vCloud Director Installation and Upgrade Guide vCloud Director 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
vCloud Director Installation and Upgrade Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2010–2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents VMware vCloud Director Installation and Upgrade Guide 5 1 Overview of vCloud Director Installation, Configuration, and Upgrade 7 vCloud Director Architecture 7 Configuration Planning 8 vCloud Director Hardware and Software Requirements 9 2 Creating a vCloud Director Server Group 23 Install and Configure vCloud Director Software on Any Member of a Server Group 24 Configure Network and Database Connections 25 Start or Stop vCloud Director Services 29 Install vCloud Director Software on Additional
vCloud Director Installation and Upgrade Guide 4 VMware, Inc.
VMware vCloud Director Installation and Upgrade Guide The VMware vCloud Director Installation and Upgrade Guide provides information about installing or upgrading VMware vCloud Director software and configuring it to work with VMware vCenter™ to provide VMware® ready VMware vCloud services. Intended Audience The VMware vCloud Director Installation and Upgrade Guide is intended for anyone who wants to install or upgrade VMware vCloud Director software.
vCloud Director Installation and Upgrade Guide 6 VMware, Inc.
Overview of vCloud Director Installation, Configuration, and Upgrade 1 ® A VMware vCloud combines a vCloud Director server group with the vSphere platform. You create a vCloud Director server group by installing vCloud Director software on one or more servers, connecting the servers to a shared database, and integrating the vCloud Director server group with vSphere. The initial configuration of vCloud Director, including database and network connection details, is established during installation.
vCloud Director Installation and Upgrade Guide Figure 1-1.
Chapter 1 Overview of vCloud Director Installation, Configuration, and Upgrade vCloud Director Hardware and Software Requirements Each server in a vCloud Director server group must meet certain hardware and software requirements. In addition, a supported database must be accessible to all members of the group. Each server group requires access to a vCenter server, a vShield Manager server, and one or more ESX/ESXi hosts.
vCloud Director Installation and Upgrade Guide Table 1-1. Supported vCloud Director Server Operating Systems (Continued) Operating System Red Hat Enterprise Linux 6 (64 bit), Update 1 Red Hat Enterprise Linux 6 (64 bit), Update 2 Disk Space Requirements Each vCloud Director server requires approximately 950MB of free space for the installation and log files. Memory Requirements Each vCloud Director server must be provisioned with at least 1GB of memory. 2GB is recommended.
Chapter 1 Overview of vCloud Director Installation, Configuration, and Upgrade Guest OS Support See the vCloud Director User's Guide for a list of supported guest operating systems. Browsers That vCloud Director Supports The vCloud Director Web Console is compatible with many versions of the Firefox and Internet Explorer Web browsers. NOTE The vCloud Director Web Console is compatible only with 32-bit browsers.
vCloud Director Installation and Upgrade Guide Supported Versions of Java vCloud Director clients must have JRE 1.6.0 update 10 or later installed and enabled. Only the 32-bit version is supported. Supported TLS and SSL Protocol Versions and Cipher Suites vCloud Director requires clients to use SSL. Supported versions include SSL 3.0 and TLS 1.0. Supported cipher suites include those with RSA, DSS, or Elliptic Curve signatures and DES3, AES-128, or AES-256 ciphers.
Chapter 1 Overview of vCloud Director Installation, Configuration, and Upgrade Network Security Recommendations Secure operation of vCloud Director requires a secure network environment. Configure and test this network environment before you begin installing vCloud Director Connect all vCloud Director servers to a network that is secured and monitored. vCloud Director network connections have several additional requirements: n Do not connect vCloud Director directly to the public Internet.
vCloud Director Installation and Upgrade Guide Installing and Configuring a vCloud Director Database vCloud Director cells use a database to store shared information. This database must exist before you can complete installation and configuration of vCloud Director software. NOTE Regardless of the database software you choose, you must create a separate, dedicated database schema for vCloud Director to use. vCloud Director cannot share a database schema with any other VMware product.
Chapter 1 Overview of vCloud Director Installation, Configuration, and Upgrade 5 Create the vCloud Director database user account. Do not use the Oracle system account as the vCloud Director database user account. You must create a dedicated user account for this purpose.
vCloud Director Installation and Upgrade Guide 3 Create the database instance. The following script creates the database and log files, specifying the proper collation sequence. USE [master] GO CREATE DATABASE [vcloud] ON PRIMARY (NAME = N'vcloud', FILENAME = N'C:\vcloud.mdf', SIZE = 100MB, FILEGROWTH = 10% ) LOG ON (NAME = N'vcdb_log', FILENAME = N'C:\vcloud.ldf', SIZE = 1MB, FILEGROWTH = 10%) COLLATE Latin1_General_CS_AS GO The values shown for SIZE are suggestions. You might need to use larger values.
