################################################################################
##############第一步、将“具有外部PSC 转换为嵌入式PSC”###########################
################################################################################
##挂载VCSA 6.7U3 ISO
root@elm-vcsa02 [ ~ ]# mount /dev/cdrom /mnt/cdrom/
mount: /dev/sr0 is write-protected, mounting read-only
##将ISO的json脚本文件复制出来进行修改
root@elm-vcsa02 [ ~ ]# cp /mnt/cdrom/vcsa-converge-cli/templates/converge/converge.json /root/
root@elm-vcsa02 [ ~ ]# cp /mnt/cdrom/vcsa-converge-cli/templates/decommission/decommission_psc.json /root/
##修改converge.json文件,此文件用于将“具有外部PSC 转换为嵌入式PSC”
root@elm-vcsa02 [ ~ ]# cat converge.json
{
"__version": "2.11.0",
"__comments": "Template for VCSA with external Platform Services Controller converge",
"vcenter": {
"description": {
"__comments": [
"This section describes the vCenter appliance which you want to",
"converge and the ESXi host on which the appliance is running. "
]
},
"managing_esxi_or_vc": {
"hostname": "192.0.1.12",
"username": "administrator@vsphere.local",
"password": "1111111111KO"
},
"vc_appliance": {
"hostname": "elm-vcsa02.em.com",
"username": "administrator@vsphere.local",
"password": "P@ssw0rd",
"root_password": "P@ssw0rd"
}
},
"replication": {
"description": {
"__comments": [
"Important Note: Make sure you provide the information in this section very carefully, as this changes the replication topology.",
"Refer to the documentation for complete details. Remove this section if this is first converge operation in your setup.",
"This section provides details of the PSC node which will be set up as a replicated node for a new PSC on the target VCSA node."
]
},
"partner": {
"hostname": "elm-vcsa01.em.com"
}
}
}
##执行预检查,以验证converge.json文件是否有错误
root@elm-vcsa02 [ ~ ]# cd /mnt/cdrom/vcsa-converge-cli/lin64/
root@elm-vcsa02 [ /mnt/cdrom/vcsa-converge-cli/lin64 ]# ./vcsa-util converge --precheck-only /root/converge.json
Run the installer with "-v" or "--verbose" to log detailed information
Retrying the connection with certificate thumbprint check...
If an untrusted SSL certificate is installed on '10.0.99.252', secure communication cannot be guaranteed. Depending on your security policy, this issue could represent a security concern.
The SHA-1 thumbprint of the certificate is '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'
Do you accept the thumbprint?
1: Accept and continue.
2: Do not accept and exit.
Enter '1' or '2': 1
You have accepted the server certificate's thumbprint '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'.
Initializing....
Retrying the connection with certificate thumbprint check...
Converge precheck is successful.
=============================================================================================== 03:03:22 ===============================================================================================
Result and log file information...
WorkFlow log directory: /tmp/vcsaCliInstaller-2019-10-10-03-02-g_9o782a/workflow_1570676576953
##开始进行转换
root@elm-vcsa02 [ /mnt/cdrom/vcsa-converge-cli/lin64 ]# ./vcsa-util converge /root/converge.json
Run the installer with "-v" or "--verbose" to log detailed information
The Converge operation changes your vCenter Server configuration from an External Platform Services Controller to an Embedded Platform Services Controller model as detailed in the information
provided to the input file. If you did not yet plan the configuration you want to achieve by running this tool nor checked input information for desired results, please see the 'vCenter Server
Installation and Setup Guide' for instructions. Ensure you have a current, valid backup of the vCenter Server and Platform Services Controllers in your environment before proceeding
Did you back up the participating PSC and VCSA nodes? Press (Y|y)es to proceed: Y
Retrying the connection with certificate thumbprint check...
If an untrusted SSL certificate is installed on '10.0.99.252', secure communication cannot be guaranteed. Depending on your security policy, this issue could represent a security concern.
The SHA-1 thumbprint of the certificate is '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'
Do you accept the thumbprint?
1: Accept and continue.
2: Do not accept and exit.
Enter '1' or '2': 1
You have accepted the server certificate's thumbprint '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'.
Initializing....
Retrying the connection with certificate thumbprint check...
