Introduction:
Earlier Vmware had a give an option where you can deploy vCenter Server and Platform Service Controller on different Virtual Machines. This was useful in keeping the services run separately on different VMs, However later while understanding the practical used cases where the customer had to use Multiple vCenters which were synchronizing separately and the multiple PSCs were trying to sync their data separately along with the requirement of the Load Balancer.
Now to make everyone’s life easier they have finally combined everything and given the option to have multiple vCenter servers.
Now Convergence comes into the picture when you are in a scenario where you have multiple vCenter servers and PSCs in your environment and you want to comply with the VMWare Guidelines.
Convergence tool will help you to create a new Appliance that will have all the data from your existing PSC and the vCenter services.
Step 1: Identify your Existing Vmware Structure.
First, you will have to Understand how many vCenter you have in your Environment and to which PSC they are Pointing.
You can find this by running a simple command:
/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location —server-name localhost
Step 2: Create the Script for Convergence Tool:
Below is a Reference Script that I have used in my Lab. This is divided into 4 sections:
- vCenter or ESXi Information
- vCenter Appliance which you want to Converge.
- AD Information, Incase if you want to join this to an AD.
- vCenter Details of the First vCenter where you have started the Convergence. If this is Blank then the Tool will consider this as the First vCenter Server.
convergence-file.json
{
"__version": "2.11.0",
"__comments": "Template for VCSA with external Platform Services Controller converge",
"vcenter": {
"description": {
"__comments": [
"This section describes the vCenter appliance which you want to",
"converge and the ESXi host on which the appliance is running. "
]
},
"managing_esxi_or_vc": {
"hostname": "esxiinternal.ashu.com",
"username": "root",
"password": "@******92"
},
"vc_appliance": {
"hostname": "vcsa.ashu.com",
"username": "administrator@vsphere.local",
"password": "@******92",
"root_password": "@******92"
},
"ad_domain_info": {
"__comments": [
"Important Note: This section is needed only when PSC (Platform Services Controller) appliance is joined to a domain.",
"Remove this section if PSC appliance is not joined to a domain.",
"Keeping this section without valid values results in JSON validation errors."
],
"domain_name": "ashu.com",
"username": "administrator@ashu.com",
"password": "@******92",
"dns_ip": "192.168.2.100"
}
}
}Step 3: Run the Convergence Tool
Follow the Below Steps to Run the Convergence Tool:
- Mount the vCenter ISO and open PowerShell:
- Change Directory to the location: F:\vcsa-converge-cli\win32
PS G:\vcsa-converge-cli\win32> cd F:\vcsa-converge-cli\win32
- Keep the Location of the .json file that you have created in Step 2 above.
- Run the Below Command:
PS F:\vcsa-converge-cli\win32> .\vcsa-util.exe converge --no-ssl-certificate-verification --backup-taken "E:\VMware\vSphere 6.7 and 7\Convergence\convergence-file.json"
Output:
PS F:\vcsa-converge-cli\win32> .\vcsa-util.exe converge –no-ssl-certificate-verification –backup-taken “E:\VMware\vSphere 6.7 and 7\Convergence\convergence-file.json”
Run the installer with "-v" or "--verbose" to log detailed information
The certificate of server 'esxiinternal.ashu.com' will not be verified because
you have provided either the '--no-ssl-certificate-verification' or
'--no-esx-ssl-verify' command parameter, which disables verification for all
certificates. Remove this parameter from the command line if you want server
certificates to be verified.
[01/17] [SUCCEEDED] Precheck validations for converge.
[02/17] [SUCCEEDED] Gather requirements
[03/17] [SUCCEEDED] Leave federation domain
[04/17] [SUCCEEDED] Uninstall vmafd Client
[05/17] [SUCCEEDED] Stop all services.
[06/17] [SUCCEEDED] Initialize Converge
[07/17] [SUCCEEDED] Update Node type to Embedded.
[08/17] [SUCCEEDED] Install required RPMs.
