, I am not using this single IP setup, instead I am using the traditional dual IP configuration.
Meanwhile, vCloud Director depends on an external database for storing the configurations. This can be Oracle or Microsoft SQL Server. I am using MS SQL for this setup. The database scheme and tables will be created during the installation. So we just need to create a empty database.
Create a DB, I name it vCloud (But Actually can be any)
User Mapping like this is good enough
Certificates Preparation (Skip)
While some installation guides ask us to prepare the Certificates before setup, but I would like to skip this until after installing the vCloud Director binary.
vCloud Director (Multi Cells) Setup
On preparing the stuffs above, we can start setting up the vCloud Director. While Single Cell is unlikely a deployment topology in production environment, I’m setting up a 2-node vCloud Director environment as the diagram below:
Again, I need to mention that why I use vCenter 6.0 in the setup because there is no supported NSX version for vCenter 6.5 yet (as of today). You could always refer to the VMware Interoperability Matrix HERE as always.
So, let’s get started! I assume you having setup the two VCD Cells already (with network info) and you can SSH into the VCD nodes to proceed the setup.
- Install libXdmcp on both of the VCD nodes by:
yum install libXdmcp
- Given that you have upload the vCloud Director Binary, you can then run it. Remember do NOT run the configuration script on the prompt “Would you like to run the script now? [y/n]?”
- After the installation, we can generate the certificates needed for vCloud Director. The point for doing this, because there is a keytool come with the setup locating at /opt/vmware/vcloud-director/jre/bin. Do NOT use the linux native keytool if you are following my guide. We need to generate two Certificates in one key store which is being used by the vCloud Director, after change directory to the above mentioned path
HTTP Certificate Generation
./keytool -keystore /install/certificates.ks -storetype JCEKS -storepass P@ssw0rd -genkey -keyalg RSA -keysize 2048 -alias http
Console Proxy Certificate Generation
./keytool -keystore /install/certificates.ks -storetype JCEKS -storepass P@ssw0rd -genkey -keyalg RSA -keysize 2048 -alias consoleproxy
- Generate Certificate Request for HTTP and Consoleproxy, you would need to use the same keytool we have used in the previous step:
Use following command for the http certificate
./keytool -keystore /install/certificates.ks -storetype JCEKS -storepass P@ssw0rd -certreq -alias http -file /install/http.csr -keysize 2048
Use following command for the console proxy certificate
./keytool -keystore /install/certificates.ks -storetype JCEKS -storepass P@ssw0rd -certreq -alias consoleproxy -file /install/consoleproxy.csr -keysize 2048
- Sign the Certificate Requests with the AD (You can skip this for using self signed certificates)
Copy the content of the http.csr and consoleproxy.csr into the cert request page. “Web Server” template would be good enough.
You would have to get the http, consoleproxy and root certificates from the certificate request page. While the certificate can be downloaded thru’ the “Download certificate” link. You need to extract the root certificate from the certificate chain thru’ the “Download certificate chain” link.
So then, upload all the certificates back on to the vCloud Director Cell 1
Input the root certificate into the Node 1 first thru’ the command:
./keytool -alias root -storetype JCEKS -storepass P@ssw0rd -keystore /install/certificates.ks -importcert -file root.cer
Then you can import the http and console proxy certificates
./keytool -storetype JCEKS -storepass P@ssw0rd -keystore /install/certificates.ks -importcert -alias http -file http.cer
Console Proxy Certificates
./keytool -storetype JCEKS -storepass P@ssw0rd -keystore /install/certificates.ks -importcert -alias consoleproxy -file consoleproxy.cer
- Setup the NFS and Mount up the partition to /opt/vmware/vcloud-director/data/transfer
Setup the NFS mount point on the NFS server, I use a NTP server as the NFS repository
In the VCD node 1, mount the NFS export by editing /etc/fstab
Check if the mount point shows the export being mount successfully
- Running the configuration script for setting up the vCloud Director Node-01. It is under the path /opt/vmware/vcloud-director/bin/configure. You gonna provide:
- IP of HTTP
- IP of Consoleproxy
- Certificate.ks path
- Certificate.ks Key Store Password
- Choose Database Type
- Provide Database IP, Name, Instance and Password
Choose “Y” to start the vCloud Director after the configuration. You can then verify the status of service with
service vmware-vcd status
For detail start up status, you can tail the log under /opt/vmware/vcloud-director/logs/cells.log
- Validating the VCD Node 1
So we can then open the link of http://<vcd01-ip-or-fqdn>/ to verify the successful deployment. This is the initialise setup wizard, but you can skip configuring it, as we have to setup the second VCD node.
- Setup Second VCD Node
You have to repeat some steps as setting up the VCD Node, say:
- Install libXDcmp package
- Install vCloud Director Binary
But you won’t have to generate the cert again as the same certificate.ks would be shared among the different vCloud Director Cells. But again do NOT run the configuration script after installing the vCloud Director Binary.
You would need to copy the response.properties and certificates.ks files to the /opt/vmware/vcloud-director/data/transfer (which is the NFS share such that VCD 02 can see it)
After that, you can run the configuration script at the VCD Node 2.
/opt/vmware/vcloud-director/bin/configure -r /opt/vmware/vcloud-director/data/transfer/responses.properties
Then you can start the service on prompting and the vCloud Director would be successfully started with multiple cell configuration.
Great, you have done the setup for the vCD already such that the vCD is integrated with the vSphere and NSX already. We can then proceed in initialising the vCloud Director to provide public cloud service. Wish this blog is helpful for your setup and do stay tune for the Part 2 in initial vCD configuration.