Chapter 1 Overview of vCloud Director Installation, Configuration, and Upgrade Procedure 1 List the IP addresses for this server. Use a command like ifconfig to discover this server's IP addresses. 2 For each IP address, run the following command to retrieve the fully qualified domain name to which the IP address is bound.
vCloud Director Installation and Upgrade Guide 3 For the remaining questions, provide answers appropriate for your organization and location, as shown in this example. What is your first and last name? [Unknown]:mycloud.example.
Chapter 1 Overview of vCloud Director Installation, Configuration, and Upgrade c Import the certificate for the HTTP service. This command imports the certificate from the http.cer file to the certificates.ks keystore file. keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import -alias http -file http.cer d Import the certificate for the console proxy service. This command imports the certificate from the consoleproxy.cer file to the certificates.ks keystore file.
vCloud Director Installation and Upgrade Guide Procedure 1 Create an untrusted certificate for the HTTP service. This command creates an untrusted certificate in a keystore file named certificates.ks. keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey -keyalg RSA alias http 2 Create an untrusted certificate for the console proxy service. This command adds an untrusted certificate to the keystore file created in Step 1. keytool -keystore certificates.
Chapter 1 Overview of vCloud Director Installation, Configuration, and Upgrade 8 At the manager# prompt, type setup to begin the setup procedure. 9 Enter the IP address, subnet mask, and default gateway for the vShield Manager virtual machine. You need this information to attach a vCenter Server to Cloud Director. 10 Type exit to log out. 11 Close the console and leave the virtual machine running.
vCloud Director Installation and Upgrade Guide Download and Install the VMware Public Key The installation file is digitally signed. To verify the signature, you must download and install the VMware public key. You can use the Linux rpm tool and the VMware public key to verify the digital signature of the vCloud Director installation file, or any other signed downloaded file from vmware.com.
Creating a vCloud Director Server Group 2 A vCloud Director server group consists of one or more vCloud Director servers. Each server in the group runs a collection of services called a vCloud Director cell. To create a server group, you install vCloud Director software on each server, configure its network and database connections, and start its vCloud Director services. Prerequisites for Creating a vCloud Director Server Group IMPORTANT This procedure is for new installations only.
vCloud Director Installation and Upgrade Guide n Verify that the database service starts when the database server is rebooted. 5 Verify that all vCloud Director servers, the database server, and all vCenter and vShield Manager servers can resolve each other's names as described in “Summary of Network Configuration Requirements,” on page 12.
Chapter 2 Creating a vCloud Director Server Group 3 Verify that the checksum of the download matches the one posted on the download page. Values for both MD5 and SHA1 checksums are posted on the download page. Use the appropriate tool to verify that the checksum of the downloaded installation file matches the one shown on the download page. A Linux command of the following form validates the checksum for installation-file using the MD5 checksum-value copied from the download page.
vCloud Director Installation and Upgrade Guide Prerequisites n Verify that a database of a supported type is accessible from the vCloud Director server. See “Installing and Configuring a vCloud Director Database,” on page 14 and “vCloud Director Hardware and Software Requirements,” on page 9. n Have the following information available: n Location and password of the keystore file that includes the SSL certificates for this server. See “Create and Import a Signed SSL Certificate,” on page 17.
Chapter 2 Creating a vCloud Director Server Group 4 Configure audit message handling options. Services in each vCloud Director cell log audit messages to the vCloud Director database, where they are preserved for 90 days. To preserve audit messages longer, you can configure vCloud Director services to send audit messages to the syslog utility in addition to the vCloud Director database. Option Action To log audit messages to both syslog and the vCloud Director database.
vCloud Director Installation and Upgrade Guide The script validates the information you supplied, then continues with three more steps. 1 It initializes the database and connects this server to it. 2 It offers to start vCloud Director services on this host. 3 It displays a URL at which you can connect to the Setup wizard after vCloud Director service starts. This fragment shows a typical completion of the script. Connecting to the database: jdbc:oracle:thin:vcloud/vcloud@10.150.10.78:1521/vcloud ....
Chapter 2 Creating a vCloud Director Server Group 2 Reuse the response file. Copy the file to a location accessible to the servers you are ready to configure. The file must be owned by vcloud.vcloud and have read and write permission for the owner, as shown in this example, or the configuration script cannot use it. % ls -l responses.properties -rw------- 1 vcloud vcloud 418 Jun 8 13:42 responses.
vCloud Director Installation and Upgrade Guide 2 Download the installation file to the target server. If you purchased the software on a CD or other media, copy the installation file to a location that is accessible to all target servers. 3 Ensure that the installation file is executable. The installation file requires execute permission.
