DefinIT

vCAC 6.1 build out to distributed model: Clustered vCAC Appliances

With the release of vCAC 6.1 there have been some great improvements in the setup of the clustered vCAC appliances – none of the previous copying of configuration files between appliances – just a simple wizard to do it all for you. In my opinion this is superb.

You’ll need to have deployed a load balancer of some sort – vCAC 6.0 build-out to distributed model – Part 3.1: Configure Load Balancing with vCNS or vCAC 6.0 build-out to distributed model – Part 3.2: Configure load balancing with NSX

Deploy vCAC Appliances

Deploy three vCAC appliances by running through the OVF deployment wizard, two to be configured as vCAC Appliance nodes and one to be the external vPostgres database.

  • vCAC-61-PG-01.definit.local
  • vCAC-61-VA-01.definit.local
  • vCAC-61-VA-02.definit.local

image image

image image

Initial configuration of vCAC Appliance used as external vPostgres

Before powering on the appliance I reduce the RAM down to 4GB – this is more than enough when you’re just running vPostgres.

Configure NTP

Log on to the administration interface (https://ApplianceFQDNorIP:5480) using root and navigate Admin > Time Settings and configure NTP to use the same settings as your Identity Appliance and vCAC Appliances.

image

Disable un-used services

SSH to the deployed and running appliance and log in using root and disable un-used services:

service apache2 stop
chkconfig apache2 off
service rabbitmq-server stop
chkconfig rabbitmq-server off
service vcac-server stop
chkconfig vcac-server off
service vco-server stop
chkconfig vco-server off

Configure vPostgres to accept external connections

In the same SSH session, use the following to configure vPostgres

Accept connections from anywhere:

sed -i -re 's/^#(listen_addresses=.\*.)/\1/' /var/vmware/vpostgres/current/pgdata/postgresql.conf

Set the max connections to 400:

sed -i -re 's/^(max_connections *= *)([0-9]+)(.*)/\1 400 \3/' /var/vmware/vpostgres/current/pgdata/postgresql.conf

And restart vPostgres

service vpostgres restart

image

Configure the vPostgres user for vCAC

Finally, we need to set the password for the vPostgres user ‘vcac’

su - vcac
cd /opt/vmware/vpostgres/9.2/bin
./psql
ALTER  USER vcac WITH PASSWORD 'password here';
\q
exit

image

Configure the Primary vCAC Appliance

Configure NTP

Log on to the administration interface (https://ApplianceFQDNorIP:5480) using root and navigate Admin > Time Settings and configure NTP to use the same settings as your Identity Appliance and vCAC Appliances.

image

Configure the external vPostgres Database

Go to the vCAC Settings tab > Database and enter the details for the appliance we just converted to vPostgres only, then save your settings:

image

A nice new feature of the VAMI in 6.1 is that it disables the local vPostgres DB if you configure an external one – that saves a manual step!

Configure vCAC Settings

Select the vCAC Settings > Host Settings tab and enter the URL for the load balancer and Save:

image

Go to the SSL tab and import the SSL certificate:

image image

Go to the SSO tab and enter the details for the Identity Appliance, remembering to append the port (7444) to the appliances FQDN, the user is administrator@vsphere.local and the password is the one you specified when configuring the identity appliance. It’s worth noting that this can take some time to initialise!

image

Once the SSO is configured the vCAC services will start to load – this can take a while, but it’s important to wait until they’re all (20) started before moving on to the next step.

Check the status of the services from the Services tab, or you can monitor the catalina.out log file to see them starting by connecting via SSH to the appliance and using

tail -f /var/log/vcac/catalina.out

image

Go to the vCAC Settings > Licensing tab and enter your license

image

All being well, you can now log into your new vCAC Appliance using the new /vcac instead of /shell-ui-app (massive improvement for usability there, thanks VMware!) using the administrator@vsphere.local account.

image

Configure the secondary vCAC Appliance

Log into the admin console of the second appliance and configure the NTP settings to use the same time servers as the first appliance under Admin > Time Settings

image

This is where the biggest improvement for clustering vCAC appliances comes into play – to configure this secondary node into the cluster we just go to vCAC Settings > HA and join the secondary appliance to the primary:

image

image

Now have a look at the config and the Services – you should see they all match the primary appliance (e.g. License is installed, SSL certificate matches primary)

image

To save on resources we now disable the unused services on the secondary vCAC appliance via SSH (the services may already be stopped, it’s safe to ignore warnings from the stop commands):

service vpostgres stop 
chkconfig vpostgres off 
service vco-server stop 
chkconfig vco-server off

image

The easiest way to verify that the cluster is in fact working is to modify the load balancer to only connect to a single instance and log on to the https://vcloud.definit.local/vcac site, then flip the load balancer around to point to the other node and check you are able to log in again.