Have a Question?
Deploy VMware VCSA with CLI
Tutorial on how to deploy VMware VCSA with CLI on vSphere ESXi Host
Tested environment
- VMware vCenter Appliance (VCSA) 6.7 & 7.0
Register A & PTR Records in DNS Server
Create a A record called vcsa.aventis.com.my and PTR record in the AD / DNS Server (192.168.1.200)
Deployment of VCSA will failed without A & PTR records predefined
Prepare Template File (JSON) for Embeded vCenter Appliance (VCSA)
Prepare a C:\Temp\vcsa.json (JSON Template File) as below
Replace the following parameters based on your own environment
- New_VCSA – ESXi – ESXi Host where vCenter Appliance will be deployed
- Hostname, Username, Password, Deployment_Network and Datastore
- New_VCSA – Appliance – Parameters, like thin disk, deployment option and name for the new VCSA
- New_VCSA – Network – Network Information, like IP Address, DNS Server, Gateway and FQDN for the new VCSA
- New_VCSA – OS – Parameters, Password, NTP Server and SSH Enabled for the VCSA Appliance
- New_VCSA – SSO – Parameters, like Password and Domain for SSO Domain
{
"__version": "2.13.0",
"__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.",
"new_vcsa": {
"esxi": {
"hostname": "192.168.1.168",
"username": "root",
"password": "P@ssw0rd!@#$",
"deployment_network": "VM Network",
"datastore": "LOCAL"
},
"appliance": {
"thin_disk_mode": true,
"deployment_option": "small",
"name": "vcsa"
},
"network": {
"ip_family": "ipv4",
"mode": "static",
"ip": "192.168.1.170",
"dns_servers": [
"192.168.1.200"
],
"prefix": "24",
"gateway": "192.168.1.1",
"system_name": "vcsa.aventis.com.my"
},
"os": {
"password": "P@ssw0rd",
"ntp_servers": "time.windows.com",
"ssh_enable": true
},
"sso": {
"password": "P@ssw0rd!@#$",
"domain_name": "vsphere.local"
}
},
"ceip": {
"description": {
"__comments": [
"++++VMware Customer Experience Improvement Program (CEIP)++++"]
},
"settings": {
"ceip_enabled": true
}
}
}Verify the syntax of the Template file
Verify whether there is any error in the template file prepared
E:\vcsa-cli-installer\win32\vcsa-deploy.exe install --accept-eula --verify-template-only c:\temp\vcsa.json
Run the installer with "-v" or "--verbose" to log detailed information
Updating log file location, copying 'C:\Users\ADMINI~1\AppData\Local\Temp\vcsaCliInstaller-2020-08-01-08-00-2llde71u\vcsa-cli-installer.log' to desired location as a backup: 'C:\Users\ADMINI~1\AppData\Local\Temp\vcsaCliInstaller-2020-08-01-08-00-2llde71u\workflow_1596268851651\vcsa-cli-installer.log.bak'
Consuming the installer build:16111761
Workflow log-dir
C:\Users\ADMINI~1\AppData\Local\Temp\vcsaCliInstaller-2020-08-01-08-00-2llde71u\workflow_1596268851651
====== [START] Start executing Task: To validate CLI options at 08:00:51 ======
Command line arguments verfied.
[SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI
optionsValidation task' in TaskFlow 'template_validation' at 08:00:51
[START] Start executing Task: To validate the syntax of the template. at
08:00:51
Template syntax validation for template 'c:\temp\vcsa.json' succeeded.
Syntax validation for all templates succeeded.
[SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing
Template Syntax Validation task' in TaskFlow 'template_validation' at 08:00:52
[START] Start executing Task: To check the version of each template, and for
each older template that supports CEIP, convert it to the latest template
format, and save it to the Template Blackboard at 08:00:52
Template version processing for template 'c:\temp\vcsa.json' succeeded.
Version processing for all templates succeeded.
[SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing
Template Version Processing task' in TaskFlow 'template_validation' at 08:00:52
[START] Start executing Task: To validate the template structure against the
rules specified by a corresponding template schema. at 08:00:52
Template structure validation for template 'c:\temp\vcsa.json' succeeded.
Structure validation for all templates succeeded.
[SUCCEEDED] Successfully executed Task 'StructureValidationTask: Executing
Template Structure Validation task' in TaskFlow 'template_validation' at
08:00:53
[START] Start executing Task: To create a dependency graph for the provided
templates, with an edge pairing two templates that are dependent on each other.
