Part#1: Deploying an Offline Depot for VMware Cloud Foundation 9 for Lab

-

Deploying an Offline Depot for VMware Cloud Foundation 9 for Lab

Airgapped and bandwidthconstrained environments need a local source of VCF binaries and metadata. In VCF 9, the Offline Depot lets you host (install + upgrade) required binaries for the VCF Installer (bootstrap) and for postdeployment SDDC Manager/VCF Operationsusing a simple HTTP/HTTPS server and a defined directory structure.

Deployment methods in VCF9

VMware Cloud Foundation deployments rely on two methods to transfer binaries in the VCF installer one is online depot and other is offline depot.

Online depot:

It is one of the simplest methods where you configure online deport using Broadcom download token, Installer fetches VCF binaries, metadata and compatibility catalogs directly from portal which requires continuous internet access.

Offline Depot:

This is the primary method for airgapped or secure environments. VCF 9 consolidated the workflow to download and serve required components using an offline depot approach: you download release metadata and product binaries with the VCF Download Tool (VCFDT) place them into a specific PROD/ hierarchy, and expose them via an internal web server. Both the VCF Installer and SDDC Manager/VCF Ops can consume the same depot.You host a local web server containing all required VCF binaries and metadata in a directory structure under /PROD/COMP/

 Pre-requisites:

1. Download ova files from Broadcom portal.

2. A Web server is required

3. Directory structure in which files are placed to fetch the binaries by SDDC Manager.

To begin building the offline depot, start by downloading the Photon OS OVA from the official VMware repository at GitHub.

Photon OS download link can be found below:

https://packages.vmware.com/photon/5.0/GA/ova/photon-hw15-5.0-dde71ec57.x86_64.ova

Deploy the photon OS OVA into vCenter and add a secondary virtual disk of at least 500 GB which is required for all VCF binaries and metadata. Next, obtain the latest VMware Cloud Foundation Download Tool from the Broadcom Support Portal. Once downloaded, upload it to the Photon OS server you just deployed.

Offline Depot Hierarchy

When using VMware Cloud Foundation (VCF) in a fully offline or air-gapped environment, one of the most important components is the offline product depot hierarchy. This structure mirrors VMware’s online depot, but it resides entirely inside your internal network — typically on an HTTP or NFS server.

Download offline metadata from broadcom portal, it will create the initial hierarchy

Below is the directory layout captured from the offline depot server, showing the top-level product folders under /var/www/html/PROD/COMP/. When LCM queries the offline depot, it looks for

Bundle files (ZIP/TAR/GZ)

Manifests that describe bundle content

CompatibilityData.json files

Version catalogs

Metadata directories

In my lab setup, I created a dedicated /var/www/html/ directory. and then sub folders are created as per below. The complete path as per Directory structure is below.

/var/www/html/PROD/COMP/:

NSX_T_MANAGER

SDDC_MANAGER_VCF

VCENTER

VCF_OPS_CLOUD_PROXY

VRA

VROPS

VRSLCM



Deploy Photon OS 5 and Prepare Networking/Storage:

Deploy Photon OS OVA and add a dedicated data disk greater than 500GB for depot binaries. Configure IP and DNS

Configure Static IP (Photon OS)

vi /etc/systemd/network/50-static-en.network

[Match]
Name=eth0
[Network]
Address=192.168.1.99/24
Gateway=192.168.1.1
DNS=192.168.1.100
systemctl restart systemd-networkd



Format and mount the disk:

1. Create the directory called /var/www/html
    mkdir -p /var/www/html
2. create the file system to ext4 on second disk
    mkfs.ext4 /dev/sdb
3. Add the entry in fstab to make in persistent
    echo "/dev/sdb /var/www/html ext4 defaults 1 1" >> /etc/fstab
4. Mount the newly created file system
     mount -a


Allow port 8090 on webserver:

1. Open the following file 

    vi /etc/systemd/scripts/ip4save

2. Add the following line in the file

    -A INPUT -p tcp -m tcp --dport 8090 -j ACCEPT

    Save and quit.

3. Restart iptables service.

    systemctl restart iptables


Configure an HTTP web server:

To create a web server on the deployed photon OS.

1.  I created a file in the root folder so that web server can be run using the python script put the name of file as script.py where the script will be pasted.

2. Then changed the file attributes to execute the script using the command 

    chmod +x script.py

3.  The script was taken from William Lam’s blog, so special thanks to him.

4. After copying the script to script.py file, i saved the file and then ran the script using the command below.

    python script.py --bind 192.168.1.99 --user vcf --password VMware123! --port 8090 --directory /var/www/html/

After performing the above mentioned steps, receive the error below.


