创建 SSL 证书
1 创建Java目录
mkdir /usr/java
把安装文件上传到/usr/java文件夹内
cd/usr/java
chmod 750 jre-6u41-linux-x64-rpm.bin
./jre-6u41-linux-x64-rpm.bin
rpm-ivh jre-6u41-linux-amd64.rpm
2 创建证书存储目录
mkdir /opt/keystore
下载和安装 VMware 公钥,使用Web浏览器从http://packages.vmware.com/tools/keys目录下载所有 VMware公用打包公钥。
[root@vCloud-1 桌面]# rpm --import/opt/keystore/VMWARE-PACKAGING-GPG-DSA-KEY.pub
[root@vCloud-1 桌面]# rpm--import /opt/keystore/VMWARE-PACKAGING-GPG-RSA-KEY.pub
在服务器组的第一个成员中安装vCloud Director 软件
上传vcloud director安装文件到服务器/opt目录中
[root@vCloud-1 桌面]# cd /opt
[root@vCloud-1 opt]# ls
keystore rh vmware-vcloud-director-5.5.1-1881717.bin
[root@vCloud-1 opt]# chmod 750vmware-vcloud-director-5.5.1-1881717.bin
[root@vCloud-1 opt]#./vmware-vcloud-director-5.5.1-1881717.bin
Checking architecture...done
Checking for a supported Linux distribution...DetectedRed Hat Linux system
done
Checking for necessary RPMprerequisites...done
Checking free disk space...done
Extracting VMware vCloud Director. Pleasewait, this could take a few minutes...
vmware-vcloud-director-5.5.1-1881717.x86_64.rpm
vmware-vcloud-director-rhel-5.5.1-1881717.x86_64.rpm
done
Verifying RPM signatures...done
Installing the VMware vCloud DirectorRPMs...
Preparing... ########################################### [100%]
1:vmware-vcloud-director-########################################### [100%]
2:vmware-vcloud-director ###########################################[100%]
You should now run the configuration script
(/opt/vmware/vcloud-director/bin/configure)to perform other required
post-installation configuration.
If you will be deploying a vCloud Directorcluster you must mount the shared
transfer server storage prior to runningthe configuration script. If this
is a single server deployment no sharedstorage is necessary.
If you are not ready to do this right now,you may run the script later
prior to starting the vmware-vcd service.
Would you like to run the script now?(y/n)? n
Skipping.You may run the configurationscript at a later time by executing
/opt/vmware/vcloud-director/bin/configure
[root@vCloud-1 opt]#
3 挂载NFS共享存储
[root@vCloud-1 桌面]#vi/etc/fstab
添加如下
192.168.10.22:vcloud-NFS /opt/vmware/vcloud-director/data/transfernfs intr 0 0
更改权限
[root@vCloud-1 桌面]#chown -R"vcloud:vcloud" /opt/vmware/vcloud-director/data/transfer
[root@vCloud-1 桌面]#sudomount –a
[root@vCloud-1 桌面]#ls -l/opt/vmware/vcloud-director/data
4 创建SSL证书
为HTTP服务创建不受信任的证书
[root@vCloud-1桌面]#/usr/java/jre1.6.0_45/bin/keytool-keystore /opt/vmware/vcloud-director/data/transfer/certificates.ks -storetypeJCEKS -storepass vcloud -genkey -keyalg RSA –validity 731 -alias http
您的名字与姓氏是什么?
[Unknown]: vcloud.vsphere.com
您的组织单位名称是什么?
[Unknown]: vCloud Unit
您的组织名称是什么?
[Unknown]: vCloud Unit
您所在的城市或区域名称是什么?
[Unknown]: taiyuan
您所在的州或省份名称是什么?
[Unknown]: shanxi
该单位的两字母国家代码是什么
[Unknown]: CN
CN=vCloud-1.vSphere.com, OU=vCloud Unit,O=vCloud Unit, L=taiyuan, ST=shanxi, C=CN 正确吗?
