In the second part of the Cloud Director tidbits series, I dive into the deployment of the VCD appliance using OVFtool. In hindsight I should have used it much sooner, since deploying the VCD OVA using the vSphere Client wizard is quite a hassle.
Part one: Changing the sitename
It took me a couple of tries to get the deployment right. At first I had some issues getting OVFtool to login into vCenter properly. Secondly the root password expiration parameter has an issue that fails the VCD appliance initial configuration script.
You can download OVFtool and view the documentation from the VMware Code website. At the time of writing v4.4.1 is the latest version. To ease the usage of the tool, don’t forget to put the installation path to the search path in your OS.
- Post updated for Cloud Director 10.2 which requires additional OVF parameter.
- Modified escape character from “‘” to “\” to make it compatible with ovftool on MacOS.
The VCD documentation site has an OVFtool deploy section and does a good job explaining the possible installation parameters. The documentation contains example scripts which I based mine upon. The actual parameters I used to deploy the first (primary) VCD appliance can be seen below. When deploying additional standby appliances, not all parameters are needed, more to that later.
In preparation to the actual deployment, take into account:
- Be sure to deploy all of the cells initially with the same size. All “small” or all “large”. If needed, change the size after all deployments are performed.
- Use the same initial root password for all cells during installation. This is needed because the initial root password becomes the SSL keystore password. After the initial deployment finishes you can change the appliance root password safely.
- Eth0 is the external facing interface and eth1 is the internal facing interface.
- Since VCD 10.2 the additional parameter “–X:enableHiddenProperties” is required. Else the deployment fails with:
Error: Property vcloudapp.nfs_mount.VMware_vCloud_Director is not user configurable
ovftool.exe \ --noSSLVerify \ --acceptAllEulas \ --X:enableHiddenProperties \ --datastore='<vcenter-datastore-name>' \ --allowAllExtraConfig \ --net:"eth0 Network"="<External - Internet / DMZ Portgroup>" \ --net:"eth1 Network"="<Internal - Backend Portgroup" \ --name=<vcenter VM inventory name> \ --diskMode=thin \ --prop:"vami.ip0.VMware_vCloud_Director"="<external-ip>" \ --prop:"vami.ip1.VMware_vCloud_Director"="<internal-ip>" \ --prop:"vami.DNS.VMware_vCloud_Director"="<DNS Server IP" \ --prop:"vami.domain.VMware_vCloud_Director"="Cell FQDN" \ --prop:"vami.gateway.VMware_vCloud_Director"="Default GW" \ --prop:"vami.netmask0.VMware_vCloud_Director"="External netmask" \ --prop:"vami.netmask1.VMware_vCloud_Director"="Internal netmask" \ --prop:"vami.searchpath.VMware_vCloud_Director"="<domain search path>" \ --prop:"vcloudapp.ceip_enabled.VMware_vCloud_Director"="True" \ --prop:"vcloudapp.enable_ssh.VMware_vCloud_Director"="True" \ --prop:"vcloudapp.expire_root_password.VMware_vCloud_Director"="False" \ --prop:"vcloudapp.nfs_mount.VMware_vCloud_Director"="<NFS IP>:<NFS mount path>" \ --prop:"vcloudapp.ntp-server.VMware_vCloud_Director"="NTP Server" \ --prop:"vcloudapp.varoot-password.VMware_vCloud_Director"="<password1>" \ --prop:"vcloudconf.db_pwd.VMware_vCloud_Director"="<password2>" \ --prop:"vcloudconf.admin_email.VMware_vCloud_Director"="<VCD Admin email>" \ --prop:"vcloudconf.admin_fname.VMware_vCloud_Director"="<VCD Admin fullname>" \ --prop:"vcloudconf.admin_pwd.VMware_vCloud_Director"="<password3>" \ --prop:"vcloudconf.admin_uname.VMware_vCloud_Director"="administrator" \ --prop:"vcloudconf.inst_id.VMware_vCloud_Director"="<vcd-instance-id>" \ --prop:"vcloudconf.sys_name.VMware_vCloud_Director"="<vcd-system-name>" \ --prop:"vcloudnet.routes1.VMware_vCloud_Director"="<eth1 Gateway IP> <eth1 CIDR>" \ --deploymentOption="<deploy-type>" \ --powerOn "C:\Users\SomeUser\Downloads\VMware_Cloud_Director-10.1.0.4837-15967253_OVF10.ova" \ 'vi://<vc-username>@<vc-sso-domain-name>:<vc-user-password>@<vc-fqdn-or-ip>/<vc-dc-name>/host/<vc-cluster>'
Using OVFtool the actual deploy looks like:
The IP related settings like ip0, netmask0 and routes0 correspond to the eth0, while ip1, netmask1 and routes1 relate to eth1.
In my case the default gateway points to the (internet facing) external router, so no additional static routes (routes0) are needed on eth0. I added a static route to the eth1 interface to reach my internal routed network.
Root password expiration
During one of my the first attempts using OVFtool, the deploy itself was okay, but the appliance initial configuration failed. By looking in the
/opt/vmware/var/log/firstboot file it seems a sudo command could not be performed because the root password is expired.
After changing the OVFtool parameter which controls root password expiry to False, the appliance initial configuration succeeded.
As a workaround, change the root password after the initial deployment done.
Additional standby appliances
When deploying additional the standby appliances, the parameters below are not needed during OVFtool deployment:
--prop:"vcloudconf.db_pwd.VMware_vCloud_Director" --prop:"vcloudconf.admin_email.VMware_vCloud_Director" --prop:"vcloudconf.admin_fname.VMware_vCloud_Director" --prop:"vcloudconf.admin_pwd.VMware_vCloud_Director" --prop:"vcloudconf.admin_uname.VMware_vCloud_Director" --prop:"vcloudconf.inst_id.VMware_vCloud_Director"
In the official documentation the vCenter login example is.
To change it into a working vCenter login, change the following:
1: When logging into vCenter, you normally would use a username like: user@sso-domain. Change
vc_user_name to something like
email@example.com. When performing the actual deployment it displays the “@” as “%40”. Using “%40” in your script instead of “@” also works just fine.
2: When the password starts with a special character (like in my case), put quotes around it. Change
Do not change the
/host/ part in the vCenter login example. Putting it all together, an example vCenter login could look something like this:
Now the deployment of any OVA is a breeze by using OVF Tool and can recommend the usage to anyone. The tool is available for Windows, Linux, Mac OS’es and since the latest version also ARM based devices.
With the information in this post you should be able to start deploying the VCD appliance in minutes now.
Deploying the VMware Cloud Director Appliance by Using VMware OVF Tool
OVF Tool documentation and download
Ryan · May 15, 2020 at 03:16
Hi Daniël, I’m an engineer working on the VMware Cloud Director appliance. I’m glad you were able to get up-and-running via ovftool. I’m curious if you have thoughts on what we can do to improve this experience or adjust in the guides.
Also, sorry you hit the “Expire Root Password” issue. It’s documented in the Known Issues section of the 10.1 release notes, but still very annoying: https://docs.vmware.com/en/VMware-Cloud-Director/10.1/rn/VMware-Cloud-Director-101-Release-Notes.html
Thanks for writing up your experiences with our product!
Daniël Zuthof · May 17, 2020 at 22:40
Thanks for your reply to this post. I will give it some thoughts and get back to you if I see some improvements possible.
About the expired root password issue, it’s good to know that it is in the known issues section of the release notes. I must say I did not read those and upgraded my homelab on day 1 after the release 😆.