Split vCenter Servers configured in an Enhanced Linked Mode

Yesterday while reading about Enhanced linked mode I stumbled across this blogpost by William Lam where he have demonstrated how to split vCenters which are configured in linked mode.

I thought to give it a try in my lab also as these days I am playing around PSC’s and repointing, ELM things etc.

In my lab I have 2 PSC nodes and 2 vCenter server nodes each pointing to one of the PSC. Both PSC nodes are in same SSO domain/site

vcentersrv02:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost

https://psc04.alex.local:443/lookupservice/sdk

vcentersrv03:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost

https://psc06.alex.local/lookupservice/sdk

elm-2.PNG

Both PSC are replicating to each other. Also I have verified that I do not have any stale entries for any PSC nodes from my existing lab activities.

psc04:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h psc04.alex.local -u administrator -w SSO-Admin-Pwd

cn=psc04.alex.local,cn=Servers,cn=BLR-DC3,cn=Sites,cn=Configuration,dc=alex,dc=lab
cn=psc06.alex.local,cn=Servers,cn=BLR-DC3,cn=Sites,cn=Configuration,dc=alex,dc=lab

psc04:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator -w SSO-Admin-Pwd
ldap://psc06.alex.local

psc06:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator -w SSO-Admin-Pwd
ldap://psc04.alex.local

The vCenter servers have been configured in enhanced linked mode.

elm-3.PNG

I am trying to achieve below deployment model in my lab i.e to separate both vCenter from ELM and both vCenter pointing to a single PSC.

elm-1.PNG

These are the steps which we need to follow to separate VC’s from ELM configuration.

Step 1: Verify that there are no stale PSCs or vCenter Servers present in your environment that you are not aware of. You can use the vdcrepadmin command for this.

Step 2: Verify replication health between the PSC nodes. There should not be any lag in replication data i.e the last change number and change number seen by partner should be same

psc04:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator -w SSO-Admin-Pwd

Partner: psc06.alex.local
Host available: Yes
Status available: Yes
My last change number: 5054
Partner has seen my change number: 5054
Partner is 0 changes behind.

psc06:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator -w SSO-Admin-Pwd

Partner: psc04.alex.local
Host available: Yes
Status available: Yes
My last change number: 5587
Partner has seen my change number: 5587
Partner is 0 changes behind.

Step 3: Prevent PSC04 and PSC06 from talking to each other before breaking the ELM configuration.

There are 2 ways to do so. Either you can disconnect the NIC of one of the PSC node or can shutdown it. When a given PSC node is unreachable and when we perform the “decommission” operation, it will automatically comply and allow us to remove the replication partner.

I disconnected the NIC of PSC06 appliance and confirmed that PSC04 can’t reach to it

psc04:~ # ping psc06
PING psc06.alex.local (192.168.109.26) 56(84) bytes of data.
From psc04.alex.local (192.168.109.24): icmp_seq=7 Destination Host Unreachable
From psc04.alex.local (192.168.109.24) icmp_seq=7 Destination Host Unreachable

Step 4: Decommision PSC06

Login via SSH to psc04 applaince decommision psc06 using the cmsso-util. I have wrote a Remove PSC from SSO Domain on this few days back. Basically you have to use this command:

# /bin/cmsso-util unregister –node-pnid psc06.alex.local –username administrator  –passwd SSO-Admin-PWD

elm-4.PNG

At this point replication is broken between psc04 and psc06.

Step 5: Decommission vCenter Server

Next is to decommission the vCenter server that was pointing to psc06.

We use the same command which we used in previous step, but this time instead of psc we have to supply vCenter server name as shown below:

# /bin/cmsso-util unregister –node-pnid vcentersrv03.alex.local –username administrator –passwd SSO-Admin-Pwd

elm-5.PNG

At this point you have successfully completed the split of the first VC. We can verify in Web Client that we have broken the ELM configuration.

elm-8.PNG

Step 6: Now we have to perform the same operation for psc04 and vcentersrv02. Login to psc06 via console (do not connect the NIC which we disconnected in step 3) and press Alt +F1 to access bash shell and run following 2 commands

# /bin/cmsso-util unregister –node-pnid PSC-FQDN –username administrator@SSO-Domain  –passwd SSO-Admin-PWD

# /bin/cmsso-util unregister –node-pnid vCenter-FQDN –username administrator@SSO-Domain  –passwd SSO-Admin-PWD

elm-7.PNG

Now you can connect the vNIC of PSC06.

Now login to vCenterSrv03 and confirm that split has completed.

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 🙂