Shulou(Shulou.com)06/02 Report--

#

# the first step is to convert "having external PSC to embedded PSC" # #

#

# # mounting VCSA 6.7U3 ISO

Root@elm-vcsa02 [~] # mount / dev/cdrom / mnt/cdrom/

Mount: / dev/sr0 is write-protected, mounting read-only

# # copy the json script file of ISO for modification

Root@elm-vcsa02 [~] # cp / mnt/cdrom/vcsa-converge-cli/templates/converge/converge.json / root/

Root@elm-vcsa02 [~] # cp / mnt/cdrom/vcsa-converge-cli/templates/decommission/decommission_psc.json / root/

# # modify converge.json file, which is used to convert "with external PSC to embedded PSC"

Root@elm-vcsa02 [~] # cat converge.json

{"_ _ version": "2.11.0", "_ _ comments": "Template for VCSA with external Platform Services Controller converge", "vcenter": {"description": {"_ comments": ["This section describes the vCenter appliance which you want to", "converge and the ESXi host on which the appliance is running. "]}," managing_esxi_or_vc ": {" hostname ":" 192.0.1.12 "," username ":" administrator@vsphere.local "," password ":" 1111111111KO "} "vc_appliance": {"hostname": "elm-vcsa02.em.com", "username": "administrator@vsphere.local", "password": "P@ssw0rd", "root_password": "P@ssw0rd"}} "replication": {"description": {"_ comments": ["Important Note: Make sure you provide the information in this section very carefully, as this changes the replication topology.", "Refer to the documentation for complete details. Remove this section if this is first converge operation in your setup. "," This section provides details of the PSC node which will be setup as a replicated node for a new PSC on the target VCSA node. "]}," partner ": {" hostname ":" elm-vcsa01.em.com "}}

# # perform a pre-check to verify whether there are any errors in the converge.json file

Root@elm-vcsa02 [~] # cd / mnt/cdrom/vcsa-converge-cli/lin64/

Root@elm-vcsa02 [/ mnt/cdrom/vcsa-converge-cli/lin64] #. / vcsa-util converge--precheck-only / root/converge.json

Run the installer with "- v" or "--verbose" to log detailed information

Retrying the connection with certificate thumbprint check...

If an untrusted SSL certificate is installed on '10.0.99.252, secure communication cannot be guaranteed. Depending on your security policy, this issue could represent a security concern.

The SHA-1 thumbprint of the certificate is'0E Deutsche DCWR 1F FLV 41FV FCV 2EV 56V 77R 33A AC 69R A 0R B7 83F 5F 4B 86A 5L 21'

Do you accept the thumbprint?

1: Accept and continue.

2: Do not accept and exit.

Enter'1' or'2: 1

You have accepted the server certificate's thumbprint'0E-D-D-L-D-L-D-D-L-L-D-L-D-L-L-D-L

Initializing....

Retrying the connection with certificate thumbprint check...

Converge precheck is successful.

= 03:03:22 =

Result and log file information...

WorkFlow log directory: / tmp/vcsaCliInstaller-2019-10-10-03-02-g_9o782a/workflow_1570676576953

# # start conversion

Root@elm-vcsa02 [/ mnt/cdrom/vcsa-converge-cli/lin64] #. / vcsa-util converge / root/converge.json

Run the installer with "- v" or "--verbose" to log detailed information

The Converge operation changes your vCenter Server configuration from an External Platform Services Controller to an Embedded Platform Services Controller model as detailed in the information

Provided to the input file. If you did not yet plan the configuration you want to achieve by running this tool nor checked input information for desired results, please see the 'vCenter Server

Installation and Setup Guide' for instructions. Ensure you have a current, valid backup of the vCenter Server and Platform Services Controllers in your environment before proceeding

Did you back up the participating PSC and VCSA nodes? Press (Y | y) es to proceed: y

Retrying the connection with certificate thumbprint check...

If an untrusted SSL certificate is installed on '10.0.99.252, secure communication cannot be guaranteed. Depending on your security policy, this issue could represent a security concern.

The SHA-1 thumbprint of the certificate is'0E Deutsche DCWR 1F FLV 41FV FCV 2EV 56V 77R 33A AC 69R A 0R B7 83F 5F 4B 86A 5L 21'

Do you accept the thumbprint?

1: Accept and continue.

2: Do not accept and exit.

Enter'1' or'2: 1

You have accepted the server certificate's thumbprint'0E-D-D-L-D-L-D-D-L-L-D-L-D-L-L-D-L

Initializing....

Retrying the connection with certificate thumbprint check...

