Prepare the OVF template¶

To deploy Mirantis Container Cloud on a vSphere-based environment, the OVF template for cluster machines must be prepared according to the following requirements:

The VMware Tools package is installed.
The cloud-init utility is installed and configured with the specific VMwareGuestInfo data source.
For RHEL deployments, the virt-who service is enabled and configured to connect to the VMware vCenter Server to properly apply the RHEL subscriptions on the nodes. The virt-who service can run on a standalone machine or can be integrated into a VM template.

The following procedures describe how to meet the requirements above either using the Container Cloud script or manually.

To prepare the OVF template using the Container Cloud script:

Prepare the Container Cloud bootstrap and modify templates/vsphere/vsphere-config.yaml.template and templates/vsphere/cluster.yaml.template as described in Bootstrap a management cluster, steps 1-9.
Download the ISO image depending on the target OS:
- Ubuntu 20.04 DVD ISO from Ubuntu images
- RHEL 7.8, 7.9, or 8.4 ^TechPreview DVD ISO from the RedHat Customer Portal
- Technology Preview: CentOS 7.9 DVD ISO from the CentOS mirrors
Export the following variables:
- The path to the downloaded ISO file.
- The vSphere cluster name.
- The OS name: rhel, ubuntu, or centos.
- The OS version: 7.8, 7.9, or 8.4 ^TechPreview for RHEL; 7.9 for CentOS ^TechPreview, 20.04 for Ubuntu.
- Optional. The virt-who user name and password for RHEL deployments.
For example, for RHEL:
```
export KAAS_VSPHERE_ENABLED=true
export VSPHERE_RO_USER=virt-who-user
export VSPHERE_RO_PASSWORD=virt-who-user-password
export VSPHERE_PACKER_ISO_FILE=$(pwd)/iso-file.dvd.iso
export VSPHERE_CLUSTER_NAME=vsphere-cluster-name
export VSPHERE_PACKER_IMAGE_OS_NAME=rhel
export VSPHERE_PACKER_IMAGE_OS_VERSION=7.9
```
Optional variables¶

Variable

Description

VSPHERE_VM_TIMEZONE

Time zone for virtual machines. Defaults to America/New_York.

Optional variables¶
Variable	Description
`VSPHERE_VM_TIMEZONE`	Time zone for virtual machines. Defaults to `America/New_York`.

Optional. If you require all Internet access to go through a proxy server, in bootstrap.env, add the following environment variables:

HTTP_PROXY
HTTPS_PROXY
NO_PROXY
PROXY_CA_CERTIFICATE_PATH

Example snippet:

export HTTP_PROXY=http://proxy.example.com:3128
export HTTPS_PROXY=http://user:pass@proxy.example.com:3128
export NO_PROXY=172.18.10.0,registry.internal.lan
export PROXY_CA_CERTIFICATE_PATH="/home/ubuntu/.mitmproxy/mitmproxy-ca-cert.cer"

The following variables formats are accepted:

Proxy configuration data¶
Variable	Format
`HTTP_PROXY` `HTTPS_PROXY`	`http://proxy.example.com:port` - for anonymous access `http://user:password@proxy.example.com:port` - for restricted access
`NO_PROXY`	Comma-separated list of IP addresses or domain names
`PROXY_CA_CERTIFICATE_PATH` ^{Available since 2.18.0 as TechPreview}	Optional. Path to the proxy CA certificate for man-in-the-middle (MITM) proxies. Must be placed on the bootstrap node to be trusted. For details, see Install a CA certificate for a MITM proxy on a bootstrap node. Warning If you require Internet access to go through a MITM proxy, ensure that the proxy has streaming enabled as described in Enable streaming for MITM.

For the list of Mirantis resources and IP addresses to be accessible from the Container Cloud clusters, see Requirements for a VMware vSphere-based cluster.

Prepare the OVF template:
```
./bootstrap.sh vsphere_template
```
After the template is prepared, set the SET_VSPHERE_TEMPLATE_PATH parameter in templates/vsphere/machines.yaml.template as described in Bootstrap a management cluster.

To prepare the OVF template manually:

Run a virtual machine on the vSphere data center with the DVD ISO mounted to it. Specify the amount of resources that will be used in the Container Cloud setup. A minimal resources configuration must match the Requirements for a VMware vSphere-based cluster for a vSphere-based Container Cloud cluster.
Bootstrap the OS using vSphere Web Console. Select a minimal setup in the VM installation configuration. Create a user with root or sudo permissions to access the machine.
Log in to the VM when it starts.

Optional. If you require all Internet access to go through a proxy server, in bootstrap.env, add the following environment variables:

HTTP_PROXY
HTTPS_PROXY
NO_PROXY
PROXY_CA_CERTIFICATE_PATH

Example snippet:

export HTTP_PROXY=http://proxy.example.com:3128
export HTTPS_PROXY=http://user:pass@proxy.example.com:3128
export NO_PROXY=172.18.10.0,registry.internal.lan
export PROXY_CA_CERTIFICATE_PATH="/home/ubuntu/.mitmproxy/mitmproxy-ca-cert.cer"

The following variables formats are accepted:

Proxy configuration data¶
Variable	Format
`HTTP_PROXY` `HTTPS_PROXY`	`http://proxy.example.com:port` - for anonymous access `http://user:password@proxy.example.com:port` - for restricted access
`NO_PROXY`	Comma-separated list of IP addresses or domain names
`PROXY_CA_CERTIFICATE_PATH` ^{Available since 2.18.0 as TechPreview}	Optional. Path to the proxy CA certificate for man-in-the-middle (MITM) proxies. Must be placed on the bootstrap node to be trusted. For details, see Install a CA certificate for a MITM proxy on a bootstrap node. Warning If you require Internet access to go through a MITM proxy, ensure that the proxy has streaming enabled as described in Enable streaming for MITM.

