In my last post I have demonstrated how to move a vCenter server from one PSC to another. In this article we will learn to repoint vCenter Server 6.0 between Platform Service Controllers (PSC) which are in same domain but different sites.
Before vSphere 6.0 U1, it was not possible to repoint vCenter server amongst PSC’s which were not in same site (but being in same domain). With vSphere 6.0 U1, VMware made this possible by introducing a new utility called cmsso-util.
VMware KB-2131191 article outline the steps for achieving this goal.The steps outlined in the KB are for vCenter server with external PSC deployment architecture.
Note: If you have an embedded vCenter 6.0, then you can use cmsso-util to change embedded deployment model to an external PSC model. The old PSC will be decommissioned during this process. Go ahead with this configuration only if you have no plans for using your old PSC again.
This article have all the steps for doing so.
What is difference between SSO domain and SSO site?
A vSphere SSO Domain is similar to an Active Directory domain, and a SSO site is similar to a site within Active Directory.
SSO domains are a boundary of where vCenter Server/PSC nodes are replicating between each other. If you are using external deployment model for PSC nodes and they are in same SSO domain, enhanced linked mode (ELM) is enabled by default and you can log into any one of the vCenter servers and manage the other vCenter server in the same SSO domain.
You can organize PSC’s domains into logical sites. A site in the VMware Directory Service is a logical container for grouping Platform Services Controller instances within a vCenter Single Sign-On domain. An SSO site represents a single “instance” that will not be geographically disperse.
Building Topology Information
Before going ahead with doing the vCenter server repoint, it is important to collect the topology information about SSO site name, vCenter pointing to which PSC etc. We can use the following commands to discover the SSO topology
SSO Site
1 2 3 4 5 6 |
psc03:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost BLR-DC2 psc04:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost BLR-DC3 |
You can also use vdcrepadmin command to fetch this info as shown below:
1 2 3 4 5 |
psc03:~ # /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h psc03.alex.local -u administrator -w psc-admin-pwd cn=psc03.alex.local,cn=Servers,cn=BLR-DC2,cn=Sites,cn=Configuration,dc=alex,dc=lab cn=psc04.alex.local,cn=Servers,cn=BLR-DC3,cn=Sites,cn=Configuration,dc=alex,dc=lab |
SSO Domain
1 2 3 4 5 6 7 |
psc03:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost alex.lab psc04:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost alex.lab |
To which PSC my vCenter server is currently pointing to?
1 2 3 |
vcentersrv02:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost https://psc03.alex.local/lookupservice/sdk |
So what I am trying to achieve here?
I am trying to repoint my vCenter server from PSC03 which is in BLR-DC2 site to PSC04 which is in BLR-DC3 site. Lets see how to do this.
Note: It is advisable that before you begin, snapshot all SSO nodes and vCenter servers involved! This means ALL of the PSCs in an authentication domain, even if you aren’t moving anything to or from them. The replication agreements between them can easily take any mistakes and pull them into the entire environment.
Step 1. Download cmsso-util zip file.
This file is provided by VMware as an attachment in KB-2131191. Upload the cmsso-util file to your vcsa via Winscp or any other utility.
Note: By default when you try to scp to VCSA, you will get error similar to “Received too large (1433299822 B) SFTP packet. Max supported packet size is 1024000 B“
To counter this issue, we have to change the default shell to bash using below command
chsh -s "/bin/bash" root
After this upload your file via winscp and then change the shell settings back to original by typing this command
chsh -s /bin/appliancesh root
Step 2. Back up the current cmsso-util file
vcentersrv02:~ # mv /bin/cmsso-util /bin/cmsso-util.bak
Step 3. Copy the uploaded cmos-util file to /bin directory and make it executable
vcentersrv02:~ # cp cmsso-util /bin/
vcentersrv02:~ # chmod +x /bin/cmsso-util
vcentersrv02:~ # ls -l /bin/cmsso-util
-rwx—— 1 root root 51058 Aug 11 15:29 /bin/cmsso-util
Step 4. Repoint vCenter to the new PSC.
vcentersrv02:~ # /bin/cmsso-util repoint –repoint-psc psc04.alex.local
If the command is successful, you will see message similar to “The vCenter Server has been successfully repointed to the external Platform Services Controller psc04.alex.local“
Step 5. Run the move-services option on cmsso-util on the vCenter Server.
# /bin/cmsso-util move-services
Follow the prompts for the required information. This moves the current service registrations from the vCenter Server’s current site to the new site and restart all the services.
You will see a list of services being un-registered and re-registered to new PSC
Note: You can skip the prompt by manually providing all info using below switches
# cmsso-util move-services –psc-node <New_PSC_FQDN> –domain-name <vSphere Domain Name> –username Administrator –passwd Administrator_Password –oldsite-name <vCenter Server’s Original Site> –newsite-name <vCenter Server’s New Site>
For my lab the command would have been like this
# cmsso-util move-services –psc-node psc04.alex.local –domain-name alex.lab –username Administrator –passwd Administrator_Password –oldsite-name BLR-DC2 –newsite-name BLR-DC3
I verified that now my vCenter server is pointing to my new PSC
1 2 3 |
vcentersrv02:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost https://psc04.alex.local:443/lookupservice/sdk |
And that’s it for this post.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 🙂