I’ve been toying with automated and scripted deployments of vCSAs and ESXi recently so thought I’d do a quick run through deploying an additional embedded vCSA in Enhanced Linked Mode via CLI. This topology is valid in 6.5U2 and above.
CLI deployment starts at the same place as with a GUI install. Download the vCSA ISO of your choice from My VMware.
Mount the ISO and browse to the following folder
(Drive letter):\vcsa-cli-installer\templates\install
I’m adding an embedded vCSA in Enhanced Linked Mode with vCenter as the deployment target. This means that I have an existing vSphere SSO domain and that the PSC and vCSA are bundled in a single appliance. To do this I’ll be using the embedded_vCSA_replication_on_VC.json template. Copy this to your local file system for editing.
The template should look as follows
{ "__version": "2.13.0", "__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller as a replication partner to another embedded vCenter Server Appliance, on a vCenter Server instance.", "new_vcsa": { "vc": { "__comments": [ "'datacenter' must end with a datacenter name, and only with a datacenter name. ", "'target' must end with an ESXi hostname, a cluster name, or a resource pool name. ", "The item 'Resources' must precede the resource pool name. ", "All names are case-sensitive. ", "For details and examples, refer to template help, i.e. vcsa-deploy {install|upgrade|migrate} --template-help" ], "hostname": "<FQDN or IP address of the vCenter Server instance>", "username": "<The user name of a user with administrative privileges or the Single Sign-On administrator on vCenter.>", "password": "<The password of a user with administrative privileges or the Single Sign-On administrator on vCenter. If left blank, or omitted, you will be prompted to enter it at the command console during template verification.>", "deployment_network": "VM Network", "datacenter": [ "Folder 1 (parent of Folder 2)", "Folder 2 (parent of Your Datacenter)", "Your Datacenter" ], "datastore": "<A specific datastore accessible to the ESXi host or DRS cluster in the 'target' path.>", "target": [ "Folder A (parent of Folder B)", "Folder B (parent of Your ESXi Host, or Cluster)", "Your ESXi Host, or Cluster" ] }, "appliance": { "__comments": [ "You must provide the 'deployment_option' key with a value, which will affect the VCSA's configuration parameters, such as the VCSA's number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deployment-sizes" ], "thin_disk_mode": true, "deployment_option": "small", "name": "Embedded-vCenter-Server-Appliance" }, "network": { "ip_family": "ipv4", "mode": "static", "ip": "<Static IP address. Remove this if using dhcp.>", "dns_servers": [ "<DNS Server IP Address. Remove this if using dhcp.>" ], "prefix": "<Network prefix length. Use only when the mode is 'static'. Remove if the mode is 'dhcp'. This is the number of bits set in the subnet mask; for instance, if the subnet mask is 255.255.255.0, there are 24 bits in the binary version of the subnet mask, so the prefix length is 24. If used, the values must be in the inclusive range of 0 to 32 for IPv4 and 0 to 128 for IPv6.>", "gateway": "<Gateway IP address. Remove this if using dhcp.>", "system_name": "<FQDN or IP address for the appliance. Remove this if using dhcp.>" }, "os": { "password": "<Appliance root password; refer to --template-help for password policy. If left blank, or omitted, you will be prompted to enter it at the command console during template verification.>", "ntp_servers": "time.nist.gov", "ssh_enable": false }, "sso": { "password": "<vCenter Single Sign-On administrator password; refer to --template-help for password policy. If left blank, or omitted, you will be prompted to enter it at the command console during template verification.>", "domain_name": "vsphere.local", "first_instance": false, "replication_partner_hostname": "<Host name of the replication partner>", "sso_port": 443 } }, "ceip": { "description": { "__comments": [ "++++VMware Customer Experience Improvement Program (CEIP)++++", "VMware's Customer Experience Improvement Program (CEIP) ", "provides VMware with information that enables VMware to ", "improve its products and services, to fix problems, ", "and to advise you on how best to deploy and use our ", "products. As part of CEIP, VMware collects technical ", "information about your organization's use of VMware ", "products and services on a regular basis in association ", "with your organization's VMware license key(s). This ", "information does not personally identify any individual. ", "", "Additional information regarding the data collected ", "through CEIP and the purposes for which it is used by ", "VMware is set forth in the Trust & Assurance Center at ", "http://www.vmware.com/trustvmware/ceip.html . If you ", "prefer not to participate in VMware's CEIP for this ", "product, you should disable CEIP by setting ", "'ceip_enabled': false. You may join or leave VMware's ", "CEIP for this product at any time. Please confirm your ", "acknowledgement by passing in the parameter ", "--acknowledge-ceip in the command line.", "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++" ] }, "settings": { "ceip_enabled": true } } }
Most of this should be self explanatory, but there are a few gotchas. When specifying a resource pool as a target, the format should be “ClusterName”, “Resources”, “ResourcePoolName”. Resources should be entered as a literal string. The second issue I had was that datastore clusters cannot be entered as a target. If anyone finds a way around this, I’d love to know about it.
