NSX-T: Deploy NSX-T Manager 2.5 with OVFtool

If you have the NSX-T Manager OVA on a fileshare or web server you can deploy it from the vCenter GUI, or use any other deployment tool like OVFtool.

Using OVFtool to deploy NSX-T Manager is a great way to deploy a quick and repeatable configuration. It also helps to document the configuration options.

Ensure you have forward and reverse DNS. In the lab I use Powershell:

1Add-DnsServerResourceRecordA -CreatePtr -Name "sitea-nsxm"  -ZoneName "lab.vmw.one" -IPv4Address "172.31.150.14" 
2Add-DnsServerResourceRecordA -CreatePtr -Name "sitea-nsxm1" -ZoneName "lab.vmw.one" -IPv4Address "172.31.150.15" 
3Add-DnsServerResourceRecordA -CreatePtr -Name "sitea-nsxm2" -ZoneName "lab.vmw.one" -IPv4Address "172.31.150.16" 
4Add-DnsServerResourceRecordA -CreatePtr -Name "sitea-nsxm3" -ZoneName "lab.vmw.one" -IPv4Address "172.31.150.17" 

Create a config file for the VM parameters. I like to use different ConfigFiles for each deployment, as it's proof of the initial configuration.

Note

This configuration file is for NSX-T Manager 2.5. There's some minor differences in NSX-T Manager 3.0. See a future post coming shortly.

Create nsxm1.ovftool.cfg:

 1name=sitea-nsxm1
 2network=stretched-150 
 3# vmFolder=infrastructure
 4datastore=vsanDatastore
 5X:injectOvfEnv 
 6X:logFile=sitea-nsxm1.log
 7X:logLevel=verbose
 8allowExtraConfig 
 9acceptAllEulas 
10noSSLVerify 
11diskMode=thin 
12powerOn 
13deploymentOption=small
14# Sets memory shares to default, reservations to 0. limits to 0. Lab deployments only.
15viMemoryResource=:0:0 
16# Sets CPU shares to default, reservations to 0. limits to 0. Lab deployments only.
17viCpuResource=:0:0 
18prop:nsx_hostname=sitea-nsxm1.lab.vmw.one
19prop:nsx_domain_0=lab.vmw.one
20prop:nsx_ip_0=172.31.150.15
21prop:nsx_netmask_0=255.255.255.0 
22prop:nsx_gateway_0=172.31.150.1 
23prop:nsx_dns1_0=172.31.3.9 172.31.9.1
24prop:nsx_ntp_0=172.31.9.1 
25prop:nsx_role=NSX Manager
26prop:nsx_isSSHEnabled=True 
27prop:nsx_allowSSHRootLogin=False 
28prop:nsx_passwd_0=VMware1!VMware1! 
29prop:nsx_cli_passwd_0=VMware1!VMware1!

I'm using OVFtool version 4.3.0 (build-14746126)

1c:\>ovftool --version
2VMware ovftool 4.3.0 (build-14746126)
 1Z:\Software\VMware\scripts>ovftool --configFile=sitea-nsxm.ovftool.cfg "Z:\Software\VMware\NSX-T\nsx-unified-appliance-2.5.1.0.0.15314292.ova" vi://administrator@vsphere.local@sitea-vc.lab.vmw.one/Datacenter/host/vSphere-Cluster
 2Opening OVA source: Z:\Software\VMware\NSX-T\nsx-unified-appliance-2.5.1.0.0.15314292.ova
 3The manifest validates
 4Source is signed and the certificate validates
 5Enter login information for target vi://sitea-vc.lab.vmw.one/
 6Username: administrator%40vsphere.local
 7Password: ********
 8Opening VI target: vi://administrator%40vsphere.local@sitea-vc.lab.vmw.one:443/Datacenter/host/vSphere-Cluster
 9Deploying to VI: vi://administrator%40vsphere.local@sitea-vc.lab.vmw.one:443/Datacenter/host/vSphere-Cluster
10Transfer Completed
11Powering on VM: sitea-nsxm1
12Task Completed
13Completed successfully

If you want to include the administrator@vsphere.local password, change the above to vi://administrator@vsphere.local:VMware1!@sitea-vc.lab.vmw.one/Datacenter/host/vSphere-Cluster.

If you're using a complex password with special characters, you may need to url encode them.