[否]: 是
输入
(如果和 keystore密码相同,按回车):
为HTTP服务创建证书签名请求
[root@vCloud-1 桌面]#/usr/java/jre1.6.0_45/bin/keytool -keystore /opt/vmware/vcloud-director/data/transfer/certificates.ks-storetype JCEKS -storepass vcloud -certreq -alias http -file/opt/keystore/vcloud-http.csr
为控制台代理服务创建不受信任的证书
[root@vCloud-1 桌面]#/usr/java/jre1.6.0_45/bin/keytool -keystore /opt/vmware/vcloud-director/data/transfer/certificates.ks-storetype JCEKS -storepass vcloud -genkey -keyalg RSA -validity 731 -aliasconsoleproxy
您的名字与姓氏是什么?
[Unknown]: consoleproxy.vsphere.com
您的组织单位名称是什么?
[Unknown]: vCloud Unit
您的组织名称是什么?
[Unknown]: vCloud Unit
您所在的城市或区域名称是什么?
[Unknown]: taiyuan
您所在的州或省份名称是什么?
[Unknown]: shanxi
该单位的两字母国家代码是什么
[Unknown]: CN
CN=vCloud-1-con.vSphere.com, OU=vCloudUnit, O=vCloud Unit, L=taiyuan, ST=shanxi, C=CN 正确吗?
[否]: 是
输入
(如果和 keystore密码相同,按回车):
为控制台代理服务创建证书签名请求。
[root@vCloud-1 桌面]#/usr/java/jre1.6.0_45/bin/keytool -keystore/opt/vmware/vcloud-director/data/transfer/certificates.ks -storetype JCEKS-storepass vcloud -certreq -alias consoleproxy -file/opt/keystore/vcloud-consoleproxy.csr
将证书签名请求发送给证书颁发机构—CA服务器
CA服务器地址:http://192.168.10.30/certsrv/
单击下载证书链,证书链中包含了当前证书和当前证书上级所有的CA证书,包括根CA
方法一 (导入证书链)
导入HTTP服务证书链
[root@vCloud-1 桌面]#/usr/java/jre1.6.0_45/bin/keytool -storetype JCEKS -storepass vcloud -keystore/opt/vmware/vcloud-director/data/transfer/certificates.ks -import -alias http-file /opt/keystore/vcloud-http.p7b
回复中的最高级认证:
所有者:CN=vSphere-CA-CA, DC=vSphere, DC=com
签发人:CN=vSphere-CA-CA, DC=vSphere, DC=com
序列号:66082e6fca2300a848a13be3afcf6a82
有效期: Thu Dec 12 13:28:21 CST 2013 至Wed Dec 12 13:38:19CST 2018
证书指纹:
MD5:71:6A:B4:06:DD:97:B5:C6:CF:75:81:4B:20:13:B6:90
SHA1:2D:95:07:2E:B0:3A:E7:4C:20:55:5F:EB:93:AF:9E:49:3B:03:77:79
签名算法名称:SHA1withRSA
版本: 3
扩展:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 1.3.6.1.4.1.311.20.2Criticality=false
#4: ObjectId: 1.3.6.1.4.1.311.21.1Criticality=false
#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 25 B9 01 F0 D4 61 BA A2 B9 C5 13 47 04 79 F3 35 %....a.....G.y.5
0010: 9E 7A A1 E6 .z..
]
]
... 是不可信的。 还是要安装回复? [否]: 是
认证回复已安装在 keystore中
导入控制台代理服务证书链
[root@vCloud-1 桌面]#/usr/java/jre1.6.0_45/bin/keytool -storetype JCEKS -storepass vcloud -keystore/opt/vmware/vcloud-director/data/transfer/certificates.ks -import -aliasconsoleproxy -file /opt/keystore/vcloud-consoleproxy.p7b
回复中的最高级认证:
所有者:CN=vSphere-CA-CA, DC=vSphere, DC=com
签发人:CN=vSphere-CA-CA, DC=vSphere, DC=com
序列号:66082e6fca2300a848a13be3afcf6a82
有效期: Thu Dec 12 13:28:21 CST 2013 至Wed Dec 12 13:38:19CST 2018
证书指纹:
MD5:71:6A:B4:06:DD:97:B5:C6:CF:75:81:4B:20:13:B6:90
SHA1:2D:95:07:2E:B0:3A:E7:4C:20:55:5F:EB:93:AF:9E:49:3B:03:77:79
签名算法名称:SHA1withRSA
版本: 3
扩展:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 1.3.6.1.4.1.311.20.2Criticality=false
#4: ObjectId: 1.3.6.1.4.1.311.21.1Criticality=false
#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 25 B9 01 F0 D4 61 BA A2 B9 C5 13 47 04 79 F3 35 %....a.....G.y.5
0010: 9E 7A A1 E6 .z..