[01/18] [SUCCEEDED] Precheck validations for converge
[02/18] [SUCCEEDED] Gather requirements
[03/18] [SUCCEEDED] Leave federation domain
[04/18] [SUCCEEDED] Uninstall vmafd client
[05/18] [SUCCEEDED] Stop all services
[06/18] [SUCCEEDED] Initialize converge
[07/18] [SUCCEEDED] Update node type to embedded
[08/18] [SUCCEEDED] Install required RPMs
[09/18] [SUCCEEDED] Run vmafd firstboot
[10/18] [SUCCEEDED] Retain machine ID and LDU
[11/18] [SUCCEEDED] Handle vmdir state
[12/18] [SUCCEEDED] Verify replication complete
[13/18] [SUCCEEDED] Run vmon, rhttpproxy, lookupsvc firstboot
[14/18] [SUCCEEDED] Run vmidentity-firstboot
[15/18] [SUCCEEDED] Update certificates
[16/18] [SUCCEEDED] Run license_firstboot Firstboot
[17/18] [SUCCEEDED] Starting all services on converged VCSA node
[18/18] [SUCCEEDED] Cleanup after converge
Converged to VCSA with embedded PSC successfully!
You may proceed with next step according to the documentation at https://docs.vmware.com/en/VMware-vSphere/index.html for your topology or PSC HA configuration
=============================================================================================== 03:17:07 ===============================================================================================
Result and log file information...
WorkFlow log directory: /tmp/vcsaCliInstaller-2019-10-10-03-08-1pmc8fzs/workflow_1570676882066
##查看转换完成后VCSA01、VCSA02、PSC01间关系
##ON VCSA02
root@elm-vcsa02 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartnerstatus -h elm-vcsa02.em.com -u Administrator -w P@ssw0rd
Partner: elm-vcsa01.em.com
Host available: Yes
Status available: Yes
My last change number: 6092
Partner has seen my change number: 6092
Partner is 0 changes behind.
root@elm-vcsa02 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showservers -h elm-vcsa02.em.com -u Administrator -w P@ssw0rd
cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
cn=elm-psc01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
root@elm-vcsa02 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartners -h elm-vcsa02.em.com -u Administrator -w P@ssw0rd
ldap://elm-vcsa01.em.com
##ON VCSA01
root@elm-vcsa01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartners -h elm-vcsa01.em.com -u Administrator -w P@ssw0rd
ldap://elm-psc01.em.com
ldap://elm-vcsa02.em.com
root@elm-vcsa01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showservers -h elm-vcsa01.em.com -u Administrator -w P@ssw0rd
cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
cn=elm-psc01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
root@elm-vcsa01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartnerstatus -h elm-vcsa01.em.com -u Administrator -w P@ssw0rd
Partner: elm-psc01.em.com
Host available: Yes
Status available: Yes
My last change number: 6107
Partner has seen my change number: 6107
Partner is 0 changes behind.
Partner: elm-vcsa02.em.com
Host available: Yes
Status available: Yes
My last change number: 6107
Partner has seen my change number: 6107
Partner is 0 changes behind.
##ON PSC01
root@elm-psc01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartnerstatus -h elm-psc01.em.com -u Administrator -w P@ssw0rd
Partner: elm-vcsa01.em.com
Host available: Yes
Status available: Yes
My last change number: 6125
Partner has seen my change number: 6125
Partner is 0 changes behind.
root@elm-psc01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartners -h elm-psc01.em.com -u Administrator -w P@ssw0rd
ldap://elm-vcsa01.em.com
root@elm-psc01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showservers -h elm-psc01.em.com -u Administrator -w P@ssw0rd
cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
cn=elm-psc01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
##################################################################################
############################第二步、移除外部PSC(PSC01)##########################
##################################################################################
##decommission_psc.json 文件内容参考如下
root@elm-vcsa02 [ /mnt/cdrom/vcsa-converge-cli/lin64 ]# cat /root/decommission_psc.json
{
"__comments": "Template for decommissioning PSC node with converge CLI tool.",
"__version": "2.11.0",
"psc": {
"description": {
"__comments": [
"This section describes the PSC appliance which you want to",
"decommission and the ESXi host on which the appliance is running. "
]
},
"managing_esxi_or_vc": {
"hostname": "192.0.1.252",
"username": "administrator@vsphere.local",
"password": "7111111CKO"
},
"psc_appliance": {
"hostname": "elm-psc01.em.com",
"username": "administrator@vsphere.local",
"password": "P@ssw0rd",
"root_password": "P@ssw0rd"
}
},
"vcenter": {
"description": {
"__comments": [
"This section describes the embedded vCenter appliance which is in ",
"the same single-sign-on domain with the provided PSC"
]
},
"managing_esxi_or_vc": {
"hostname": "192.0.1.252",
"username": "administrator@vsphere.local",
"password": "1111111gCKO"
},
"vc_appliance": {
"hostname": "elm-vcsa02.em.com",
"username": "administrator@vsphere.local",
"password": "P@ssw0rd",
"root_password": "P@ssw0rd"
}
}
}
##执行预检查,以验证decommission_psc.json文件是否有错误
root@elm-vcsa02 [ /mnt/cdrom/vcsa-converge-cli/lin64 ]# ./vcsa-util decommission --precheck-only /root/decommission_psc.json
Run the installer with "-v" or "--verbose" to log detailed information
Retrying the connection with certificate thumbprint check...
