VMware vCloud Director vCloud Director Install
In Part 3 of the vCloud Director Lab series we now look at installing the first vCloud Director cell.
My vCloud Director Cell 1, is a virtual machine with the following specs:
- Hostname: vcloud6director1.vmlab.local
- O.S: CentOS 6.5 (64-bit)
- CPU: 2 vCPU
- RAM: 4GB
- HDD: 40GB
- IP: 192.168.1.170/24 (Used for HTTP)
- IP: 192.168.1.171/24 (Used for Proxy Console)
- IP: 192.168.2.170/24 (Used for NFS Storage)
Before we even look at installing vCloud Director, we will need to prepare the operating system with a few pre-requisites.
The following add-ons need to be installed:
# yum install alsa-lib bash chkconfig coreutils findutils glibc grep initscripts krb5-libs libgcc libICE libSM libstdc libX11 libXau libXdmcp libXext libXi libXt libXtst module-init-tools net-tools pciutils procps redhat-lsb sed tar which
Once all these modules have been installed, you can then run # yum update to install all the latest operating system updates
When setting up multiple vCloud Director Cells, we are going to need to setup a vCloud Director Transfer Server Storage NFS volume. In my home lab I use a Synology NAS which includes NFS, however if you don’t have a NAS within your lab, you can utilize something like FreeNAS for NFS storage. Within my Synology I have created a volume called vcloud6-transfer-storage and have allowed full NFS access for the IP address 192.168.2.170 (the vCloud Director NFS Storage IP). If you are not planning on setting up multiple vCloud Director Cells you can skip this step as the server will use it’s local disk for transfer server storage.
vCloud Director relies on SSL certificates. In this lab we are going to concentrate on creating a CSR, submitting the request to a CA, and installing the certificate. I will also write the option down to quickly generate a self-signed certificate. Within this lab I will be utilizing the Microsoft Certificate Authority which is installed on my Windows 2012 Active Directory Server called vmad1.vmlab.local – 192.168.1.101
Lastly we need to have forward and reverse DNS entries for our vCloud Director HTTP and ConsoleProxy service. I have added the following host entries into my Active Directory DNS server:
192.168.1.170 – vcloud6director1.vmlab.local (forward and PTR record)
192.168.1.171 – vcloud6director1proxy.vmlab.local (forward and PTR record)
Before starting on the steps below, we are going to be working with 2 SSH windows connected to the vCloud Director Server. One will be running the installation and the second we will be doing side steps. I will refer to these two windows as SSH window 1 and SSH window 2.
Installing VMware vCloud Director
1. Before we can begin the installation we need to SCP (use WinSCP) the vCloud Director image from your PC up to the server, I placed my image in the /TMP directory.
Once the image has been uploaded we will need to give the image eXecute permissions and we can do this by typing:
# chmod +x vmware-vcloud-director-8.0.0-3017494.bin
Now that the image has execute permissions applied we can launch it by typing:
We will change the directory to /opt/vmware/vcloud-director/data/transfer (This is going to be the mount point for our NFS storage)
# cd /opt/vmware/vcloud-director/data/transfer
My mount point for the transfer storage NFS volume is /volume1/vcloud6-transfer-storage. To mount it to this server type:
# mount -t nfs 192.168.2.5:/volume1/vcloud6-transfer-storage /opt/vmware/vcloud-director/data/transfer
I want this mount point to be available each time the server reboots, to do this we need to modify the /etc/fstab file
# vi /etc/fstab
192.168.2.170:/volume1/vcloud6-transfer-storage /opt/vmware/vcloud-director/data/transfer nfs rw 0 0
Press the ESC key to exit from insert mode. If you have made a mistake anywhere you can either move the cursor to the where the mistake is and press x This will delete 1 character at a time.
To save the changes we type :wq! (This will write and then quite). If you wish to exit without saving changes you can type :q!
Next go ahead and change the permissions for /opt/vmware/vcloud-director/data/transfer directory by following this article
5. Let’s return to SSH window 1 and continue with the installation. Press y to run the script. Select your HTTP and console proxy IP address. Stop when the prompt to enter private keys: appear
a. Self Signed
# /opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass password -genkey -keyalg RSA -alias http (replace password with the password you wish to use). Enter in all your information, Organization, State, Country, etc
# /opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass password -genkey -keyalg RSA -alias consoleproxy (replace password with the password you wish to use). Enter in all your information, Organization, State, Country, etc
You certificates file will be located at this path /opt/vmware/vcloud-director/jre/bin/keytool/certificates.ks
b. Generating a CSR and submitting the request to a Certificate Authority
# cd /opt/vmware/vcloud-director/jre/bin
# ./keytool -keystore certificates.ks -storetype JCEKS -storepass storecertpass -genkey -keyalg RSA -keysize 2048 -alias http (replace storecertpass with a password you wish to use). Fill in all the information.
# ./keytool -keystore certificates.ks -storetype JCEKS -storepass storecertpass -genkey -keyalg RSA -keysize 2048 -alias consoleproxy (replace storecertpass with a password you wish to use). Fill in all the information
# ./keytool -keystore /opt/vmware/vcloud-director/jre/bin/certificates.ks -storetype JCEKS -storepass storecertpass -certreq -alias http -file http.csr -keysize 2048 -validity 1095 (Feel free to change the validity, which is in days, also be sure to use the storepass you selected in step 6)
# ./keytool -keystore /opt/vmware/vcloud-director/jre/bin/certificates.ks -storetype JCEKS -storepass storecertpass -certreq -alias consoleproxy -file consoleproxy.csr -keysize 2048 -validity 1095 (Feel free to change the validity, which is in days, also be sure to use the storepass you selected in step 6)
This will bring me to the Certificate Services web page, where I will click on Request a certificate
Use WinSCP to upload the root.cer file to the vCloud Director server, I placed my into the same location as the http.cer and consoleproxy.cer, /opt/vmware/vcloud-director/jre/bin
Once the file is uploaded we will return to SSH window 2 and install the root certificate by typing:
# ./keytool -alias root -storetype JCEKS -storepass storecertpass -keystore certificates.ks -importcert -file root.cer (replace the storepass with your password)
# ./keytool -storetype JCEKS -storepass storecertpass -keystore certificates.ks -importcert -alias http -file http.cer (replace the storepass with your password)
# ./keytool -storetype JCEKS -storepass storecertpass -keystore certificates.ks -importcert -alias consoleproxy -file consoleproxy.cer (replace the storepass with your password)
We can now verify we have all the certificates installed correctly by querying the certificates.ks file:
# ./keytool -storetype JCEKS -storepass storecertpass -keystore certificates.ks -list (replace the storepass with your password)
You should see a similar screen shot to the one below:
private keys: /opt/vmware/vcloud-director/jre/bin/certificates.ks
# iptables -A INPUT -p tcp -m tcp – -dport 80 -j ACCEPT (Allows port 80)
# iptables -A INPUT -p tcp -m tcp – -dport 443 -j ACCEPT (Allows port 443)
# iptables-save (Saves the configuration)
# service iptables restart (Restarts the service)
NOTE: if your rules don’t sit exactly where you like, i.e. if the allow rule for HTTPS is below a deny rule please follow these instructions:
# iptables-save > /tmp/iptables.log
# vi /tmp/iptables.log (Change the rules to the order you like)
# iptables-restore < /tmp/iptables.log
# service iptables save
# service iptables restart (Restarts the service)
All the tutorials included on this site are performed in a lab environment to simulate a real world production scenario. As everything is done to provide the most accurate steps to date, we take no responsibility if you implement any of these steps in a production environment.