For the list of Mirantis resources and IP addresses to be accessible from the Container Cloud clusters, see Requirements for a VMware vSphere-based cluster.

For RHEL, attach your RHEL license for Virtual Datacenters to the VM:

subscription-manager register
# automatic subscription selection:
subscription-manager attach --auto
# or specify pool id:
subscription-manager attach --pool=<POOL_ID>
# verify subscription status
subscription-manager status

Select from the following options:

Prepare the operating system automatically:

Download the automation script:

curl https://gerrit.mcp.mirantis.com/plugins/gitiles/kubernetes/vmware-guestinfo/+/refs/tags/v1.1.5/install.sh?format=TEXT | \
base64 -d > install.sh
chmod +x install.sh

Optional. For RHEL, export the vCenter Server credentials of the read-only user. For example:

export VC_SERVER='vcenter1.example.com'
export VC_USER='domain\vmware_read_only_username'
export VC_PASSWORD='password!23'
# optional parameters:
export VC_HYPERVISOR_ID=hostname
export VC_FILTER_HOSTS="esx1.example.com, esx2.example.com"
export VCENTER_CONFIG_PATH="/etc/virt-who.d/vcenter.conf"

Run the installation script:
```
./install.sh
```

Prepare the operating system manually:

Install the open-vm-tools package version 11.0.5 or later with dependencies and verify its version:
```
yum install open-vm-tools net-tools perl -y
vmtoolsd --version
vmware-toolbox-cmd --version
```

Install and configure cloud-init:

Install the cloud-init package and verify its version:
- 19.4 or later for RHEL 7.8 and 7.9, or CentOS 7.9 ^TechPreview
- 20.3 or later for RHEL 8.4 ^TechPreview
- 22.1 or later for Ubuntu 20.04
```
yum install cloud-init -y
cloud-init --version
```

For RHEL and CentOS:

Download the VMwareGuestInfo data source files:

curl https://gerrit.mcp.mirantis.com/plugins/gitiles/kubernetes/vmware-guestinfo/+/refs/tags/v1.1.5/DataSourceVMwareGuestInfo.py?format=TEXT | base64 -d > DataSourceVMwareGuestInfo.py
curl https://gerrit.mcp.mirantis.com/plugins/gitiles/kubernetes/vmware-guestinfo/+/refs/tags/v1.1.5/99-DataSourceVMwareGuestInfo.cfg?format=TEXT | base64 -d > 99-DataSourceVMwareGuestInfo.cfg

Add 99-DataSourceVMwareGuestInfo.cfg to /etc/cloud/cloud.cfg.d/.
Depending on the Python version on the VM operating system, add DataSourceVMwareGuestInfo.py to the cloud-init sources folder. Obtain the cloud-init folder on the OS:
```
python -c 'import os; from cloudinit import sources; print(os.path.dirname(sources.__file__));'
```

For Ubuntu, create /etc/cloud/cloud.cfg.d/99_mcc.cfg with the following content:

datasource_list: [ VMware ]
package_update: false
package_upgrade: false
apt:
preserve_sources_list: true

Optional. For RHEL, prepare the virt-who user configuration:

Note

For details about the virt-who user creation, see Prepare the VMware deployment user setup and permissions.

Install virt-who:

yum install virt-who -y
cp /etc/virt-who.d/template.conf /etc/virt-who.d/vcenter.conf

Set up the file content using the following example:

[vcenter]
type=esx
server=vcenter1.example.com
username=domain\vmware_read_only_username
encrypted_password=bd257f93d@482B76e6390cc54aec1a4d
owner=1234567
hypervisor_id=hostname
filter_hosts=esx1.example.com, esx2.example.com

virt-who configuration parameters¶
Parameter	Description
`[vcenter]`	Name of the vCenter data center.
`type=esx`	Specifies the connection of the defined `virt-who` user to the vCenter Server.
`server`	The FQDN of the vCenter Server.
`username`	The `virt-who` user name on the vCenter Server with the read-only access.
`encrypted_password`	The `virt-who` password encrypted by the `virt-who-password` utility using the virt-who-password -p <password> command.
`owner`	The organization that the hypervisors belong to.
`hypervisor_id`	Specifies how to identify the hypervisors. Use a host name to provide meaningful host names to the Subscription Management. Alternatively, use `uuid` or `hwuuid` to avoid duplication in case of hypervisor renaming.
`filter_hosts`	List of hypervisors that never run RHEL VMs. Such hypervisors do not have to be reported by `virt-who`.

For CentOS, verify that .yum mirrors are set to use only the *.centos.org URLs. Otherwise, access to other mirrors may be blocked by squid-proxy on managed clusters. For details, see Configure squid-proxy.

For RHEL, remove the RHEL subscription from the node.

subscription-manager remove --all
subscription-manager unregister
subscription-manager clean

Shut down the VM.
Create an OVF template from the VM.

Now, proceed to Bootstrap a management cluster.