vSphere 7.0 Update 1以降 vCLSという仮想マシンが勝手に起動してUPS連動シャットダウンに失敗する


vSphere 7.0 Update 1にアップデートして以降、UPS連動シャットダウンに失敗するようになった。

ログを確認していくと、仮想マシンがシャットダウンできない模様。

しかし、vCenter Serverから確認しても動いている仮想マシンは見えない。

そこでESXi のHost Clientに接続して確認すると、vCLSという作った覚えない仮想マシンが起動している。
そして、vCLSを手動で停止しても勝手に起動してくる。

確認してみると、vSphere 7.0 Update 1以降、vSphere DRS/vSphere HAなどのクラスタについて、起動するまでに時間がかかり重いvCenterサーバ仮想マシンではなく、クラスタの可用性のみを面倒見る仮想マシンとして vSphere Cluster Services を提供するようになったようである。

vSphere 7.0 Update 1 の vSphere Cluster Services (vCLS) (80472)
vSphere 7.0 documentation 「vSphere Cluster Services (vCLS)

これをUPS連動シャットダウンと組み合わせる場合の資料を探したところ、下記があった。

APC「PowerChute Network Shutdown v4.3/v4.4によるvSphere 7.0 Update 1でのvCLSの制御について
DELL「もう迷わない!HCI環境のUPS選定 シャットダウンについて

vSphereのクラスタをのvCLSをRetreatモードに変更することでvCLS仮想マシンが停止/削除することができる、というもの。

PowerShellでvCenterに接続して下記の様なスクリプトを実行して無効化を実行(APCのサンプルスクリプト disable_HA.ps1)

#!/usr/bin/pwsh

$server = "10.179.232.198" #"provide Vcenter server IP/hostname"
$username = "pcnsadmin" #"provide username to access vCenter"
$password = "APCapc@123" #"Provide Password to access vCenter server"
$cluster = "C" #"provide Name of the Cluster where Retreat mode needs to be enabled"

$env:HOME = '/root'
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
Connect-VIServer $server -Protocol https -User $username -password $password
$clid = (Get-Cluster $cluster).ID
Write-Host $clid
$myclid = $clid -replace 'ClusterComputeResource-',''
Write-Host $myclid
Get-AdvancedSetting -Entity $server -Name config.vcls.clusters.${myclid}.enabled | Set-AdvancedSetting -Value False -Confirm:$false

##Additional step for VSAN to turn off HA on the cluster
Get-Cluster -Name $cluster | Set-Cluster -HAEnabled:$false -Confirm:$false

Disconnect-VIServer -Force -Confirm:$false

PowerShellでvCenterに接続して下記の様なスクリプトを実行して有効化を実行(APCのサンプルスクリプト enable_HA.ps1)

#!/usr/bin/pwsh

$server = "10.179.232.198" #"provide Vcenter server IP/hostname"
$username = "pcnsadmin" #"provide username to access vCenter"
$password = "APCapc@123" #"Provide Password to access vCenter server"
$cluster = "C" #"provide Name of the Cluster where Retreat mode needs to be disabled"

$env:HOME = '/root'
Connect-VIServer $server -Protocol https -User $username -password $password
$clid = (Get-Cluster $cluster).ID
$myclid = $clid -replace 'ClusterComputeResource-',''
Write-Host $myclid
Get-AdvancedSetting -Entity $server -Name config.vcls.clusters.${myclid}.enabled | Set-AdvancedSetting -Value True  -Confirm:$false

##Additional step for VSAN to turn off HA on the cluster
Get-Cluster -Name $cluster | Set-Cluster -HAEnabled:$true -Confirm:$false

Disconnect-VIServer -Force -Confirm:$false

もう1つはAPCの資料および「PowerChute(TM) Network Shutdown v4.3 for Virtualization 補足説明書 日立編」には設定フローと共に掲載されている手法。

PowerChute Network Shutdownで「VM優先度付け」設定を有効にした上でvCLS仮想マシンを「優先度 高」で設定。vCenterサーバ仮想マシンを「優先度 中」、それ以外を優先度 低などに入れる。

「VMシャットダウン所要時間設定」と「VM起動所要時間設定」で「高」と「中」に対して0秒以上の値を設定

仮想化設定にある”仮想マシンと仮想装置、シャットダウンと起動”設定の「仮想マシンvApp 起動」にチェックを入れる

“ホストメンテナンスモード”の「タイムアウト」を「60秒」に設定

というもの。

綺麗に実行するのであればPowerShellを使った手法のほうが良さそうだ。

ESXi 7.0 Update 1からSDカード/USBメモリ起動の場合に書き込み回数性能が重要になった件について


VMware vSphere / ESXi 7.0 から ESXiのブートディスクの構造が変更になった。

VMware vSphere Blog「vSphere 7 – ESXi System Storage Changes
「ESXi のシステム ストレージの概要」の「ESXi 7.0 のシステム ストレージの変更

ESXi 6.0時代 /scratch となっているパーテーションとかあるが、基本的に起動したあとデータ書き込みはあまりないかたちで運用されていた。

ところがESXi 7.0からは細かく分かれていたパーテーションがESX-OSDataパーテーションに統合されている。しかも、ここに書き込みが行われるようになった。

そして、ESXi 7.0 Update 1 / Update 2においてSDカード / USBメモリへの書き込み手法が変更され、起動ディスクに対して従来と比較すると多量の書き込み操作が実行されることになった。

これにより、ESXi 7.0 Update 1 / Update 2において、SDカード/USBメモリ起動にしている場合に、書き換え回数超過によるSDカード/USBメモリのアクセス不可事例が発生しやすくなっているようだ。

VMware KB VMFS-L Locker partition corruption on SD cards in ESXi 7.0 (83376)
VMware Technolopy Network「SD Boot issue Solution in 7.x

上記KB83376を見ると、ESXi 7.0(初期)ではI/O抑制機能があったが、ESXi 7.0 Update 1ではなくなったことが発生しやすくなった要因の1つであるようだ。

しかも、VMware的には「ESXi のシステム ストレージの概要」で、「ESX-OSData は 高耐久性ストレージ デバイス上に作成する必要があります。」と書いてあるから、書き換え回数上限が低いものを使わないのは当然でしょ、というスタンスな模様。

OEMメーカが選定したSDカードなどが死んだとしても、それはその部材を選んだOEMメーカ側の責任だということらしい。

実際、DELLの「VMware vSphere 7.x on Dell EMC PowerEdge Servers Getting Started Guide」の「Getting started with VMware vSphere」をみると、ESXi 7.0ではSDカードは推奨しない、と書いてある。

NOTE: If you had ordered VMware ESXi with your Dell EMC PowerEdge server, it is preinstalled on your server. The ESXi installer media is required for reinstallation. The Boot Optimized Storage Solution (BOSS) card is the preferred non-HDD or SSD device for VMware ESXi 7.0 installation. The Dell Internal Dual SD Module (IDSDM) install is no longer recommended due to write endurance issues with the SD flash media. For more information, see the Storage Requirements for ESXi 7.0 Installation or Upgrade section on the VMware ESXi Installation and Setup Guide or see VMware Knowledge Base article 2145210.

