20 Jul How to Convert a vSphere 8 Environment to VCF 5.2.x Using the Brownfield Import Tool

Posted at 23:41h in SDDC Manager, vCenter, VCF by

This comprehensive guide details how to Convert vCenter 8 to VMware Cloud Foundation 5.2.x using the Brownfield Import Tool. Includes step-by-step instructions for SDDC Manager install, environment validation, and successful domain conversion.

Prerequisites

  • Tools and software downloaded from Broadcom.
  • An SSH client, i.e. Putty and an FTP client, i.e. WinSCP.
  • SSH login enabled on your vCenter Server

Precheck of vCenter Server

Staging the VCF Import Tool

Before we start, let’s run a precheck just to make sure there’s nothing hiding that will stop us during the conversion. We’ll be using the VCF Import Tool which you’ll need to download from Broadcom’s Support Portal.

First, open a Putty session to vCenter.  If you see Command> type shell.

Next, we need to change the default shell to /bin/bash.

chsh -s /bin/bash root

Now make a new directory where we will put the VCF Import Tool.

mkdir /tmp/vcfimport

Next we’ll use WinSCP to put the VCF Import Tool into the directory we just created.

Now let’s extract it. Back in Putty change directories: cd /tmp/vcfimport then run this command.

tar -xvf vcf-brownfield-import-5.2.1.2-24494579.tar.gz

Change directories one more time.

cd /tmp/vcfimport/vcf-brownfield-import-5.2.1.2-24494579/vcf-brownfield-toolset

Running the VCF Import Tool

At this point we can run the tool. The command is formatted like this, just change the vCenter, SSO User, and SSO Password for your environment.

python3 vcf_brownfield.py precheck --vcenter 'VCSA223.nested.local' --sso-user '[email protected]'

Enter your password when prompted then wait for the results.  It won’t take long. As you can see, I have an error related to the host being connected to vDS. Normally you’d want to investigate any failed test, fix the issue, and retest until all test pass.  In my case, I know why that test is failing.  It’s expecting a physical NIC (vmnic backed by a real PCI device), and the nested vmxnet3 virtual NICs in Workstation don’t pass that sniff test.  Hence the Fail on the vDS check.  I’m going to move forward in our quest regardless.  In a production environment ensure all test pass before moving on.

Once we are done with the VCF Import Tool, remove it from vCenter.

rm --recursive /tmp/vcfimport

Prerequisites for SDDC Manager

  • Download the VCF-SDDC-Manager-Appliance-(Build Number).ova
  • Create a DNS entry for the SDDC Manager (Forward and Reverse)

Deploying SDDC Manager

For this step you’ll need the VCF-SDDC-Manager-Appliance-(Build Number).ova. However, there is more than one available. So make sure it’s the one that has the buildnumber.ova in the file name.

In vCenter, right-click on a Cluster (or host if you want it on a specific one) and click Deploy OVF Template…

When the wizard opens it’s a simple process so I’m going to save some bandwidth and not include a screen shot of every step.

  • Step 1 is to select the OVA you downloaded.  Click Local file, browse to your file, click Next.
  • Select a name for the VM. I suggest naming it the same as what you set up in DNS.  I named mine SDDC-Manager-224.  I used 224 because that’s the IP I’m using for it.  Leave your Cluster (or host) selected as the location and click Next.
  • Shouldn’t need to change the default compute resource so just click Next.
  • Click Next on the Review details page.
  • Check the box to accept the license agreement and click Next.
  • Select your storage and click Next.
  • On the networks page, you should select an Ephemeral network.  Click Next.
  • Customize template is where you’ll have a good bit of information to fill out.  It may be a good idea to write everything down in a Notepad as you go. If you take too long filling it out it will time out and you have to start over.  Look at my screenshots so you know what all you need to fill out.  Then you can write it all down beforehand and just copy/paste when you get to this step.  After you get it all filled in hit Next.

The last step is just a review. Besides all the passwords here’s a screenshot of my review page that shows all the network settings.  If you’re happy with it, click Finish.

Speaking of timing out…mine did.  This time I’ll do it again a little faster!

Now we wait for the Appliance to be deployed.  Before moving forward take a snapshot of it.

After the snapshot is done you can power it on.

NXS Deployment Specification

To convert our environment we need an NSX deployment specification. It’s just a Json file with the details of your NSX deployment.  Here’s mine that you can copy/paste and edit for your environment.

{
"license_key": "AAAAA-BBBBB-CCCCC-DDDDD-EEEEE",
"form_factor": "small",
"admin_password": "****************",
"install_bundle_path": "/nfs/vmware/vcf/nfs-mount/bundle/ bundle-133764.zip",
"cluster_ip": "10.0.10.110",
"cluster_fqdn": "PopeLab-nsx01.nested.local",
"manager_specs": [{
"fqdn": "PopeLab-nsx01a.nested.local",
"name": "PopeLab-nsx01a",
"ip_address": "10.0.10.111",
"gateway": "10.0.10.222",
"subnet_mask": "255.255.255.0"
},
{
"fqdn": "PopeLab-nsx01b.nested.local",
"name": "PopeLab-nsx01b",
"ip_address": "10.0.10.112",
"gateway": "10.0.10.222",
"subnet_mask": "255.255.255.0"
},
{
"fqdn": "PopeLab-nsx01c.nested.local",
"name": "PopeLab-nsx01c",
"ip_address": "10.0.10.113",
"gateway": "10.0.10.222",
"subnet_mask": "255.255.255.0"
}]
}

Now, save it as NSX-Deployment.Json (or something easy to identify)  then use WinSCP to upload it to the SDDC Manager Appliance here:

/nfs/vmware/vcf/nfs-mount/bundle/

NOTE: The Username to get into the SDDC Manager with WinSCP/Putty is vcf.  Root will not work.