]
]
... 是不可信的。 还是要安装回复? [否]: 是
认证回复已安装在 keystore中
方法二 (导入根证书)
导入证书颁发机构根证书
/usr/java/jre1.6.0_45/bin/keytool-storetype JCEKS –storepass vcloud – keystore /opt/vmware/vcloud-director/data/transfer/certificates.ks–import -alias root -file /opt/keystore /root.cer
导入 HTTP 服务证书。
/usr/java/jre1.6.0_45/bin/keytool-storetype JCEKS -storepass vcloud –keystore /opt/vmware/vcloud-director/data/transfer/certificates.ks-import -alias http -file /opt/keystore/ vcloud-http.cer
导入控制台代理服务证书
/usr/java/jre1.6.0_45/bin/keytool-storetype JCEKS -storepass vcloud –keystore /opt/vmware/vcloud-director/data/transfer/certificates.ks-import -alias consoleproxy -file /opt/ keystore/vcloud-consoleproxy.cer
要验证所有证书是否均已导入,请列出 Keystore 文件的内容。
[root@vCloud-1 桌面]#/usr/java/jre1.6.0_45/bin/keytool -storetype JCEKS -storepass vcloud -keystore/opt/vmware/vcloud-director/data/transfer/certificates.ks -list
Keystore 类型: JCEKS
Keystore 提供者: SunJCE
您的 keystore 包含 2 输入
consoleproxy, 2013-12-12, PrivateKeyEntry,
认证指纹 (MD5): 78:5D:09:90:7E:AB:AE:DD:8A:34:9C:29:34:6C:95:99
http, 2013-12-12, PrivateKeyEntry,
认证指纹 (MD5): 31:4E:C0:EE:11:7A:64:93:4B:6F:A5:8C:54:93:85:1A
在服务器组的第一个成员中配置 vCloud Director 软件
[root@vcloud-1 桌面]# cd/opt/vmware/vcloud-director/bin
[root@vcloud-1 bin]# ./configure
Welcome to the vCloud Directorconfiguration utility.
You will be prompted to enter a number ofparameters that are necessary to
configure and start the vCloud Directorservice.
Please indicate which IP address availableon this machine should be used for
the HTTP service and which IP addressshould be used for the remote console proxy.
The HTTP service IP address is used foraccessing the user interface and the
REST API. The remote console proxy IPaddress is used for all remote console (VMRC)
connections and traffic.
Please enter your choice for the HTTPservice IP address:
1.10.0.1.24
2.10.0.1.25
3.192.168.10.24
Choice [default=1]: 1
Please enter your choice for the remoteconsole proxy IP address:
1.10.0.1.25
2.192.168.10.24
Choice [default=1]: 1
Please enter the path to the Java keystorecontaining your SSL certificates and
private keys:/opt/vmware/vcloud-director/data/transfer/certificates.ks
Please enter the password for the keystore:
If you would like to enable remote auditlogging to a syslog host please enter
the hostname or IP address of the syslogserver. Audit logs are stored by
vCloud Director for 90 days. Exporting logsvia syslog will enable you to
preserve them for as long as necessary.
Syslog host name or IP address [press Enterto skip]:
No syslog host was specified, disablingremote audit logging.
