VMware Cloud Community
evil242
Enthusiast
Enthusiast
‎03-09-2023 03:46 PM

How do you update the LB FQDN after cluster deployment?

Is there an easy way to update the LB FQDN after cluster deployment?  LCM doesn't seem to provide that as an option without tearing everything down and redeploying.  Reason I ask is I'm "migrating" our vRA services from old vRA 7.6 LB environment.  Ideally I'm hoping I can get the vRA8 environment up, migrate what I can, and import managed VMs. Then update DNS of the old FQDN to point to the new LB VIP.

Thoughts?

Thanks in advance.

Damion Terrell  .   +  (He/Him)  +  . *  .  +   @   + .    *  .    +      .                    
Core IT Service Specialist  *     .    +    *  .   +   .     +   .    +     *   +             
UNM – IT Platforms – VIS  + .  . .     .    .  .    .     .             .        
          .       +    .      +       *        .          +  *   .
      *     .  .      +      .        .   .   .      +   .    +     *   +        .
“You learn the job of the person above you,     *     +   .    +     *    @       
and you teach your job to the person below you..”              .    *         +
0 Kudos
4 Replies
Ankush11s
VMware Employee
VMware Employee
‎03-09-2023 10:33 PM

Currently we can not and It is not that simple
Because if we update the LB , It would require update in certificate as well for SAN entries .
and Same goes for communication as well , when VIDM LB tries to connect to Aria Automation LB.


0 Kudos
Enter123
Enthusiast
Enthusiast
‎03-09-2023 11:39 PM

I have vRA8 deployment with LB fqdn which is different than vRA7 LB FGDN.

I moved vRA8.11.1 LB FQDN from NSX-V LB to F5 without any issues, just updated DNS to point to the F5 LB IP address.

My idea is simply to create DNS redirect, so if anyone was using vRA7 LB FQDN somewhere, it will redirect to vRA8 LB FQDN.

Also heard from support that it is possible to change vRA8 LB FQDN but requires VMware support assistence and editing internal vRA8 configuration.

0 Kudos
Ankush11s
VMware Employee
VMware Employee
‎03-09-2023 11:43 PM

@Enter123 Can you share support ticket number where this was communicated 

0 Kudos
evil242
Enthusiast
Enthusiast
‎03-10-2023 10:27 AM

What I was hoping was I could just use cname to new name.  But iRule to redirect could also work.

@Ankush11sI was able to use a wildcard client cert on the F5 LB for *.domain.dom and then load the server certificates and key I generated for both the vIDM cluster and vRA / Aria cluster on the F5 so the F5 can re-encrypt to the servers.  The vIDM and vRAria both accepted and trusted the LB FQDN with wildcard certificate without hassle. 

To change the FQDN, for the appliance certificate SANs, it should be easy to add both FQDN to the list of the SAN's available and update the certs.  It's the appliance that's the issue. 

I'm excited for this cause now we can either insert iRules or AWAF protection as needed next time some major exploit comes out. 

Currently on vRAria 8.10.1.

Damion Terrell  .   +  (He/Him)  +  . *  .  +   @   + .    *  .    +      .                    
Core IT Service Specialist  *     .    +    *  .   +   .     +   .    +     *   +             
UNM – IT Platforms – VIS  + .  . .     .    .  .    .     .             .        
          .       +    .      +       *        .          +  *   .
      *     .  .      +      .        .   .   .      +   .    +     *   +        .
“You learn the job of the person above you,     *     +   .    +     *    @       
and you teach your job to the person below you..”              .    *         +
0 Kudos