Uploading Software to SDDC

At this point the VCF Import Tool is already downloaded. So we need to download the VMware software Install Bundle, NSX_T_MANAGER 4.2.1.0. That will take a few minutes to download.  But while we wait we can upload the Import Tool.

Use Putty to create a new directory.

mkdir /home/vcf/vcf-import-package

Now use WinSCP to copy the VCF Import Tool into that directory.

After the NSX bundle finishes downloading copy it into:

/nfs/vmware/vcf/nfs-mount/bundle/

Install the Import Tool

Now let’s install the Import Tool.

In Putty type:

cd /home/vcf/vcf-import-package

Next, we need to unpack the tar like we did on vCenter early.  Type:

tar -xvf vcf-brownfield-import-5.2.1.2-24494579.tar.gz

After that finishes change to the unpackaged directory.  Type:

cd /home/vcf/vcf-import-package/vcf-brownfield-import-5.2.1.2-24494579/

Now type SU to switch to the root account and enter the root password when prompted. Install by typing: ./install.sh

After the installation finishes switch back to the vcf user: su vcf then navigate to:

cd /home/vcf/vcf-import-package/vcf-brownfield-import-5.2.1.2-24494579/vcf-brownfield-toolset

and run this command:

python3 vcf_brownfield.pyhelp

Success! Now the VCF Import Tool is installed on the SDDC Manager.  Next we can run a full check on our target vCenter.

Running a Detailed Check on the Target vCenter

Before running the following command, make sure to change the vCenter and SSO-User values to match your environment.

python3 vcf_brownfield.py check --vcenter 'VCSA223.nested.local' --sso-user '[email protected]'

When prompted enter the vCenter password, the SDDC Manager local admin password and type yes to accept the thumbprint.

Oh no, seems I’ve run into an error, and you may too. This is an issue with not trusting the cert on my vCenter.  So, let’s fix it.

Before we move forward we need to add the cert to the cacerts file on SDDC.  Let’s grab the vCenter cert. Remember, if you copy/paste update the vCenter name for your environment.

openssl s_client -connect VCSA223.nested.local:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM > /tmp/vcenter.pem

Now we need to import it into the Java trust store on SDDC. We need to switch to SU first and enter the password, then run this:

keytool -import -trustcacerts -alias vcsa223-cert-java17 \
-file /tmp/vcenter.pem \
-keystore /usr/lib/jvm/openjdk-java17-headless.x86_64/lib/security/cacerts \
-storepass changeit

When asked, type yes to trust the certificate.

Since we added our vCenter cert to the keystore, SDDC trust it now. Let’s go see.  But first switch back to vcf user: su vcf then run the Import Tool again.

python3 vcf_brownfield.py check --vcenter 'VCSA223.nested.local' --sso-user '[email protected]'

Success. The tool ran and we can see we had 1 failed check.  Let’s check it out and see what it is.

In your Putty session, highlight the full path shown in Failed guardrails YML: then type CAT and right-click to paste the path.

at /home/vcf/vcf-import-package/vcf-brownfield-import-5.2.1.2-24494579/vcf-brownfield-toolset/output/guardrails_report_VCSA223.nested.local.yml

We see our failed check now.  ESXi upgrade policy validation…  Let’s fix that.

While researching the issue, I found it’s common enough that Broadcom addresses it in their documentation. In SDDC Manager, the default upgrade policy is applied across all clusters; conversely, in vSphere, each cluster can have its own individual upgrade policy. Consequently, this can lead to a mismatch between the ESXi upgrade policy set in vCenter and what SDDC Manager expects during operations.  To fix this we just need to adjust some settings in LCM on vCenter.  The full article I’m referencing is HERE.

In vCenter, click on the hamburger menu and select Lifecycle Manager.

First, click on Settings, then select Images under Cluster Lifecycle.

Click on the Edit button and check the box for “Migrate powered off and suspended VMs to other hosts in the cluster, if a host must enter maintenance mode.”  Click Save.

At this point, we can run the check again to see if that warning has been resolved. Back in PuTTY, arrow up until you see the command to run the check; then, press Enter to run it again.

Awesome, no failed checks!

Convert vSphere Environment into SDDC Manager Inventory

At last, one more command to run.  Once again, if you copy and paste, then adjust it for your environment.

python3 vcf_brownfield.py convert --vcenter 'VCSA223.nested.local' --sso-user '[email protected]' --domain-name 'mgmt-domain' --nsx-deployment-spec-path '/nfs/vmware/vcf/nfs-mount/bundle/NSX-Deployment.json'

At this point, be prepared to enter the passwords for vCenter SSO, SDDC Manager local admin, vCenter SSH root, and SDDC Manager backup user. Also, if asked, type yes to accept the SSH keys.

Eventually, you may be asked about additional SSH keys for your hosts. If so, then type yes to continue.  Then we play the waiting game.

After about 40 minutes in for me (it could take much longer for you), you’ll get prompted to take a snapshot of SDDC Manager. Do that in vCenter and once it finishes type yes to continue.

A little over an hour and a half later…

and we can now log into our new SDDC Manager.


Tags:
, , , , ,
Print page
1 Like
Chris Pope
[email protected]

Certified Senior Virtualization Engineer with over 13 years of experience designing, deploying, and optimizing VMware and Omnissa environments across secure DoD and NATO systems. Adept at streamlining hybrid cloud operations, executing complex P2V migrations, and enhancing disaster recovery. Skilled communicator who simplifies complex technology for users and teams.

No Comments

Post A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.