VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Recover the Management Domain NSX Manager Cluster

Perform the following tasks to recover the NSX Manager Cluster for the management domain.

Deactivate the NSX Manager Cluster

If you are using a version of NSX that is earlier than NSX 4.x, after you restore the first node of the NSX Manager cluster, you must deactivate the cluster.
  1. In a Web browser, log in to the management domain vCenter Server
    https://<vcenter_server_fqdn>/ui
     by using the vSphere Client.
  2. Click the VM of the operational NSX Manager node in the cluster, click
    Launch Web Console
    , and log in by using
    administrator
     credentials.
  3. Run the command to deactivate the cluster.
     
    deactivate cluster
  4. In the
    Are you sure you want to remove all other nodes from this cluster? (yes/no)
     prompt, enter
    yes
    .

Redeploy a Failed NSX Manager Node

You deploy a new NSX Manager instance by using the configuration of the failed node.

UI Procedure

  1. In a Web browser, log in to the management domain vCenter Server by using the vSphere Client.
  2. In the
    Hosts and clusters
     inventory, sight-click the management cluster and select
    Deploy OVF Template
    .
  3. On the
    Select an OVF template
     page, select
    Local file
    , click
    Upload files
    , navigate to the location of the NSX Manager OVA file, click
    Open
    , and click
    Next
    .
  4. On the
    Select a name and folder
     page, enter the VM name and click
    Next
    .
  5. On the
    Select a compute resource
     page, select the cluster and click
    Next
    .
  6. On the
    Review details
     page, click
    Next
    .
  7. For the management domain, select
    Medium
    , and for VI workload domains, select
    Large
     unless you changed these defaults during deployment.
  8. On the
    Select storage
     page, select the management vSAN datastore, and click
    Next
    .
  9. On the
    Select networks
     page, from the
    Destination network
     drop-down menu, select management distributed port group, and click
    Next
    .
  10. On the
    Customize template
     page, enter these values and click
    Next
    .
    Setting
    Value
    System root user password
    <failed_nsx_cluster_node_root_password>
    CLI admin user password
    <failed_nsx_cluster_node_admin_password>
    CLI audit user password
    <failed_nsx_cluster_node_audit_password>
    Hostname
    <failed_nsx_cluster_node_fqdn>
    Default IPv4 gateway
    <failed_nsx_cluster_node_gw>
    Management network IPv4 address
    <failed_nsx_cluster_node_ip>
    Management network netmask
    <failed_nsx_cluster_node_mask>
    DNS server list
    <dns_server_list>
    NTP server list
    <ntp_server_list>
    Enable SSH
    Selected
    Allow root SSH logins
    Deselected
  11. On the
    Ready to complete
     page, review the deployment details and click
    Finish
    .
  12. Repeat for the remaining failed node.

PowerShell Procedure

  1. Start PowerShell.
  2. Replace the values in the sample code with your values and run the commands in the PowerShell console.
    The values in this example are for the management domain. Replace with the values for the specific workload domain you are recovering.
    $tempvCenterFqdn = "sfo-m01-vc02.sfo.rainpole.io"
$tempvCenterAdmin = "administrator@vsphere.local"
$tempvCenterAdminPassword = "VMw@re1!"     
$extractedSDDCDataFile = ".\extracted-sddc-data.json"
$workloadDomain = "sfo-m01"
$restoredNsxManagerDeploymentSize = "medium"
$nsxManagerOvaFile = "F:\OVA\nsx-unified-appliance-3.2.2.1.0.21487565.ova"
  3. Perform the operation by running the command in the PowerShell console.
    New-NSXManagerOvaDeployment -vCenterFqdn $tempvCenterFqdn -vCenterAdmin $tempvCenterAdmin -vCenterAdminPassword $tempvCenterAdminPassword -extractedSDDCDataFile $extractedSDDCDataFile -workloadDomain $workloadDomain -restoredNsxManagerDeploymentSize $restoredNsxManagerDeploymentSize -nsxManagerOvaFile $nsxManagerOvaFile
  4. Repeat for the remaining failed node.

Join NSX Manager Nodes to the NSX Manager Cluster

You retrieve the ID and API thumbprint of the NSX Manager cluster, and use it join the newly-deployed NSX Manager instance to the cluster.

UI Procedure

  1. In a Web browser, log in to the management domain vCenter Server by using the vSphere Client.
  2. In the
    VMs and templates
     inventory, click the VM of an operational NSX Manager node in the cluster, click
    Launch web console
    , and log in by using
    administrator
     credentials.
  3. Retrieve the ID of the NSX Manager cluster.
    1. Run the command to view the cluster ID.
      get cluster config | find Id:
    2. Write down the cluster ID.
  4. Retrieve the API thumbprint of the NSX Manager API certificate.
    1. Run the command to view the certificate API thumbprint.
      get certificate api thumbprint
    2. Write down the certificate API thumbprint.
  5. Close the VM Web console.
  6. In the vSphere Client, click the VM of the newly deployed NSX Manager node, click
    Launch Web console
    , and log in by using
    administrator
     credentials.
  7. Run the command to join the new NSX Manager node to the cluster.
    join 
    new_node_ip
     cluster-id 
    cluster_id
     thumbprint 
    api_thumbprint
     username admin
  8. Repeat for the remaining failed node.

PowerShell Procedure

  1. Start Windows PowerShell.
  2. Replace the values in the sample code with your values and run the commands in the PowerShell console (note the values in this example are for a Management Domain but should be replaced with the values for the specific workload domain you are recovering)
    $workloadDomain = "sfo-m01"
$extractedSDDCDataFile = ".\extracted-sddc-data.json"
  3. Perform the operation by running the command in the PowerShell console.
    Add-AdditionalNSXManagers -workloadDomain $workloadDomain -extractedSDDCDataFile $extractedSDDCDataFile

Restore the SSL Certificate of NSX Manager Node

If the version of NSX in your environment is earlier than NSX 4, then after you add the new NSX Manager node to the cluster and validated the cluster status, you must restore the CA-signed SSL certificate of the node.
To view the certificate of the failed NSX Manager cluster node, you log in to the NSX Manager for the domain.
  1. In a Web browser, log in to NSX Manager for the management domain by using the user interface.
  2. On the main navigation bar, click
    System
    .
  3. In the left pane, under
    Settings
    , click
    Certificates
    .
  4. Locate and copy the ID of the certificate that is issued by CA to the node that you are restoring.
  5. Run the command to install the CA-signed certificate on the new NSX Manager node.
     
    curl -H 'Accept: application/json' -H 'Content-Type: application/json'\ --insecure -u 'admin:
    NSX_admin_password
    ' -X POST\ 'https://
    NSX_host_node
    /api/v1/node/services\/http action=apply_certificate&certificate_id=<certificate_id>
  6. Repeat for the remaining restored node.
If assigning the certificate fails because the certificate revocation list (CRL) verification fails, see VMware Knowledge Base article 78794. If you disable the CRL checking to assign the certificate, after assigning the certificate, you must re-enable the CRL checking.

Restart an NSX Manager Node

If the version of NSX in your environment is earlier than NSX 4, then after assigning the certificate, you must restart the new NSX Manager node.
  1. In a Web browser, log in to the management domain vCenter Server by using the vSphere Client.
  2. In the
    Hosts and clusters
     inventory, right-click each restored NSX Manager VM that you updated the certificate on and select
    Guest OS
    Restart
    .

Content feedback and comments