Such graph relationships will affect whether certain templates can be deployed
in parallel, or must be deployed sequentially. at 08:00:53
Dependency processing for all templates succeeded.
[SUCCEEDED] Successfully executed Task 'DependencyProcessingTask: Executing
Template Dependency Processing task' in TaskFlow 'template_validation' at
08:00:53
Template verification completed.
=================================== 08:00:53 ===================================
Result and Log File Information...
WorkFlow log directory:Deploy VMware VCSA with CLI from Template
Deploy the VMware VCSA to ESXi host with the commands below
E:\vcsa-cli-installer\win32\vcsa-deploy.exe install --acknowledge-ceip --accept-eula --no-esx-ssl-verify c:\temp\vcsa.json -v
Updating log file location, copying 'C:\Users\ADMINI~1.MYL\AppData\Local\Temp\vcsaCliInstaller-2018-05-15-04-04-2f_tklqe
\vcsa-cli-installer.log' to desired location as a backup: 'C:\Users\ADMINI~1.MYL\AppData\Local\Temp\vcsaCliInstaller-201
8-05-15-04-04-2f_tklqe\workflow_1526357089668\vcsa-cli-installer.log.bak'
Adding the following cli arguments to blackboard {'cli_arg_template':
['c:\\temp\\EmbededVCSA.json'], 'cli_arg_pause_on_warnings': False,
'cli_arg_verbose': True, 'cli_arg_no_ssl_certificate_verification': True,
'cli_arg_verify_template_only': False, 'cli_arg_precheck_only': False,
'cli_arg_supported_deployment_sizes': False, 'cli_arg_accept_eula': True,
'cli_arg_skip_precheck': False, 'cli_arg_operation_id': None,
'cli_arg_template_help': False, 'cli_arg_no_esx_ssl_verify': True,
'cli_arg_log_dir': None, 'cli_arg_sub_command': 'install', 'cli_arg_terse':
False, 'cli_arg_acknowledge_ceip': True}
Workflow log-dir
C:\Users\ADMINI~1.MYL\AppData\Local\Temp\vcsaCliInstaller-2018-05-15-04-04-2f_tklqe\workflow_1526357089668
CLIOptionsValidationTask: Executing CLI optionsValidation task
====== [START] Start executing Task: To validate CLI options at 04:04:49 ======
Deprecation Warning: The command parameter '--no-esx-ssl-verify' is deprecated.
You must use the new parameter '--no-ssl-certificate-verification' in the next
deployment.
Command line arguments verfied.
[SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI
optionsValidation task' in TaskFlow 'template_validation' at 04:04:49
SyntaxValidationTask: Executing Template Syntax Validation task
[START] Start executing Task: To validate the syntax of the template. at
04:04:49
Template syntax validation for template 'c:\temp\EmbededVCSA.json' succeeded.
Syntax validation for all templates succeeded.
[SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing
Template Syntax Validation task' in TaskFlow 'template_validation' at 04:04:49
VersionProcessingTask: Executing Template Version Processing task
[START] Start executing Task: To check the version of each template, and for
each older template that supports CEIP, convert it to the latest template
format, and save it to the Template Blackboard at 04:04:49
Deprecation Warning: The command parameter '--no-esx-ssl-verify' is deprecated.
You must use the new parameter '--no-ssl-certificate-verification' in the next
deployment.
Template version processing for template 'c:\temp\EmbededVCSA.json' succeeded.
Version processing for all templates succeeded.
[SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing
Template Version Processing task' in TaskFlow 'template_validation' at 04:04:49
StructureValidationTask: Executing Template Structure Validation task
[START] Start executing Task: To validate the template structure against the
rules specified by a corresponding template schema. at 04:04:49
Checking section 'ceip'
Checking subsection 'description'
Checking subsection 'settings'
Key 'ceip_enabled' is valid.
Checking section 'new_vcsa'
Checking subsection 'esxi'
Key 'hostname' is valid.
Key 'port' is valid.
Key 'password' is valid.
Key 'username' is valid.
Key 'datastore' is valid.
Key 'deployment_network' is valid.
Checking subsection 'sso'
Key 'sso_port' is valid.
The 'new_vcsa sso password' password meets the installation
requirements.
Key 'password' is valid.
Key 'domain_name' is valid.
Key 'first_instance' is valid.
Checking subsection 'vc'
Checking subsection 'os'
The 'new_vcsa os password' password meets the installation requirements.
Key 'password' is valid.
Key 'ssh_enable' is valid.
