Configuring NSX-T Control cluster:

If you missed my previous posts, here they are:

• NSX-T 2.1 Complete video series:
  • http://virtualbrigade.com/2018/04/04/nsx-t-2-1/
• VMware NSX-T 2.1 Part 01: Introduction to NSX-T
  • http://virtualbrigade.com/2018/04/10/introduction-to-vmware-nsx-t-and-features/
• NSX-T 2.1: Part-02 NSX-T Architecture
  • http://virtualbrigade.com/2018/04/14/vmware-nsx-t-2-1-part-02-nsx-t-architecture/
• Deploying NSX-T Manager Virtual Machine on ESXi host
  • http://virtualbrigade.com/2018/06/07/deploying-nsx-t-manager/
• Deploying NSX-T Controllers on ESXi host
  • http://virtualbrigade.com/2018/06/14/deploying-nsx-t-controllers/

We have seen how to deploy the Control nodes from the OVF Templates. I have deployed the three controller nodes nsxctrl-01a, nsxctrl-02a, and nsxctrl-03a controller nodes.

Let’s go ahead and configure the NSX Control Cluster. I will initiate the cluster on nsxctrl-01a node and then add the nsxctrl-02a and nsxctrl-03a to the control cluster.

Here are the prerequisites to configure the NSX Control Cluster:

• You must have the admin account credentials to log in to the NSX Manager, NSX Controller Nodes
• Collect the NSX Manager thumbprint from NSX Manager with the “get certificate API thumbprint” command

Get the NSX Manager thumbprint:

nsxmgr-01a> get certificate api thumbprint

Register the First NSX Controller and activate Control Cluster:

Step 1: Join the nsxctrl-01a to the NSX Manager

join management-plane <NSX-Manager-IP> username <admin> password <admin-user-Password> thumbprint <NSX-Manager-Thumbprint>

Example:

nsxctrl-01a> join management-plane 192.168.110.201 username admin password VMware1! thumbprint ba3b758cca2ff78601d150e402a9b3143390f6eb857fea3f656a9b5aac5985

The above command will register the nsxctrl-01a with the NSX Manager.

To verify, run the following command on nsxctrl-01a:

nsxctrl-01a> get managers
-192.168.110.201 Connected

Step 2: Set the control cluster security model on nsxctrl-01a.

nsxctrl-01a> set control-cluster security-model shared-secret secret VMware1!

My shared secret is  “VMware1!” which I will set it on the remaining two controller nodes, nsxctrl-02a and nsxctrl-03a. The shared-secret key must be the same across all the NSX controller nodes to configure the Control Cluster.

Step 3: Initialize the Cluster on nsxctrl-01a

nsxctrl-01a> initialize control-cluster

This will initialize and activate the control cluster on the nsxctrl-01a, which will be the master controller node.

Register the Second NSX Controller and activate Control Cluster

Step 4: Join the nsxctrl-02a to the NSX Manager. On the nsxctrl-02a node, run the following command:

nsxctrl-02a> join management-plane 192.168.110.201 username admin password VMware1! thumbprint ba3b758cca2ff78601d150e402a9b3143390f6eb857fea3f656a9b5aac5985

Step 5: Set the control cluster security model on nsxctrl-02a.

nsxctrl-02a> set control-cluster security-model shared-secret secret VMware1!

Step 6: Get the control cluster certificate thumbprint from the nsxctrl-02a with the following command

nsxctrl-02a> get control-cluster certificate thumprint

Example:

nsxctrl-02a> get control-cluster certificate thumprint 
e33c817b587d2c1698c946aedab01a5c994e5e8e151b036889fd77be080d2768

Step 7: Add the nsxctrl-02a to the control cluster which is activated on nsxctrl-01a:

<nsxctrl-02a> join control-cluster <Second-controller-node-ip> thumbprint <cluster thumbprint from second nsx controller>

Example:

<nsxctrl-02a> join control-cluster 192.168.110.212 thumbprint e33c817b587d2c1698c946aedab01a5c994e5e8e151b036889fd77be080d2768 
Node 192.168.110.212 has successfully joined the control cluster. Please run 'activate control-cluster' on the new node.

Step 8: Run the activate control-cluster on nsxctrl-02a

nsxctrl-02a> activate control-cluster
Control cluster activatation successful.

Register the Third NSX Controller and activate Control Cluster:

Step 9: Join the nsxctrl-03a to the NSX Manager. On the nsxctrl-03a node, run the following command:

nsxctrl-03a> join management-plane 192.168.110.201 username admin password VMware1! thumbprint ba3b758cca2ff78601d150e402a9b3143390f6eb857fea3f656a9b5aac5985

Step 10: Set the control cluster security model on nsxctrl-03a.

nsxctrl-03a> set control-cluster security-model shared-secret secret VMware1!

Step 11: Get the control cluster certificate thumbprint from the nsxctrl-03a with the following command

nsxctrl-03a> get control-cluster certificate thumprint

Example:

nsxctrl-03a> get control-cluster certificate thumprint 
d2576a8909ef5df224d3b535f4633ae91f9154b681162aa9f5298837561658dd

Step 12: Add the nsxctrl-03a to the control cluster which is activated on nsxctrl-01a:

<nsxctrl-03a> join control-cluster <third-controller-node-ip> thumbprint <cluster thumbprint from third nsx controller>

Example:

<nsxctrl-03a> join control-cluster 192.168.110.213 thumbprint d2576a8909ef5df224d3b535f4633ae91f9154b681162aa9f5298837561658dd
Node 192.168.110.213 has successfully joined the control cluster. Please run 'activate control-cluster' on the new node.

Step 13: Run the activate control-cluster on nsxctrl-03a

nsxctrl-03a> activate control-cluster 

Control cluster activatation successful.

Run the following command on any of the controller nodes to check the control cluster status

get control-cluster status

This command will show the details of the NSX controller nodes configured in the control cluster, UUID, majority status, master node, IP Address of the controller nodes and status.

I hope this is informative for you and happy learning..