Security certificates and RPM installation in vCloud Director

Having trouble generating SSL security certificates or managing the RPM installation process? Expert Mike Laverick outlines these VMware vCloud Director installation steps.

This Content Component encountered an error

This series chronicles how to install VMware vCloud Director (vCD) in a home lab. VCloud Director is VMware's new management product for private and hybrid cloud architectures, and installing it at home provides IT professionals with a safe setting to test and evaluate VMware's cloud product without jeopardizing production resources.

After installing Oracle Enterprise Linux and XE, the next step is the RPM installation process and configuring Secure Sockets Layer (SSL) security certificates for vCloud Director.

More RPM installation: compat-libcom_err and libstdc
As with Oracle Express 10g, vCloud Director requires additional RPMs. The trouble is, Linux distributions install some vCD prerequisites by default, and it's difficult to tell which RPMs are present. (The complete list of the required RPMs is in the official VMware installation guide (PDF).)

Figure 1
(Click image for an enlarged view.)

To query which RPM packages are installed, you can use the following RPM command (change the nonbolded text to reflect your specific installation):

 

rpm -q alsa-lib libgcc libXtst bash libICE module-init-tools chkconfig libSM net-tools compat-libcom_err libstdc pciutils coreutils libX11 procps findutils libXau redhat-lsb glibc libXdmcp sed grep libXext tar initscripts libXi which krb5-libs libXt | grep installed

After running this command in Oracle Enterprise Linux, you'll notice the compat-libcom_err and libstdc are not installed. The compat-libcom_err RPM installation adds a compatibility library to the operating system, and libstdc adds a standard C Library.

 To install these RPMs, connect the Oracle Enterprise Linux DVD to the VM. In the /media/Enterprise Linux dvd 20100405/Server directory, install the RPMs with the following commands:

 

rpm -i compat-libcom_err-1.0-7.x86_64.rpm
rpm --i libstdc++-4.1.2-48.el5.x86_64.rpm

Despite VMware's list of required RPMs, I found that the vCD installer continues with just the compat-libcom_err RPM installed. But I would err on the side of caution, install libstdc and assume that the installer does not check for every RPM installation in the official guide.

Creating SSL security certificates
The next step is creating SSL security certificates for the HTTP and console-proxy interface. Unlike other VMware products, such as ESX or vCenter, the vCD installation does not auto-generate self-signed SSL security certificates. Instead, you must generate the SSL security certificates with a request from a suitable certificate authority like Thawte or VeriSign, or generate your own self-signed (and untrusted) SSL security certificates.

 But the certificate management utilities installed to Oracle Enterprise Linux cannot complete this process. Oracle Enterprise Linux installs the GNU Compiler for Java and contains an incompatible version of the keytool that generates certificate requests and unsigned certificates.

There are two ways around this problem. You can download and install the Java RunTime environment for Linux, then install it to vCD and run it. Alternatively, on any computer that already has Java RunTime installed, you can generate your own self-signed SSL security certificates and copy them to vCloud Director.

Generating security certificates with Java RunTime
I chose the first option, so everything is done within vCD. I downloaded the Linux x64 RPM and installed the package with the ./jre-6u21-linux-x64-rpm.bin file.

Figure 2
(Click image for an enlarged view.)

Once the package is installed, create a directory for holding the certificates and certificate request files with mkdir /opt/keystore.

Then, make your first certificate request for vCD's core HTTP service with the following command:

/usr/java/jre1.6.0_21/bin/keytool -keystore /opt/keystore/certificates.ks - storetype JCEKS -storepass passwd -genkey -keyalg RSA -alias http

The Java Keytool asks for your first and last name, as though the certificate were a client or user certificate. But this certificate is for a Web service, so enter the fully qualified doman name (FQDN) from the vCloud Director host. In my case, I typed "vcd.corp.com."

Figure 3
I used the full path to Java Keytool 1.6, rather than the built-in version that ships with Oracle Enterprise Linux. With the previous command, I set the certificate password to "passwd", and I used this password for certificate management. In the real world, I recommend a more complex password. (Click image for an enlarged view.)

Next, generate the certificate request for the console proxy with the following command:

 

/usr/java/jre1.6.0_21/bin/keytool -keystore /opt/keystore/certificates.ks - storetype JCEKS -storepass passwd -genkey -keyalg RSA -alias consoleproxy

This network connection brokers remote console sessions from the user's computer to the VM. Normally, the users need a full vSphere Client and access to the vCenter or ESX host to open a window on their VM.
Also, this command is similar to the previous one. The only difference is that the alias is changed to consoleproxy. Therefore, it's possible to scroll up the terminal window and modify the last part of the command. The FQDN reflects the host name and domain selected for the second network interface within vCloud Director. In my case, the FQDN is vcdproxy.corp.com.

In the final part of this series, I explain how to install vCloud Director and manage Sysprep as well as offer some final thoughts on the installation process.

 

Mike Laverick

Mike Laverick (VCP) has been involved with the VMware community since 2003. Laverick is a VMware forum moderator and member of the London VMware User Group Steering Committee. Laverick is the owner and author of the virtualization website and blog RTFM Education, where he publishes free guides and utilities aimed at VMware ESX/VirtualCenter users, and has recently joined SearchVMware.com as an Editor at Large. In 2009, Laverick received the VMware vExpert award and helped found the Irish and Scottish VMware user groups. Laverick has had books published on VMware Virtual Infrastructure 3, VMware vSphere4 and VMware Site Recovery Manager.

This was first published in November 2010

Dig deeper on Using VMware cloud computing tools

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchVirtualDesktop

SearchDataCenter

SearchCloudComputing

Close