One of the most exciting new feature in VSAN 6.1 is the new Stretched Clustering capability which also provides support for a 2-Node ROBO deployment. If you are interested in learning more about the new VSAN 6.1 capabilities, be sure to check out Duncan's blog post here as well as a video on how to configure the new VSAN Stretched Clustering here. Like many of you, I am sure you are looking forward to giving both vSphere 6.0 Update 1 as well as the new VSAN 6.1 capabilities a spin in your home lab or development environment. By now, you probably know how easy it is to run Nested ESXi on top of your existing vSphere environment. However, not everyone has access to a vSphere environment. The next best thing is using VMware Fusion and Workstation which also supports Nested ESXi and for many of our customers and field, it is a great solution as it allows you to easily play with all the VMware goodies while you are on the go, especially useful if you travel frequently.
I was interested in setting up a 2-Node VSAN configuration and as part of the setup, you will also need to deploy the new VSAN Witness Virtual Appliance. I wanted to see what it would take to deploy the VSAN Witness Appliance onto VMware Fusion and Workstation and after a bit of exploration, hair pulling and OVF hackery, I was able to finally work out the process as shown in the steps below.
Disclaimer: This is not officially supported by VMware, please use this only for evaluational and testing purposes.
Note: If you plan on deploying the VSAN Witness Appliance directly to an ESXi host, you can use the injectOvfEnv method shown here.
Step 1 - Download the VSAN 6.1 Witness Virtual Appliance OVA from here
Step 2 - We need to make a few minor adjustments to the OVF file before we can import it into VMware Fusion/Workstation. Before we do so, we need to first convert the OVA to an OVF using ovftool.
Here is an example of running this on Mac OS X system:
/Applications/VMware\ OVF\ Tool/ovftool VMware-VirtualSAN-Witness-6.0.0.update01-3029758.ova VMware-VirtualSAN-Witness-6.0.0.update01-3029758.ovf
Once the conversion has completed, you should see a total of 8 files (6 VMDK files, 1 manifest & 1 OVF file). Before moving onto the next step, you will need to delete the manifest file (extension ending in .mf). We need to do this because the checksum will no longer be valid after we edit the OVF and the upload will fail.
Step 3 - The first edit that we need to make in the OVF is to change the required OVF parameter for specifying the password to the VSAN Witness Appliance from "true" to "false" since both Fusion/Workstation do not support OVF properties.
Change the following from
<ProductSection ovf:class="vsan" ovf:required="true">
to
<ProductSection ovf:class="vsan" ovf:required="false">
Step 4 - The final edit that we need to make in the OVF is to specify the deployment size (tiny, medium or large) for the Witness VM. By default, it will use the medium option. Below is a quick table of the deployment size and for evaluation/testing purposes, I suspect most you will want to stick with the "tiny" configuration.
Deployment Size | vCPU | vMEM | vDISKs | Components |
---|---|---|---|---|
tiny | 2 | 8GB | 1x8GB 1x15GB 1x10GB | 750 |
medium | 2 | 16GB | 1x8GB 1x350GB 1x10GB | 22K |
large | 2 | 32GB | 1x8GB 1x350GB 1x10GB | 45K |
The way this is specified in the OVF is by adding ovf:default="true" to the specific deployment size. As mentioned, by default this is set to the "medium" deployment size which looks like the following:
<Configuration ovf:default="true" ovf:id="normal">
If you wish to change this to some other deployment size, you will need to move the ovf:default="true" entry to the deployment size you wish to use. In our case, we will move it to "tiny" size by adding the following
<Configuration ovf:default="true" ovf:id="tiny">
Step 5 - Now that we are done with the OVF surgery, we can now import our VSAN Witness OVF into VMware Fusion or Workstation using the "Import" option. Ensure you select "Customize" option after the import has completed to prevent the VM from automatically powering on. This is very important because we still need to add one final configuration to the VMX file for the appliance to be properly configured.
Step 6 - The last and final step is to add a VMX entry which will configure the root password for VSAN Witness Appliance. This is not necessary when deploying to vCenter Server which has OVF support, but is a problem when deploying VMware Fusion, Workstation and even ESXi. You will need to add the following entry to the VMX file and be sure to replace the password of your choice which is highlighted below in blue.
guestinfo.ovfEnv = "<?xml version='1.0' encoding='UTF-8'?><Environment xmlns='http://schemas.dmtf.org/ovf/environment/1' xmlns:oe='http://schemas.dmtf.org/ovf/environment/1'><PropertySection><Property oe:key='vsan.witness.root.passwd' oe:value='vmware123'/></PropertySection></Environment>"
Step 7 - You are now ready to power on your VSAN Witness and if everything was configured correctly, you should be able to login to DCUI of the VSAN Witness which as you probably have guessed by now is running Nested ESXi 🙂
Here is a quick screenshot of configuring my very first 2-Node / Stretched VSAN Cluster which is comprised of 2 Nested ESXi VMs running on my Mac Mini which is running vSphere 6.0 Update 1 and my VSAN Witness Appliance running on my iMac using VMware Fusion. If you need additional instructions on configuring either a 2-Node / Stretched VSAN Cluster, be sure to check out the how-to video here. I plan to share this feedback internally with Engineering and hopefully deploying VSAN Witness in the future can be much more easier when it comes to running it on VMware Fusion and Workstation.