さて、この問題について、とることができる方策は下記の5つが考えられる。

その1) 高耐久性のものに変更する(USB接続のSSDや、MLCチップのSDカードなど)
その2) 普通のSSDやHDD起動に変更する
その3) ESXi 7.0 Update 2用の現象低減パッチが7月中にリリース予定(ただし、低減、である)
その4) メインメモリを消費してRamdiskを作成し、そこに書き込ませる
その5) あきらめて、壊れたら交換&ESXi再セットアップ

その4の手法はVMware KB83376 内にリンクがあり「High frequency of read operations on VMware Tools image may cause SD card corruption (2149257)」で説明されている。

ドキュメント的にはESXi 6.0 と ESXi 6.5用になっているが、ESXi 7.0でも適用できるようだ。

ESXi 7.0のshellに入って、現在の /UserVars/ToolsRamdisk の設定を確認

# esxcli system settings advanced list -o /UserVars/ToolsRamdisk
   Path: /UserVars/ToolsRamdisk
   Type: integer
   Int Value: 0
   Default Int Value: 0
   Min Value: 0
   Max Value: 1
   String Value:
   Default String Value:
   Valid Characters:
   Description: Use VMware Tools repository from /tools ramdisk.
#

「Int Value: 0」ということなので、現在は「0」となっている。

これを1に変更するため、以下を実行する

# esxcli system settings advanced set -o /UserVars/ToolsRamdisk -i 1
#

変更が反映されたか確認

# esxcli system settings advanced list -o /UserVars/ToolsRamdisk
   Path: /UserVars/ToolsRamdisk
   Type: integer
   Int Value: 1
   Default Int Value: 0
   Min Value: 0
   Max Value: 1
   String Value:
   Default String Value:
   Valid Characters:
   Description: Use VMware Tools repository from /tools ramdisk.
#

「Int Value: 1」となっていたら変更されている。

この後、ESXi を再起動して、RAMディスクを実際に稼働させる。

ESXi設定のバックアップ&リストア

SDカード/USBメモリが壊れることを許容する場合、ESXiの設定ファイルをバックアップしておき、再セットアップ時にリストアする、という手法が考えられる。

手法はVMware KB「ESXi ホストの構成のバックアップ方法 (2042141)

リストアの際、ESXiにIPアドレスを割り当てておく必要がある。


具体的にどれくらいの書き込み要求があるんだろう?と調べて見た。

DELL PartnerSEつぶやきブログ「BOSSってなんだろう?」から、ESXiが要求するSSD/Flashデバイスに対する要求要件が書かれた「vSphere SSD and Flash Device Support (2145210)」を発見

それによると下記のようになっている。

Table 1: SSD/Flash Endurance Requirements 

SSD/Flash Device Use CaseJEDEC Endurance RequirementWorkload CharectizationNotes
Host Swap Cache365 TBW or betterRandom, infrequent writesHost memory rarely overcommitted
3650 TBW or betterRandom, frequent writesHost memory routinely overcommitted
Regular Datastore3650 TBW or better1Virtual Machine workload dependentSize >= 1TB needs more endurance
vSphere Flash Read Cache (VFlash)365 TBW or betterVirtual Machine workload dependentSize <= 4TB
ESXi Boot Device0.5 TBW minimum2
2 TBW recommended2,6
Sequential (WAF <10)Size >= 4GB3
ESXi Coredump Device0.1 TBW minimum2,4Extremely sequential (WAF ~1)Size >= 4GB3,4
ESXi Logging Device64 TBW (dedicated device)
128 TBW (colocated) 2,5
Sequential7
(WAF < 100 block mode, WAF < 10 page mode)
Size >= 4GB2,3

ESXi起動デバイスとしては2TBWぐらいだったものが、ログデバイスとしての128TBWぐらいが要求され、USBメモリ上を仮想マシンを置く用のVMFSデータストアとしての使うとなると3650TBWが要求される、などと、起動ディスクとして使うだけの場合より50倍以上の要求がある、ということがわかった。

そりゃ、あっさり死にますね

ESXiのみ環境でPowerCLIを使ってテンプレートもどきの動作をする手法


vCenterサーバがない、ESXiサーバのみ環境ではテンプレート機能が使用できない。

とはいえ、テンプレート化した仮想マシンの中身を見ると、ふつうと同じく仮想ハードディスクのvmdkファイルが存在しているので、vmdkファイルをコピーして、新規仮想マシンを作成するPowerCLIスクリプトをかけば、似たようなことができるな、と実験。

準備するもの

・PowerCLIをインストールした環境
Windows 10で実行したが、Linux環境にPowerShell+PowerCLIをセットアップしてもいけるはず。

・Windowsの場合、sysprepを実行してシャットダウンしたvmdkファイル
sysprepを実行して、次回起動時に初期セットアップが開始されるようにしたvmdkファイル。
VMware-toolsはインストール済みであることが望ましい。

・Linuxの場合、下記の情報などを削除
RHEL7の仮想化の導入および管理ガイド第4章 仮想マシンのクローン作成によれば
/etc/udev/rules.d/70-persistent-net.rules を削除
/etc/ssh/ssh_host_* を削除
/etc/sysconfig/network-scripts/ifcfg-eth* などから IPADDRESS,NETMASK,HWADDRなどの値削除

スクリプト本体

Import-Module VMware.VimAutomation.Core

#Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

$vcenterserver="ESXiサーバ"
$vcenteruser="ユーザ名"
$vcenterpassword="パスワード"

$targetdatastore="仮想マシンをおくデータストア名"

# 仮想マシンの名前 / ランダムで作成して、あとから変更する手法
$vmnamebase="NewVM_"
$vmnametmp=Get-Random
$vmname=$vmnamebase+$vmnametmp

# 仮想マシンスペックと接続ネットワーク指定
$vcpu=2
$vmem=6
$network="VM Network"

# 指定できるGuestOSのIDを調べるには下記を実行すること
#   PowerCLIがサポートしている一覧 
#   [VMware.Vim.VirtualMachineGuestOsIdentifier].GetEnumValues()
# 代表的なもの
# windows8Server64Guest = Windows2012
# windows9Server64Guest = Windows2016
#$vmguestosid="windows9Server64Guest"

# 元ネタのWindowsが入ったvmdkファイルの指定
# 構築時にBIOS環境かEFI環境のどちらで作ったのか注意
$vmdkfilepath="[データストア名] windows2019/windows2019.vmdk"
$vmguestosid="windows9Server64Guest"
#$vmdkfilepath="[データストア名] win2016/win2016.vmdk"
#$vmguestosid="windows9Server64Guest"
#$vmdkfilepath="[データストア名] win2012/win2012.vmdk"
#$vmguestosid="windows8Server64Guest"
# 上記の元ネタが置いてあるデータストア名を下記でも指定する
$sourcedatastore ="データストア名"

# vCenterまたはESXiサーバに接続
Connect-VIServer -Server $vcenterserver -User $vcenteruser -Password $vcenterpassword -WarningAction 0
# パスワードを書きたくない場合は
# New-VICredentialStoreItem -Host $vcenterserver -User $vcenteruser -Password $vcenterpassword
# を実行すると、資格情報保存域に登録され、以降は下記だけで接続できるようになる
# Connect-VIServer -Server $vcenterserver

$virtualportgroup=Get-VirtualPortGroup -Name $network
$datastore=Get-Datastore -Name $targetdatastore
$vm=New-VM -Name $vmname -NumCpu $vcpu -MemoryGB $vmem -Portgroup $virtualportgroup -Datastore $datastore -DiskStorageFormat Thin -GuestID $vmguestosid -HardwareVersion vmx-14


