VMware Cloud Community
pizzle85
Expert
Expert
Jump to solution

vcac 6.1 HA w/ F5

I'm following the guide:

http://www.vmware.com/files/pdf/products/vCloud/VMW-vRealize-Automation-61-Deployment-Guide-HA.pdf

to deploy vCAC in an HA design behind an F5 LTM.

im running into two issues:

1.

I am only able to get this config to work (services all report registered) if i update the /etc/hosts file on the appliances and add the F5 VIP DNS entry to the local host line in the hosts file. The problem is it removes that entry every time the server is restarted. I considered adding the modification to the init.d but figured there was probably a reason they overwrite the file and a better way to resolve this issue.

Has anyone gotten this to work without adding that entry? if so how?

2.

i am not able to actually browse to the vcac appliance using the F5 VIP DNS name. it just sits an spins and eventually times out. If i decrypt and re-encrypt on the F5 everything works fine.

My SSL cert is issued to the F5 VIP DNS name with the server names as SANs.

Has anyone gotten this wokring using the settings in the guide above? Id prefer not to needlessly decrypt/re-encrypt on the F5 if i don't need to.

Message was edited by: pizzle85

1 Solution

Accepted Solutions
pizzle85
Expert
Expert
Jump to solution

After a lengthy support session they were not able to tell me why it was not working as they stated in the docs they provide. Ultimately i had to make quite a few tweaks to our F5 config to get it all working as expected. We were seeing random re-auth request in the middle of sessions, with our HA vRO we were seeing timeouts when requesting ASR catalog items. For those issues we ended up setting pool member priority on one pool member to 10 and the other to 1. This let us have HA for failover but let one node service all the traffic. After we did this we stopped seeing the bad behavior. For the log on issue we ended up having me disable the host file check in the virtual appliance's VAMI interface to prevent it from resetting the host file. Support said they had seed this a few times and that this would be supported. We had to do this in 6.1 and had no issues when upgrading to 6.2. To remove this you go into the settings for the vRA application virtual appliance, click on vApp Options, under Authoring expand Properties, select vami.hostname and delete it. That should prevent the virtual application from resetting the host file every time the machine is restarted. We've been running fine since we made that change.

View solution in original post

Reply
0 Kudos
5 Replies
iliketurbos
Enthusiast
Enthusiast
Jump to solution

did you ever get anywhere? we are having the same issue after our upgrade.

Reply
0 Kudos
pizzle85
Expert
Expert
Jump to solution

After a lengthy support session they were not able to tell me why it was not working as they stated in the docs they provide. Ultimately i had to make quite a few tweaks to our F5 config to get it all working as expected. We were seeing random re-auth request in the middle of sessions, with our HA vRO we were seeing timeouts when requesting ASR catalog items. For those issues we ended up setting pool member priority on one pool member to 10 and the other to 1. This let us have HA for failover but let one node service all the traffic. After we did this we stopped seeing the bad behavior. For the log on issue we ended up having me disable the host file check in the virtual appliance's VAMI interface to prevent it from resetting the host file. Support said they had seed this a few times and that this would be supported. We had to do this in 6.1 and had no issues when upgrading to 6.2. To remove this you go into the settings for the vRA application virtual appliance, click on vApp Options, under Authoring expand Properties, select vami.hostname and delete it. That should prevent the virtual application from resetting the host file every time the machine is restarted. We've been running fine since we made that change.

Reply
0 Kudos
iliketurbos
Enthusiast
Enthusiast
Jump to solution

Could you share your f5 settings for type? Thanks for your suggestion on the priority settings, that might fix our other issue too!!

Reply
0 Kudos
pizzle85
Expert
Expert
Jump to solution

We wanted HA capabilities but we don't really anticipate a huge load as this will be used internally within our organization. So in our case setting priority activation on our pools wasn't a big deal because we really don't need to spread the load across multiple nodes. If we find we need more load capacity we will revisit our settings. We didn't feel like the vRA and vRO products were really ready for full HA but perhaps its just some configs i got wrong, support wasnt able to help us determine why we were seeing issues with a true HA LB config so we dropped it.

Our set up is like this:

2 vCenter SSO

2 vRA App

2 vRA Web

2 vRA Mgr (includes DEO, DEM, Agents)

2 vRO (vRA appliances with everything except vRO disabled)

2 Postgres (vRA appliances with everything except Postgres disabled)

MS SQL 2014 two node traditional cluster for IaaS and vRO DBs

all this is weaved through the F5 LTM cluster

This is what i have in my documentation for the F5 configs:

http://www.vmware.com/files/pdf/products/vCloud/VMW-vRealize-Automation-61-Deployment-Guide-HA.pdf

You will be following the guide at the link above. Below I will add supplemental information that will assist in the configuration unique to our organization. Create all items using the organizational F5 LTM naming conventions.

1. Create Monitors

  a. On all monitors adjust the Interval and Timeout

    i. Interval: 15

    ii. Timeout: 46

  b. 3.a.ii: GET /vcac/services/api/status\r\n

  c. 5.a.iii: ProvisionClient

2. Configure Default Health Monitor

  a. Skip this step as it will set the default monitor for every configured node

3. Create and Configure Pools

  a. For all pools configure priority group activation

    i. Priority Group Activation: Less Than 1

    ii. server 1: priority group 10

    iii. server 2: priority group 1

  b. Repeat this step a 4th time to create a vCAC Application Management Console pool

    i. Use the following settings:

      1. Service Port: 5480 HTTPS

      2. New Members: [vCAC APP1]

4. Create Virtual Servers (VIPs)

  a. On all VIPs set the following:

    i. Type: Performance (Layer 4)

    ii. HTTP Profile: None

    iii. VLAN and Tunnel Traffic: Enabled on…

    iv. VLANs and Tunnels: under “Available” select “OSG.F5vip-…” and click the “<<” button to add it to the “Selected” box

    v. Source Address Translation: SNAT

    vi. SNAT Pool: ESI-default-SNAT-pool

  b. Repeat this step a 4th time to create a vCAC Application Management Console Virtual Server

    i. Use the same settings as the vCAC Application Virtual Server with the following changes

      1. Service Port: 5480

      2. Default Pool: Pool created in Step 3.a above

      3. Default Persistence Profile: None

5. Create an additional F5 Virtual Server to forward HTTP traffic to the HTTPS Virtual Server

  a. Repeat Step 1, with these changes

    i. Service Port: 80 HTTP

    ii. HTTP Profile: http

    iii. Source Address Translation: None

    iv. iRules: _sys_https_redirect

6. Install vCloud Automation Center 6.1

  a. 1: To disable the monitors, navigate to the pool, select the “Active” “Health Monitor” and click the “>>” button to remove it, click “Update”

iliketurbos
Enthusiast
Enthusiast
Jump to solution

we have upgraded to 6.1 on our dev now thanks to you, big shout out!!

Reply
0 Kudos