Install VCSA 6.7

With the release of vSphere 6.7, like everyone, i was also interested in trying out the installs in my lab and figure out what was changed and how things really looked. To start with, i first installed the VCSA 6.7 in my lab and below is how it went.

This is my current VCSA 6.5 lab build.

snap1

Initially i wanted to a upgrade of the existing appliance but i realized i did a ova install of VCSA 6.5 in my workstation. The upgrade only works for actual install of VCSA on an ESXi host. So, i dropped the idea of upgrading and just decided to do a new install of VCSA 6.7 in the current lab and at some point i want to migrate my vSAN lab to VCSA6.7 and just shutdown the VCSA 6.5. So here we go!

snap2

From the ISO, navigate to the install folder and run the setup file and the below screen pops up. This is similar to the previous versions with some attractive icons. Choose install here.

snap3

Continue with the next few screens, select the type of deployment below and hit Next.

 

snap7

Since i am already installing my VCSA in a vCenter environment, i will be selecting my existing vcenter server for the appliance install.

snap8

Now, name the VM for VCSA and  set a root password.

snap10

Select the size of the deployment and hit Next

snap11

Select the Datastore for the VM, i have a VSAN datastore in my existing vCenter, so i will make use of that

snap12

Assign IP address and DNS Server details for the VM and hit Next

snap13

Review the settings, sit back and relax after hitting Finish.

snap14

OVA deploy should be in progress…..

snap15

OVA deploy is complete, to configure it click Continue on the below screen. In a browser, navigate to the appliance management at port 5480.

snap16

Click setup on the below screen.

snap17

Click Next

snap18

The IP and VM settings should automatically pop up in here from Stage 1, verify and click next.

snap19

Configure the SSO Domain

snap21

Hit Finish and wait for the Stage 2 to complete.

snap22snap23

Once complete, login back to the appliance management page to view the vCenter build and other details.

snap24

Thats all for today! I am working on a blog series for new features in vSphere 6.7 so i can catch up on the new features and also help others.

Hope this was informative. Thanks!

Advertisements

Part 8 – Docker Commands with VIC

Now that we have a VCH deployed into the environement, it’s time we actually run some native docker commands and see if the containers are being created.

Observe that the Docker Engine here is linux based.

vic34

Browse through the vsanDatastore to see the files related to VCH that we deployed and an images folder is created, this is where all the images are pulled to when docker pull is run.

vic35

Now let’s pull an image from docker hub. When running docker native commands, we should always mention the host with -H as below. Now run couple of containers from the pulled busybox image.

docker -H 10.7.7.10.2376 --tls run busybox
docker -H 10.7.7.10:2376 --tls run --name vmmaster busybox

vic36

To avoid specifying the values each time, we can actually set the VIC parameters as environment variables.

vic38

After having pulled the busybox image and punching in docker run, we see the containers running in the HTML client as below.

vic39

I did another ubuntu image pull. All the native commands are still good here. Below are a few of them

vic40

As discussed earlier, containers appear as running VMs in the virtual infrastructure. The container poweron and poweroff must not be done from VMware client. It is always managed from docker client using native commands.

vic41

Hope this was informative and helped you learn a bit about VMware Integrated Containers. Thanks!

Part 1 – vSphere Integrated Containers

Part 2 – VIC Lab Setup

Part 3 – Deploy VIC Appliance

Part 4 – Obtain vCenter Certificate Thumbprint

Part 5 – Install Client Plugins on VCSA for VIC

Part 6 – Opening Ports on ESXi Hosts

Part 7 – Deploy VCH to vCenter ServerPart 8 – Docker Commands with VIC

Part 8 – Docker Commands with VIC

Part 7 – Deploy VCH to vCenter Server

VCH is the key component of the VIC as this is the resource pool where all the container VMs and the VCH Endpoint VM resides here. VCH is deployed using the vic-machine utility and this can be run from any Windows, Mac or Linux machines. The binaries needs to be downloaded to the machine that runs these commands. Below are the prerequisites for deploying VCH.

