Yesterday while reading about Enhanced linked mode I stumbled across this blogpost by William Lam where he have demonstrated how to split vCenters which are configured in linked mode.
I thought to give it a try in my lab also as these days I am playing around PSC’s and repointing, ELM things etc.
In my lab I have 2 PSC nodes and 2 vCenter server nodes each pointing to one of the PSC. Both PSC nodes are in same SSO domain/site
vcentersrv02:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost https://psc04.alex.local:443/lookupservice/sdk vcentersrv03:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost https://psc06.alex.local/lookupservice/sdk
Both PSC are replicating to each other. Also I have verified that I do not have any stale entries for any PSC nodes from my existing lab activities.
psc04:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h psc04.alex.local -u administrator -w SSO-Admin-Pwd cn=psc04.alex.local,cn=Servers,cn=BLR-DC3,cn=Sites,cn=Configuration,dc=alex,dc=lab cn=psc06.alex.local,cn=Servers,cn=BLR-DC3,cn=Sites,cn=Configuration,dc=alex,dc=lab psc04:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator -w SSO-Admin-Pwd ldap://psc06.alex.local psc06:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator -w SSO-Admin-Pwd ldap://psc04.alex.local
The vCenter servers have been configured in enhanced linked mode.
I am trying to achieve below deployment model in my lab i.e to separate both vCenter from ELM and both vCenter pointing to a single PSC.
These are the steps which we need to follow to separate VC’s from ELM configuration.
Step 1: Verify that there are no stale PSCs or vCenter Servers present in your environment that you are not aware of. You can use the vdcrepadmin command for this.
Step 2: Verify replication health between the PSC nodes. There should not be any lag in replication data i.e the last change number and change number seen by partner should be same
psc04:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator -w SSO-Admin-Pwd Partner: psc06.alex.local Host available: Yes Status available: Yes My last change number: 5054 Partner has seen my change number: 5054 Partner is 0 changes behind. psc06:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator -w SSO-Admin-Pwd Partner: psc04.alex.local Host available: Yes Status available: Yes My last change number: 5587 Partner has seen my change number: 5587 Partner is 0 changes behind.
Step 3: Prevent PSC04 and PSC06 from talking to each other before breaking the ELM configuration.
There are 2 ways to do so. Either you can disconnect the NIC of one of the PSC node or can shutdown it. When a given PSC node is unreachable and when we perform the “decommission” operation, it will automatically comply and allow us to remove the replication partner.
I disconnected the NIC of PSC06 appliance and confirmed that PSC04 can’t reach to it
psc04:~ # ping psc06 PING psc06.alex.local (192.168.109.26) 56(84) bytes of data. From psc04.alex.local (192.168.109.24): icmp_seq=7 Destination Host Unreachable From psc04.alex.local (192.168.109.24) icmp_seq=7 Destination Host Unreachable
Step 4: Decommision PSC06
Login via SSH to psc04 applaince decommision psc06 using the cmsso-util. I have wrote a Remove PSC from SSO Domain on this few days back. Basically you have to use this command:
# /bin/cmsso-util unregister –node-pnid psc06.alex.local –username administrator –passwd SSO-Admin-PWD
At this point replication is broken between psc04 and psc06.
Step 5: Decommission vCenter Server
Next is to decommission the vCenter server that was pointing to psc06.
We use the same command which we used in previous step, but this time instead of psc we have to supply vCenter server name as shown below:
# /bin/cmsso-util unregister –node-pnid vcentersrv03.alex.local –username administrator –passwd SSO-Admin-Pwd
At this point you have successfully completed the split of the first VC. We can verify in Web Client that we have broken the ELM configuration.
Step 6: Now we have to perform the same operation for psc04 and vcentersrv02. Login to psc06 via console (do not connect the NIC which we disconnected in step 3) and press Alt +F1 to access bash shell and run following 2 commands
# /bin/cmsso-util unregister –node-pnid PSC-FQDN –username administrator@SSO-Domain –passwd SSO-Admin-PWD
# /bin/cmsso-util unregister –node-pnid vCenter-FQDN –username administrator@SSO-Domain –passwd SSO-Admin-PWD
Now you can connect the vNIC of PSC06.
Now login to vCenterSrv03 and confirm that split has completed.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 🙂