Key 'ntp_servers' is valid.
Checking subsection 'appliance'
Key 'ovftool_path' is valid.
Key 'deployment_option' is valid.
Key 'name' is valid.
Key 'thin_disk_mode' is valid.
Checking subsection 'network'
Validating the prefix '24' with IP family 'ipv4', mode 'static'
Key 'prefix' is valid.
Key 'mode' is valid.
Key 'gateway' is valid.
Validating the IP family 'ipv4' with the ESXi hostname '192.168.1.188'
Key 'ip_family' is valid.
Key 'system_name' is valid.
Key 'dns_servers' is valid.
Key 'ip' is valid.
Checking subsection 'ovftool_arguments'
Template structure validation for template 'c:\temp\EmbededVCSA.json' succeeded.
Structure validation for all templates succeeded.
[SUCCEEDED] Successfully executed Task 'StructureValidationTask: Executing
Template Structure Validation task' in TaskFlow 'template_validation' at
04:04:49
DependencyProcessingTask: Executing Template Dependency Processing task
[START] Start executing Task: To create a dependency graph for the provided
templates, with an edge pairing two templates that are dependent on each other.
Such graph relationships will affect whether certain templates can be deployed
in parallel, or must be deployed sequentially. at 04:04:50
Finished forming template dependencies.
Number of graph nodes: 1
-- Template dependency relationships: 0 --
Dependency processing for all templates succeeded.
[SUCCEEDED] Successfully executed Task 'DependencyProcessingTask: Executing
Template Dependency Processing task' in TaskFlow 'template_validation' at
04:04:50
Determining template dependencies for operation INSTALL
Successfully constructed requirement collector for operation install
PrecheckTask: Prechecks log_dir
C:\Users\ADMINI~1.MYL\AppData\Local\Temp\vcsaCliInstaller-2018-05-15-04-04-2f_tklqe\workflow_1526357089668\EmbededVCSA\p
rechecks
Template for this deployment: { '__version': '2.13.0', 'ceip':
{'description': {}, 'settings': {'ceip_enabled': True}}, 'new_vcsa': {
'appliance': { 'deployment_option': 'small',
'name': 'vcsa', 'ovftool_path':
'E:\\vcsa-cli-installer\\win32\\..\\..\\vcsa\\ovftool\\win32\\ovftool.exe',
'thin_disk_mode': True}, 'esxi': { 'datastore': 'SSD',
'deployment_network': 'VM Network', 'hostname':
'192.168.1.188', 'password': '******',
'port': 443, 'username': 'root'},
'network': { 'dns_servers': '192.168.1.120',
'gateway': '192.168.1.1', 'ip': '192.168.1.121',
'ip_family': 'ipv4', 'mode': 'static',
'prefix': '24', 'system_name':
'vcsa.citrix.aventistech.info'}, 'os': { 'ntp_servers':
'my.pool.ntp.org', 'password': '******',
'ssh_enable': True}, 'sso': { 'domain_name': 'vsphere.local',
'first_instance': True, 'password': '******',
'sso_port': 443}}}
Writing template as a file:
C:\Users\ADMINI~1.MYL\AppData\Local\Temp\vcsaCliInstaller-2018-05-15-04-04-2f_tklqe\workflow_1526357089668\EmbededVCSA\t
emplate.json
workflow successfully constructed, it contains 1 taskflows ready to execute
SrcRequirementTask: Running SrcRequirementTask
[START] Start executing Task: Validate that requirements are met in the source
VCSA. at 04:04:50
InstallRequirementCollector: Reached gathering requirement
[SUCCEEDED] Successfully executed Task 'SrcRequirementTask: Running
SrcRequirementTask' in TaskFlow 'EmbededVCSA' at 04:04:50
PrecheckTask: Running prechecks.
====== [START] Start executing Task: Perform precheck tasks. at 04:04:50 ======
Running precheck: TargetCredentials
[START] Start executing Task: Verify that the provided credentials for the
target ESXi/VC are valid at 04:04:50
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
[SUCCEEDED] Successfully executed Task 'Running precheck: TargetCredentials' in
TaskFlow 'install' at 04:04:51
Running precheck: HostConfigs
[START] Start executing Task: Precheck CPU, memory and datastore size
requirements for a host. at 04:04:51
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found datastore 'SSD' in host 'v1.aventis.local': Capacity = 216.0 GB. Free
space = 190.82 GB. Found non-clustered host 'v1.aventis.local'. Memory size: 48
GB. Logical CPU (core) count: 8. Hyperthreading is enabled.
