Monday, 16 January 2017

Register Nexus 1000v VSM with vCenter 6.5

We upgraded our vCenter to 6.5 a few weeks ago. As part of the upgrade, one of our Nexus 1000V switch VSMs lost contact with vCenter - running
show svs connection
from the 1000V CLI reported a connection state of 'Disconnected'. Cisco's documentation on resolving this suggests you try a manual disconnect/reconnect (on the VSM, go to
svs connection connection-name
then do 'no connect' followed by 'connect'), then if that doesn't work, unregister and re-register the extension. Unfortunately, their instructions for re-registering the extension depend on the legacy C# vSphere client, which won't connect to a server running vCenter 6.5. I therefore came up with the following process, using a slight runtime hack to the vCenter Managed Object Browser web UI...
  1. Go to https://<your-vcenter>/mob/?moid=ExtensionManager in Google Chrome.
  2. Look through the list of extensions in 'Properties' at the top (click the 'more' link to expand if necessary) to find the identity of your current Nexus 1000V extension - it should be called 'Cisco_Nexus_1000V_' followed by a number - and note it down.
  3. In the 'Methods' section, click the link to UnregisterExtension - a new window should pop up. Enter the full name of your extension into the extensionKey field, then click the Invoke link. It should return 'void', which means it worked. Close the popup then refresh the ExtensionManager page to check your Nexus 1000V extension is gone.
  4. Go to http://<VSM-IP>/ in a browser and click the link to download the cisco_nexus_1000v_extension.xml file.
  5. Open the XML file in a text editor. You'll need to refer to the listed 'key' (which should match the identity of the extension you unregistered earlier) and the 'certificate' at the bottom.
  6. Back on the ExtensionManager web page, click the link at the bottom to 'RegisterExtension'. In the popup window, replace the contents of the 'Value' box with the following, replacing the Key with the one from your XML file:
<extension>
  <description>
    <label></label>
    <summary></summary>
    </description>
    <key>Cisco_Nexus_1000V_somenumber</key>
    <version>1.0.0</version>
    <server>
      <url></url>
      <description>
        <label></label>
        <summary></summary>
      </description>
      <company>Cisco Systems Inc.</company>
      <type>DVS</type>
      <adminEmail></adminEmail>
    </server>
    <client>
      <version>1.0.0</version>
      <description>
        <label></label>
        <summary></summary>
      </description>
      <company>Cisco Systems, Inc.</company>
      <type>DVS</type>
    <url></url>
    </client>
    <lastHeartbeatTime>1970-01-01T00:00:00Z</lastHeartbeatTime>
</extension>
  1. Click the 'Invoke' link - again, you're looking for a return of 'void'. If you don't get this, double-check what you pasted into the box and try again. Close the popup when you're done.
  2. We now need to tell vCenter the thumbprint of the certificate that the Nexus 1000V extension will be using to authenticate. To do this, back in the ExtensionManager window, click the link to the 'SetExtensionCertificate' method.
  3. This is the part where we need to be slightly clever. The default form has a one-line input field for certificatePem, but we need to change this into a multiline field or else the certificate data won't be accepted. To do this, hit F12 to open Chrome's Developer Tools. On the Elements tab, drill down through html > body > form > table > tbody and expand the third tr, then the last td - you should see
    <input name="certificatePem value type="text">
    Double-click the word 'input' and you'll be able to edit it - change it to 'textarea', then click off the editor. You should see something that looks like this:
  4. Now, you just need to enter your extension name (Cisco_Nexus_1000V_somenumber) into the extensionKey field, and paste the multi-line certificate data from your extension XML file (including the BEGIN CERTIFICATE and END CERTIFICATE lines) into the certificatePem field, then click the Invoke link. Again, you're expecting to get 'void' back from this.

Assuming this all worked correctly, you should now be able to repeat the 'no connect' / 'connect' cycle on the VSM and it'll reconnect.

7 comments:

  1. I've just tested and confirmed this also works for deploying a brand-new Nexus 1000v VSM pair against vCenter 6.5.

    ReplyDelete
  2. Hi Sean
    It's working
    I just moved from one vCenter 5.5 to a new 6.5 server and could import this way the Nexus 1000v.
    thanks a lot for your detailed description.
    M@P

    ReplyDelete
  3. Nicely done! Thanks. This saved me a lot of time and now I have my N1KV attached to my 6.5 vCenter in my test lab!

    ReplyDelete
  4. Need your help, after change the certificatePem field to textarea and input PEM then click "Invoke Method", the source code reverted back to 'input' field automatically, how to save the change from 'input' to 'textarea', so when I click 'Invoke', the certificatePem field stay as textarea? and the 'multiple line' PEM string is actually a single line string, why we need multiple line text here? (yes I did test copy/paste the long string directly to single line field, but it did not work)

    ReplyDelete
  5. In Sources found input name="certificatePem" value="" type="text" in "Invoke Method" function which will overwrite the previous change of 'textarea' in Elements, but not able to edit source in Chrome or Firefox developer tools, no idea how to fix it and why you guys did not encounter same issue?

    ReplyDelete
  6. Turned out the certificate file I copied has issue, all line feed became a space during extension xml file download, and the multiple line certificate became a single line long string, after I formatted it into desired (replace space with line feed), Sean's method worked immediately

    ReplyDelete
  7. 2021 and still valid. Great post! saved me a lot of time. I struggled a little bit adding the Certificate string. But, it was because I didn't know the correct form for PEM certificates. After that everything worked perfect.

    ReplyDelete