KVM: Deploy the VMware vCenter 6.7 appliance using the CLI installer

Update Nov 2021: I have written a newer article that deploys vCenter 7.0.

If you have just virtualized the VMware ESXi 6.7 server on top of KVM, the next step will be to install vCenter 6.7 for its centralized control and additional feature set and management capabilities.

In my last article we took KVM running on bare metal and deployed an ESXi host on top of it.

In this article, we will deploy the  vCenter Server Appliance (vcsa) on top of the ESXi server as its own virtualized guest OS.

This will be done with the help of a staging KVM Linux guest (‘inst1’) where we will mount the vsca ISO downloaded from vmware.com and run the vcsa CLI installer.

Prerequisites

ESXi

The first prerequisite is obviously an instance of ESXi 6.7.  In this series of articles I am virtualizing on top of KVM.  You can install KVM on your Ubuntu host and then install ESXi on top of KVM.

Take note that the vcsa installer even in ‘tiny’ mode mandates the ESXi host have 10Gb of memory and 2 vCPU.  This can be decreased later for lab environments.

VCSA ISO

Download an evaluation version of vCenter, which comes as a 3.4Gb ISO file.  You will need a VMware account.

Ubuntu host for deploying vcsa

The vcsa install can be done from either a Windows or Linux 64 bit host with network connectivity to ESXi.  We are going to use a KVM virtualized Ubuntu host named ‘inst1’ to mount the vCenter ISO as the CDROM, and run the command line installer.

Understand this is a throwaway VM only being used to install vcsa, after which it can be discarded.

First, download the Ubuntu network installer named “mini.iso” to your Downloads directory.  Then create a small KVM guest OS named “inst1”.

virt-install --virt-type=kvm --name=inst1 --ram 2048 --vcpus=1 --virt-type=kvm --hvm --cdrom ~/Downloads/mini.iso --network network=default --graphics vnc --disk pool=default,size=30,bus=virtio,format=qcow2 --noautoconsole --force

Go through the full Ubuntu installation process accepting all defaults in order to build a basic Ubuntu guest OS.  When you get to Software selection, choose “Basic Ubuntu server” and “OpenSSH server”.  This whole process should take around 15-30 minutes.

When it gets to the end of the installation process, and asks you to eject the CDROM and restart, go ahead and run the following virsh commands at a console before pressing <ENTER> on the Ubuntu installer screen.

cdrom=`virsh domblklist inst1 --details | grep cdrom | awk {'print $3'}`

virsh change-media inst1 $cdrom --eject

Wait for Ubuntu to stop the guest OS, then start the ‘inst1’ guest OS back up using virsh.

virsh start inst1

After a minute you should be greeted with a console based login prompt.  Login with the credentials you used during the Ubuntu setup.

Prepare DNS for vcsa installation

One of the most important prerequisites before installing vcsa is ensuring that you have full DNS resolution AND reverse lookup for both the ESXi host and the yet to be created vCenter host.  I can’t stress this point enough, there are various cryptic errors you will get during the install process if FQDN and IP lookup are not configured.

You could set this resolution up on your router, or a global instance of dnsmasq on your host, or you can use the dnsmasq instance that runs for your default libvirt virtual network.

For this article, since all host are being built in the libvirt default 192.168.122.0 virtual network, I’ll modify that specific dnsmasq instance for DNS resolution.

I’m going to assume the ESXi host is at 192.168.122.133 and is named “esxi1.home.lab”.  And the yet to be installed vCenter server will be 192.168.122.51 and named “vcenter.home.lab”.

Use virsh to edit the default network:

virsh net-edit default

And add the following content right before the <ip> element:

<dns>
<host ip='192.168.122.133'>
  <hostname>esxi1.home.lab</hostname>
</host>
<host ip='192.168.122.51'> 
  <hostname>vcenter.home.lab</hostname> 
</host> 
</dns>

Then restart the default virtual network.

virsh net-destroy default && virsh net-start default

And test both name and reverse lookup for the names and IP addresses.

$ nslookup esxi1.home.lab 192.168.122.1
$ nslookup 192.168.122.133 192.168.122.1

$ nslookup vcenter.home.lab 192.168.122.1
$ nslookup 192.168.122.51 192.168.122.1

Because we’ve used the virtual network dnsmasq instance, this resolution will not work from your host browser or console by default.  If you need these exposed in a larger context, you can setup a service instance of dnsmasq on your host.

Run installation from temporary host

Now let’s use the temporary staging VM ‘inst1’ to install vcsa.  This guest holds no purpose other than to run the vcsa installer.

