Configuring PSC Appliance for High Availability SSL termination in vSphere 6.7
Article ID: 338162
Updated On:
Products
VMware vCenter Server
Issue/Introduction
This article provides steps to configure Platform Services Controller (PSC) Appliance 6.7 High Availability with SSL termination.
Environment
VMware vCenter Server Appliance 6.7.x
Resolution
This article is part of a series for configuring PSC HA, for the main article, see: Configuring Platform Service Controller HA in vSphere 6.7.
To configure the PSCs for load balancing, run updateSSOConfig.py and updateLsEndpoint.py scripts:
Notes:
For example:
python updateSSOConfig.py --lb-fqdn=loadbalancer.vmware.com
For example:
python UpdateLsEndpoint.py --upgrade --lb-fqdn=psc-ha-vip.domain.com [email protected] --password=VMware123$ --lb-cert=/root/certs/lb.crt
Note: Perform these step on a single PSC node only.
To configure the PSCs for load balancing, run updateSSOConfig.py and updateLsEndpoint.py scripts:
Notes:
- The updateSSOConfig.py script updates information local to each PSC and must be ran on all PSCs in the HA instance.
- The updateLsEndpoint.py script updates the ServiceRegistration Endpoints in VMDir and only needs to be ran on one of the PSCs in the HA instance.
- Connect to the PSC appliance and log in with root credentials.
- Type shell to access the Bash shell.
- Navigate to /usr/lib/vmware-sso/bin with this command:
cd /usr/lib/vmware-sso/bin
- Run this command:
python updateSSOConfig.py --lb-fqdn=psc-ha-vip
For example:
python updateSSOConfig.py --lb-fqdn=loadbalancer.vmware.com
- Repeat these steps on remaining PSCs.
- Connect to the PSC appliance and log in with root credentials.
- Type shell to access the Bash shell.
- Navigate to /usr/lib/vmware-sso/bin with this command:
cd /usr/lib/vmware-sso/bin
- From the load balancer console, download the certificate used to configure the PSC nodes to the load balancer, onto the PSC machine. Provide the absolute path of this certificate to the –lb-cert parameter in the next step.
- Run this command:
python UpdateLsEndpoint.py --upgrade --lb-fqdn= PSC_HA_VIP_FQDN --user=administrative_user --password=password -–lb-cert=Absolute_path_of_the_load_balancer_certificate
For example:
python UpdateLsEndpoint.py --upgrade --lb-fqdn=psc-ha-vip.domain.com [email protected] --password=VMware123$ --lb-cert=/root/certs/lb.crt
Note: Perform these step on a single PSC node only.
Feedback
Yes
No
Powered by