I chose to leave passwords blank in my configuration file, which translates to a not-quite-so-automated installation; but I’m not here to tell you about your security requirements.
You should end up with a configuration file that looks something like this
{ "__version": "2.13.0", "__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller as a replication partner to another embedded vCenter Server Appliance, on a vCenter Server instance.", "new_vcsa": { "vc": { "__comments": [ "'datacenter' must end with a datacenter name, and only with a datacenter name. ", "'target' must end with an ESXi hostname, a cluster name, or a resource pool name. ", "The item 'Resources' must precede the resource pool name. ", "All names are case-sensitive. ", "For details and examples, refer to template help, i.e. vcsa-deploy {install|upgrade|migrate} --template-help" ], "hostname": "vcsa01.contoso.lab", "username": "[email protected]", "password": "", "deployment_network": "vxw-dvs-287-virtualwire-22-sid-5001-LS02-Nested-Lab", "datacenter": [ "DC01" ], "datastore": "LUN02_D10_R10", "target": [ "PROD01", "Resources", "Nested_Lab" ], "vm_folder": [ "Nested-Lab", "vc" ] }, "appliance": { "__comments": [ "You must provide the 'deployment_option' key with a value, which will affect the VCSA's configuration parameters, such as the VCSA's number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deployment-sizes" ], "thin_disk_mode": true, "deployment_option": "tiny", "name": "nest-vc02" }, "network": { "ip_family": "ipv4", "mode": "static", "ip": "10.0.61.3", "dns_servers": [ "10.0.61.1" ], "prefix": "24", "gateway": "10.0.61.254", "system_name": "10.0.61.3" }, "os": { "password": "", "ntp_servers": "uk.pool.ntp.org", "ssh_enable": false }, "sso": { "password": "", "domain_name": "vsphere.local", "first_instance": false, "replication_partner_hostname": "10.0.61.2", "sso_port": 443 } }, "ceip": { "description": { "__comments": [ "++++VMware Customer Experience Improvement Program (CEIP)++++", "VMware's Customer Experience Improvement Program (CEIP) ", "provides VMware with information that enables VMware to ", "improve its products and services, to fix problems, ", "and to advise you on how best to deploy and use our ", "products. As part of CEIP, VMware collects technical ", "information about your organization's use of VMware ", "products and services on a regular basis in association ", "with your organization's VMware license key(s). This ", "information does not personally identify any individual. ", "", "Additional information regarding the data collected ", "through CEIP and the purposes for which it is used by ", "VMware is set forth in the Trust & Assurance Center at ", "http://www.vmware.com/trustvmware/ceip.html . If you ", "prefer not to participate in VMware's CEIP for this ", "product, you should disable CEIP by setting ", "'ceip_enabled': false. You may join or leave VMware's ", "CEIP for this product at any time. Please confirm your ", "acknowledgement by passing in the parameter ", "--acknowledge-ceip in the command line.", "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++" ] }, "settings": { "ceip_enabled": false } } }
I’m setting the –no-ssl-certificate-verification flag as I’m deploying to a target with a self signed SSL cert. Your mileage may vary.
We can verify our template is valid without installing like so
d:\vcsa-cli-installer\win32\vcsa-deploy.exe install --accept-eula --no-ssl-certificate-verification --verify-template-only c:\vcsa-cli\templates\embedded_vCSA_replication_on_VC.json
Next up we need to run the installer which looks as follows
d:\vcsa-cli-installer\win32\vcsa-deploy.exe install --accept-eula --no-ssl-certificate-verification c:\vcsa-cli\templates\embedded_vCSA_replication_on_VC.json
If you didn’t add passwords to the configuration.json file above, you’ll be prompted to enter them now
If you run into problems you may also get help like so
d:\vcsa-cli-installer\win32\vcsa-deploy.exe install --template-help
The command prompt will be updated as installation progresses. Once complete, the new vCenter should be visible in the web client under Linked vCenter Server Systems.