$olddiskinfo=Get-Vm $vmname|Get-Harddisk # 一時的に作られたディスクの情報を保存
$sourcevmdk=Get-HardDisk -Datastore $sourcedatastore -DatastorePath $vmdkfilepath
# ディスクの削除
Remove-HardDisk -HardDisk $olddiskinfo -Confirm:$false


# コピー先データストアのパスを生成
$targetvmdktmp=$olddiskinfo.Filename
$ed=$targetvmdktmp.LastIndexOf("/")
$targetvmdk=$targetvmdktmp.Substring(0,$ed+1) # コピー先のパス

# OSが入ったvmdkのコピー
$adddiskinfo=Copy-HardDisk -Harddisk $sourcevmdk -DestinationPath $targetvmdk -DestinationStorageFormat Thin

#$vm = get-Vm $vmname
New-HardDisk -VM $vm -DiskPath $adddiskinfo.Filename

Get-ScsiController -VM $vm | Set-ScsiController -Type VirtualLsiLogicSAS

# 仮想マシン設定変更用オブジェクト定義
$newSpec = New-Object VMware.Vim.VirtualMachineConfigSpec

# USBコントローラの追加
# これがないとWindows環境でマウスが動かない
# https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Where-is-the-quot-Get-USBController-quot-cmdlet-Same-with-Remove/td-p/2155582
# 上記だとUSB 2.0コントローラ追加
$newSpec.deviceChange = New-Object VMware.Vim.VirtualDeviceConfigSpec[] (1)
$newSpec.deviceChange[0] = New-Object VMware.Vim.VirtualDeviceConfigSpec
$newSpec.deviceChange[0].operation = "add"
#$newSpec.deviceChange[0].device = New-Object VMware.Vim.VirtualUSBController # USB2.0コントローラ
$newSpec.deviceChange[0].device = New-Object VMware.Vim.VirtualUSBXHCIController # USB3.0コントローラ

# EFIかBIOSか
# https://docs.vmware.com/jp/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-vms.doc/GUID-898217D4-689D-4EB5-866C-888353FE241C.html
#https://github.com/vmware/PowerCLI-Example-Scripts/blob/master/Scripts/SecureBoot.ps1
# BIOSを設定する場合は、SecureBootをdisableにする必要がある
#$newSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
# 仮想マシン起動オプション変更用オブジェクト定義
$bootOptions = New-Object VMware.Vim.VirtualMachineBootOptions
#$newSpec.Firmware = [VMware.Vim.GuestOsDescriptorFirmwareType]::efi
#$bootOptions.EfiSecureBootEnabled = $true
$newSpec.Firmware = [VMware.Vim.GuestOsDescriptorFirmwareType]::bios
$bootOptions.EfiSecureBootEnabled = $false
$newSpec.BootOptions=$bootOptions


# 仮想マシンへの設定反映
#(get-view $vm).ReconfigVM_Task($newSpec)
$vm.ExtensionData.ReconfigVM($newSpec)


# 接続切断
Disconnect-VIServer -Server $vcenterserver -Confirm:$false

解説

仮想マシンにハードディスクを追加する

仮想マシンに新しく空っぽのハードディスクを追加する場合は、「New-HardDisk -VM 仮想マシン ~」で指定するが、Copy-HardDiskでコピーしてきたハードディスクを登録する場合が分かりづらかった。

結果としては、新規と同じく「New-HardDisk -VM 仮想マシン ~」でよかった。

今回の場合は、CopyHardDiskを実行した結果を変数にいれて、それをNew-HardDIskで登録、という形にした。

$adddiskinfo=Copy-HardDisk -Harddisk $sourcevmdk -DestinationPath $targetvmdk -DestinationStorageFormat Thin

$vm = get-Vm $vmname
New-HardDisk -VM $vm -DiskPath $adddiskinfo.Filename

仮想マシンハードウェアにUSB 3.0コントローラを追加する

Host Clientから作成した場合は、USB 3.0コントローラが作成されていたが、New-VMコマンドでは作成されなかった。このため、Windowsが起動した後にUSBマウスが存在できず、マウス操作ができなかった。(キーボードはPS/2キーボード扱いとして使えたようだった)

このUSB 3.0コントローラを追加するための操作がわからず、いろいろ調べたところ「Where is the “Get-USBController” cmdlet? (Same with Remove- and New-)」の記述を見て、USB 2.0コントローラの追加手法が分かった。

その後、VirtualUSBController を起点に調べることで、 xHCIはVirtualUSBXHCIControllerという名前であることがわかり、解決した

$vm=Get-VM -Name 仮想マシン名
$newSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
$newSpec.deviceChange = New-Object VMware.Vim.VirtualDeviceConfigSpec[] (1)
$newSpec.deviceChange[0] = New-Object VMware.Vim.VirtualDeviceConfigSpec
$newSpec.deviceChange[0].operation = "add"
#$newSpec.deviceChange[0].device = New-Object VMware.Vim.VirtualUSBController # USB2.0コントローラ
$newSpec.deviceChange[0].device = New-Object VMware.Vim.VirtualUSBXHCIController # USB3.0コントローラ

# 仮想マシンへの設定反映
#(get-view $vm).ReconfigVM_Task($newSpec)
$vm.ExtensionData.ReconfigVM($newSpec)

設定を反映する部分は、ネタ元では「Get-View」を使っていたが、後述のSecureBootについての結果ではGet-VM経由で実施しているスクリプトがあったので、それを使用している。

BIOS/EFI切り替え

仮想マシンをBIOS起動にするか、EFI起動にするかを設定する手法。

2021現在のPowerCLIでNew-VMした時のデフォルトはEFI起動でセキュアブート有効になっている。

これをBIOS起動に設定する場合は、セキュアブートを無効にしてからBIOSに切り替える必要があるので下記にようになる。

$vm=Get-VM -Name 仮想マシン名
$newSpec = New-Object VMware.Vim.VirtualMachineConfigSpec

$bootOptions = New-Object VMware.Vim.VirtualMachineBootOptions
$bootOptions.EfiSecureBootEnabled = $false
$newSpec.BootOptions=$bootOptions

$newSpec.Firmware = [VMware.Vim.GuestOsDescriptorFirmwareType]::bios

$vm.ExtensionData.ReconfigVM($newSpec)



OVAファイルをOVFに変換する


NetAppシミュレータの古いバージョンは圧縮ありのOVAファイルで提供されている。

これをvSphere 7.0環境で使おうとすると、圧縮されているので使えない、と拒否される。

変換ツールを使ってもよいのだが、手動でも変換できる

OVAファイルは中にovfファイルとvmdkファイルが入っているだけのtarファイルなので、7zipなどのツールを使って展開できる。

vsphere 7.0ではvmdk.gzは使えないので、これも展開する

OVFファイルの中身はXMLファイルとなっていて、元の中身は、vmdk.gzのファイルを指定している。

これを展開後のファイル名とファイルサイズに置き換える

また「ovf:compression=”gzip”」という記述も削除する

こうやって出来たOVFファイルとVMDKファイルを複数指定してvSphereで読み込ませる。

読み込ませる下記の様な形で「5ファイル」という表示になる

記述に問題なければOVFテンプレートのデプロイが継続できる。

CLIでvSphere 7.0のvCenter Server アプライアンスを構築


現場でvSphere 7.0環境のvCSAが死んで再構築が必要になった。

Windows環境は無い。LinuxのX-Window環境があるので、vcsa-ui-installer/lin64/installer を実行してインストール、と思ったが要求されるライブラリが多くインストールされていないやつもあったので、断念。