Host 'v1.aventis.local': Standalone (non-clustered) host requirements are met.
[SUCCEEDED] Successfully executed Task 'Running precheck: HostConfigs' in
TaskFlow 'install' at 04:04:52
Running precheck: TargetHostType
[START] Start executing Task: Verify the target host type matches the one given
in the template at 04:04:52
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
[SUCCEEDED] Successfully executed Task 'Running precheck: TargetHostType' in
TaskFlow 'install' at 04:04:52
Running precheck: TargetVersion
[START] Start executing Task: Verify that the target ESXi or VC version meets
the minimum requirements at 04:04:52
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
[SUCCEEDED] Successfully executed Task 'Running precheck: TargetVersion' in
TaskFlow 'install' at 04:04:52
Running precheck: OVAProperties.
[START] Start executing Task: Validate that the OVA image has the required OVA
properties. at 04:04:52
[SUCCEEDED] Successfully executed Task 'Running precheck: OVAProperties.' in
TaskFlow 'install' at 04:04:55
Running precheck: IpFqdnInUse
[START] Start executing Task: Validate the provided ip/fqdn is available to use
at 04:04:55
Pinging IPv4 address 192.168.1.121
Ping Result error None: Pinging 192.168.1.121 with 32 bytes of data: Reply
from 192.168.1.238: Destination host unreachable. Reply from 192.168.1.238:
Destination host unreachable. Ping statistics for 192.168.1.121:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), )
192.168.1.121 is unreachable.
Unable to resolve address of given host vcsa.citrix.aventistech.info.
[SUCCEEDED] Successfully executed Task 'Running precheck: IpFqdnInUse' in
TaskFlow 'install' at 04:05:00
Running precheck: ESXManagementStatus
[START] Start executing Task: Validate the target ESXi management status at
04:05:01
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
[SUCCEEDED] Successfully executed Task 'Running precheck: ESXManagementStatus'
in TaskFlow 'install' at 04:05:01
Running precheck: ApplianceName
[START] Start executing Task: Validate the provided target appliance name is
available to use at 04:05:01
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
[SUCCEEDED] Successfully executed Task 'Running precheck: ApplianceName' in
TaskFlow 'install' at 04:05:01
Running precheck: TargetDsFreespace
[START] Start executing Task: Check whether the datastore's free space
accommodate the VCSA's deployment option at 04:05:01
[SUCCEEDED] Successfully executed Task 'Running precheck: TargetDsFreespace' in
TaskFlow 'install' at 04:05:01
Running precheck: SSOCredentials
[START] Start executing Task: Verify the provided SSO info is valid by
connecting to the STS service. at 04:05:01
[SUCCEEDED] Successfully executed Task 'Running precheck: SSOCredentials' in
TaskFlow 'install' at 04:05:01
Running precheck: SSOExternal
[START] Start executing Task: Verify that the provided external SSO
(PSC)/Embedded info is valid at 04:05:01
Skipping the 'Verify that the provided external SSO (PSC)/Embedded info is
valid' precheck as there is no external SSO information.
[SUCCEEDED] Successfully executed Task 'Running precheck: SSOExternal' in
TaskFlow 'install' at 04:05:01
[SUCCEEDED] Successfully executed Task 'PrecheckTask: Running prechecks.' in
TaskFlow 'EmbededVCSA' at 04:05:01
Deploying vCenter Server Appliance
[START] Start executing Task: Invoke OVF Tool to deploy VCSA for installation,
upgrade, and migration at 04:05:02
Prepare to execute OVF Tool command
'--guestinfo.cis.deployment.autoconfig' is set to: True
See
C:\Users\ADMINI~1.MYL\AppData\Local\Temp\vcsaCliInstaller-2018-05-15-04-04-2f_tklqe\workflow_1526357089668\EmbededVCSA\o
vftool.log
for the OVF Tool logs.
