In this post, I’m going to go through how to pair two brand new VMware vCloud Director (vCD) 10.0 instances using Postman. For this lab environment, I am using the generally available virtual appliances.
First, I wanted to call out a few things from Steve Dockar –
- Steve recently posted an update to his white-paper on multi-site configuration. We run into multiple configurations but most production instances need a load balancer. Read more here.
- The vCloud Architecture Toolkit white-paper on multi-site pairing is still very applicable. You can find it here.
In my lab setup, I am using a single consolidated appliance without a load balancer. Do note your configuration might vary.
Prerequisites and Setup
There’s two main steps to vCD site pairing:
- Provider Instance Pairing – this is done via the API that establishes the system trust between the two vCD instances.
- Organization Pairing – done via the User Interface (UI) by the organization administrator or provider to associate organizations between the two sites.
Provider instance pairing is always a 1:1 relationship – we pair Site-A with Site-B for example. This can fan out based on the vCD provider design.
First, let’s follow Fojta’s post on setting up global variables and getting a passed-through bearer token –
From here, I am able to use {{host}} from my Site-A and {{host-b}} for my Site-B instance.
With the vCloud Director appliance, the username is “admin@system” rather than administrator.
Also, I am using version 33 of the API. This is the latest version for vCD 10.0.
application/*+xml;version=33.0
Note about vCD 10.0 Appliances
After testing multi-site capability with the vCD 10.0 appliances, I noticed I was getting “connection refused” messages when the UI was attempting a multi-site connection. From the UI, I would not see any objects and receiving a “Internal server error” message –
From the vCD terminal, even a curl statement would not pass successfully locally!
Essentially, when I deployed the appliances, the OVA parameters build the FQDN and short name into a single host entry that has my FQDN pointing to the loopback address –
You can edit the /etc/hosts file and resolve this, but it does not persist through a reboot (VAMI overwrites it).
My resolution was editing the /etc/nsswitch.conf file and changing the line
hosts files dns
to
hosts dns
So, before I had this:
Now I have this:
I have Engineering looking into this further, but be aware for any vCD appliance users.
Retrieve the Current State
In my environment, I have two sites –
vcd.dp-pod.zpod.io
vcd.dp-pod-b.zpod.io
Using the {{host}} variable, we are going to retrieve the following:
- site
- site/associations
- site/associations/localAssociationData
I am copying this in a document in the event I need to revert at any time.
First, let’s get the API site
GET https://{{host}}/api/site
Then, we can get the following:
GET https://{{host}}/api/site/associations
GET https://{{host}}/api/site/associations/localAssociationData
Again, I saved this to a notepad document for future use.
Let’s repeat this for my second site –
Adding Site-A to Site-B
First, let’s ensure there’s no existing sites paired to Site-B –
GET https://{{host-b}}/api/site/associations
We want to POST the SiteAssociationMember section to Site-B. Go to your notepad for Site-A and copy Site-A’s SiteAssociationMember’s export.
We also need to add a new Header for this POST operation –
Content-Type application/vnd.vmware.admin.siteAssociation+xml
Now let’s POST the correct body in Raw/XML format.
POST https://{{host-b}}/api/site/associations
Great! We received a 200 OK response.
Doing a GET on Site Associations we can see the status is ASYMMETRIC which is fine. We have not done the reverse pairing on Site-A.
GET https://{{host-b}}/api/site/associations
Adding Site-B to Site-A
Now, we are going to reverse the process.
First, let’s get the current site associations –
GET https://{{host}}/api/site/associations
Let’s build our POST body in XML –
POST https://{{host}}/api/site/associations
Got our 200 OK message, excellent.
Now, let’s get the current status. We should see this changed from ASYMMETRIC to ACTIVE.
GET https://{{host}}/api/site/associations
Great! The excellent thing is this is a one-time process per 1:1 site pairing, unless the certificates change.
Now, we are ready to pair our organization VDCs between Site-A and Site-B.
Verification and Organization Pairing
Next, let us check to see how the User Interface looks from the Provider UI.
From the above image, we can see that I have my two sites paired based on the ‘Site’ column to the right. We can then filter based on these sites.
Let’s go ahead and pair organization ‘Acme’ between the two sites.
Organization Pairing
From the UI, we can see only my single Acme oVDC in Site-A –
Navigate to the Context switching menu -> Administration -> Select multi-site on the left side –
Now, let’s Export the local association from both sites. We will need both of these for the pairing process. I like to save them with a postfix name of the respective site (as below).
Back to Site-A, let’s click on “Create New Organization Association” button to start the wizard.
We would select the Site-B XML file for the upload process –
Verify and Submit…
We can see the Status is Asymmetric – this is because we did not do the association on Site-B just yet.
From Site-B, click on “Create New Organization Association” and import in the Site-A XML file.
Now, both sites should turn ACTIVE on the status.
Typically, I need to refresh the page or click on another vCD section for it to refresh. I captured in a GIF the refresh from when it went ASYMMETRIC to ACTIVE.
Finally, we can see Acme now has both sites shown with their respective oVDCs.
One can repeat this process for any additional vCD sites.
Conclusion
The vCD site pairing process is fairly straight forward and should not take a couple minutes when using Postman. I would not consider myself a Postman expert, but was able to get this done very quickly.
Once the sites are paired, authenticated/privileged organization users can set up their own organization association between sites. This is a very nice and intuitive UI experience.
If you are still concerned about using the API, Jon Waite did a great job of writing out PowerShell module to simplify the provider pairing process.
-Daniel
Hi, Nice guide. I have set up using vCD v10 and API v33 and I have 2 sites both showing ASYMMETRIC. How can this be rectified?
Hi Lee – one of two issues: 1) ensure you have port 443 open bi-directionally and 2) certificates are established correctly. If there’s any cert change, multi-site will not work.
Thanks for the reply Daniel. 443 looks ok bi-directionally as do certs. Currently raised with VMware support. I’ll be more than happy to share the outcome.
Dan, great guide. I am having the same problem you were experiencing with the 10.0 appliance. Sites are associated and Active; however, GUI will not load correctly generating Internal Server errors and no objects. Tried the fix you have above to no avail. Setup includes 3 cells at each site with F5 load balancer. Any other insight to the cause of this issue? Remove the site associations and everything starts working again. Thanks.
hello
Even though this blog is for vCD 10 but it would be helpful if you can give some clue for vCD 9.7. I did multisite configuration for vCD 9.7. Site paired OK (Active) & ORG Paired OK (Active). I see ORGVDC from both site VCD. But somehow I am not able to see site ICON. In you last image also i dont see site ICON however a gear ICON is available in your last image which is not available in my UI.
Is Site ICON removed which used to allow to change site from drop down. I am not sure if i am missing something. Could you please suggest
Hello, that was an older UI design that has now been deprecated. All recent versions of VCD have a ribbon at the top to depict the number of sites, orgVDCs, and resources.
Very interesting, thanks for sharing !
Does any one knows if we can associate vCD 10.0 build over vSphere6.7 & NSX-V with a new built vCD version 10.1 with vSphere 7 and NSX-T on its backend (I mean pVDC) ?
We are planning to extend our cloud infrastructure with a new site, so preferably we install new version on the new site unless there is a constraint/incompatiblity detected….
Yes, one can maintain at least a N-1 configuration between VCD paired sites. The multisite API has not had major changes in the 10.x code base.