CLIインストーラを使ってインストールを実施した。

vCenter Server アプライアンスの CLI デプロイ」に従って実行

まず必要なものは「vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json」を書き換えできる場所にコピーしての編集。

「cp embedded_vCSA_on_ESXi.json ~/」とかでコピーして、「vi ~/embedded_vCSA_on_ESXi.json」で編集という感じ。

変更前と変更後の差分はこんな感じ

[root@linux install]# diff -u embedded_vCSA_on_ESXi.json ~/embedded_vCSA_on_ESXi.json
--- embedded_vCSA_on_ESXi.json  2020-10-07 08:13:20.000000000 +0900
+++ /root/embedded_vCSA_on_ESXi.json    2021-02-05 13:14:42.125631193 +0900
@@ -3,11 +3,11 @@
     "__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.",
     "new_vcsa": {
         "esxi": {
-            "hostname": "<FQDN or IP address of the ESXi host on which to deploy the new appliance>",
+            "hostname": "ESXiサーバのIP",
             "username": "root",
-            "password": "<Password of the ESXi host root user. If left blank, or omitted, you will be prompted to enter it at the command console during template verification.>",
+            "password": "ESXiのrootユーザパスワード",
             "deployment_network": "VM Network",
-            "datastore": "<A specific ESXi host datastore, or a specific datastore in a datastore cluster.>"
+            "datastore": "配置するデータストア名"
         },
         "appliance": {
             "__comments": [
@@ -20,21 +20,21 @@
         "network": {
             "ip_family": "ipv4",
             "mode": "static",
-            "system_name": "<FQDN or IP address for the appliance. Optional when the mode is Static. Remove this if using dhcp.>",
-            "ip": "<Static IP address. Remove this if using dhcp.>",
-            "prefix": "<Network prefix length. Use only when the mode is 'static'. Remove if the mode is 'dhcp'. This is the number of bits set in the subnet mask; for instance, if the subnet mask is 255.255.255.0, there are 24 bits in the binary version of the subnet mask, so the prefix length is 24. If used, the values must be in the inclusive range of 0 to 32 for IPv4 and 0 to 128 for IPv6.>",
-            "gateway": "<Gateway IP address. Remove this if using dhcp.>",
+            "system_name": "vCSAのIPかホスト名",
+            "ip": "vCSAのIP",
+            "prefix": "ネットマスクの数字(255.255.0.0じゃなくて16という方)",
+            "gateway": "ゲートウェイIP",
             "dns_servers": [
-                "<DNS Server IP Address. Optional when the mode is Static. Remove this if using dhcp.>"
+                "DNSサーバIP"
             ]
         },
         "os": {
-            "password": "<Appliance root password; refer to --template-help for password policy. If left blank, or omitted, you will be prompted to enter it at the command console during template verification.>",
-            "ntp_servers": "time.nist.gov",
-            "ssh_enable": false
+            "password": "vCSAのrootユーザパスワード",
+            "ntp_servers": "ntp.jst.mfeed.ad.jp",
+            "ssh_enable": true
         },
         "sso": {
-            "password": "<vCenter Single Sign-On administrator password; refer to --template-help for password policy. If left blank, or omitted, you will be prompted to enter it at the command console during template verification.>",
+            "password": "administrator@vsphere.localのパスワード",
             "domain_name": "vsphere.local"
         }
     },
@@ -66,7 +66,7 @@
             ]
         },
         "settings": {
-            "ceip_enabled": true
+            "ceip_enabled": false
         }
     }
 }
[root@linux install]#

次に vcsa-cli-installer/lin64 に移動してjsonファイルのチェック

CLI を使用した vCenter Serverアプライアンスのデプロイ」では、「vcsa-deploy install –precheck-only path_to_the_json_file」と書かれているが、–accept-eulaオプションをつけないとチェックはエラーになった。

[root@linux lin64]# ./vcsa-deploy install --precheck-only ~/embedded_vCSA_o
n_ESXi.json
Run the installer with "-v" or "--verbose" to log detailed information
Updating log file location, copying '/tmp/vcsaCliInstaller-2021-02-05-04-21-htfiph1c/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2021-02-05-04-21-htfiph1c/workflow_1612498885977/vcsa-cli-installer.log.bak'
Consuming the installer build:16998074
Workflow log-dir
/tmp/vcsaCliInstaller-2021-02-05-04-21-htfiph1c/workflow_1612498885977
====== [START] Start executing Task: To validate CLI options at 04:21:26 ======
<略>

================ [FAILED] Task: CLIOptionsValidationTask: Executing CLI
optionsValidation task execution failed at 04:21:26 ================
================================================================================
Error message: You must pass in the --accept-eula option to accept the EULA and
install the product.
=================================== 04:21:26 ===================================
Result and Log File Information...
WorkFlow log directory:
/tmp/vcsaCliInstaller-2021-02-05-04-21-htfiph1c/workflow_1612498885977
[root@linux lin64]# 