[01/18] [SUCCEEDED] Precheck validations for converge

[02/18] [SUCCEEDED] Gather requirements

[03/18] [SUCCEEDED] Leave federation domain

[04/18] [SUCCEEDED] Uninstall vmafd client

[05/18] [SUCCEEDED] Stop all services

[06/18] [SUCCEEDED] Initialize converge

[07/18] [SUCCEEDED] Update node type to embedded

[08/18] [SUCCEEDED] Install required RPMs

[09/18] [SUCCEEDED] Run vmafd firstboot

[10/18] [SUCCEEDED] Retain machine ID and LDU

[11/18] [SUCCEEDED] Handle vmdir state

[12/18] [SUCCEEDED] Verify replication complete

[13/18] [SUCCEEDED] Run vmon, rhttpproxy, lookupsvc firstboot

[14/18] [SUCCEEDED] Run vmidentity-firstboot

[15/18] [SUCCEEDED] Update certificates

[16/18] [SUCCEEDED] Run license_firstboot Firstboot

[17/18] [SUCCEEDED] Starting all services on converged VCSA node

[18/18] [SUCCEEDED] Cleanup after converge

Converged to VCSA with embedded PSC successfully!

You may proceed with next step according to the documentation at https://docs.vmware.com/en/VMware-vSphere/index.html for your topology or PSC HA configuration

= 03:17:07 =

Result and log file information...

WorkFlow log directory: / tmp/vcsaCliInstaller-2019-10-10-03-08-1pmc8fzs/workflow_1570676882066

# # View the relationship among VCSA01, VCSA02 and PSC01 after the conversion is completed

# # ON VCSA02

Root@elm-vcsa02 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showpartnerstatus-h elm-vcsa02.em.com-u Administrator-w P@ssw0rd

Partner: elm-vcsa01.em.com

Host available: Yes

Status available: Yes

My last change number: 6092

Partner has seen my change number: 6092

Partner is 0 changes behind.

Root@elm-vcsa02 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showservers-h elm-vcsa02.em.com-u Administrator-w P@ssw0rd

Cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

Cn=elm-psc01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

Cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

Root@elm-vcsa02 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showpartners-h elm-vcsa02.em.com-u Administrator-w P@ssw0rd

Ldap://elm-vcsa01.em.com

# # ON VCSA01

Root@elm-vcsa01 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showpartners-h elm-vcsa01.em.com-u Administrator-w P@ssw0rd

Ldap://elm-psc01.em.com

Ldap://elm-vcsa02.em.com

Root@elm-vcsa01 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showservers-h elm-vcsa01.em.com-u Administrator-w P@ssw0rd

Cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

Cn=elm-psc01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

Cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

Root@elm-vcsa01 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showpartnerstatus-h elm-vcsa01.em.com-u Administrator-w P@ssw0rd

Partner: elm-psc01.em.com

Host available: Yes

Status available: Yes

My last change number: 6107

Partner has seen my change number: 6107

Partner is 0 changes behind.

Partner: elm-vcsa02.em.com

Host available: Yes

Status available: Yes

My last change number: 6107

Partner has seen my change number: 6107

Partner is 0 changes behind.

# # ON PSC01

Root@elm-psc01 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showpartnerstatus-h elm-psc01.em.com-u Administrator-w P@ssw0rd

Partner: elm-vcsa01.em.com

Host available: Yes

Status available: Yes

My last change number: 6125

Partner has seen my change number: 6125

Partner is 0 changes behind.

Root@elm-psc01 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showpartners-h elm-psc01.em.com-u Administrator-w P@ssw0rd

Ldap://elm-vcsa01.em.com

Root@elm-psc01 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showservers-h elm-psc01.em.com-u Administrator-w P@ssw0rd

Cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

Cn=elm-psc01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

Cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

#

# # step 2: remove external PSC (PSC01) # #

#

# # references for decommission_psc.json files are as follows

Root@elm-vcsa02 [/ mnt/cdrom/vcsa-converge-cli/lin64] # cat / root/decommission_psc.json

{"_ _ comments": "Template for decommissioning PSC node with converge CLI tool.", "_ _ version": "2.11.0", "psc": {"description": {"_ comments": ["This section describes the PSC appliance which you want to", "decommission and the ESXi host on which the appliance is running. "]}," managing_esxi_or_vc ": {" hostname ":" 192.0.1.252 "," username ":" administrator@vsphere.local "," password ":" 7111111CKO "} "psc_appliance": {"hostname": "elm-psc01.em.com", "username": "administrator@vsphere.local", "password": "P@ssw0rd", "root_password": "P@ssw0rd"}} "vcenter": {"description": {"_ _ comments": ["This section describes the embedded vCenter appliance which is in", "the same single-sign-on domain with the provided PSC"]} "managing_esxi_or_vc": {"hostname": "192.0.1.252", "username": "administrator@vsphere.local", "password": "1111111gCKO"}, "vc_appliance": {"hostname": "elm-vcsa02.em.com" "username": "administrator@vsphere.local", "password": "P@ssw0rd", "root_password": "P@ssw0rd"}}

# # perform a pre-check to verify whether there are any errors in the decommission_psc.json file

Root@elm-vcsa02 [/ mnt/cdrom/vcsa-converge-cli/lin64] #. / vcsa-util decommission-- precheck-only / root/decommission_psc.json

Run the installer with "- v" or "--verbose" to log detailed information

Retrying the connection with certificate thumbprint check...