It may seem confusing but Datacenter is the datacenter name within vCenter. host is fixed. vSphere-Cluster is the name of your cluster.

Increment the VM name and IP in the OVFtool cfg file and run it twice more to have 3 NSX-T Managers in total.

Disable Snapshots on NSX-T Appliances

Warning

Snapshots on NSX-T appliances are NOT supported. Official doco here.

To disable snapshots, on each NSX-T appliance VM:

  1. Power off the VM
  2. Right click the VM and Edit Settings
  3. On the VM Options tab, expand Advanced
  4. In the Configuration Parameters field, click Edit Configuration....
  5. In the Configuration Parameters window, click Add Configuration Params.
  6. Enter the following:
    For Name, enter snapshot.MaxSnapshots.
    For Value, enter -0.
  7. Click OK to save the changes.
  8. Power the VM back on.

Join the NSX-T Managers to form a cluster

If you deployed NSX-T Managers from the GUI, this is not required. Although if you've deployed using OVFtool, or deploying on KVM, you need to create an NSX-T Manager cluster.

Follow along at the official documentation here, or:

SSH to the first NSX-T Manager, and login with admin. (This is why I always enable SSH)

Run the following commands to get the thumbprint and cluster-id.

 1NSX CLI (Manager, Policy, Controller 2.5.1.0.0.15314292). Press ? for command list or enter: help
 2sitea-nsxm1> get certificate api thumbprint
 35974198a52876288a3265d738f5bbae915383f33303e7ac23c5708b36292e0e3
 4sitea-nsxm1>
 5sitea-nsxm1>
 6sitea-nsxm1>
 7sitea-nsxm1> get cluster config
 8Cluster Id: da6b9c4f-df91-4114-9bd7-4176e8354405
 9Cluster Configuration Version: 0
10Number of nodes in the cluster: 1
11
12Node UUID: be010f42-21fc-85d6-ce89-7827422447fa
13Node Status: JOINED
14    ENTITY                               UUID                                       IP ADDRESS      PORT     FQDN
15    HTTPS                                c64a17dd-6cfe-4e2a-80fd-ae31a72fc24f       172.31.150.15   443      sitea-nsxm.lab.vmw.one
16    CONTROLLER                           1d953532-dba2-4f8b-8992-acfec5d1de0b       172.31.150.15   -        sitea-nsxm.lab.vmw.one
17    CLUSTER_BOOT_MANAGER                 5edecb35-1862-4743-aa56-1df253c1b40d       172.31.150.15   -        sitea-nsxm.lab.vmw.one
18    DATASTORE                            2d5f1143-c4f3-49c7-a2cb-3c58f929fa20       172.31.150.15   9000     sitea-nsxm.lab.vmw.one
19    MANAGER                              f1f93d7c-809e-43df-9492-96eebc6d07c5       172.31.150.15   -        sitea-nsxm.lab.vmw.one
20    POLICY                               5455fd6a-0943-4595-9d36-21377c5c1df9       172.31.150.15   -        sitea-nsxm.lab.vmw.one

Make a note of the thumbprint and cluster-id.

Now SSH to each other NSX-T Manager and run:

1host> join <NSX-Manager-IP> cluster-id <cluster-id> username <NSX-Manager-username> password <NSX-Manager-password> thumbprint <NSX-Manager-thumbprint>
1sitea-nsxm2> join 172.31.150.15 cluster-id da6b9c4f-df91-4114-9bd7-4176e8354405 username admin password VMware1!VMware1! thumbprint 5974198a52876288a3265d738f5bbae915383f33303e7ac23c5708b36292e0e3
2Join operation successful. Services are being restarted. Cluster may take some time to stabilize.
3sitea-nsxm2>

Do the same for the third NSX-T Manager.