If an untrusted SSL certificate is installed on '10.0.99.252', secure communication cannot be guaranteed. Depending on your security policy, this issue could represent a security concern.
The SHA-1 thumbprint of the certificate is '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'
Do you accept the thumbprint?
1: Accept and continue.
2: Do not accept and exit.
Enter '1' or '2': 1
You have accepted the server certificate's thumbprint '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'.
Initializing....
Retrying the connection with certificate thumbprint check...
Precheck PSC decommission task successful.
Retrying the connection with certificate thumbprint check...
CONVERGE_PSC_HOSTNAME:
elm-psc01.em.com
Precheck vCenter decommission task successful.
=============================================================================================== 05:15:05 ===============================================================================================
Result and log file information...
WorkFlow log directory: /tmp/vcsaCliInstaller-2019-10-10-05-14-wcr2km4r/workflow_1570684496750
##移除外部PSC(PSC01),此过程会将外部PSC01关闭,并使用cmsso-util工具取消注册PSC01
root@elm-vcsa02 [ /mnt/cdrom/vcsa-converge-cli/lin64 ]# ./vcsa-util decommission /root/decommission_psc.json
Run the installer with "-v" or "--verbose" to log detailed information
Retrying the connection with certificate thumbprint check...
If an untrusted SSL certificate is installed on '10.0.99.252', secure communication cannot be guaranteed. Depending on your security policy, this issue could represent a security concern.
The SHA-1 thumbprint of the certificate is '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'
Do you accept the thumbprint?
1: Accept and continue.
2: Do not accept and exit.
Enter '1' or '2': 1
You have accepted the server certificate's thumbprint '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'.
Initializing....
Retrying the connection with certificate thumbprint check...
Precheck PSC decommission task successful.
Retrying the connection with certificate thumbprint check...
CONVERGE_PSC_HOSTNAME:
elm-psc01.em.com
Precheck vCenter decommission task successful.
PSC machine powered off successfully.
Decommissioning PSC node. This may take some time. Please wait..
Successfully decommissioned the PSC node
=============================================================================================== 05:23:11 ===============================================================================================
Result and log file information...
WorkFlow log directory: /tmp/vcsaCliInstaller-2019-10-10-05-17-2ew_59vk/workflow_1570684671581
##验证结果
root@elm-vcsa01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartnerstatus -h elm-vcsa01.em.com -u Administrator -w P@ssw0rd
Partner: elm-vcsa02.em.com
Host available: Yes
Status available: Yes
My last change number: 6266
Partner has seen my change number: 6266
Partner is 0 changes behind.
root@elm-vcsa01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showservers -h elm-vcsa01.em.com -u Administrator -w P@ssw0rd
cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
root@elm-vcsa01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartners -h elm-vcsa01.em.com -u Administrator -w P@ssw0rd
ldap://elm-vcsa02.em.com
oot@elm-vcsa02 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showservers -h elm-vcsa02.em.com -u Administrator -w P@ssw0rd
cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local
root@elm-vcsa02 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartnerstatus -h elm-vcsa02.em.com -u Administrator -w P@ssw0rd
Partner: elm-vcsa01.em.com
Host available: Yes
Status available: Yes
My last change number: 6271
Partner has seen my change number: 6271
Partner is 0 changes behind.
root@elm-vcsa02 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartners -h elm-vcsa02.em.com -u Administrator -w P@ssw0rd
ldap://elm-vcsa01.em.com