【筆記】將“具有外部PSC的VC”轉換爲“嵌入式PSC的VC”，並移除外部PSC

################################################################################

##############第一步、將“具有外部PSC 轉換爲嵌入式PSC”###########################

################################################################################

##掛載VCSA 6.7U3 ISO

root@elm-vcsa02 [ ~ ]# mount /dev/cdrom /mnt/cdrom/

mount: /dev/sr0 is write-protected, mounting read-only

##將ISO的json腳本文件複製出來進行修改

root@elm-vcsa02 [ ~ ]# cp /mnt/cdrom/vcsa-converge-cli/templates/converge/converge.json /root/

root@elm-vcsa02 [ ~ ]# cp /mnt/cdrom/vcsa-converge-cli/templates/decommission/decommission_psc.json /root/

##修改converge.json文件，此文件用於將“具有外部PSC 轉換爲嵌入式PSC”

root@elm-vcsa02 [ ~ ]# cat converge.json 

{
    "__version": "2.11.0",
    "__comments": "Template for VCSA with external Platform Services Controller converge",
        "vcenter": {
            "description": {
               "__comments": [
                    "This section describes the vCenter appliance which you want to",
                    "converge and the ESXi host on which the appliance is running. "
                ]
            },
            "managing_esxi_or_vc": {
                "hostname": "192.0.1.12",
                "username": "[email protected]",
                "password": "1111111111KO"
            },
            "vc_appliance": {
                "hostname": "elm-vcsa02.em.com",
                "username": "[email protected]",
                "password": "P@ssw0rd",
                "root_password": "P@ssw0rd"
            }
        },
    "replication": {
            "description": {
               "__comments": [
               "Important Note: Make sure you provide the information in this section very carefully, as this changes the replication topology.",
               "Refer to the documentation for complete details. Remove this section if this is first converge operation in your setup.",
               "This section provides details of the PSC node which will be set up as a replicated node for a new PSC on the target VCSA node."
            ]
                },
            "partner": {
                "hostname": "elm-vcsa01.em.com"
            }
        }
}

##執行預檢查，以驗證converge.json文件是否有錯誤

root@elm-vcsa02 [ ~ ]# cd /mnt/cdrom/vcsa-converge-cli/lin64/

root@elm-vcsa02 [ /mnt/cdrom/vcsa-converge-cli/lin64 ]# ./vcsa-util converge --precheck-only /root/converge.json 

Run the installer with "-v" or "--verbose" to log detailed information

Retrying the connection with certificate thumbprint check...

If an untrusted SSL certificate is installed on '10.0.99.252', secure communication cannot be guaranteed. Depending on your security policy, this issue could represent a security concern.

The SHA-1 thumbprint of the certificate is '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'

Do you accept the thumbprint?

1: Accept and continue.

2: Do not accept and exit.

Enter '1' or '2': 1

You have accepted the server certificate's thumbprint '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'.

Initializing....

Retrying the connection with certificate thumbprint check...

Converge precheck is successful.

=============================================================================================== 03:03:22 ===============================================================================================

Result and log file information...

WorkFlow log directory: /tmp/vcsaCliInstaller-2019-10-10-03-02-g_9o782a/workflow_1570676576953

##開始進行轉換

root@elm-vcsa02 [ /mnt/cdrom/vcsa-converge-cli/lin64 ]# ./vcsa-util converge /root/converge.json 

Run the installer with "-v" or "--verbose" to log detailed information

   The Converge operation changes your vCenter Server configuration from an External Platform Services Controller to an Embedded Platform Services Controller model as detailed in the information

provided to the input file. If you did not yet plan the configuration you want to achieve by running this tool nor checked input information for desired results, please see the 'vCenter Server

Installation and Setup Guide' for instructions. Ensure you have a current, valid backup of the vCenter Server and Platform Services Controllers in your environment before proceeding

Did you back up the participating PSC and VCSA nodes? Press (Y|y)es to proceed: Y

Retrying the connection with certificate thumbprint check...

If an untrusted SSL certificate is installed on '10.0.99.252', secure communication cannot be guaranteed. Depending on your security policy, this issue could represent a security concern.

The SHA-1 thumbprint of the certificate is '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'

Do you accept the thumbprint?

1: Accept and continue.

2: Do not accept and exit.

Enter '1' or '2': 1

You have accepted the server certificate's thumbprint '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'.

Initializing....

Retrying the connection with certificate thumbprint check...