1sitea-nsxm3> join 172.31.150.15 cluster-id da6b9c4f-df91-4114-9bd7-4176e8354405 username admin password VMware1!VMware1! thumbprint 5974198a52876288a3265d738f5bbae915383f33303e7ac23c5708b36292e0e3
2Join operation successful. Services are being restarted. Cluster may take some time to stabilize.
3sitea-nsxm3> 

Confirm the results with:

 1sitea-nsxm1> get cluster config
 2Cluster Id: da6b9c4f-df91-4114-9bd7-4176e8354405
 3Cluster Configuration Version: 2
 4Number of nodes in the cluster: 3
 5
 6Node UUID: be010f42-21fc-85d6-ce89-7827422447fa
 7Node Status: JOINED
 8    ENTITY                               UUID                                       IP ADDRESS      PORT     FQDN
 9    HTTPS                                c64a17dd-6cfe-4e2a-80fd-ae31a72fc24f       172.31.150.15   443      sitea-nsxm1.lab.vmw.one
10    CONTROLLER                           1d953532-dba2-4f8b-8992-acfec5d1de0b       172.31.150.15   -        sitea-nsxm1.lab.vmw.one
11    CLUSTER_BOOT_MANAGER                 5edecb35-1862-4743-aa56-1df253c1b40d       172.31.150.15   -        sitea-nsxm1.lab.vmw.one
12    DATASTORE                            2d5f1143-c4f3-49c7-a2cb-3c58f929fa20       172.31.150.15   9000     sitea-nsxm1.lab.vmw.one
13    MANAGER                              f1f93d7c-809e-43df-9492-96eebc6d07c5       172.31.150.15   -        sitea-nsxm1.lab.vmw.one
14    POLICY                               5455fd6a-0943-4595-9d36-21377c5c1df9       172.31.150.15   -        sitea-nsxm1.lab.vmw.one
15
16Node UUID: eac10f42-8dd2-4055-d177-4b0460974d5c
17Node Status: JOINED
18    ENTITY                               UUID                                       IP ADDRESS      PORT     FQDN
19    HTTPS                                872a74b4-81d3-48d3-b4b7-cbd305558468       172.31.150.16   443      sitea-nsxm2.lab.vmw.one
20    CONTROLLER                           016b9c46-2782-4ea4-9fa0-480bf2335a0e       172.31.150.16   -        sitea-nsxm2.lab.vmw.one
21    CLUSTER_BOOT_MANAGER                 90a5a0ad-30aa-4ff8-bcba-af7ef4454440       172.31.150.16   -        sitea-nsxm2.lab.vmw.one
22    DATASTORE                            506165b4-5cf5-485b-9d31-9e9d719d3d51       172.31.150.16   9000     sitea-nsxm2.lab.vmw.one
23    MANAGER                              c57c98cf-396b-4cf4-ba00-8a3735b4a1c8       172.31.150.16   -        sitea-nsxm2.lab.vmw.one
24    POLICY                               60dacbd7-ad60-4769-891c-000facf6458d       172.31.150.16   -        sitea-nsxm2.lab.vmw.one
25
26Node UUID: d6120f42-f4ec-0e06-47dc-5440d39a8b51
27Node Status: JOINING
28    ENTITY                               UUID                                       IP ADDRESS      PORT     FQDN
29    HTTPS                                b07664db-ecc2-4538-af64-a23d37457a92       172.31.150.17   443      sitea-nsxm3.lab.vmw.one
30    CONTROLLER                           75c7cf3f-45fb-40cc-8be5-7f713d4efa56       172.31.150.17   -        sitea-nsxm3.lab.vmw.one
31    CLUSTER_BOOT_MANAGER                 f05eb38a-3de3-4bfa-ac65-5cca75884435       172.31.150.17   -        sitea-nsxm3.lab.vmw.one
32    DATASTORE                            93f12cd5-064a-4e77-9528-07f9bbee19f0       172.31.150.17   9000     sitea-nsxm3.lab.vmw.one
33    MANAGER                              e47592ce-3e5d-459f-a627-208d100f7181       172.31.150.17   -        sitea-nsxm3.lab.vmw.one
34    POLICY                               12cbe74d-7441-44bc-b4ef-dcfc8ecf8ad8       172.31.150.17   -        sitea-nsxm3.lab.vmw.one

I did it a bit too soon, as you can see the Node Status of the last NSX-T Manager still says JOINING. Give it a bit more time and check it again.

The Next time you log into any of the NSX-T Managers, and click to System / Appliances, you should see all 3 NSX-T Managers. Never mind the CPU usage. It settles down after a bit.

NSX-T Managers

The last step of deployment is to configure the Virtual IP. This method is only supported when the NSX-T Managers are in the same layer 2 network. Look for Virtual IP: Not Set, and click EDIT, and add the VIP, and click SAVE. Give it a few minutes to apply the settings.

Adding the virtual IP for the NSX-T Manager cluster