Very brief blog post to document how to install vCloud Director with external database that does not support plain text connections.
In general the process is to do the initial set up with plain text DB connection and then switch to TLS – see the official docs here. That will however not work if the external database supports only TLS connection.
Instead this process must be used:
- Import DB certificate (unless it is publicly signed) to cell default JRE keystore.
- Use unattended configuration.
Example:
# /opt/vmware/vcloud-director/jre/bin/keytool --import -trustcacerts -keystore /opt/vmware/vcloud-director/jre/lib/security/cacerts -alias psql -file /opt/vmware/vcloud-director/etc/psql.crt
Enter keystore password: changeit
Owner: CN=10.0.4.64
Issuer: CN=10.0.4.64
Serial number: cb64ae0954184182
Valid from: Fri Nov 22 14:10:39 GMT 2019 until: Sat Nov 21 14:10:39 GMT 2020 Certificate fingerprints:
MD5: 04:4F:8F:C5:9C:CC:D5:E8:F1:50:C1:85:51:D4:FB:AD
SHA1: 22:53:FF:71:A7:EC:9B:D1:74:79:D5:95:46:71:F6:38:A7:E7:F8:4E
SHA256: 08:7C:27:B4:FB:32:04:DE:AF:BB:FE:9D:47:1D:38:46:C8:F4:7C:69:73:DE:8D:CB:BD:2A:A5:B2:11:12:68:DD
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [
0000: 15 EA 78 3F 71 DD 34 D4 15 F0 C8 03 F7 76 1A 0B ..x?q.4......v..
0010: 64 B2 A6 6E d..n
]
]
#2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [
0000: 15 EA 78 3F 71 DD 34 D4 15 F0 C8 03 F7 76 1A 0B ..x?q.4......v..
0010: 64 B2 A6 6E d..n
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
# /opt/vmware/vcloud-director/bin/configure --unattended -dbhost <DB IP address> -dbname vcloud -dbpassword vcloud -dbtype postgres -dbuser vcloud --database-ssl true –dbport 5423 -ip <cell-ip> --primary-port-http 80 --primary-port-https 443 -cons <cell-ip> --console-proxy-port-https 8443 -k /opt/vmware/vcloud-director/etc/certificates.ks -w <keystore password> -g
.......................................\
Database configuration complete.
# /opt/vmware/vcloud-director/bin/cell-management-tool system-setup --email admin@vcloud.com --full-name 'System Admin' --installation-id 33 --password 'VMware1!' -system-name vcd --unattended --user administrator
Creating admin user.
Setting system details.
Completing system setup.
System setup is complete.