To resolve this error i performed the following settings on the vcf installer appliance

Setting on the VCF installer to skip SSL validation and skip https checks:

Go to /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties and change the following settings to the following.
1. Go to lcm.depot.adapter.host and set your hostname to 192.168.1.99.
2. Go to lcm.depot.adapter.enableBundleSignatureValidation and change from TRUE to FALSE
3. Go to lcm.depot.adapter.certificateCheckEnable and change from TRUE to FALSE
4. Go to lcm.depot.bundleElementpatchfile.checksumValidation and change from TRUE to FALSE


save the file and restart lcm service

service restart lcm


After changing these setting i tried to connect again and it got successful.





After the depot connection i am able to download all the binaries in VCF installer


In the next part we will discuss about Commissioning of ESX hosts.




IT Professional with wide range of expertise and having 13+ years of extensive experience in Infrastructure Operations, Planning, Design, deployments, upgradation, migrations and consolidations. A technology enthusiast determined to take self-initiatives for driving transformations

Comments

Post a Comment

Popular posts from this blog

Replacing a vSphere 7.x Machine SSL certificate with a Custom Certificate Authority and Integration with NSX-T

-
Image
After replacing the certificate of vCenter with Custom Certificates (which includes certificate(leaf) + sub CA + root CA) then adding compute manager on NSX-T gives error "  Certificate chain of Compute Manager is invalid. Please check Issuer and Subject in the chain.  (Error Code: 90204)"  and sync status between VC and NSX-T manager is down It is because certificate chain is invalid and Certificate chain is being duplicated in the vCenter.  Resolution: Correct the order  you need to follow the following chain              For Machine SSL Certificate Field: It must include  Certificate + subordinate CA + Root CA like this -----BEGIN CERTIFICATE----- MIIFrDCCBJSgAwIBAgITZgAAADAs1zlIBj9VFgABAAAAMDANBgkqhkiG9w0BAQsFADBjMRMwEQYKCZImiZPyLGQBGRYDY29tMRgwFgYKCZImiZPyLGQBGRYIZnB0Y2xvdWQxFjAUBgoJkiaJk/IsZAEZFgZpbnNpZGUxGjAYBgNVBAMTEUZQVENMT1VELVNVQi1DQTAxMB4XDTIxMDIyNDAyNTQyNVoXDTI0MDIyNDAyNTQyNVowKzEpMCcGA1UEAxMgc2duMDltMDF2...
Read more

Part#5 Deploying vSphere Supervisor cluster for VKS with VDS (Foundation load balancer) VCF9.0.1

-
Image
Deploying vSphere Supervisor cluster for VKS with VDS (Foundation load balancer) VCF9.0.1 In this article I will discuss about deploying vSphere supervisor with the option of VDS with Foundation load balancer. If you use vSphere Distributed Switch (VDS) network, you must configure a load balancer to support the network connectivity to workloads from client networks and to load balance traffic between Kubernetes Clusters. The supported load balancer types are Avi Load Balancer, HAProxy and Foundation Load Balancer.VCF 9 introduces VDS ‑ based Supervisor networking with a built ‑ in Foundation LB for lightweight scenarios, reducing moving parts for a lab/POC. I have selected vSphere Distributed Switch (VDS) with the Foundation Load Balancer to minimize footprint while enabling Supervisor control ‑ plane and service VIPs. Overview of Foundation Load Balancer: Foundation LB is designed for baseline Supervisor use cases; it is not a feature ‑ parity replacement for NSX Advanced Load Bal...
Read more

Part#2: Preparing Hosts For Commissioning in VCF9.0.1 and Fixing FQDN/SAN & Certificate Mismatches during VCF Management domain installation

-
Image
Preparing Hosts For Commissioning in VCF9.0.1  and Fixing FQDN/SAN & Certificate Mismatches during VCF Management domain installation In this article our focus is on preparing ESX hosts for commissioning during the deployment of VCF management domain and fixing host failures during the hosts adding in VCF installer caused by certificate SAN/FQDN mismatches and misconfigured host identity. When deploying a VMware Cloud Foundation (VCF) 9.0 management domain, you must prepare a minimum of three ESX hosts to meet the platform’s baseline requirements. This ensures that core management components have sufficient resources and can operate with the expected level of resilience. A brief specification of hosts used in the lab. No. of ESX 03 Host Memory 128GB Storage 06 Disks 1 100GB, 05 of 250 GB Network adapters 04 Nested Hosts Preparation: I am building these ESX hosts in a nested lab environment and done the following 1.  Download the vendor‑supplied ESX installer and upload the...
Read more