[01/18] [SUCCEEDED] Precheck validations for converge

[02/18] [SUCCEEDED] Gather requirements

[03/18] [SUCCEEDED] Leave federation domain

[04/18] [SUCCEEDED] Uninstall vmafd client

[05/18] [SUCCEEDED] Stop all services             

[06/18] [SUCCEEDED] Initialize converge

[07/18] [SUCCEEDED] Update node type to embedded

[08/18] [SUCCEEDED] Install required RPMs         

[09/18] [SUCCEEDED] Run vmafd firstboot           

[10/18] [SUCCEEDED] Retain machine ID and LDU

[11/18] [SUCCEEDED] Handle vmdir state

[12/18] [SUCCEEDED] Verify replication complete

[13/18] [SUCCEEDED] Run vmon, rhttpproxy, lookupsvc firstboot

[14/18] [SUCCEEDED] Run vmidentity-firstboot      

[15/18] [SUCCEEDED] Update certificates

[16/18] [SUCCEEDED] Run license_firstboot Firstboot

[17/18] [SUCCEEDED] Starting all services on converged VCSA node

[18/18] [SUCCEEDED] Cleanup after converge

 Converged to VCSA with embedded PSC successfully!

You may proceed with next step according to the documentation at https://docs.vmware.com/en/VMware-vSphere/index.html for your topology or PSC HA configuration

=============================================================================================== 03:17:07 ===============================================================================================

Result and log file information...

WorkFlow log directory: /tmp/vcsaCliInstaller-2019-10-10-03-08-1pmc8fzs/workflow_1570676882066

##查看轉換完成後VCSA01、VCSA02、PSC01間關係

##ON VCSA02

root@elm-vcsa02 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartnerstatus -h elm-vcsa02.em.com -u Administrator -w P@ssw0rd

Partner: elm-vcsa01.em.com

Host available:   Yes

Status available: Yes

My last change number:             6092

Partner has seen my change number: 6092

Partner is 0 changes behind.

root@elm-vcsa02 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showservers -h elm-vcsa02.em.com -u Administrator -w P@ssw0rd

cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

cn=elm-psc01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

root@elm-vcsa02 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartners -h elm-vcsa02.em.com -u Administrator -w P@ssw0rd

ldap://elm-vcsa01.em.com

##ON VCSA01

root@elm-vcsa01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartners -h elm-vcsa01.em.com -u Administrator -w P@ssw0rd

ldap://elm-psc01.em.com

ldap://elm-vcsa02.em.com

root@elm-vcsa01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showservers -h elm-vcsa01.em.com -u Administrator -w P@ssw0rd

cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

cn=elm-psc01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

root@elm-vcsa01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartnerstatus -h elm-vcsa01.em.com -u Administrator -w P@ssw0rd

Partner: elm-psc01.em.com

Host available:   Yes

Status available: Yes

My last change number:             6107

Partner has seen my change number: 6107

Partner is 0 changes behind.

Partner: elm-vcsa02.em.com

Host available:   Yes

Status available: Yes

My last change number:             6107

Partner has seen my change number: 6107

Partner is 0 changes behind.

##ON PSC01

root@elm-psc01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartnerstatus -h elm-psc01.em.com -u Administrator -w P@ssw0rd

Partner: elm-vcsa01.em.com

Host available:   Yes

Status available: Yes

My last change number:             6125

Partner has seen my change number: 6125

Partner is 0 changes behind.

root@elm-psc01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartners -h elm-psc01.em.com -u Administrator -w P@ssw0rd

ldap://elm-vcsa01.em.com

root@elm-psc01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showservers -h elm-psc01.em.com -u Administrator -w P@ssw0rd

cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

cn=elm-psc01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

##################################################################################

############################第二步、移除外部PSC（PSC01）##########################

##################################################################################

##decommission_psc.json 文件內容參考如下

root@elm-vcsa02 [ /mnt/cdrom/vcsa-converge-cli/lin64 ]# cat /root/decommission_psc.json 

{
    "__comments": "Template for decommissioning PSC node with converge CLI tool.",
    "__version": "2.11.0",
        "psc": {
            "description": {
               "__comments": [
                   "This section describes the PSC appliance which you want to",
                    "decommission and the ESXi host on which the appliance is running. "
                ]
            },
            "managing_esxi_or_vc": {
                "hostname": "192.0.1.252",
                "username": "[email protected]",
                "password": "7111111CKO"
            },
            "psc_appliance": {
                "hostname": "elm-psc01.em.com",
                "username": "[email protected]",
                "password": "P@ssw0rd",
                "root_password": "P@ssw0rd"
            }
        },
        "vcenter": {
            "description": {
               "__comments": [
                    "This section describes the embedded vCenter appliance which is in ",
                    "the same single-sign-on domain with the provided PSC"
                ]
            },
            "managing_esxi_or_vc": {
                "hostname": "192.0.1.252",
                "username": "[email protected]",
                "password": "1111111gCKO"
            },
            "vc_appliance": {
                "hostname": "elm-vcsa02.em.com",
                "username": "[email protected]",
                "password": "P@ssw0rd",
                "root_password": "P@ssw0rd"
            }
        }
}