[09/17] [SUCCEEDED] Run vmafd Firstboot.
[10/17] [SUCCEEDED] Retain machine id and ldu.
[11/17] [SUCCEEDED] Verify replication complete.
[12/17] [SUCCEEDED] Run vmidentity-firstboot.
[13/17] [SUCCEEDED] Run vmon, rhttpproxyy, lookupsvc firstboot.
[14/17] [SUCCEEDED] Update certificates.
[15/17] [SUCCEEDED] Run license_firstboot Firstboot.
[16/17] [SUCCEEDED] Start all services
[17/17] [SUCCEEDED] Cleanup after converge
Converged to VCSA with embedded PSC successfully! //If you got the Above Message then congratulations, you have completed the first Convergence.
You may proceed with the next step according to the documentation at https://docs.vmware.com/en/VMware-vSphere/index.html for your topology or PSC HA configuration
VC joined to AD Domain.
The DNS list updated to have local caching IP: 127.0.0.1
This machine has to be rebooted to finish the operation. Reboot now?Press (Y|y)es to proceed: Y
Machine reboot started. vCenter should be available in few minutes
=================================== 11:15:16 ===================================
Result and log file information…
Workflow log directory:
Decommission the External PSC.
Now you can use the same procedure to decommission an External PSC.
Step 1: Create the Decommission.json
Next up we will review the decommission template. Within this template, there are four sections:
- vCenter or ESXi Host of the External PSC.
- Platform Services Controller you wish to Decommission.
- Managing vCenter or ESXi Host of an Embedded vCenter in the SSO Domain.
- ESXi or vCenter of the vCenter.
- Information about the Embedded vCenter in the SSO Domain.
Decommission.json
{ “__comments”: “Template for decommissioning PSC node with converge CLI tool.”,
“__version”: “2.11.0”,
“psc”: {
“description”: {
“__comments”: [
“This section describes the PSC appliance which you want to”,
“decommission and the ESXi host on which the appliance is running. “
]
},
“managing_esxi_or_vc”: {
“hostname”: “esxiinternal.ashu.com”,
“username”: “root”,
“password”: “@*****92”
},
“psc_appliance”: {
“hostname”: “psc.ashu.com”,
“username”: “administrator@vsphere.local”,
“password”: “@*****92”,
“root_password”: “@******92”
}
},
“vcenter”: {
“description”: {
“__comments”: [
“This section describes the embedded vCenter appliance which is in “,
“replication with the provided PSC”
]
},
“managing_esxi_or_vc”: {
“hostname”: “esxiinternal.ashu.com”,
“username”: “root”,
“password”: “@******2”
},
“vc_appliance”: {
“hostname”: “vcsa.ashu.com”,
“username”: “administrator@vsphere.local”,
“password”: “@*****92”,
“root_password”: “@*****92”
}
}
}
Step2: Run the Decommission Script
PS F:\vcsa-converge-cli\win32> .\vcsa-util.exe decommission --no-ssl-certificate-verification "E:\VMware\vSphere 6.7 and 7\Convergence\Decommission.json"Output:
PS F:\vcsa-converge-cli\win32> .\vcsa-util.exe decommission --no-ssl-certificate-verification "E:\VMware\vSphere 6.7 and 7\Convergence\Decommission.json"
Run the installer with "-v" or "--verbose" to log detailed information
The certificate of server 'esxiinternal.ashu.com' will not be verified because
you have provided either the '--no-ssl-certificate-verification' or
'--no-esx-ssl-verify' command parameter, which disables verification for all
certificates. Remove this parameter from the command line if you want the server
certificates to be verified.
Precheck PSC decommissions task successfully.
CONVERGE_PSC_HOSTNAME: psc.ashu.com
Precheck vCenter decommissions task successfully.
PSC machine powered off successfully.
Decommissioning PSC node. This may take some time. Please wait..
Successfully decommissioned the PSC node
=================================== 12:10:05 ===================================
Result and log file information…
Workflow log directory:
This will decommission the External PSC which of course you dint need now.
