OCI Integration for NSX Application Platform
search cancel

OCI Integration for NSX Application Platform

book

Article ID: 368998

calendar_today

Updated On:

Products

VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

Deployment issues may arise if the Helm registry and Docker registry values do not match the expected OCI values. Mismatched configurations can lead to errors during the NSX Application Platform deployment.The OCI (Oracle Cloud Infrastructure) is now the only supported access method for the public VMware repositories.

Environment

Environments before NSX-T Data Center 3.2.3.1

Cause

Starting with NSX-T Data Center 3.2.3.1,

the Helm Repository text box, by default, has the value oci://projects.registry.vmware.com/nsx_application_platform/helmcharts. This is the public VMware-hosted Helm repository from which the system obtains the packaged NSX Application Platform Helm chart.

The Docker Registry path has the projects.registry.vmware.com/ nsx_application_platform/clustering value. This is the public VMware-hosted registry location from which the system obtains the NSX Application Platform docker images.

Resolution

To address OCI integration issues in NSX Application Platform, follow the below steps :

On each NSX Manager in your cluster create a destination folder:
/tmp/oci-patch

Download and transfer the following 3 debian packages to the folder "/tmp/oci-patch" attached in this KB :


unified-appliance-oci-patch_3.2.x.nn15.deb
kubectl_1.21.9-00_amd64.deb
helm_3.8.0-1_amd64.deb

Login to the manager via SSH using the root account (or admin and elevate privileges)

Install all 3 packages by running the following commands:


cd /tmp/oci-patch
dpkg -i unified-appliance-oci-patch_3.2.x.nn15.deb
dpkg -i kubectl_1.21.9-00_amd64.deb
dpkg -i helm_3.8.0-1_amd64.deb

 


Once the packages are installed the impacted NSX services are automatically restarted and OCI support will be available. The default URLs for NAPP should also be changed to use OCI

For post-install verification after installing the packages, run:


ls /image/add_oci_support_patch_old_files_backup/

Confirm that the directory is not empty. Files returned will be different based on NSX version being patched so we are only validating that the directory is created and contains a backup of files for rollback if needed.

 

 

In case of failure during patch installation → 

1. Restore the files from the backup location "/image/add_oci_support_patch_old_files_backup/" to the respective locations:
  (a) *.jar → /opt/vmware/proton-tomcat/webapps/nsxapi/WEB-INF/lib/
  (b) helm → /usr/sbin/helm
  (c) kubectl → /usr/bin/kubectl
2. Restart proton on all NSX Manager nodes

 

Additional Information

If using private repositories, work with the infrastructure administrator to upload NSX Application Platform Helm charts and Docker images to the private locations. Ensure accessibility from the Kubernetes cluster and NSX Manager appliance.

For detailed steps, refer to : 

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/nsx-application-platform/GUID-FAC9DBE3-A8EE-4891-A723-942D0AB679F6.html#GUID-FAC9DBE3-A8EE-4891-A723-942D0AB679F6

Attachments

unified-appliance-oci-patch_3.2.x.nn15 (1).deb get_app
helm_3.8.0-1_amd64 (1).deb get_app
kubectl_1.21.9-00_amd64 (1).deb get_app
Powered by Wolken Software