This post is the third part of the series -- Configure PSC HA in vSphere 6.5. In the first post, we discussed how to configure certificates and in the second post, we discussed on how to configure Load Balancer.
In this post, we will look at configuring the PSC appliances and add or repoint existing vCenter Server appliances.
There are a couple of inbuilt scripts that we will be running to configure the PSCs for load balancing. The scripts are updateSSOConfig.py and updateLsEndpoint.py.
The updateSSOConfig.py script updates information local to each PSC and must be run on all PSCs in the HA configuration.
The updateLsEndpoint.py script updates the ServiceRegistration Endpoints in VMDir and only needs to be run on one of the PSCs in the HA configuration.
To run the updateSSOConfig.py, take an SSH session to the PSC using the root credentials and navigate to the directory /usr/lib/vmware-sso/bin
Type the below command to execute the script.
python updateSSOConfig.py --lb-fqdn=psc-lb.lab.local
Perform the above steps on the second PSC as well that is participating in the PSC HA configuration.
The second script UpdateLsEndpoint.py needs to be run on only one of the PSCs participating in the PSC HA cluster.
Navigate to the directory /usr/lib/vmware-sso/bin
Type the below command to execute the script
python UpdateLsEndpoint.py --lb-fqdn=psc-lb.lab.local --firstname.lastname@example.org --password=password
Note: The above step needs to be performed only one node of the PSC HA cluster.
Great! We now have a working PSC HA configuration. To verify that the configuration has been successful we can run the below command to make sure all the Endpoints have been updated successfully.
Obtain the sitename, by running the command:
python /usr/lib/vmidentity/tools/scripts/lstool.py get-site-id --url https://PSC65-A.lab.local/lookupservice/sdk 2> /dev/null
Once you have the sitename, run the below commands to verify the EndPoints are updated with the Load Balancer FQDN.
python /usr/lib/vmidentity/tools/scripts/lstool.py list --url http://localhost/lookupservice/sdk --site first-site --type cs.license | grep “URL:”
python /usr/lib/vmidentity/tools/scripts/lstool.py list --url http://localhost/lookupservice/sdk --site first-site --type cs.identity | grep “URL:”
Now, we know that all the Endpoints have been updated to the Load Balancer FQDN.
Ideally, the next step would be to deploy the VCSA Appliance and during the installation, you will have to provide the Load Balancer FQDN during the SSO configuration.
In my lab, I had already deployed the VCSA’s and I have to now repoint the VCSAs to the Load Balanced FQDN and I will be doing this using the cmsso-util utility
The command that I will be running is shown below:
cmsso-util repoint --repoint-psc psc-lb.lab.local
In either case, to verify that VCSAs are pointing to the Load Balanced FWDN, we can verify by logging into the vCenter Server using the Web Client.
Once logged in, select the vCenter Server, navigate to Configure > Advanced Settings
Search for the string sso-admin, you should be the results as below.
Now, we have a working PSC HA setup for vSphere 6.5. If one of your PSC nodes goes down, the Load Balancer will automatically route the traffic to the next available PSC.
I hope this has been informative and thank you for reading!