Chapter 2 Creating a vCloud Director Server Group Guest OS Copy Destination Windows XP (32-bit) SysprepBinariesDirectory /winxp Windows XP (64-bit) SysprepBinariesDirectory /winxp_64 SysprepBinariesDirectory represents a location you choose to which to copy the binaries. 2 Run the /opt/vmware/vcloud-director/deploymentPackageCreator/createSysprepPackage.sh SysprepBinariesDirectory command. For example, /opt/vmware/vclouddirector/deploymentPackageCreator/createSysprepPackage.sh /root/MySysprepFiles.
vCloud Director Installation and Upgrade Guide 32 VMware, Inc.
Upgrading vCloud Director 3 To upgrade vCloud Director to a new version, install the new version on each server in the vCloud Director server group, upgrade the vCloud Director database, and restart vCloud Director services. You must also upgrade the vSphere components that support vCloud Director, including vShield Manager, vCenter, and ESX/ESXi. After you upgrade a vCloud Director server, you must also upgrade its vCloud Director database.
vCloud Director Installation and Upgrade Guide 6 Upgrade vShield Manager. All vShield Manager installations registered to this server group must be upgraded to a version of vShield Manager software that is compatible with the version of vCloud Director installed by the upgrade. If the upgrade program detects an incompatible version of vShield Manager, upgrading will not be allowed.
Chapter 3 Upgrading vCloud Director Displaying the Maintenance Message During an Upgrade If you anticipate a lengthy upgrade process and want to have the system display a maintenance message while the upgrade is underway, verify that at least one cell remains accessible while the others are being upgraded. Run the /opt/vmware/vcloud-director/bin/vmware-vcd-cell command on that cell to turn on the cell maintenance message. [root@cell1 /opt/vmware/vcloud-director/bin]# .
vCloud Director Installation and Upgrade Guide 2 Use the cell management tool to gracefully shut down the cell. a Retrieve the current job status. The following cell-management-tool command supplies system administrator credentials and returns the count of running jobs. [root@cell1 /opt/vmware/vclouddirector/bin]# ./cell-management-tool -u administrator -p Pa55w0rd cell --status Job count = 3 Is Active = true b Stop the task scheduler to quiesce the cell.
Chapter 3 Upgrading vCloud Director required For command specific help: cell-management-tool [...] -h n Commands for Managing a Cell on page 37 Use the cell command of the cell management tool to suspend the task scheduler so that new tasks cannot be started, to check the status of active tasks, and to shut down the cell gracefully. n Commands for Exporting Database Tables on page 38 Use the dbextract command of the cell management tool to export data from the vCloud Director database.
vCloud Director Installation and Upgrade Guide Example: Getting Task Status The following cell-management-tool command line supplies system administrator credentials and returns the count of running jobs. When the Job count value is 0 and the Is Active value is false, you can safely shut down the cell. [root@cell1 /opt/vmware/vclouddirector/bin]# .
Chapter 3 Upgrading vCloud Director Specifying a Properties File By default, the dbextract command extracts data from the vCloud Director database using the database connection information in the current cell's $VCLOUD_HOME/etc/global.properties file. To extract data from a different vCloud Director database, specify the database connection properties in a file and use the -properties option to provide the pathname to that file on the command line.
vCloud Director Installation and Upgrade Guide Limiting and Ordering Exported Rows For any table, you can specify how many rows to export and how to order the exported rows. Use the exportSettingsFile option and create a data_export_settings.ini file that specifies individual tables. This file is a UTF-8 file that contains zero or more entries of the following form: [TABLE_NAME] rowlimit=int orderby=COLUMN_NAME TABLE_NAME The name of a table in the database.
Chapter 3 Upgrading vCloud Director Table 3-3. Cell Management Tool Options and Arguments, certificates Subcommand (Continued) Option Argument Description --keystore (-s) keystore-pathname Full pathname to a JCEKS keystore containing the signed certificates. --keystore-pwd (-w) keystore-password Password for the JCEKS keystore referenced by the --keystore option.
vCloud Director Installation and Upgrade Guide Example: Creating Self-Signed Certificates Both of these examples assume a keystore at /tmp/cell.ks that has the password kspw. This keystore is created if it does not already exist. This example creates the new certificates using the defaults. The issuer name is set to CN=Unknown. The certificate uses 1024-bit encryption and expires one year after creation. [root@cell1 /opt/vmware/vclouddirector/bin]# ./cell-management-tool generate-certs -o /tmp/cell.