--------------------------------------------------------------------------------
Generated OVF Tool command line:
E:\vcsa-cli-installer\win32\..\..\vcsa\ovftool\win32\ovftool.exe --X:waitForIp
--X:enableHiddenProperties --noSSLVerify --skipManifestCheck --sourceType=OVA
--powerOn --allowExtraConfig --prop:guestinfo.cis.deployment.autoconfig=True
--X:injectOvfEnv --acceptAllEulas
--X:logFile=C:\Users\ADMINI~1.MYL\AppData\Local\Temp\vcsaCliInstaller-2018-05-15-04-04-2f_tklqe\workflow_1526357089668\E
mbededVCSA\ovftool.log
--X:logLevel=verbose --X:logTransferHeaderData --name=vcsa --datastore=SSD
--prop:guestinfo.cis.deployment.node.type=embedded --deploymentOption=small
--diskMode=thin --network=VM Network
--prop:guestinfo.cis.appliance.ntp.servers=my.pool.ntp.org
--prop:guestinfo.cis.vmdir.domain-name=vsphere.local
--prop:guestinfo.cis.appliance.net.pnid=vcsa.citrix.aventistech.info
--prop:guestinfo.cis.appliance.ssh.enabled=True
--prop:guestinfo.cis.vmdir.first-instance=True
--prop:guestinfo.cis.appliance.net.prefix=24
--prop:guestinfo.cis.appliance.net.addr=192.168.1.121
--prop:guestinfo.cis.appliance.net.dns.servers=192.168.1.120
--prop:guestinfo.cis.ceip_enabled=True
--prop:guestinfo.cis.appliance.net.mode=static
--prop:guestinfo.cis.system.vm0.port=443
--prop:guestinfo.cis.appliance.net.addr.family=ipv4
--prop:guestinfo.cis.vmdir.password=******
--prop:guestinfo.cis.appliance.root.passwd=******
--prop:guestinfo.cis.appliance.net.gateway=192.168.1.1
E:\vcsa-cli-installer\win32\..\..\vcsa\VMware-vCenter-Server-Appliance-6.7.0.10000-8217866_OVF10.ova
vi://root:******@192.168.1.188:443
--------------------------------------------------------------------------------
'--guestinfo.cis.deployment.autoconfig' is set to: True
See
C:\Users\ADMINI~1.MYL\AppData\Local\Temp\vcsaCliInstaller-2018-05-15-04-04-2f_tklqe\workflow_1526357089668\EmbededVCSA\o
vftool.log
for the OVF Tool logs.
OVF Tool: Opening OVA source:
E:\vcsa-cli-installer\win32\..\..\vcsa\VMware-vCenter-Server-Appliance-6.7.0.10000-8217866_OVF10.ova
OVF Tool: The manifest does not validate
OVF Tool: Opening VI target: vi://[email protected]:443/
OVF Tool: Deploying to VI: vi://[email protected]:443/
OVF Tool: Disk progress: 99%
OVF Tool: Transfer Completed
OVF Tool: Powering on VM: vcsa
OVF Tool: Task progress: 34%
OVF Tool: Task Completed
OVF Tool: Waiting for IP address...
OVF Tool: Received IP address: 192.168.1.121
OVF Tool: Completed successfully
[SUCCEEDED] Successfully executed Task 'Deploying vCenter Server Appliance' in
TaskFlow 'EmbededVCSA' at 04:07:27
MonitorDeploymentTask: Monitoring Deployment
[START] Start executing Task: Monitor the entire VCSA deployment using
appliance REST API at 04:07:27
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Successfully found the target VCSA 'vcsa on esxi '192.168.1.188'
Checking if the target %(p)s is powered on and ready for operations...
Successfully verified that the target VCSA 'vcsa' has been powered on and is now
ready for operations
Checking if the target VCSA has obtained the ip...
Successfully verified that the target VCSA has obtained the IP address:
192.168.1.121
Checking if the target VCSA appliance API is available for query
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
Successfully verified that the target VCSA appliance API is available for query
Start monitoring target VCSA deployment, deployment status will be written into:
C:\Users\ADMINI~1.MYL\AppData\Local\Temp\vcsaCliInstaller-2018-05-15-04-04-2f_tklqe\workflow_1526357089668\EmbededVCSA\v
csa_deployment.json
Start querying appliance API for deployment status
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Install
required RPMs for the appliance.(RUNNING 51/100) - Installed
VMware-jmemtool-6.7.0-8217866.x86_64.rpm
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Install
required RPMs for the appliance.(RUNNING 59/100) - Installed
vmware-identity-sts-6.7.0.3665-8136721.noarch.rpm
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Install
required RPMs for the appliance.(RUNNING 66/100) - Installed
vmware-esx-netdumper-6.7.0-0.0.8217866.i386.rpm
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Install
required RPMs for the appliance.(RUNNING 86/100) - Installed
VMware-vsan-health-6.7.0-8217866.x86_64.rpm
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed
successfully. Task: Run firstboot scripts.(RUNNING 2/100) - Starting
VMware Authentication Framework...