The following database types are supported:
1.Oracle
2.Microsoft SQL Server
Enter the database type [default=1]: 2
Enter the host (or IP address) for thedatabase: 192.168.10.28
Enter the database port [default=1433]:1433
Enter the database name [default=vcloud]:vcloud
Enter the database instance [Press enter touse the server's default instance]: MSSQLSERVER
Enter the database username: vcloud
Enter the database password:
Connecting to the database:jdbc:jtds:sqlserver://192.168.10.28:1433/vcloud;socketTimeout=90;prepareSQL=2
.......................[23]
.......................................................................[71]
....................................................................................................[100]
..[102]
..................................................................[66]
Database configuration complete.
vCloud Director configuration is nowcomplete.
Once the vCloud Director server has beenstarted you will be able to
access the first-time setup wizard at thisURL:
https://vcloud-1.vsphere.com
Would you like to start the vCloud Directorservice now? If you choose not
to start it now, you can manually start itat any time using this command:
service vmware-vcd start
Start it now? [y/n] y
Starting vmware-vcd-watchdog: [确 定]
Starting vmware-vcd-cell [确 定]
The vCD service will be startedautomatically on boot. To disable this,
use the following command: chkconfig --delvmware-vcd
[root@vcloud-1 bin]#
配置脚本输入内容
/opt/vmware/vcloud-director/data/transfer/certificates.ks
vcloud
数据库IP地址:192.168.10.28
数据库端口:1433
数据库名称:vcloud
数据库实例名: MSSQLSERVER
数据库用户名:vcloud
数据库密码:vcloud
复制响应文件
[root@vCloud-1 /]# cp/opt/vmware/vcloud-director/etc/responses.properties/opt/vmware/vcloud-director/data/transfer/
再次确定权限
[root@vCloud-1 桌面]#chown -R"vcloud:vcloud" /opt/vmware/vcloud-director/data/transfer
安装 Microsoft Sysprep 文件
[root@vCloud-1 /]# cd/opt/vmware/vcloud-director/guestcustomization/default/windows/
创建客户机操作系统Sysprep 二进制文件目录与子目录
[root@vCloud-1 windows]# mkdir sysprep
[root@vCloud-1 windows]# mkdirsysprep/win2k3
[root@vCloud-1 windows]# mkdirsysprep/win2k3_64
[root@vCloud-1 windows]# mkdirsysprep/win2000
[root@vCloud-1 windows]# mkdirsysprep/winxp
[root@vCloud-1 windows]# mkdirsysprep/winxp_64
将 Sysprep 二进制文件复制到服务器中的恰当位置
确保用户 vcloud.vcloud 能够读取 Sysprep 文件。
[root@vCloud-1 /]# chown -R vcloud.vcloud /opt/vmware/vcloud-director/guestcustomization/
[root@vCloud-1 /]#
复制Sysprep 文件后,不需要重新启动 vCloud Director。
vCloud Director服务器组第一台安装完毕。
在服务器组的其他成员中安装 vCloud Director 软件
创建公钥存储目录
mkdir /opt/keystore
下载和安装 VMware 公钥
使用Web浏览器从http://packages.vmware.com/tools/keys目录下载所有 VMware公用打包公钥
[root@vCloud-2 桌面]# rpm--import /opt/keystore/VMWARE-PACKAGING-GPG-DSA-KEY.pub
[root@vCloud-2 桌面]# rpm--import /opt/keystore/VMWARE-PACKAGING-GPG-RSA-KEY.pub
上传vcloud director安装文件到服务器/opt目录中
[root@vCloud-2 桌面]# cd /opt
[root@vCloud-2 opt]# ls
keystore rh vmware-vcloud-director-5.5.1-1881717.bin
[root@vCloud-2 opt]# chmod 750vmware-vcloud-director-5.5.1-1881717.bin
[root@vCloud-2 opt]#./vmware-vcloud-director-5.5.1-1881717.bin
Checking architecture...done
Checking for a supported Linuxdistribution...Detected Red Hat Linux system
done
Checking for necessary RPMprerequisites...done
Checking free disk space...done
Extracting VMware vCloud Director. Pleasewait, this could take a few minutes...
vmware-vcloud-director-5.5.1-1881717.x86_64.rpm
vmware-vcloud-director-rhel-5.5.1-1881717.x86_64.rpm
done
Verifying RPM signatures...done
Installing the VMware vCloud DirectorRPMs...
