Hammad Alam

Jun 25, 20193 min read

Installing NSX-T (2.3) on Centos 7.4

Install a VM with 3 NICs, first for Management and other two for TEP (A/S)

Make sure CPU virtualization support is enabled.

4 CPU and 16 GB RAM min

Validate that the following matches and also, if any of the commands fail to run, ensure you install the appropriate dependencies:

[root@centos-kvm1 ~]# cat /etc/centos-release

CentOS Linux release 7.4.1708 (Core)

[root@centos-kvm1 ~]# rpm --query centos-release

centos-release-7-4.1708.el7.centos.x86_64

[root@centos-kvm1 ~]# python -c "import platform; print platform.linux_distribution()[1];"

7.4.1708

[root@centos-kvm1 ~]# lsb_release --release | cut -f2 | cut -b -3

7.4

As per documentation, add the exclude line to following

[root@centos-kvm1 ~]#  more /etc/yum.conf 
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
exclude=kernel* redhat-release*

#  This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
#  It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d

As per documentation, install the following:

yum groupinstall "Virtualization Hypervisor"

yum groupinstall "Virtualization Client"

yum groupinstall "Virtualization Platform"

yum groupinstall "Virtualization Tools"

Now install the following as well because our installer may miss some of these

yum groupinstall "Virtualization Hypervisor"

yum groupinstall "Virtualization Client"

yum groupinstall "Virtualization Platform"

yum groupinstall "Virtualization Tools"

yum install cyrus-sasl

yum install cyrus-sasl-gssapi

yum install libvirt-libs,lsof

yum install nmap-ncat

yum install yajl

yum install cyrus-sasl-libl

yum install redhat-lsb-core   PR<--2230870

yum install python-six

yum install wget

yum install tcpdump

yum install boost-filesystem

yum install PyYAML

yum install boost-chrono

yum install python-mako

yum install python-netaddr

yum install libunwind

yum install boost-date-time

yum install c-ares

yum install libev

yum install python-gevent

yum install python-greenlet

yum install net-tools

At this time, you should be able to add the Host to NSX-T as CentOS KVM

Now create the transport node:

Troubleshooting

You shouldn't have to modify the following files but sharing for completeness. If there are failures, try to create the files and put the content only in ifcfg-br0 first. Reboot

If the transport node creation fails saying it could not find your nic card, you may need to do the following:

Look at the output of ip addr and notice that there is no br0. ens192 is my first nic used for mgmt, ens224 and ens256 are supposed to be for TEP

[root@centos-kvm1 ~]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

    link/ether 00:50:56:91:d1:01 brd ff:ff:ff:ff:ff:ff

    inet 10.29.12.145/27 brd 10.29.12.159 scope global ens192

       valid_lft forever preferred_lft forever

    inet6 fe80::58a:5843:dff9:d5d5/64 scope link

       valid_lft forever preferred_lft forever

3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

    link/ether 00:50:56:91:fc:81 brd ff:ff:ff:ff:ff:ff

4: ens256: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

    link/ether 00:50:56:91:db:22 brd ff:ff:ff:ff:ff:ff

5: ovs-gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN qlen 1000

    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff

6: ovs-erspan0@NONE: <BROADCAST,MULTICAST> mtu 1446 qdisc noop state DOWN qlen 1000

    link/ether 66:ed:cd:fe:67:60 brd ff:ff:ff:ff:ff:ff

7: ovs-gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN qlen 1

    link/gre 0.0.0.0 brd 0.0.0.0

8: ovs-ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN qlen 1

    link/[823] 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

9: ovs-ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN qlen 1

    link/tunnel6 :: brd ::

11: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

    link/ether 26:c5:4e:16:8f:84 brd ff:ff:ff:ff:ff:ff

12: nsx-switch.0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

    link/ether a6:01:5b:15:d4:4f brd ff:ff:ff:ff:ff:ff

13: nsx-managed: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

    link/ether 12:44:82:79:bb:43 brd ff:ff:ff:ff:ff:ff

/etc/sysconfig/network-scripts/ifcfg-br0

[root@centos-kvm1 ~]# more /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE="br0"

BOOTPROTO="dhcp"

NM_CONTROLLED="no"

ONBOOT="yes"

TYPE="Bridge"

/etc/sysconfig/network-scripts/ifcfg-ens192

[root@centos-kvm1 ~]# more /etc/sysconfig/network-scripts/ifcfg-ens192

TYPE="Ethernet"

PROXY_METHOD="none"

BROWSER_ONLY="no"

BOOTPROTO="none"

DEFROUTE="yes"

IPV4_FAILURE_FATAL="no"

IPV6INIT="yes"

IPV6_AUTOCONF="yes"

IPV6_DEFROUTE="yes"

IPV6_FAILURE_FATAL="no"

IPV6_ADDR_GEN_MODE="stable-privacy"

NAME="ens192"

UUID="31ad3cce-2b12-41fa-8ee2-f8613b92128b"

DEVICE="ens192"

ONBOOT="yes"

IPADDR="10.29.12.145"

PREFIX="27"

GATEWAY="10.29.12.129"

DNS1="10.29.12.133"

DOMAIN="nsxt.local"

IPV6_PRIVACY="no"

/etc/sysconfig/network-scripts/ifcfg-ens224

[root@centos-kvm1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens224

##nsxa generated section start; do NOT change or remove this line

BOOTPROTO=static

DEFROUTE=no

IPV6INIT=no

IPV6_AUTOCONF=no

ONBOOT=yes

MTU=1600

##nsxa generated section end; do NOT change or remove this line

DEVICE="ens224"

##nsxa BOOTPROTO="none"

NAME="ens224"

TYPE="Ethernet"

##nsxa ONBOOT="yes"

NM_CONTROLLED="no"

/etc/sysconfig/network-scripts/ifcfg-ens256

[root@centos-kvm1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens256

##nsxa generated section start; do NOT change or remove this line

BOOTPROTO=static

DEFROUTE=no

IPV6INIT=no

IPV6_AUTOCONF=no

ONBOOT=yes

MTU=1600

##nsxa generated section end; do NOT change or remove this line

DEVICE="ens256"

##nsxa BOOTPROTO="none"

NAME="ens256"

TYPE="Ethernet"

##nsxa ONBOOT="yes"

NM_CONTROLLED="no"

SHA-256 Thumbprint:

If the Transport Node Creation fails, it will ask the thumbprint as a mandatory input. Best is to delete the TN, recreate and copy the thumbprint it asks you to accept. This is only done the first time TN is added, later, this thumbprint will be a user input.