改めて「./vcsa-deploy install –precheck-only ~/embedded_vCSA_o
n_ESXi.json」を実行

[root@linux lin64]# ./vcsa-deploy install --precheck-only ~/embedded_vCSA_on_ESXi.json --accept-eula
Run the installer with "-v" or "--verbose" to log detailed information
Updating log file location, copying '/tmp/vcsaCliInstaller-2021-02-05-04-21-it2_kphe/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2021-02-05-04-21-it2_kphe/workflow_1612498903626/vcsa-cli-installer.log.bak'
Consuming the installer build:16998074
Workflow log-dir
/tmp/vcsaCliInstaller-2021-02-05-04-21-it2_kphe/workflow_1612498903626
====== [START] Start executing Task: To validate CLI options at 04:21:43 ======
Command line arguments verfied.
 [SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI
optionsValidation task' in TaskFlow 'template_validation' at 04:21:43
 [START] Start executing Task: To validate the syntax of the template. at
04:21:43
Template syntax validation for template '/root/embedded_vCSA_on_ESXi.json'
succeeded.
Syntax validation for all templates succeeded.
 [SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing
Template Syntax Validation task' in TaskFlow 'template_validation' at 04:21:43
 [START] Start executing Task: To check the version of each template, and for
each older template that supports CEIP, convert it to the latest template
format, and save it to the Template Blackboard at 04:21:44
CEIP is not enabled because the template key 'ceip_enabled' in section 'ceip',
subsection 'settings' in template '/root/embedded_vCSA_on_ESXi.json' was set to
'false'.
CEIP is not enabled because the template key 'ceip_enabled' in section 'ceip',
subsection 'settings' in template '/root/embedded_vCSA_on_ESXi.json' was set to
'false'.
CEIP is not enabled because the template key 'ceip_enabled' in section 'ceip',
subsection 'settings' in template '/root/embedded_vCSA_on_ESXi.json' was set to
'false'.
Template version processing for template '/root/embedded_vCSA_on_ESXi.json'
succeeded.
Version processing for all templates succeeded.
 [SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing
Template Version Processing task' in TaskFlow 'template_validation' at 04:21:44
 [START] Start executing Task: To validate the template structure against the
rules specified by a corresponding template schema. at 04:21:44
Template structure validation for template '/root/embedded_vCSA_on_ESXi.json'
succeeded.
Structure validation for all templates succeeded.
 [SUCCEEDED] Successfully executed Task 'StructureValidationTask: Executing
Template Structure Validation task' in TaskFlow 'template_validation' at
04:21:46
 [START] Start executing Task: To create a dependency graph for the provided
templates, with an edge pairing two templates that are dependent on each other.
Such graph relationships will affect whether certain templates can be deployed
in parallel, or must be deployed sequentially. at 04:21:46
Dependency processing for all templates succeeded.
 [SUCCEEDED] Successfully executed Task 'DependencyProcessingTask: Executing
Template Dependency Processing task' in TaskFlow 'template_validation' at
04:21:46
 [START] Start executing Task: Validate that requirements are met in the source
VCSA. at 04:21:48
InstallRequirementCollector: Reached gathering requirement
 [SUCCEEDED] Successfully executed Task 'SrcRequirementTask: Running
SrcRequirementTask' in TaskFlow 'embedded_vCSA_on_ESXi' at 04:21:48
====== [START] Start executing Task: Perform precheck tasks. at 04:21:48 ======
 [START] Start executing Task: Verify that the provided credentials for the
target ESXi/VC are valid at 04:21:48
Retrying the connection with certificate thumbprint check...
If an untrusted SSL certificate is installed on '172.17.44.10', secure
communication cannot be guaranteed. Depending on your security policy, this
issue could represent a security concern.
The SHA-1 thumbprint of the certificate is
'1B:AE:E9:A0:98:6C:AF:D7:D4:30:73:22:0E:3D:AF:21:12:1C:9A:C7'
Do you accept the thumbprint?
1: Accept and continue.
2: Do not accept and exit.
Enter '1' or '2': 1
You have accepted the server certificate's thumbprint
'1B:AE:E9:A0:98:6C:AF:D7:D4:30:73:22:0E:3D:AF:21:12:1C:9A:C7'.
 [SUCCEEDED] Successfully executed Task 'Running precheck: TargetCredentials' in
TaskFlow 'install' at 04:22:01
 [START] Start executing Task: Verify the target host type matches the one given
in the template at 04:22:02
 [SUCCEEDED] Successfully executed Task 'Running precheck: TargetHostType' in
TaskFlow 'install' at 04:22:02
 [START] Start executing Task: Verify that the target ESXi or VC version meets
the minimum requirements at 04:22:02
 [SUCCEEDED] Successfully executed Task 'Running precheck: TargetVersion' in
TaskFlow 'install' at 04:22:02
 [START] Start executing Task: Validate that the OVA image has the required OVA
properties. at 04:22:02
 [SUCCEEDED] Successfully executed Task 'Running precheck: OVAProperties.' in
TaskFlow 'install' at 04:22:02
 [START] Start executing Task: Validate the provided ip/fqdn is available to use
at 04:22:03
Pinging IPv4 address 172.17.44.100
172.17.44.100 is unreachable.
Pinging IPv4 address 172.17.44.100
Pinging IPv4 address 172.17.44.100
Pinging IPv4 address 172.17.44.100
172.17.44.100 is unreachable.
 [SUCCEEDED] Successfully executed Task 'Running precheck: IpFqdnInUse' in
TaskFlow 'install' at 04:22:15
 [SUCCEEDED] Successfully executed Task 'Running precheck:
