After sharing a sneak peak of my updated vSphere with Tanzu Automated Lab Deployment script on Twitter, I have been receiving non-stop requests on when the script will be available. It took a bit longer to finish off the documentation, creating the script was actually the easy part š
In any case, I am happy to finally share the automated script for deploying the new vSphere with Tanzu "Basic" which is included as part of vSphere 7.0 Update 1 is now available! You can find full details at the following Github repo: https://github.com/lamw/vsphere-with-tanzu-basic-automated-lab-deployment
In addition to the deployment instructions on the Github repo, I have also included a sample walkthrough which includes both deploying the vSphere with Tanzu environment as well as enabling Workload Management on the vSphere Cluster, which is not part of the automated deployment script.
I will also be updating my existing Workload Management PowerCLI Module to incorporate the new requirements for automating the enablement of Workload Management for a vSphere with Tanzu Basic Cluster. Together with this script, you will now have the ability to deploy vSphere with Tanzu end-to-end in under 1hr time!
More details will be shared in a later blog post and I hope folks enjoy the script, it was a ton of work!
Hi William,
I have got strange issue during vSphere with Tanzu Workload Management enablement procedure in my home lab
- on cluster selection step i have found my cluster in incompatible status with next incompatibility reason: Cluster domain-c2001 is a personality-manager managed cluster. It currently does not support vSphere namespaces.
Any ideas what can cause this issue? I have tried to find anything related in knowledge base with no success.
HI Alex,
This actually recently came up and looks to be a known issue with the vSphere UI when enabling Workload Management for a vSphere Cluster that has been enabled with the new vCenter Lifecycle Management (vCLM) capability. The team is currently working on updating documentation and there's two options for now
1) Create a vSphere Cluster w/o enabling (checking the box) for enabling vLCM
2) Use the vSphere API to enable Workload Management. If you're using my script, it'll standup a vSphere w/Tanzu env w/o using vLCM. If not, I'll be publishing an update to my Workload Management automation PS Module which can then be used to enable Workload Management with your existing vSphere Cluster since vLCM can not be disabled after configuring it as such
Thanks for a fast answer William, appreciate it!
I have existing cluster with enabled vLCM, so i'll be wait for your PS module to continue with Tanzu configuration š
Hi William,
I wonder why you have chosen a two-nic haproxy configuration. Is it to simplify the deployment or is there a limitation in haproxy ovfconfig ? I'm struggling to find ovf information at frontend side (frontend IP/prefix and gateway).
Any ideas ?
Yes, there are a number of different network topologies that can be used with the new vSphere w/Tanzu (non-NSX-T), see https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-C3048E95-6E9D-4AC3-BE96-44446D288A7D.html
The basis of the enablement was based on my Automated vSphere with Tanzu Lab Deployment script and to keep things easy, I chose a 2-NIC setup. You can certainly deploy HAProxy in 3-Nic and then you just need to map the correct info when you enable Workload Management
Thanks but I can't find $ovfconfig.fronted_ip neither $ovfconfig.frontend_gw in os customisation template
I suspect its because its optional and because they're using Deployment Option and the "default" setting doesn't require it, that OVF rendering may not show those values. I think you can make it work but you'll need to add those items to your $ovfConfig
Interestingly, using ovftool doesn't list the params and I have to pass in --X:enableHiddenProperties which doesn't exists when dealing with OVA and PowerCLI. I can see from the OVF definition, these are not actually hidden files, so I think you should be able to automate it but I've not tried myself
Looking at the "Sample Execution" section - the total number of IP address is 150+, Please confirm, is this understanding correct?
You don't need that many but ultimately the number of VIPs/Workload IPs will determine the number of Tanzu Kubernetes Grid Clusters and services that can be deployed
Thanks!
Hi William,
Great job! Amazing!
I built the environment with your script. Thank you for that!