Attach ISO to CDROM device

cdrom=`virsh domblklist inst1 --details | grep cdrom | awk {'print $3'}`

virsh change-media inst1 $cdrom ~/Downloads/VMware-VCSA-all-6.7.0-16708996.iso --insert

Mount CDROM within OS

sudo mkdir -p /media/iso
sudo mount -t iso9660 -o loop /dev/cdrom /media/iso

Validate DNS resolution

Because it is so important to the install process, we need to ensure we have full name and IP resolution from this host.  If you have DNS configured as suggested using the dnsmasq for the default virtual network, then “/etc/resolv.conf” should be pointing at 192.168.122.1.

$ nslookup esxi1.home.lab
$ nslookup 192.168.122.133

$ nslookup vcenter.home.lab
$ nslookup 192.168.122.51

JSON configuration

The cli installer is driven by values you set on a json file.  The full list of templates available is located on the ISO at “vcsa-cli-installer/templates/install”, the template we are basing this article on is “embedded_vCSA_on_ESXi.json”

Download this json from my github project and place it into the home directory of inst1.

wget https://raw.githubusercontent.com/fabianlee/blogcode/master/vmware/vcsa-esxi.json

Modify the following items to match your environment:

  • “esxi”  section – pointing to the target ESXi host, credentials, and network/datastore names
  • “appliance” section –  name of the appliance that will be created
  • “network” section – network details of the appliance including name, IP, DNS server, and FQDN of the appliance
  • “os” section-  configuration details of the appliance including default password
  • “sso” section provides the single sign-on domain and password (default admin = “Administrator@vsphere.local”).

Run the installer

Finally we are at the point where we can run the installer.  Go into the “vcsa-cli-installer directory and run the installer like below, specifying our json file in the home directory.

cd /media/iso/vcsa-cli-installer
sudo lin64/vcsa-deploy install --no-ssl-certificate-verification --accept-eula --acknowledge-ceip ~/vcsa-esxi.json

The install will take 20+ minutes, and there will be lots of output to the console, but in the end you should see output similar to below.

Appliance Name: vcenter
System Name: vcenter.home.lab
System IP: 192.168.122.51
Log in as: Administrator@vsphere.local
[SUCCEEDED] Successfully executed Task 'ApplianceLoginSummaryTask: Provide
appliance login information.' in TaskFlow 'esxi' at 04:40:34

If you see certificate or thumbprint errors, the most common problem is DNS not being both name and reverse resolvable.

Validate Install

vCenter Appliance Administration Interface

The first validation of the vcsa install can be done by pulling up the vCenter Appliance Administration interface (VAMI).  The VAMI can accessed at port 5480 and provides basic administration of the appliance itself.

Depending on where you have configured DNS, it can be reached either by its FQDN or IP address.

https://vcenter.home.lab:5480 OR https://192.168.122.51:5480

user/pass=Administrator@vsphere.local/ExamplePass@456

vSphere Web Client

The next validation is of the vCenter web interface.  Depending on where you have configured DNS, it can be reached either by its FQDN or IP address.  The credentials are from the vcsa-esxi.json file in the “sso” section, and the user is “Administrator@vsphere.local”.

https://vcenter.home.lab OR https://192.168.122.51

user/pass=Administrator@vsphere.local/ExamplePass@456

vCenter Configuration

The first thing you will want to do is create a new datacenter and then add the ESXi instance to the datacenter.

New datacenter

Right-click on the main root node in the left hand tree view “vcenter.home.lab” and select “New Datacenter” with the name “mydc1”.

New cluster

Right-click on the datacenter node created above, “mydc1” and select “New Cluster”.  Use the name “mycluster1”, and enable vSphere DRS.  If we do not enable DRS, resource pool creation would be disabled.

Add ESXi host to datacenter

Then right-click on “mydc1” from the left hand tree view and select “Add Host”.  Enter the hostname of the ESXi host “esxi1.home.lab”, and the ESXi credentials (user=root, not the Adminstrator@vsphere.local) and accept any host certificates.  Assign the default evaluation license, lockdown mode disabled, and “Finish” the wizard dialog.

This should provide you a basic datacenter>cluster>ESX host as shown below.