LinkingTargetHostnameValidation' in TaskFlow 'install' at 04:22:15
 [START] Start executing Task: Validate the target ESXi management status at
04:22:15
DRS Warning:  The target ESXi host '172.17.44.10' is managed by vCenter Server
'172.17.44.11'.  If any of these hosts are in a cluster, and DRS is enabled,
vMotion can take effect and adversely impact the installation, upgrade, or
migration processes.  It is recommended that you use the *_on_VC.json template
file for the target ESXi host if it is managed by a vCenter Server, and ensure
the ESXi hosts you have specified are not members of clusters with DRS set to
Fully Automated during the installation, upgrade, or migration processes.
 [SUCCEEDED] Successfully executed Task 'Running precheck: ESXManagementStatus'
in TaskFlow 'install' at 04:22:15
 [START] Start executing Task: Precheck CPU, memory and datastore size
requirements for a host. at 04:22:16
 [SUCCEEDED] Successfully executed Task 'Running precheck: HostConfigs' in
TaskFlow 'install' at 04:22:20
 [START] Start executing Task: Validate the provided target appliance name is
available to use at 04:22:20
 [SUCCEEDED] Successfully executed Task 'Running precheck: ApplianceName' in
TaskFlow 'install' at 04:22:21
================== [START] Start executing Task:  at 04:22:21 ==================
= [SUCCEEDED] Successfully executed Task '' in TaskFlow 'install' at 04:22:21 =
 [START] Start executing Task: Check whether the datastore's free space
accommodate the VCSA's deployment option at 04:22:22
 [SUCCEEDED] Successfully executed Task 'Running precheck: TargetDsFreespace' in
TaskFlow 'install' at 04:22:22
 [START] Start executing Task: Verify the provided SSO info is valid by
connecting to the STS service. at 04:22:22
 [SUCCEEDED] Successfully executed Task 'Running precheck: SSOCredentials' in
TaskFlow 'install' at 04:22:22
 [START] Start executing Task: Verify that the provided external SSO
(PSC)/Embedded info is valid at 04:22:22
 [SUCCEEDED] Successfully executed Task 'Running precheck: SSOExternal' in
TaskFlow 'install' at 04:22:22
 [SUCCEEDED] Successfully executed Task 'PrecheckTask: Running prechecks.' in
TaskFlow 'embedded_vCSA_on_ESXi' at 04:22:22
 [START] Start executing Task: Invoke OVF Tool to deploy VCSA for installation,
upgrade, and migration at 04:22:23
OVF Tool: Opening OVA source:
/mnt2/vcsa-cli-installer/lin64/../../vcsa/VMware-vCenter-Server-Appliance-7.0.1.00300-17491101_OVF10.ova
OVF Tool: The manifest validates
OVF Tool: The provided certificate is in valid period
OVF Tool: Source is signed but could not verify certificate (possibly
self-signed)
OVF Tool: Certificate information:
OVF Tool:   CertIssuer:/C=US/ST=California/L=Palo Alto/O=VMware, Inc.
OVF Tool:   CertSubject:/C=US/ST=California/L=Palo Alto/O=VMware, Inc.
OVF Tool:   -----BEGIN CERTIFICATE-----
OVF Tool:   MIIDyzCCArOgAwIBAgIJAIR/y018RgMXMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNV
OVF Tool:   BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8x
OVF Tool:   FTATBgNVBAoMDFZNd2FyZSwgSW5jLjAeFw0xNjA5MDgwMTE3MjFaFw0yOTEyMzEw
OVF Tool:   MTE3MjFaME0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYD
OVF Tool:   VQQHDAlQYWxvIEFsdG8xFTATBgNVBAoMDFZNd2FyZSwgSW5jLjCCASAwDQYJKoZI
OVF Tool:   hvcNAQEBBQADggENADCCAQgCggEBALU9NUtC39fqG7yo2XAswUmtli9uA+31uAMw
OVF Tool:   9FFHAEv/it8pzBQZ/4r+2bN+GnXOWhuDd1K4ApKMRvoO4LwQfZxrkx4pXrsu0gdb
OVF Tool:   4OunHw0D8MrdzSoob8Js/uq+IJ+8Bhsc6b7RzTUt9HeDWzHasAJVgMsjehGt23ay
OVF Tool:   9FKOT6dVD6D/Xi3qJnB/4t/XNS6L63dC3ea4guzKDyLaXIP5bf/m56jvVImFjhhT
OVF Tool:   W2ASbnEUlZIVrEuyVcdG7e3FvZufE553JmHL0YG/0m5bIHXKRzBRx0D3HHOAzOKw
OVF Tool:   kkOnxJHSTN4Hz8hSYCWvzUAjSYL3Q8qiTd7GHJ2ynsRnu3KlzKUCAQOjga8wgaww
OVF Tool:   HQYDVR0OBBYEFHg8KQJdm8NPQDmYP41uEgKG+VNwMH0GA1UdIwR2MHSAFHg8KQJd
OVF Tool:   m8NPQDmYP41uEgKG+VNwoVGkTzBNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2Fs
OVF Tool:   aWZvcm5pYTESMBAGA1UEBwwJUGFsbyBBbHRvMRUwEwYDVQQKDAxWTXdhcmUsIElu
OVF Tool:   Yy6CCQCEf8tNfEYDFzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAD
OVF Tool:   K9uUhsXzpuUcWJq83Vh2HHSxZ/DdR6h+FNYHfEX8h8DOIwhRHhIHoqXkwwnpbjip
OVF Tool:   FBtSzNKzTmzMQBwB7GwzGSsBO2TU8alX2ssnDg2AqwgIeLzclfaQlYoid678Krew
OVF Tool:   nFryr9PYMntr7uyU1duesmey12GS2z5UIhA4BaOnrPJcLCP22nXVlPEsa46ob7XH
OVF Tool:   j4ngZ0ck/qE58Z90GaAuxaa2R3OlHQ+AhXc3q5IixqMDa0MLPd41Qv2kC5iZ+tCf
OVF Tool:   XVdlf4/RqQBNHR8FFVxcjpaROId9Y9/yHdsMt55nN7pf7vRf5vSk1bHvLmlOYgiR
OVF Tool:   tAj6rdPq0c+/C+fct1cM
OVF Tool:   -----END CERTIFICATE-----
OVF Tool: Opening VI target: vi://root@172.17.44.10:443/
OVF Tool: Supported disk provisioning:
OVF Tool:   monolithicSparse
OVF Tool:   monolithicFlat
OVF Tool:   thin
OVF Tool:   thick
OVF Tool:   flat
OVF Tool:   seSparse
OVF Tool:   eagerZeroedThick
OVF Tool: Connected networks:
OVF Tool:   VM Network
OVF Tool:   iSCSI-VM
OVF Tool:   closednetwork
OVF Tool: Deploying to VI: vi://root@172.17.44.10:443/
OVF Tool: Transfer Completed
OVF Tool: Completed successfully
 [SUCCEEDED] Successfully executed Task 'Precheck ovftool commandline parameters
to deploy a vCenter Server Appliance' in TaskFlow 'embedded_vCSA_on_ESXi' at
04:22:36
=================================== 04:22:37 ===================================
Result and Log File Information...
WorkFlow log directory:
/tmp/vcsaCliInstaller-2021-02-05-04-21-it2_kphe/workflow_1612498903626
[root@linux lin64]#