David says
Quick off the mark with this one William, thanks.
Can you check the posted code to configure the root password? There is no way I can get this to work.
Authentication failed. Invalid username or password whilst attempting to log into DCUI.
Cheers
William Lam says
Yes, the code is correct and I just tried it again to verify. Make sure you're applying this before the VM is powered on.
David says
Absolutely. Changes made prior to the VM being powered on for the first time. Would very much appreciate you taking a look at the vmx file which I will email offline.
Cheers
David says
Thanks William. For the benefit of others, editing the file using vi (Macbook Pro, OSX 10.10.5) caused the above error. Editing with vim on same machine worked OK. Go figure.....
Ron Adams says
A billion thanks! Was baffled as to why it wasn't working for me until I caught this comment thread.
Ron Adams says
As an addendum, upgrading the virtual HW version to match Fusion 8.x seems to break it as well.
John says
I get nothing but import errors when trying the above steps. It's almost like I'm missing something. Does a new manifest file need to be generated? I have tried on Fusion 7.1.3 and Workstation 11.1.2. Even tried editing the .ovf in vim as David suggested. The worst part is that when I try to just import the OVA the "old-fashioned-way" in vCenter - the password never "sticks". Meaning the password I choose at import never works to log in to the DCUI. UGH!!!! Any thoughts here William? I'm really stuck...
Askar Kopbayev says
It works with VSAN 6.2. The only error I got is when importing to Fusion. It says "Line 821: Unsupported Element 'Property'". This is the line we adjusted at Step 3. Removing the entire Property fixed the issue for me.
Wesley VanVleck says
Attempting to deploy Witness appliance 6.2 on Fusion 8.1 but the import fails because "the .ovf did not pass OVF specification conformance or virtual hardware compliance checks" When I select Retry it returns an error message "Line 65: Could not parse the document: 'not well-formed (invalid token)'"
Here's an excerpt of Line 65 from the .ovf
Deployment options for VMware Virtual SAN Witness Appliance
I've resorted to deploying the appliance on ESXi then "migrating" the VM from Fusion Pro but facing some irregularities to that approach... Any help with the "parse" error would be much appreciated!
Thank you!
Wesley VanVleck says
Not sure what happened but here's Line 65 again...
Deployment options for VMware Virtual SAN Witness Appliance
Wesley VanVleck says
Disregard, I ended up fully configuring the appliance on a spare machine I had laying around with ESXi 5.5 running on it. Once fully configured I powered the appliance down and using Fusion Pro was able to connect direct to ESXi and migration for whatever reason worked this time. First time I did not fully configure the appliance as well as deployed it on ESXi 6 and migration would fail, not sure why that would make any difference but... Now got VSAN configured with Witness Appliance running on Fusion, thanks!
YaroslavBasiy says
Many thanks. This steps work for me with Witness Appliance 6.5 on ESXi (with Nested VSAN Cluster). Not for Production, of couse.
Maas Salem says
Hey there, '
Thanks for the great post,
I have a question in terms of networking. lets say you have this streached cluster and you failover the VM;s from site1 to site2.
and the Vlan/Network/IP range in the other location is different 192.168.1.1/24 site1 and site two 192.168.2.1/24 .
when the VM boots up - how would be an IP from the other site - or would it just be isolated ?
Thanks.
Ron Scott-Adams (@Tohuw) says
If the network required is not available on the other site, it would just be isolated.
Ahmad Hasan says
Many thanks. This steps work for me with Witness Appliance 6.5 Update 1 (vSAN 6.6.1)
Hal Buruto says
Hi Ahmad, I was deploying the Witness Appliance 6.5 U1 on a Vcenter managed ESXi host however the root password does not seem to stick after a reboot. I followed the steps here to modify the OVF and assign the password and it works. However, upon adding the virtual nested ESXi host to vCenter, it does not seem to include the embedded license as it keeps using the evaluation license instead. Is there something else I am missing?
Christopher Parkin says
Very handy post for people putting their vSAN appliance on Fusion. Thanks.
Also had to use Atom text editor to make sure TextEdit was altering " to “ which is near impossible to see but definitely broke my first few attempts to deploy into fusion.
MIke C says
I know this post is a bit dated but I'm trying to deploy the vSAN 7.0 witness on VMware Workstation 14. First, in VMware workstation there is no way to stop the VM from booting, so it will always boot when the ofv is opened. When the Witness VM boots I turn it off off them add the change to the VMX file. When I reboot I can login using the clear text password and I can change my network configuration, however, after I reboot the entire configuration goes back to the defaults and I can't login anymore. Anyone gotten around this issue?
Matt says
Does this still work for Workstation 16? I tried to follow but the import never works.
William Lam says
Its possible there's been changes either to Workstation/Fusion and/or vSAN Appliance. You may need to take a look and see if anything stands out