Chapter 3 Upgrading vCloud Director n Verify that you have superuser credentials for the target server. n If you want the installer to verify the digital signature of the installation file, download and install the VMware public key on the target server. If you have already verified the digital signature of the installation file, you do not need to verify it again during installation. See “Download and Install the VMware Public Key,” on page 22.
vCloud Director Installation and Upgrade Guide 7 Respond to the upgrade prompt. Option Action Continue the upgrade. Type y. Exit to the shell without making any changes in the current installation. Type n. After you confirm that you are ready to upgrade the server, the installer verifies that the host meets all requirements, unpacks the vCloud Director RPM package, stops vCloud Director services on the server, and upgrades the installed vCloud Director software.
Chapter 3 Upgrading vCloud Director Prerequisites IMPORTANT Back up your existing database before you upgrade it. Use the procedures that your database software vendor recommends. n Verify that no vCloud Director servers are using the database. See “Use the Cell Management Tool to Quiesce and Shut Down a Server,” on page 35 Procedure 1 Open a console, shell, or terminal window, and type the following command to run the database upgrade script.
vCloud Director Installation and Upgrade Guide Successfully applied upgrade batch: Running 2 upgrade tasks Successfully ran upgrade task Successfully ran upgrade task Applying 1 upgrade batches Executing upgrade batch: cleanup Executing SQL statements from file: NewInstall_Funcs.sql [] ...................................... Executing SQL statements from file: Upgrade_UUID_Clean.sql [] ...................................... Executing SQL statements from file: Upgrade_Clean.sql [] ...........................
Chapter 3 Upgrading vCloud Director 2 After you have upgraded vShield manager, you must upgrade all vCenter and ESX/ESXi hosts before you upgrade the vShield Edge appliances that the upgraded vShield Manager manages. Upgrade vCenter, ESX/ESXi Hosts, and vShield Edge Appliances After you have upgraded vCloud Director and vShield Manager, upgrade the vCenter servers and ESX/ESXi hosts attached to your cloud, then upgrade vShield Edge appliances on upgraded vCenter servers.
vCloud Director Installation and Upgrade Guide Changes to Upgraded Networks Because of changes in the vCloud Director networking infrastructure, existing networks and services are sometimes modified by the upgrade process. While none of these modifications affect existing network connections, post-upgrade reconfiguration might be required for some network services.
Chapter 3 Upgrading vCloud Director After an upgrade, all firewall services in Edge Gateways and vApp networks are running in compatibility mode, which preserves the operational semantics of their firewall rules. After you convert existing firewall rules to the current format, you can upgrade your networks to remove the limitations imposed by compatibility mode. See the vCloud Director Administrator's Guide for more about firewall rules. Procedure 1 Redeploy all Edge Gateways.
vCloud Director Installation and Upgrade Guide 50 VMware, Inc.
vCloud Director Setup 4 After you configure all servers in the vCloud Director server group and connect them to the database, you can initialize the server group's database with a license key, system administrator account, and related information. When this process is complete, you can use the vCloud Director Web Console to complete the initial provisioning of your cloud.
vCloud Director Installation and Upgrade Guide Review the License Agreement Before you can configure a vCloud Director server group, you must review and accept the end user license agreement. Procedure 1 Review the license agreement. 2 Accept or reject the agreement. Option Action To accept the license agreement. Click Yes, I accept the terms in the license agreement. To reject the license agreement No, I do not accept the terms in the license agreement.
Chapter 4 vCloud Director Setup 2 Use the Installation ID field to specify the installation ID for this installation of vCloud Director. If a datacenter includes multiple installations of vCloud Director, each installation must specify a unique installation ID. Ready to Log In to vCloud Director After you provide all of the information that the Setup Wizard requires, you can confirm your settings and complete the wizard.
vCloud Director Installation and Upgrade Guide 54 VMware, Inc.
Index A AMQP broker, to install and configure 21 B browsers, supported 11 overview of 7 to create 23 Installation ID, to specify 52 J Java, required JRE version 11 C cell management tool cell command 37 certificates command 40 dbextract command 38 generate-certs command 41 options 36 certificate self-signed 19 signed 17 compatibility mode, to upgrade 48 configuration, confirm settings and complete 53 D database about 14 connection details 25 Oracle 14 SQL Server 15 supported platforms 9 to upgrade 44
vCloud Director Installation and Upgrade Guide vShield Manager installing and configuring 20 supported releases 9 56 VMware, Inc.