If an untrusted SSL certificate is installed on '10.0.99.252, secure communication cannot be guaranteed. Depending on your security policy, this issue could represent a security concern.

The SHA-1 thumbprint of the certificate is'0E Deutsche DCWR 1F FLV 41FV FCV 2EV 56V 77R 33A AC 69R A 0R B7 83F 5F 4B 86A 5L 21'

Do you accept the thumbprint?

1: Accept and continue.

2: Do not accept and exit.

Enter'1' or'2: 1

You have accepted the server certificate's thumbprint'0E-D-D-L-D-L-D-D-L-L-D-L-D-L-L-D-L

Initializing....

Retrying the connection with certificate thumbprint check...

Precheck PSC decommission task successful.

Retrying the connection with certificate thumbprint check...

CONVERGE_PSC_HOSTNAME:

Elm-psc01.em.com

Precheck vCenter decommission task successful.

= 05:15:05 =

Result and log file information...

WorkFlow log directory: / tmp/vcsaCliInstaller-2019-10-10-05-14-wcr2km4r/workflow_1570684496750

# # remove external PSC (PSC01). This process closes the external PSC01 and unregisters PSC01 using the cmsso-util tool

Root@elm-vcsa02 [/ mnt/cdrom/vcsa-converge-cli/lin64] #. / vcsa-util decommission / root/decommission_psc.json

Run the installer with "- v" or "--verbose" to log detailed information

Retrying the connection with certificate thumbprint check...

If an untrusted SSL certificate is installed on '10.0.99.252, secure communication cannot be guaranteed. Depending on your security policy, this issue could represent a security concern.

The SHA-1 thumbprint of the certificate is'0E Deutsche DCWR 1F FLV 41FV FCV 2EV 56V 77R 33A AC 69R A 0R B7 83F 5F 4B 86A 5L 21'

Do you accept the thumbprint?

1: Accept and continue.

2: Do not accept and exit.

Enter'1' or'2: 1

You have accepted the server certificate's thumbprint'0E-D-D-L-D-L-D-D-L-L-D-L-D-L-L-D-L

Initializing....

Retrying the connection with certificate thumbprint check...

Precheck PSC decommission task successful.

Retrying the connection with certificate thumbprint check...

CONVERGE_PSC_HOSTNAME:

Elm-psc01.em.com

Precheck vCenter decommission task successful.

PSC machine powered off successfully.

Decommissioning PSC node. This may take some time. Please wait..

Successfully decommissioned the PSC node

= 05:23:11 =

Result and log file information...

WorkFlow log directory: / tmp/vcsaCliInstaller-2019-10-10-05-17-2ew_59vk/workflow_1570684671581

# # Verification result

Root@elm-vcsa01 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showpartnerstatus-h elm-vcsa01.em.com-u Administrator-w P@ssw0rd

Partner: elm-vcsa02.em.com

Host available: Yes

Status available: Yes

My last change number: 6266

Partner has seen my change number: 6266

Partner is 0 changes behind.

Root@elm-vcsa01 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showservers-h elm-vcsa01.em.com-u Administrator-w P@ssw0rd

Cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

Cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

Root@elm-vcsa01 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showpartners-h elm-vcsa01.em.com-u Administrator-w P@ssw0rd

Ldap://elm-vcsa02.em.com

Oot@elm-vcsa02 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showservers-h elm-vcsa02.em.com-u Administrator-w P@ssw0rd

Cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

Cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

Root@elm-vcsa02 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showpartnerstatus-h elm-vcsa02.em.com-u Administrator-w P@ssw0rd

Partner: elm-vcsa01.em.com

Host available: Yes

Status available: Yes

My last change number: 6271

Partner has seen my change number: 6271

Partner is 0 changes behind.

Root@elm-vcsa02 [/ usr/lib/vmware-vmdir/bin] #. / vdcrepadmin-f showpartners-h elm-vcsa02.em.com-u Administrator-w P@ssw0rd

Ldap://elm-vcsa01.em.com

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.