問題は無いようだ。(上記はテストとして既にvCenter管轄下にあるESXiサーバ上にインストールしようとしているので、警告も出ている)

チェックが終わったら「vcsa-deploy install ~/embedded_vCSA_on_ESXi.json –accept-eula」を実行する。

[root@linux lin64]# time ./vcsa-deploy install ~/embedded_vCSA_on_ESXi.json --accept-eula
Run the installer with "-v" or "--verbose" to log detailed information
Updating log file location, copying '/tmp/vcsaCliInstaller-2021-02-05-04-28-tzpju7l4/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2021-02-05-04-28-tzpju7l4/workflow_1612499337346/vcsa-cli-installer.log.bak'
Consuming the installer build:16998074
Workflow log-dir
/tmp/vcsaCliInstaller-2021-02-05-04-28-tzpju7l4/workflow_1612499337346
====== [START] Start executing Task: To validate CLI options at 04:28:57 ======
Command line arguments verfied.
 [SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI
optionsValidation task' in TaskFlow 'template_validation' at 04:28:57
 [START] Start executing Task: To validate the syntax of the template. at
04:28:57
Template syntax validation for template '/root/embedded_vCSA_on_ESXi.json'
succeeded.
Syntax validation for all templates succeeded.
 [SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing
Template Syntax Validation task' in TaskFlow 'template_validation' at 04:28:57
 [START] Start executing Task: To check the version of each template, and for
each older template that supports CEIP, convert it to the latest template
format, and save it to the Template Blackboard at 04:28:57
CEIP is not enabled because the template key 'ceip_enabled' in section 'ceip',
subsection 'settings' in template '/root/embedded_vCSA_on_ESXi.json' was set to
'false'.
CEIP is not enabled because the template key 'ceip_enabled' in section 'ceip',
subsection 'settings' in template '/root/embedded_vCSA_on_ESXi.json' was set to
'false'.
CEIP is not enabled because the template key 'ceip_enabled' in section 'ceip',
subsection 'settings' in template '/root/embedded_vCSA_on_ESXi.json' was set to
'false'.
Template version processing for template '/root/embedded_vCSA_on_ESXi.json'
succeeded.
Version processing for all templates succeeded.
 [SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing
Template Version Processing task' in TaskFlow 'template_validation' at 04:28:57
 [START] Start executing Task: To validate the template structure against the
rules specified by a corresponding template schema. at 04:28:58
Template structure validation for template '/root/embedded_vCSA_on_ESXi.json'
succeeded.
Structure validation for all templates succeeded.
 [SUCCEEDED] Successfully executed Task 'StructureValidationTask: Executing
Template Structure Validation task' in TaskFlow 'template_validation' at
04:28:58
 [START] Start executing Task: To create a dependency graph for the provided
templates, with an edge pairing two templates that are dependent on each other.
Such graph relationships will affect whether certain templates can be deployed
in parallel, or must be deployed sequentially. at 04:28:58
Dependency processing for all templates succeeded.
 [SUCCEEDED] Successfully executed Task 'DependencyProcessingTask: Executing
Template Dependency Processing task' in TaskFlow 'template_validation' at
04:28:58
 [START] Start executing Task: Validate that requirements are met in the source
VCSA. at 04:28:59
InstallRequirementCollector: Reached gathering requirement
 [SUCCEEDED] Successfully executed Task 'SrcRequirementTask: Running
SrcRequirementTask' in TaskFlow 'embedded_vCSA_on_ESXi' at 04:28:59
====== [START] Start executing Task: Perform precheck tasks. at 04:29:00 ======
 [START] Start executing Task: Verify that the provided credentials for the
target ESXi/VC are valid at 04:29:00
Retrying the connection with certificate thumbprint check...
If an untrusted SSL certificate is installed on '172.17.44.10', secure
communication cannot be guaranteed. Depending on your security policy, this
issue could represent a security concern.
The SHA-1 thumbprint of the certificate is
'1B:AE:E9:A0:98:6C:AF:D7:D4:30:73:22:0E:3D:AF:21:12:1C:9A:C7'
Do you accept the thumbprint?
1: Accept and continue.
2: Do not accept and exit.
Enter '1' or '2': 1
You have accepted the server certificate's thumbprint
'1B:AE:E9:A0:98:6C:AF:D7:D4:30:73:22:0E:3D:AF:21:12:1C:9A:C7'.
 [SUCCEEDED] Successfully executed Task 'Running precheck: TargetCredentials' in
TaskFlow 'install' at 04:29:03
 [START] Start executing Task: Verify the target host type matches the one given
in the template at 04:29:03
 [SUCCEEDED] Successfully executed Task 'Running precheck: TargetHostType' in
TaskFlow 'install' at 04:29:03
 [START] Start executing Task: Verify that the target ESXi or VC version meets
the minimum requirements at 04:29:03
 [SUCCEEDED] Successfully executed Task 'Running precheck: TargetVersion' in
TaskFlow 'install' at 04:29:03
 [START] Start executing Task: Validate that the OVA image has the required OVA
properties. at 04:29:04
 [SUCCEEDED] Successfully executed Task 'Running precheck: OVAProperties.' in
TaskFlow 'install' at 04:29:09
 [START] Start executing Task: Validate the provided ip/fqdn is available to use
at 04:29:09
Pinging IPv4 address 172.17.44.100
172.17.44.100 is unreachable.
Pinging IPv4 address 172.17.44.100
Pinging IPv4 address 172.17.44.100
Pinging IPv4 address 172.17.44.100
172.17.44.100 is unreachable.
 [SUCCEEDED] Successfully executed Task 'Running precheck: IpFqdnInUse' in
TaskFlow 'install' at 04:29:21
 [SUCCEEDED] Successfully executed Task 'Running precheck:
LinkingTargetHostnameValidation' in TaskFlow 'install' at 04:29:22
 [START] Start executing Task: Validate the target ESXi management status at
04:29:22
DRS Warning:  The target ESXi host '172.17.44.10' is managed by vCenter Server
'172.17.44.11'.  If any of these hosts are in a cluster, and DRS is enabled,
vMotion can take effect and adversely impact the installation, upgrade, or
migration processes.  It is recommended that you use the *_on_VC.json template
file for the target ESXi host if it is managed by a vCenter Server, and ensure
the ESXi hosts you have specified are not members of clusters with DRS set to
Fully Automated during the installation, upgrade, or migration processes.
 [SUCCEEDED] Successfully executed Task 'Running precheck: ESXManagementStatus'
in TaskFlow 'install' at 04:29:22
 [START] Start executing Task: Precheck CPU, memory and datastore size
requirements for a host. at 04:29:23
 [SUCCEEDED] Successfully executed Task 'Running precheck: HostConfigs' in
TaskFlow 'install' at 04:29:26
 [START] Start executing Task: Validate the provided target appliance name is
available to use at 04:29:26
 [SUCCEEDED] Successfully executed Task 'Running precheck: ApplianceName' in
TaskFlow 'install' at 04:29:27
================== [START] Start executing Task:  at 04:29:27 ==================
= [SUCCEEDED] Successfully executed Task '' in TaskFlow 'install' at 04:29:27 =
 [START] Start executing Task: Check whether the datastore's free space
accommodate the VCSA's deployment option at 04:29:27
 [SUCCEEDED] Successfully executed Task 'Running precheck: TargetDsFreespace' in
TaskFlow 'install' at 04:29:27
 [START] Start executing Task: Verify the provided SSO info is valid by
connecting to the STS service. at 04:29:28
 [SUCCEEDED] Successfully executed Task 'Running precheck: SSOCredentials' in
TaskFlow 'install' at 04:29:28
 [START] Start executing Task: Verify that the provided external SSO
(PSC)/Embedded info is valid at 04:29:28
 [SUCCEEDED] Successfully executed Task 'Running precheck: SSOExternal' in
TaskFlow 'install' at 04:29:28
 [SUCCEEDED] Successfully executed Task 'PrecheckTask: Running prechecks.' in
TaskFlow 'embedded_vCSA_on_ESXi' at 04:29:28
 [START] Start executing Task: Invoke OVF Tool to deploy VCSA for installation,
upgrade, and migration at 04:29:29
OVF Tool: Opening OVA source:
/mnt2/vcsa-cli-installer/lin64/../../vcsa/VMware-vCenter-Server-Appliance-7.0.1.00300-17491101_OVF10.ova
OVF Tool: The manifest validates
OVF Tool: The provided certificate is in valid period
OVF Tool: Source is signed but could not verify certificate (possibly
self-signed)
OVF Tool: Certificate information:
OVF Tool:   CertIssuer:/C=US/ST=California/L=Palo Alto/O=VMware, Inc.
OVF Tool:   CertSubject:/C=US/ST=California/L=Palo Alto/O=VMware, Inc.
OVF Tool:   -----BEGIN CERTIFICATE-----
OVF Tool:   MIIDyzCCArOgAwIBAgIJAIR/y018RgMXMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNV
OVF Tool:   BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8x
OVF Tool:   FTATBgNVBAoMDFZNd2FyZSwgSW5jLjAeFw0xNjA5MDgwMTE3MjFaFw0yOTEyMzEw
OVF Tool:   MTE3MjFaME0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYD
OVF Tool:   VQQHDAlQYWxvIEFsdG8xFTATBgNVBAoMDFZNd2FyZSwgSW5jLjCCASAwDQYJKoZI
OVF Tool:   hvcNAQEBBQADggENADCCAQgCggEBALU9NUtC39fqG7yo2XAswUmtli9uA+31uAMw
OVF Tool:   9FFHAEv/it8pzBQZ/4r+2bN+GnXOWhuDd1K4ApKMRvoO4LwQfZxrkx4pXrsu0gdb
OVF Tool:   4OunHw0D8MrdzSoob8Js/uq+IJ+8Bhsc6b7RzTUt9HeDWzHasAJVgMsjehGt23ay
OVF Tool:   9FKOT6dVD6D/Xi3qJnB/4t/XNS6L63dC3ea4guzKDyLaXIP5bf/m56jvVImFjhhT
OVF Tool:   W2ASbnEUlZIVrEuyVcdG7e3FvZufE553JmHL0YG/0m5bIHXKRzBRx0D3HHOAzOKw
OVF Tool:   kkOnxJHSTN4Hz8hSYCWvzUAjSYL3Q8qiTd7GHJ2ynsRnu3KlzKUCAQOjga8wgaww
OVF Tool:   HQYDVR0OBBYEFHg8KQJdm8NPQDmYP41uEgKG+VNwMH0GA1UdIwR2MHSAFHg8KQJd
OVF Tool:   m8NPQDmYP41uEgKG+VNwoVGkTzBNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2Fs
OVF Tool:   aWZvcm5pYTESMBAGA1UEBwwJUGFsbyBBbHRvMRUwEwYDVQQKDAxWTXdhcmUsIElu
OVF Tool:   Yy6CCQCEf8tNfEYDFzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAD
OVF Tool:   K9uUhsXzpuUcWJq83Vh2HHSxZ/DdR6h+FNYHfEX8h8DOIwhRHhIHoqXkwwnpbjip
OVF Tool:   FBtSzNKzTmzMQBwB7GwzGSsBO2TU8alX2ssnDg2AqwgIeLzclfaQlYoid678Krew
OVF Tool:   nFryr9PYMntr7uyU1duesmey12GS2z5UIhA4BaOnrPJcLCP22nXVlPEsa46ob7XH
OVF Tool:   j4ngZ0ck/qE58Z90GaAuxaa2R3OlHQ+AhXc3q5IixqMDa0MLPd41Qv2kC5iZ+tCf
OVF Tool:   XVdlf4/RqQBNHR8FFVxcjpaROId9Y9/yHdsMt55nN7pf7vRf5vSk1bHvLmlOYgiR
OVF Tool:   tAj6rdPq0c+/C+fct1cM
OVF Tool:   -----END CERTIFICATE-----
OVF Tool: Opening VI target: vi://root@172.17.44.10:443/
OVF Tool: Deploying to VI: vi://root@172.17.44.10:443/
OVF Tool: Disk progress: 99%
OVF Tool: Transfer Completed
OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance
OVF Tool: Task progress: 99%
OVF Tool: Task Completed
OVF Tool: Waiting for IP address...
OVF Tool: Received IP address: fe80::20c:29ff:fe7d:488b
OVF Tool: Completed successfully
 [SUCCEEDED] Successfully executed Task 'Deploying vCenter Server Appliance' in
TaskFlow 'embedded_vCSA_on_ESXi' at 04:38:32
 [START] Start executing Task: Monitor the entire VCSA deployment using
appliance REST API at 04:38:33
Checking if the target VCSA is powered on and ready for operations...
Successfully verified that the target VCSA 'Embedded-vCenter-Server-Appliance'
has been powered on and is now ready for operations
Checking if the target VCSA appliance API is available for query
Failed while trying the connection with certificate validation. Exception:
HTTPSConnectionPool(host='fe80::20c:29ff:fe7d:488b', port=5480): Max retries
exceeded with url: /rest/vcenter/deployment (Caused by
NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at
0x7f0fe50bcdd8>: Failed to establish a new connection: [Errno 22] Invalid
argument',))
Failed while trying the connection with certificate validation. Exception:
HTTPSConnectionPool(host='fe80::20c:29ff:fe7d:488b', port=5480): Max retries
exceeded with url: /rest/vcenter/deployment (Caused by
NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at
0x7f0fe4fbc710>: Failed to establish a new connection: [Errno 22] Invalid
argument',))
Successfully verified that the target VCSA appliance API is available for query
Start monitoring target VCSA deployment, deployment status will be written into:
/tmp/vcsaCliInstaller-2021-02-05-04-28-tzpju7l4/workflow_1612499337346/embedded_vCSA_on_ESXi/vcsa_deployment.json
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(RUNNING 5/100)   - Setting up storage
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(RUNNING 5/100)   - Setting up storage
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(RUNNING 55/100)  - Installed
vmware-afd-7.0.1.9466-17260200.x86_64.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(RUNNING 57/100)  - Installed
vmware-certificate-server-7.0.1.9466-17260200.x86_64.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(RUNNING 58/100)  - Installed
dbcc-7.0.1-17491161.noarch.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(RUNNING 72/100)  - Installed
VMware-vpxd-svcs-7.0.1-17491161.x86_64.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(RUNNING 79/100)  - Installed
vmware-autodeploy-7.0.1-17491163.noarch.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(RUNNING 83/100)  - Installed
vmware-vsm-7.0.1-17491161.x86_64.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(RUNNING 85/100)  - Installed
VMware-wcp-0.0.6-17201796.x86_64.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(RUNNING 85/100)  - Installed
VMware-wcp-0.0.6-17201796.x86_64.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(RUNNING 85/100)  - Installed
VMware-wcp-0.0.6-17201796.x86_64.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(RUNNING 89/100)  - Installed
VMware-content-library-7.0.1-17491101.x86_64.rpm
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 4/100)     - Starting
VMware Authentication Framework...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 10/100)    - Starting
VMware Postgres...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 20/100)    - Starting
VMware Lookup Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 22/100)    - Starting
VMware Security Token Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 22/100)    - Starting
VMware Security Token Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 24/100)    - Starting
VMware Single Sign-On User Creation...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 28/100)    - Starting
VMware License Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 32/100)    - Starting
VMware vAPI Endpoint...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 36/100)    - Starting
VMware vCenter-Services...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 38/100)    - Starting
VMware Certificate Authority Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 46/100)    - Starting
VMware VCSA Observability VAPI Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 57/100)    - Starting
VMware Trust Management Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 59/100)    - Starting
VMware vCenter Server...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 65/100)    - Starting
VMware ESX Agent Manager...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 67/100)    - Starting
VMware Hybrid VC Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 69/100)    - Starting
VMware vSphere Profile-Driven Storage Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 71/100)    - Starting
VMware Update Manager...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 79/100)    - Starting
VMware VSAN Health Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 81/100)    - Starting
VMware vService Manager...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 89/100)    - Starting
Workload Control Plane...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 91/100)    - Starting
VMware Content Library Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 91/100)    - Starting
VMware Content Library Service...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(RUNNING 97/100)    - Starting
VMware Performance Charts...
VCSA Deployment is still running
==========VCSA Deployment Progress Report==========         Task: Install
required RPMs for the appliance.(SUCCEEDED 100/100)       - Task has completed
successfully.         Task: Run firstboot scripts.(SUCCEEDED 100/100) - Task has
completed successfully.
Successfully completed VCSA deployment.  VCSA Deployment Start Time:
2021-02-05T04:37:54.577Z VCSA Deployment End Time: 2021-02-05T04:57:45.067Z
 [SUCCEEDED] Successfully executed Task 'MonitorDeploymentTask: Monitoring
Deployment' in TaskFlow 'embedded_vCSA_on_ESXi' at 04:58:11
Monitoring VCSA Deploy task completed
== [START] Start executing Task: Join active domain if necessary at 04:58:11 ==
Domain join task not applicable, skipping task
 [SUCCEEDED] Successfully executed Task 'Running deployment: Domain Join' in
TaskFlow 'embedded_vCSA_on_ESXi' at 04:58:11
 [START] Start executing Task: Provide the login information about new
appliance. at 04:58:12
    Appliance Name: Embedded-vCenter-Server-Appliance
    System Name: dhcp100.example.com
    System IP: 172.17.44.100
    Log in as: Administrator@vsphere.local
 [SUCCEEDED] Successfully executed Task 'ApplianceLoginSummaryTask: Provide
appliance login information.' in TaskFlow 'embedded_vCSA_on_ESXi' at 04:58:12
=================================== 04:58:13 ===================================
Result and Log File Information...
WorkFlow log directory:
/tmp/vcsaCliInstaller-2021-02-05-04-28-tzpju7l4/workflow_1612499337346

real    29m18.141s
user    2m51.621s
sys     0m24.242s
[root@linux lin64]#

おや?vCenterのホスト名が指定したIPアドレスに設定してあった逆引きホスト名で勝手に設定されてしまいました。

これはちょっと予想外。

それ以外は特に問題無く完了しました。