  • Download binaries from the VIC appliance
  • Enable DRS on the cluster that is going to host VCH
  • All the hosts have a common datastore to enable easy migration between hosts; we are using vSanDatastore here.
  • Create a vDS with port group named ‘vic-bridge’. Ensure this port group is only used for one VCH and a new port group would be needed if a new VCH has to be deployed. This is for the isolation of the container VMs
  • All the ESXi hosts are licensed with Enterprise Plus
  • DHCP enabled in the network or assign a network profile to the port group with range of IPs.

vic29

From the machine where binaries are run the below command

vic-machine-windows.exe create --target vcsa.vmmaster.vic --user "administrator@vsphere.vic" --password VMware1! --bridge-network vic-bridge --image-store vsanDatastore --no-tlsverify --thumbprint CC:E1:DA:C8:93:4F:60:F9:13:EC:38:38:10:DF:54:CD:FC:61:44:AE

vic30vic31

A successfull deploy of VCH displays the message with details on how to connect to the docker API on the VCH. Observe a new resource pool is created and also there is a VCH Endpoint VM for each VCH deployed.

 

vic32

The same can be viewed in the HTML 5 client

vic280

In case the VCH deploy did not succed use the below to delete the partially deployed resource pools and any other configurations.

vic-machine-windows.exe delete --target administrator@vsphere.vic:VMware1!@vcsa.vmmaster.vic --thumbprint CC:E1:DA:C8:93:4F:60:F9:13:EC:38:38:10:DF:54:CD:FC:61:44:AE --name virtual-container-host --force

To verify the VCH installation run below from any docker client in the network

docker -H 10.7.7.10:2376 --tls info

vic33

Hope this was informative. Thanks!

Part 1 – vSphere Integrated Containers

Part 2 – VIC Lab Setup

Part 3 – Deploy VIC Appliance

Part 4 – Obtain vCenter Certificate Thumbprint

Part 5 – Install Client Plugins on VCSA for VIC

Part 6 – Opening Ports on ESXi Hosts

Part 7 – Deploy VCH to vCenter ServerPart 8 – Docker Commands with VIC

Part 8 – Docker Commands with VIC

Part 6 – Opening Ports on ESXi Hosts

Port 2377 is used for the communication between VCH and ESXi hosts. The name of the firewall rule is vSPC, if at all the rule is disabled for some reason, one must configure the firewall using other methods like web client and CLI.

Opening 2377 for outgoing connections in ESXi opens 2377 for inbound connections on VCH. Download the VCH binaries from the management portal. The binaries has the vic-machine utility needed for the VCH installation.

vic26

unzip the files to view the binaries and vic-machine utility.

vic27

Navigate to the download location of the binaries and run the below command from the elevated command prompt and make sure to use the right vic-machine file based on the OS you use.

vic-machine-windows.exe update firewall --target vcsa.vmmaster.vic --user "administrator@vsphere.vic" --password VMware1! -compute-resource My_Cluster --thumbprint CC:E1:DA:C8:93:4F:60:F9:13:EC:38:38:10:DF:54:CD:FC:61:44:AE --allow

Since we are going to VCH to a cluster managed by vCenter, we will execute the firewall open command against the vCenter server. This opens the port on all the ESXi hosts in the cluster.

vic28

Hope this is informative. Thanks!

Part 1 – vSphere Integrated Containers

Part 2 – VIC Lab Setup

Part 3 – Deploy VIC Appliance

Part 4 – Obtain vCenter Certificate Thumbprint

Part 5 – Install Client Plugins on VCSA for VIC

Part 6 – Opening Ports on ESXi Hosts

Part 7 – Deploy VCH to vCenter ServerPart 8 – Docker Commands with VIC

Part 8 – Docker Commands with VIC

Part 5 – Install Client Plugins on VCSA for VIC

The next step in the installation is to Install the client plugin for VIC. VIC plugin is very much integrated with the HTML 5 client than the web client. Enable shell on VCSA.