Preparing... ########################################### [100%]
1:vmware-vcloud-director-########################################### [100%]
2:vmware-vcloud-director ###########################################[100%]
You should now run the configuration script
(/opt/vmware/vcloud-director/bin/configure)to perform other required
post-installation configuration.
If you will be deploying a vCloud Directorcluster you must mount the shared
transfer server storage prior to runningthe configuration script. If this
is a single server deployment no sharedstorage is necessary.
If you are not ready to do this right now,you may run the script later
prior to starting the vmware-vcd service.
Would you like to run the script now?(y/n)? n
Skipping.You may run the configurationscript at a later time by executing
/opt/vmware/vcloud-director/bin/configure
[root@vCloud-2 opt]#
挂载NFS共享存储
[root@vCloud-2 桌面]#vi/etc/fstab
添加如下
192.168.10.22:vcloud-NFS /opt/vmware/vcloud-director/data/transfernfs intr 0 0
更改权限
[root@vCloud-2 桌面]#chown -R"vcloud:vcloud" /opt/vmware/vcloud-director/data/transfer
[root@vCloud-2 桌面]#sudomount -a
[root@vCloud-2 桌面]#ls -l/opt/vmware/vcloud-director/data
在服务器组的其他成员中配置 vCloud Director 软件
[root@vCloud-2 桌面]#cd/opt/vmware/vcloud-director/bin
[root@vcloud-2 bin]#./configure -r/opt/vmware/vcloud-director/data/transfer/responses.properties
Welcome to the vCloud Directorconfiguration utility.
You will be prompted to enter a number ofparameters that are necessary to
configure and start the vCloud Directorservice.
Please indicate which IP address availableon this machine should be used for
the HTTP service and which IP addressshould be used for the remote console proxy.
The HTTP service IP address is used foraccessing the user interface and the
REST API. The remote console proxy IPaddress is used for all remote console (VMRC)
connections and traffic.
Please enter your choice for the HTTPservice IP address:
1.10.0.1.26
2.10.0.1.27
3.192.168.10.26
Choice [default=1]: 1
Please enter your choice for the remoteconsole proxy IP address:
1.10.0.1.27
2.192.168.10.26
Choice [default=1]: 1
Connecting to the database:jdbc:jtds:sqlserver://192.168.10.28:1433/vcloud;socketTimeout=90;prepareSQL=2
Database configuration complete.
vCloud Director configuration is nowcomplete.
Once the vCloud Director server has beenstarted you will be able to
access the first-time setup wizard at thisURL:
https://vcloud-2.vsphere.com
Would you like to start the vCloud Directorservice now? If you choose not
to start it now, you can manually start itat any time using this command:
service vmware-vcd start
Start it now? [y/n] y
Starting vmware-vcd-watchdog: [确 定]
Starting vmware-vcd-cell [确 定]
The vCD service will be startedautomatically on boot. To disable this,
use the following command: chkconfig --delvmware-vcd
[root@vcloud-2 bin]#
安装 Microsoft Sysprep 文件
更改目录
[root@vCloud-2 桌面]# cd/opt/vmware/vcloud-director/guestcustomization/default/windows/
创建客户机操作系统Sysprep 二进制文件目录与子目录
[root@vCloud-2 windows]# mkdir sysprep
[root@vCloud-2 windows]# mkdirsysprep/win2k3
[root@vCloud-2 windows]# mkdirsysprep/win2k3_64
[root@vCloud-2 windows]# mkdir sysprep/win2000
[root@vCloud-2 windows]# mkdirsysprep/winxp
[root@vCloud-2 windows]# mkdirsysprep/winxp_64
将 Sysprep 二进制文件复制到服务器中的恰当位置
确保用户 vcloud.vcloud 能够读取 Sysprep 文件。
[root@vCloud-2 /]# chown -R vcloud.vcloud /opt/vmware/vcloud-director/guestcustomization/
[root@vCloud-2 /]#
复制Sysprep 文件后,不需要重新启动 vCloud Director。
vCloudDirector服务器组第二台安装完毕,如有需要安装多台,可重复此过程以向服务器组中添加更多服务器。