I struggled on some points. Here are my findings:
- Do not use a space ā ā in the pathname of the sources
- The network parameters are the pre-required port groups
- Build Cluster-02 with HA switched OFF and DRS switched ON
- Move ESXi-Master (Bare Metal ESXi) to Cluster-02
After installing Power Shell on MAC and before execute WL_script.ps1:
>pwsh
>Set-PowerCLIConfiguration -InvalidCertificateAction:Ignore
If something goes wrong, you have to delete:
tanzu-esxi-1&2&3
tanzu-haproxy-1
Nested-Tanzu-Basic-Lab-xyz
Tanzu-Datacenter
New VCSA
If starting the WL_script.ps1 from a MAC you might have to do the following from cmd
(this is necessary if you get the warnings, that the developer could not be identified):
xattr -d ār com.apple.quarantine /your_path_to_VCSA7/
I had to change the expressions $($ENV:TMPDIR) with /tmp/ in WL_script.ps1 running on my MAC
Then I was wondering, that I didn't have to add the workaround for my unsupported CPU by using your ova.
With the native vSphere 7U1 I had to.
Lenovo D20 (4158WU2) / 96GB RAM / 2 x Intel(R) Xeon(R) CPU E5645 @ 2.40GHz / vSphere 6.7U3
All the best and stay healthy!
- - Ralf
Hi William,
Thanks for your hard working to update the script.
After my cluster is finished, after that next steps is enable workload for k8s. However i ran into either:
- 3 SuperVisor VMs were created but most of the time 2 VM will be allocated in same host
i changed the nested esx capacity and supervisor size to force those VMs to create separated and i got
- 3 SuperVisor VMs were created on separated host but only 1 was powered on, other 2 left untouch. it ends up failed to create the workload cluster. even i left them overnight.
I checked wcp log and see the system was trying to bring up those 2 controller VM but failed due to those VM were not powered up.
Can you give me some advices?
Hi William,
I have all the H/W requirements with me, when I start running the power shell script, it starts failing with this below error for SSO: (I have masked the names)
[12-16-2020_05:24:59] Deploying Nested ESXi VM xxxxxxx ...
[12-16-2020_05:25:33] Adding vmnic2/vmnic3 for "yyyyyy" and "VLAN
-zzzzz" to passthrough to Nested ESXi VMs ...
New-NetworkAdapter: C:\TANZU-SCRIPT\vsphere-with-tanzu-basic-automated-lab-deplo
yment-master\vsphere-with-tanzu-basic-lab-deployment.ps1:405
Line |
405 | New-NetworkAdapter -VM $vm -Type Vmxnet3 -NetworkName $VMNetw .
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 12/16/2020 5:25:33 PM New-NetworkAdapter vSphere single sign-on failed
| for connection
| '/VIServer=vsphere.local\*protected email*:4
43/' during a previous operation. The current operation requires such single sig
n-on and therefore failed. Future operations which require single sign-on on thi
s connection will fail. The underlying cause was available in the error message
which initially reported the single sign-on failure.
Due to this the script does gives errors at several points . It does created nexted esxi, haproxy, vcsa but fails to configure the VCSA and several other things.The user has complete admin privileges to VC but not able to resolve the SSO issue.
Please suggest a solution to get unblocked.
Thanks,
Tanaya
Getting the following error at VCSA deployment. Any thoughts here. It is the same error both for 7.0.1 and 7.0.3ua. I am using Centos 8 where the ps1 script is executed in pwsh.
[01-21-2022_08:31:13] Deploying the VCSA ...
The provided OVA image '/proot/pvcsa/vcsa-cli-installer/lin64/../../vcsa/VMware-vCenter-Server-Appliance-7.0.1.00300-17491101_OVF10.ova' does not have the following required properties:
'guestinfo.cis.ceip_enabled'. A new OVA image may be needed.
Deployment failed. OVF Tool return error code: 127
Failed to collect support bundle from the deployed appliance 'tanzu-vcsa-1'. Exception: Cannot collect the support bundle because Cannot find the appliance 'tanzu-vcsa-1' on the ESXi host
'vcsa.sfo01.rainpole.local'. Exception: Failed to find VM tanzu-vcsa-1
Error message: ApplianceDeploymentTask: Caught an exception Deployment failed. OVF Tool return error code: 127
[01-21-2022_08:32:02] Disconnecting from vcsa.sfo01.rainpole.local ...
[01-21-2022_08:32:02] Connecting to the new VCSA ...
Looks like you can`t run ovftool due to lack of required libs.
In that case possible solution is to install them, e.g. check libnsl:
# dnf install libnsl
Also vcsaCliInstaller logs stored in /tmp might be useful.
pacman -S libxcrypt-compat
It fixed the error for me on Archlinux