Search
  • Preetam Zare

vCAC 6.1 (vRA) Distributed Architecture Installation Guide Made easy –[Part –02]

Certificates for Identity Appliance

High level procedure to install and configure identity appliance

Deploy Identity appliance

Power ON appliance

Configure Timezone

Configure Time server

Initialize SSO

Import CA signed certificates

Add Identity appliance to Active directory

After certificate steps are followed, Insert the private key which is rui.key in to RSA Private Key and insert RUI.PEM which is certificate chain.

NB: You must entire the password for Pass Phrase. This is almost forgotten if you are using a small screen.


Configure vCAC App as vPostgresSQL Database

Deploy vCAC Appliance and Power On the appliance.

Configure Timezone


Configure Timeserver




Open Putty Session & Paste following line

service apache2 stopchkconfig apache2 off

service rabbitmq-server stop

chkconfig rabbitmq-server off

service vcac-server stop

chkconfig vcac-server off

service vco-server stop

chkconfig vco-server off

sed -i -re ‘s/^#(listen_addresses=.*.)/1/’ /var/vmware/vpostgres/current/pgdata/postgresql.conf

sed -i -re ‘s/^(max_connections *= *)([0-9]+)(.*)/1 400 3/’ /var/vmware/vpostgres/current/pgdata/postgresql.conf

Restart vpostgres server by using following commands

service vpostgres restartsu – vcac

cd /opt/vmware/vpostgres/9.2/bin

./psql

ALTER USER vcac WITH PASSWORD ‘password here’;

q

exit

At this stage database is initialized and ready for vCAC appliance to be connected

Configuring Primary vCAC Appliance

Deploy the appliance

Configure Time zone

Configure Time server

Go to the database tab, change the database name, enter credentials for vCAC

If you want High availability configuration please refer Brian’s post here


vCAC service is restarted when you connected vCAC with external postgresSQL server and embedded database service is disabled.

While vCAC Service is being restarted, do not do any changes in vCAC appliance. This is a small tip which I learnt from my experiences.

After vCAC appliance is configured to talk to external database, proceed with Host Settings. In vCAC Host name put the name of load balancer as shown below


5. Now configure SSL certificates. Steps are similar we did for Identity appliance


6. Now go ahead and enter SSO details


vCAC service is also restarted when you register vCAC appliance to Identity or SSO server, this is denoted by the peak on CPU utilization on right hand side of the above screen

vCAC Service takes long time to restart during SSO registration. From below screen it is anywhere between 10-15 mins.


After you see peak has dropped drastically, you must login to to vCAC appliance and confirm all 20 services are in registered state.

If any of the services is failing something is gone wrong in previous steps


Now go ahead and enter license key. I have not shown the screen here.

To confirm all is okay with single node, login to portal by using https://FQDN/vCAC. If all is well, you must get a login screen. This is first good sign.

Enter the SSO (administrator@vsphere.local) credentials. If you are able to login, this is second very good sign.


At this moment you should disable following services in Primary vCAC Appliance

1. Vpostgres

2. vCO server

Below screen shows the commands which will stop the service and later on disable service

  1. service vpostgres stop

  2. chkconfig vpostgres off

  3. service vco-server stop

  4. chkconfig vco-server off

Adding secondary Appliance

Now let’s add the secondary vCAC appliance.

It is very simple again

Deploy the appliance

Configure Time zone

Configure Time server

This is all you need to do in secondary nodes. Everything else is picked during HA node configuration.

4. Go to HA node and enter Primary/any other secondary node detail as shown below.


Post addition to cluster, below screen reflects if node is part of the cluster by denoting “in cluster mode”


Even in the second node , vCAC service is restarted. Please do not do anything until you see peaks dropped to near zero. Screen shown below for illustration purpose only.


Now go back to services screen and ensure all 20 services are started.

At this moment you should disable following services in Primary vCAC Appliance

Vpostgres

vCO server

Below screen shows the exact commands which stops the service and later on disable service

  1. service vpostgres stop

  2. chkconfig vpostgres off

  3. service vco-server stop

  4. chkconfig vco-server off

Preparing IaaS Component

Disable UAC

I recommend to do this only for installation. Post installation you can enable UAC. If you are IT policy doesn’t allow you can ignore this section.

But ensure using Administrator privilege

Open regedit and browse to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem

Change EnableLUA value from 1 (i.e. true) to 0 (i.e. false)

Disable loopback Adapter

Open regedit. Please disable UAC as mentioned above. Go to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa

Create a new key as “DWORD (32-bit) Value as shown below with name DisableLoopbackCheck


Change the value to 1 (i.e. True) as shown below


Disable Firewall

Importing certificate in IaaS

1. Start Run and type MMC



After certificates are create, we must import certificate into IaaS server. This step must be done before you start installation









Finally in Personal certificate store you will see two certificates. One root certificate and other would be vcacIaaS certificate


Running vCAC6.1-PreReq-Automation

Before running this script do following

Set-execution policy to remotesigned

Disable UAC

Mount 2012 ISO on the VM

Copy NTRights.exe file to some folder (download 2003 resource tool kit)

Copy jre-7u72-windows-x64.exe to folder

Points 4 and 5 are must for flawless execution of script.


After script is successfully executed, do not forget to reboot OS as described by the msdtc shown below


Installing IaaS, Manager Model and Database Component

While installing distributed installation, we must select Custom Install. As component will be distributed (load balanced across two nodes)









Installing secondary IaaS, Manager Model


In the below screen you provide the database information, database passphrase and service account under which manager model service will run.

Database name, Passphrase are the value you must repeat which you used during primary node installation.


Subsequently install DEM Orchestrator and worker

If all goes well you would see 21 services. One additional service will run.


Post is extensive but definitive guide based on my experience in my own lab.

Share this:

  1. Facebook

  2. LinkedIn

  3. Twitter

  4. WhatsApp

  5. Reddit

0 views

©2019 by virtual2Cloud. Proudly created with Wix.com