Tuesday, 13 March 2012

Setting up vCenter Server Appliance (vCSA) - Using multiple VLANs

A few weeks ago I attended a VMware training course, VMware vSphere: Install, Configure, Manage [V5.0], and one of the things we learned about was, the vCenter Server Appliance, which is a virtual machine that runs vCenter. The main advantage of this pre-configured virtual machine is that it runs Suse Enterprise Linux and thus it does not require you to give your hard earned cash to Microsoft, just VMware.

At any rate, the appliance, which can be download here, can be configured through a web interface, however the web interface is very limiting, almost useless for production use of the vCSA. You can only configure a single IPv4 address, you don't believe me:
There is nothing preventing you from adding an extra IPv4 address to the single NIC the appliance comes with or from adding a second NIC to the appliance and giving it a new IP address, but you will not be able to configure it from the web interface, which is a bit daft.

Our environment networks are segmented into various VLANs, so that all the VMware hosts are on the same VLAN, which is separate from the VM Network, I guess this could be called the production network, which is where all the guests are. This is also where the active directory domain controllers are, as they are virtualized, which presents a little bit of a problem when trying to set up the vCSA to authenticate with AD.

In our setup, we run vMotion traffic on VLAN 12, Management Network on VLAN 11 and VM Network or production on VLAN 10. The thing is you cannot run any virtual machine on the Management Network, because it is of VMKernel type, which means that we have to create a new connection type for the vCSA on VLAN 11.

This is what you need to do to add a new connection type:
  1. Select your host
  2. Select Configuration tab
  3. Select Networking
  4. Click Add Networking
  5. Accept the default of Virtual Machine and Click Next
  6. Choose whether you want to use a new vswitch or not and click next.
  7. Give the network a meaning label and select the VLAN tag and click next.
  8. Click Finish
In my case, I created a connection type called Virtual Appliance with VLAN 11 so that the vCSA could communicate with the ESXi hosts and modified VM Network (PROD) so that it had a VLAN ID of 10 so that it can communicate with the rest of the guests.

I finally created a VMKernel connection on VLAN 12 to enable vMotion traffic. In order to do this, you can use the above instructions but on step 5, change the connection type to VMKernel.

This is the result:

The vCSA can now be imported from the template downloaded from the VMware site. Please make sure that you also download the disks and place them in the same directory as the template file. In order to import the template, simply click File | Deploy OVF Template and follow the wizard.

When the vCSA finished importing, I made a few changes to it:
  1. Reduced RAM to 4 GB. This instance is only managing 2 hosts.
  2. Set the network connection for NIC 1 to Virtual Appliance, i.e. VLAN 11.
  3. Add a second NIC and set its network connection to VM Network (PROD), i.e. VLAN 10.

The Virtual Appliance NIC can now be configured from the console interface but the VM Network (PROD) will need to be configured directly in Suse. Remember that the password for the root account is vmware.

To configure the Virtual Appliance, from the guest console, simply select Configure Network and follow the wizard. (Note that I took the screenshot after I configured the first NIC). I think you get before you configure it.

In our case we have a DHCP server on the VM Network (PROD), so configuration for the VM Network (PROD) is simple. Create this file /etc/sysconfig/networking/devices/ifcfg-eth1 and add this:
However, in order for this to work a symbolic link needs to be created in /etc/sysconfig/network/ and  network service should be restarted (only eth1 needs to be brought up but since the box is idle) You could simply create the config file in /etc/sysconfig/network, but I thought I'd keep it consistent:
ln -s /etc/sysconfig/networking/devices/ifcfg-eth1 /etc/sysconfig/network/ifcfg-eth1; service network restart
You should now have a vCSA with two NICs with different VLANs, which means that you can configure AD authentication (In essence, change hostname, join domain, restart.):
  1. hostname -v vCSA
  2. domainjoin-cli join dev.org domainadmin 
  3. init 6
Note that before you can login to vcenter using AD credentials you need to add permissions to AD users in vcenter by logging in with the root account first.

1 comment:

  1. I believe you "manyrootsofallevilrants", but if you just:
    1. add the virtual interfaces for the VLANs you need (you showed them in snapshots 2 and 3)
    2. log in the console as root and run yast2 -> Network Devices -> Network Settings and add/edit the NICs as eth0, eth1, eth2 and so on.
    3. after reboot you'll find all of them under the "Address" web-page, shown in the 1st snapshot (let's named it "You can only configure a single IPv4 address..." ;)
    4. and now you can set them with any IPv4 or IPv6 address you need, directly from the web browser (just don't forget to save at the end)
    5. now you can finalize the procedure...