Earlier this week, I ran into an issue in a new environment that I had just deployed. The vCloud stack was installed as vCAC 6.1 Appliance, external vCO, and vCAC IaaS VM running on Windows Server 2012R2.
In this post, we’ll run through setting up a CentOS VM with the vCAC guest agent in order to get all the goodies that come with it like the management of new disks, new networking, as well as execution of scripts after deployment. This tutorial can be applied to other distros like Ubuntu, Debian, or SLES but for this example, I kept it in the EL6 family.
What you’ll need:
CentOS VM
Linux Guest Agent Packages
Certificate file from your vCAC IaaS Server
DNS working properly
Since this VM will be a template, I won’t tell you what you should or shouldn’t put on it, but may I suggest giving ‘yum update -y’ a little love? After that is completed, you need to get the LGA (Linux Guest Agent) Packages onto the server. This zip is located on your vCAC server at port 5480/installer, e.g. https://vCAC-server.local:5480/installer. Feel free to use SCP or wget with the –no-check-certificate flag. Lastly, explode the zip to the directory of your choice.
Next, you need to install the certificate of the IaaS server you deployed. Whether it was self-signed or from a CA, we need a copy of it on our soon-to-be template VM. Easiest way is to use the browser of your choice and go to your IaaS FQDN, e.g. https://IaaS-server.local/, then click the lock on the far left of the address bar, get certificate information, Details tab, then Copy to file leaving it as an encoded X.509 .CER and saving it wherever you choose. SCP this file onto your VM, we’ll come back to it in a moment.
Now let’s get to installing the actual agent. Change directories to where you unzipped the prior package and go into the architecture of your distro. In our case, we’re going into /rhel6-amd64 and then running:
1 |
rpm -ivh gugent-6.1.0-073014.x86_64.rpm |
This will install itself to /usr/share/gugent/ so change directories to that path. Remember the IaaS cert? Now is the time to copy it to /usr/share/gugent/axis2/ and run:
1 |
openssl x509 -in saved-IaaS-cert.crt -out cert.pem -outform PEM |
Note: If you open /usr/share/gugent/axis2.xml, you can change the final name and path of where the cert file will exist. By default, the cert file will be named cert.pem and reside in /usr/share/gugent/axis2/
Now run the install script in /usr/share/gugent as such:
1 |
./installgugent.sh IaaS-FQDN.local ssl |
To verify everything is working properly, run ./rungugent.sh and ensure all you see are [Debug] and not [Error] messages.
If you do see errors, they’re most likely cert related, grep through /usr/share/gugent/axis2/logs/gugent-axis.log to verify. If you see:
[info] [ssl client] Client certificate chain filenot specified
[error] ssl/ssl_utils.c(153) Error occured in SSL engine
[error] ssl/ssl_stream.c(108) Error occured in SSL engine
Ensure you have placed the cert in the correct directory and/or modified axis2.xml to reflect wherever the finalized cert.pem exists. You will know you’re good to go once you see:
[Thu Mar 19 15:58:37 2015] [debug] ssl/ssl_utils.c(190) [ssl client] SSL certificate verified against peer
Now finish setting up your template to your liking with a kickstart script and you’re done!