 

 

 

 

 

 

REFERENCES

https://docs.vmware.com/en/VMware-vSphere/6.7/vsphere-vcenter-server-67-installation-guide.pdf (pdf official)

https://xenappblog.com/2018/automatically-deploy-vmware-vcsa/ (sample json)

vcsa sample json: sample json and sample json

https://www.virtuallyghetto.com/2016/11/vcsa-6-5-cli-installer-now-supports-new-ovftool-argument-pass-through-feature.html

http://www.enterprisedaddy.com/2016/11/vcsa-deploy-install-vcsa65-cli/

https://s3.amazonaws.com/virtuallyghetto-download/complete_vsish_config.html (list of vsish config keys)

https://www.experts-exchange.com/articles/28896/HOW-TO-Deploy-and-Install-the-VMware-vCenter-Server-Appliance-6-5-VCSA-6-5.html (vcenter image walkthrough)

https://www.virtuallyboring.com/vcenter-server-appliance-6-0-a-fresh-install/ (vcenter image walkthrough)

https://vswitchzero.com/2017/10/19/boosting-vsphere-web-client-performance-in-tiny-deployments/ (avoid warnings on tiny)

https://github.com/lamw/usb-to-sddc/blob/master/DeployVM-Scripts/vcsa.json.template (vcsa json template)

https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.install.doc/GUID-A1777A0B-9FD6-4DE7-AC37-7B3181D13032.html (explain differences between json templates)

https://www.altaro.com/vmware/unattended-vcsa-installation/ (cli installer, thumbprint as param)

https://www.vgemba.net/vmware/VCSA-CLI-Install/ (cli install, json example)

https://www.virtuallyghetto.com/2014/05/how-to-finally-inject-ovf-properties-into-vcsa-when-deploying-directly-onto-esxi.html (manually using ovftool and injecting OVM properties)

https://www.virtuallyghetto.com/2015/12/how-to-bootstrap-the-vcsa-using-the-esxi-embedded-host-client.html (embedded vcenter on esxi host using ova)

https://esxsi.com/2017/09/11/vcenter-ca-certs/ (vcenter cert replacment)

https://vmarena.com/replace-vcsa-6-7-certificate-vmca-by-an-adcs-signed-certificate/ (vcenter cert replacement)

https://tinkertry.com/how-to-get-rid-of-vsphere-browser-certificate-warnings-in-windows (download all root certs)

https://www.techcrumble.net/2017/05/how-to-mount-the-host-cd-rom-to-the-esxi-shell/

https://www.virtuallyghetto.com/2011/04/how-to-mount-cdrom-using-vsish-on-esxi.html

https://www.dell.com/support/article/us/en/04/sln283334/how-to-mount-a-cd-rom-drive-in-vmware-vsphere-esxi-5x?lang=en

https://communities.vmware.com/thread/167097 (mount cdrom in esxi shell)

https://vmware.github.io/photon/ (vcsa appliance runs on this OS)

ovf tool manual (pdf)

https://4sysops.com/archives/vmware-single-sign-on-sso-with-active-directory/ (vsphere sso added to AD domain)

https://textik.com/#6d403bedf103d2bc (ascii image for this article)

NOTES

libvirt dnsmasq holding on to names/IP

/var/lib/libvirt/dnsmasq/default.conf, default.hostsfile, default.leases (if host was originally dhch it was assigned IP->name)

copy file from remote host using limit (kb/s of 10k)

scp -v -l 10000 <user>@<host>:/source/file .

static IP for ubuntu 14.04

auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.122.??
netmask 255.255.255.0
network 192.168.122.0
broadcast 192.168.122.255
gateway 192.168.122.1
dns-nameservers: 192.168.122.1
dns-search: home.lab

virsh snapshots

virsh snapshot-list esxi1
virsh snapshot-create-as esxi1 afterinstall
virsh snapshot-revert esxi1 afterinstall
virsh snapshot-delete esxi1 afterinstall

vcsa installer deprecated switch

--no-esx-ssl-verify (deprecated)
--no-ssl-certificate-verification (newer versions)

reducing ESXi memory footprint

If you ssh into the vcsa as root, then run the “shell”, you can run the command below to see the memory allocation.  These are adjusted depending on the total RAM given to the appliance.

cloudvm-ram-size -l

See this page for services that can be disabled

govc to create vcenter hierarchy

# create datacenter
govc datacenter.create mydc1

# create cluster with DRS enabled (for res pools)
govc cluster.create mycluster1
govc cluster.change -drs-enabled mycluster1

# add esxi1 host to cluster
# would have used 'host.add' if we wanted it added directly to DC
govc cluster.add -cluster mycluster1 -hostname esxi1.home.lab -username root -password ExamplePass@456 -noverify=true -connect=true

Exact VMware versions used for this article

esxi iso: VMware-VMvisor-Installer-201912001-15160138.x86_64.iso (6.7 u3b)

vcenter iso: VMware-VCSA-all-6.7.0-16708996.iso (6.7 u3j)

seabios used on esxi: rel-1.14.0-13-g94f0510