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed
successfully. Task: Run firstboot scripts.(RUNNING 2/100) - Starting
VMware Authentication Framework...
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed
successfully. Task: Run firstboot scripts.(RUNNING 13/100) - Starting
VMware Service Lifecycle Manager...
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed
successfully. Task: Run firstboot scripts.(RUNNING 23/100) - Starting
VMware License Service...
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed
successfully. Task: Run firstboot scripts.(RUNNING 31/100) - Starting
VMware Service Lifecycle Manager API...
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Run firstboot
scripts.(RUNNING 52/100) - Starting VMware vCenter-Services... Task:
Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has
completed successfully.
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Run firstboot
scripts.(RUNNING 60/100) - Starting VMware vCenter Server... Task:
Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has
completed successfully.
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Run firstboot
scripts.(RUNNING 60/100) - Starting VMware vCenter Server... Task:
Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has
completed successfully.
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Run firstboot
scripts.(RUNNING 63/100) - Starting VMware Content Library Service...
Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task
has completed successfully.
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Run firstboot
scripts.(RUNNING 63/100) - Starting VMware Content Library Service...
Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task
has completed successfully.
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Run firstboot
scripts.(RUNNING 73/100) - Starting VMware Update Manager... Task:
Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has
completed successfully.
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Run firstboot
scripts.(RUNNING 84/100) - Starting VMware VSAN Health Service...
Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task
has completed successfully.
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Run firstboot
scripts.(RUNNING 97/100) - Starting VMware Performance Charts...
Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task
has completed successfully.
VCSA Deployment is still running
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Found IP address of target appliance: 192.168.1.121
Proceed with certificate thumbprint check...
Requesting deployment status from target vCSA REST API endpoint
'https://192.168.1.121:5480/rest/vcenter/deployment'
==========VCSA Deployment Progress Report========== Task: Run firstboot
scripts.(SUCCEEDED 100/100) - Task has completed successfully. Task:
Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has
completed successfully.
Successfully completed VCSA deployment. VCSA Deployment Start Time:
2018-05-15T04:06:51.417Z VCSA Deployment End Time: 2018-05-15T04:15:55.189Z
[SUCCEEDED] Successfully executed Task 'MonitorDeploymentTask: Monitoring
Deployment' in TaskFlow 'EmbededVCSA' at 04:16:03
Monitoring VCSA Deploy task completed
ApplianceLoginSummaryTask: Provide appliance login information.
[START] Start executing Task: Provide the login information about new
appliance. at 04:16:03
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.188' will not be verified because you have
provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify'
command parameter, which disables verification for all certificates. Remove this
parameter from the command line if you want server certificates to be verified.
Appliance Name: vcsa
System Name: vcsa.citrix.aventistech.info
System IP: 192.168.1.121
Log in as: [email protected]
[SUCCEEDED] Successfully executed Task 'ApplianceLoginSummaryTask: Provide
appliance login information.' in TaskFlow 'EmbededVCSA' at 04:16:04
vcsa-deploy execution successfully completed, workflow log dir:
C:\Users\ADMINI~1.MYL\AppData\Local\Temp\vcsaCliInstaller-2018-05-15-04-04-2f_tklqe\workflow_1526357089668
=================================== 04:16:04 ===================================
Result and Log File Information...
WorkFlow log directory:
C:\Users\ADMINI~1.MYL\AppData\Local\Temp\vcsaCliInstaller-2018-05-15-04-04-2f_tklqe\workflow_1526357089668Login to vCenter Management UI to verify that VCSA is deployed successfully
Reduce vCPU & vRAM of VCSA for Lab Testing Purpose
The newly deployed VCSA is configured with 4 x vCPU with 20GB RAM
Power Off the VCSA and change the resources to 2 x vCPU with 4GB RAM for lab testing purpose
HSTS error with *.dev Domain
You will encounter the error message below if .dev is used in your lab, like vcsa.aventis.dev
You cannot visit vcsa.aventis.dev right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
Refer to Chrome & Firefox now force .dev domains to HTTPS via preloaded HSTS for more information
Solution
Download the VCSA self-sign root certificate via https://vcenter.domain.com/certs/download.zip with Internet Explorer (IE) and import it to Certificate (Local Machine) – Trusted Root Certification Authorities by following How to download and install vCenter Server root certificates to avoid Web Browser certificate warnings (2108294).
Close all the running Google Chrome and you should be able to access https://vcsa.aventis.dev with a newly opened Chrome now