After spending a few days playing with the NSX Advanced Load Balancer (NSX ALB) APIs, I am happy to share my latest automation lab deployment script for deploying vSphere with Tanzu using the new NSX ALB which was introduced with the latest vSphere 7.0 Update 2 release.
🙌 BOOM!!!
Fully Automated vSphere with @VMwareTanzu using the new @vmwarensx Advanced Load Balancer introduced in vSphere 7.0 Update 2 Lab Deployment in just 32 minutes! 🔥
Still need to clean up some things, but this beats clicking around the UI! My 🤲 thanks me pic.twitter.com/hN32Qk3oDc
— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) March 29, 2021
Lab Deployment Automation
You can find the new automation script along with all the details at the following Github Repo: https://github.com/lamw/vsphere-with-tanzu-nsx-advanced-lb-automated-lab-deployment#enable-workload-management
In my environment, it took about ~32 minutes for the deployment to finish, but YMMV based on the performance of your underlying hardware.
Workload Management Automation
In addition to the automated lab deployment script above, I have also updated my community VMware.WorkloadManagement module to add support for enabling Workload Management on a vSphere Cluster using NSX ALB. This is introduced as a new function creatively called New-WorkloadManagement3. You use the Get-Help cmdlet to get a list of supported arguments or you can take a look at this example.
Steve Ballmer says
Great work William!
jk kim says
Hi William,
I am getting an error when Creating subnet mapping for Service Engine Network and stopped with the below error messages.
Failed to create subnet mapping for DVPG-Supervisor-Management-Network
Write-Error: ({"detail": "Method 'PUT' not allowed."}.Exception.Message)
Any ideas what can cause this issue?
@vra4u @JoseCavalheri says
Same here... just trying today the automatic deployment and fails on same place.. Doing my investigation, but so far didn't find the reason yet.
Joseph Larkin says
I'm Having the same exact issue.
Failed to create subnet mapping for DVPG-Supervisor-Management-Network
Write-Error: ({"detail": "Method 'PUT' not allowed."}.Exception.Message)
Joseph Larkin says
I'm getting just this one error when deploying from your script.
"WARNING: Specifying a distributed port group name as network name is no longer supported. Use the -Portgroup parameter." I'm not great at powershell yet. Would you be able to Assist?
It Happens right after:
Adding vmnic2/vmnic3 for "Nested-Tanzu-Mgmt" and "Nested-Tanzu-Workload" to passthrough to Nested ESXi VMs ...
Gustavo Dorado says
Hi Guys.
In the script, line 1012 (hardcoded username of nested vCenter), i change it for my "administrator@$VCSASSODomainName" and its working right now.
Sorry for delay 😀
Óscar P. says
Hi William.
I had to add the parameter "-Force" to the line 455 ($vm = Import-VApp -Source $NSXAdvLBOVA...) because I was not be able to deploy the NSX ALB version 30.1.1 with vCenter/ESXi 8.0.1a (I want to test new versions) because I was seeing always the error: "Import-VApp" The certificate used to sign the OVF package is not valid. (Untrusted).
I don't know if with your original versions was the same...
Regards.
JD says
First off, thanks for putting this together and sharing. Has been a tremendous head start.
I currently have the script combined to deploy vSphere, NSX ALB and enable Workload Management in our lab using vSphere 8U2 with NSX ALB 20.1.4.
I've been banging my head on the wall a bit now trying to get ALB 30.1 to configure the networks after successful deployment, but there seems to be some issue with the API call changes from 20.1.4 as expected.
Seems the older version pre-populates the networks through discovery so the PUT method works as opposed to 30.1. Anyway, at the moment I'm just deploying 20.1.4 which works and then upgrading to 30.1. Would love to figure out how to complete 30.1 configuration directly with script as opposed to upgrading.
Óscar P. says
I had got it using 30.1 version... I have done some local modifications on the script (adding vCenter Proxy automated configuration, and other little changes) and it's working for me with vSphere 8.0U2 and NSX ALB 30.1.1.
I can send you the changed script if you like. Sorry @William Lam, I have not documented it anywhere, but I can send you my little modifications if you want.
For your problem, @JD, basically, I have changed "x-avi-version" to 30.1.1 and added a line at vCenter registration over 1055 line disabling the "use_content_lib" with "use_content_lib" = "false" that doesn't be able to register vCenter in NSX ALB.
if($registervCenter -eq 1) {
$cloudConfigResult = ((Invoke-WebRequest -Uri https://${NSXAdvLByManagementIPAddress}/api/cloud -Method GET -Headers $newPassbasicAuthHeaders -SkipCertificateCheck).Content | ConvertFrom-Json).results[0]
$cloudConfigResult.vtype = "CLOUD_VCENTER"
$vcConfig = @{
"username" = "*protected email*"
"password" = "$VCSASSOPassword";
"vcenter_url" = "$VCSAHostname";
"privilege" = "WRITE_ACCESS";
"datacenter" ="$NewVCDatacenterName";
"management_ip_subnet" = @{
"ip_addr" = @{
"addr" = "$NSXAdvLBManagementNetwork";
"type" = "V4";
};
"mask" = "$NSXAdvLBManagementNetworkPrefix";
}
"use_content_lib" = "false";
}
William Lam says
Awesome! Please send GitHub PR to bring in your changes
Óscar P. says
I have made several modifications to adapt it to my company environment that is complex about networking (I need two vSphere cluster with two Supervisor Tanzu Cluster, and different networks for Supervisor Workload and K8s Workloads). I will put all in order and translate the interesting modifications. Permit me some days out of my work.
JD says
Fantastic and thanks for sharing! I will play around with the script and see if it works now without upgrading ALB afterward.
Óscar P. says
I'll try to put all in William github to his approve.
Óscar Pedro Isabel Cuéllar says
Done. I'm new with Github stuff... I hope I did it correctly. I have deleted some lines relatives to my company networking and datacenter organization (I need two vpshere clusters and two supervisors for my lab). I haven't tested yet this final script.
Joe Mattilini says
Hi William
I'm trying to deploy NSX-NAPP on nested ESXi environment which requires Tanzu on vsphere to be deployed, I was able to deploy supervisors successfully , but for some reason Host Config Status stuck on "Installed and Started Kubernetes Node Agent on the ESXi Host", I checked logs on ESXi hosts ( /esxupdate.log) and found this error : vmware.esximage.Errors.NoMatchError: ('spherelet', "No VIB matching VIB search specification 'spherelet' on host.") , any idea what could be the issue?
Regards,
Joe
William Lam says
Are you using compatible version of VCSA/ESXi? spherelet is a VIB that's deployed to ESXi host as part of vSphere w/Tanzu enablement and it seems like its unable to find the correct version. This would indicate that supervisor enablement was not fully successful
byungmun,lee says
I have the same issue.
The version information is as below. Is there a solution?
vCenter Server 8.0 Update 2a 22617221
VMware ESXi, 8.0.2, 22380479
William Lam says
Take a look at the VCSA installer logs, it should give you more info on what it’s not happy about
byungmun,lee says
Do you mean vc-installer.log?
Logs associated with spherelet vib are not visible.