If you have a environment variable set as part of previous installation of VCH, the installation will fail. Ensure it is deleted.

Open a browser and use the VIC appliance IP with port 9443 to view the exact file name. Make a note of the vic tar file including the version. In my case it is vic_1.2.1.tar.gz.

vic20Enable shell and SSH on the VCSA and open a putty session as root adn run the below commands. The first command downloads the tar file and the second one unzips and sets permissions. Navigate the vic/ui/VCSA directory.

curl -kL http://10.7.7.14/files/vic_1.2.1.tar.gz -o vic_1.2.1.tar.gz
tar -zxf vic_1.2.1.tar.gz

vic21

Run the install.sh script to start the plugin installation. Enter the details as and when prompted. Have the vCenter thumbprint handy.

vic22

After the installation is complete, restart the web client and HTML 5 services.

vic23

Refresh the webclient and HTML client to view the vSphere Integrated Containers plugin.

vic24

vic25.jpg

Hope this was informative. Thanks!

Part 1 – vSphere Integrated Containers

Part 2 – VIC Lab Setup

Part 3 – Deploy VIC Appliance

Part 4 – Obtain vCenter Certificate Thumbprint

Part 5 – Install Client Plugins on VCSA for VIC

Part 6 – Opening Ports on ESXi Hosts

Part 7 – Deploy VCH to vCenter ServerPart 8 – Docker Commands with VIC

Part 8 – Docker Commands with VIC

Part 4 – Obtain vCenter Certificate Thumbprint

After deploying the appliance, the next step in the installation would be to install the plugin in the web client but inorder to do that we need to obtain the vCenter certificate thumbprint. We can obtain this by either connecting to the VCSA using SSH or in GUI by connecting to the PSC at port 5480. Enable shell on the VCSA appliance. Here is how

SSH to the VCSA appliance and login as root and execute the below command and make a note of the Fingerprint.

openssl x509 -in /etc/vmware-vpx/ssl/rui.crt -fingerprint -sha1 -noout

vic16.jpg

From the PSC appliance management, below is how

vic17

Click on the _MACHINE_CERT and then Show Details

vic18

This is same as the one you obtained in the shell session.

vic19

Hope this was informative. Thanks!

Part 1 – vSphere Integrated Containers

Part 2 – VIC Lab Setup

Part 3 – Deploy VIC Appliance

Part 4 – Obtain vCenter Certificate Thumbprint

Part 5 – Install Client Plugins on VCSA for VIC

Part 6 – Opening Ports on ESXi Hosts

Part 7 – Deploy VCH to vCenter ServerPart 8 – Docker Commands with VIC

Part 8 – Docker Commands with VIC

Part 3 – Deploy VIC Appliance

Now, it’s time to deploy the VIC appliance and do some basic configurations. Using the deploy OVF option in the web client start the vm deploy.

Give the VM a name

vic1

Now select the compute for the VM.

vic2

Do a thin provision as this is lab and accept the EULA

vic3

vic4

Select the datastore you want the VM to be deployed to. This need not be a shared storage and can also be a local storage but ideally in prod environments it will be a shared storage.

vic5

Select the VM Network

vic6

Configure the OVF with the right IP settings and all these configs are applied when the VM starts.

vic7.jpg

vic8

Review the settings and hit Finish

vic10

Wait untill you see the below screen on the VM console.

vic11

Use the IP configured and open that in a browser and provide the vcenter and PSC (if external) details and hit Continue.

vic12

Launch the management portal and observer the options like managing projects, users and registries.

vic13

Hope this was informative. Thanks!

Part 1 – vSphere Integrated Containers

Part 2 – VIC Lab Setup

Part 3 – Deploy VIC Appliance

Part 4 – Obtain vCenter Certificate Thumbprint

Part 5 – Install Client Plugins on VCSA for VIC

Part 6 – Opening Ports on ESXi Hosts

Part 7 – Deploy VCH to vCenter ServerPart 8 – Docker Commands with VIC

Part 8 – Docker Commands with VIC