##執行預檢查，以驗證decommission_psc.json文件是否有錯誤

root@elm-vcsa02 [ /mnt/cdrom/vcsa-converge-cli/lin64 ]# ./vcsa-util decommission --precheck-only /root/decommission_psc.json 

Run the installer with "-v" or "--verbose" to log detailed information

Retrying the connection with certificate thumbprint check...

If an untrusted SSL certificate is installed on '10.0.99.252', secure communication cannot be guaranteed. Depending on your security policy, this issue could represent a security concern.

The SHA-1 thumbprint of the certificate is '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'

Do you accept the thumbprint?

1: Accept and continue.

2: Do not accept and exit.

Enter '1' or '2': 1

You have accepted the server certificate's thumbprint '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'.

Initializing....

Retrying the connection with certificate thumbprint check...

Precheck PSC decommission task successful.

Retrying the connection with certificate thumbprint check...

CONVERGE_PSC_HOSTNAME:

elm-psc01.em.com

Precheck vCenter decommission task successful.

=============================================================================================== 05:15:05 ===============================================================================================

Result and log file information...

WorkFlow log directory: /tmp/vcsaCliInstaller-2019-10-10-05-14-wcr2km4r/workflow_1570684496750

##移除外部PSC（PSC01），此過程會將外部PSC01關閉，並使用cmsso-util工具取消註冊PSC01

root@elm-vcsa02 [ /mnt/cdrom/vcsa-converge-cli/lin64 ]# ./vcsa-util decommission /root/decommission_psc.json 

Run the installer with "-v" or "--verbose" to log detailed information

Retrying the connection with certificate thumbprint check...

If an untrusted SSL certificate is installed on '10.0.99.252', secure communication cannot be guaranteed. Depending on your security policy, this issue could represent a security concern.

The SHA-1 thumbprint of the certificate is '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'

Do you accept the thumbprint?

1: Accept and continue.

2: Do not accept and exit.

Enter '1' or '2': 1

You have accepted the server certificate's thumbprint '0E:DC:1F:BA:41:FC:2E:56:77:33:AC:69:A0:B7:83:5F:4B:86:A5:21'.

Initializing....

Retrying the connection with certificate thumbprint check...

Precheck PSC decommission task successful.

Retrying the connection with certificate thumbprint check...

CONVERGE_PSC_HOSTNAME:

elm-psc01.em.com

Precheck vCenter decommission task successful.

PSC machine powered off successfully.

Decommissioning PSC node. This may take some time. Please wait..

 Successfully decommissioned the PSC node 

=============================================================================================== 05:23:11 ===============================================================================================

Result and log file information...

WorkFlow log directory: /tmp/vcsaCliInstaller-2019-10-10-05-17-2ew_59vk/workflow_1570684671581

##驗證結果

root@elm-vcsa01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartnerstatus -h elm-vcsa01.em.com -u Administrator -w P@ssw0rd

Partner: elm-vcsa02.em.com

Host available:   Yes

Status available: Yes

My last change number:             6266

Partner has seen my change number: 6266

Partner is 0 changes behind.

root@elm-vcsa01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showservers -h elm-vcsa01.em.com -u Administrator -w P@ssw0rd

cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

root@elm-vcsa01 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartners -h elm-vcsa01.em.com -u Administrator -w P@ssw0rd

ldap://elm-vcsa02.em.com

oot@elm-vcsa02 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showservers -h elm-vcsa02.em.com -u Administrator -w P@ssw0rd

cn=elm-vcsa01.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

cn=elm-vcsa02.em.com,cn=Servers,cn=default-site,cn=Sites,cn=Configuration,dc=vsphere,dc=local

root@elm-vcsa02 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartnerstatus -h elm-vcsa02.em.com -u Administrator -w P@ssw0rd

Partner: elm-vcsa01.em.com

Host available:   Yes

Status available: Yes

My last change number:             6271

Partner has seen my change number: 6271

Partner is 0 changes behind.

root@elm-vcsa02 [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showpartners -h elm-vcsa02.em.com -u Administrator -w P@ssw0rd

ldap://elm-vcsa01.em.com