Dell EMC VxRail:如何在 ESXi 上手动导入 vCenter SSL 证书 (000536490)
知识库文章:000536490
Dell EMC VxRail:如何在 ESXi 上手动导入 vCenter SSL 证书 (000536490)
主要产品:VxRail 应用装置系列
产品:VxRail 一体机全系
| 版本:5 | 文章类型:操作方法 | 目标受众:级别 10 = 公用 | 上次发布时间:2020 年 3 月 16 日(星期一),16:16:57 GMT |
| 总结: | |
| 说明: | 问题:
在使用外部 vCenter 进行节点扩展或部署期间,您可能在主机向 vCenter 注册时失败,出现以下错误消息:
[MARVIN] 2019-08-13T01:24:33.999+0000 INFO [SimpleAsyncTaskExecutor-29] c.v.m.v.b.t.i.HostVCRegistrationConfigurationTasklet c.v.m.v.b.t.i.HostVCRegistratio
nConfigurationTasklet.updateHostObject:244 - Updating host with moref: host-4933
[MARVIN] 2019-08-13T01:24:34.007+0000 INFO [SimpleAsyncTaskExecutor-29] c.v.m.v.b.t.i.HostVCRegistrationConfigurationTasklet c.v.m.v.b.t.i.HostVCRegistratio
nConfigurationTasklet.run:137 - Successfully registered host ServerName.Company.com
[MARVIN] 2019-08-13T01:24:34.007+0000 INFO [SimpleAsyncTaskExecutor-29] c.v.m.v.b.t.i.HostVCRegistrationConfigurationTasklet c.v.m.v.b.t.i.HostVCRegistratio
nConfigurationTasklet.run:120 - Starting registration process of host MarvinId {id=DE4001924xxxxx, totalSupportedNodes=1, position=1}
[MARVIN] 2019-08-13T01:24:34.024+0000 INFO [SimpleAsyncTaskExecutor-29] c.v.m.v.b.t.i.HostVCRegistrationConfigurationTasklet c.v.m.v.b.t.i.HostVCRegistratio
nConfigurationTasklet.run:131 - Did not find ServerName.Company.com on VC; Registering...
[MARVIN] 2019-08-13T01:24:35.561+0000 ERROR [SimpleAsyncTaskExecutor-29] c.v.m.v.b.t.ConfigurationTasklet c.v.m.v.b.t.ConfigurationTasklet$1.onError:89 - Att
empt 1/1 failed
com.vmware.marvin.core.exception.ConfigurationException: Could not register: A general system error occurred: Unable to push CA certificates and CRLs to host
ServerName.Company.com
按照以下步骤解决 vCenter 与主机之间的这一信任问题:
1) 通过 ssh 连接到 VCSA,运行以下命令以检查 SSL 证书并记录它:
root@vcsa [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS
输出将如下所示:
Number of entries in store : 1
Alias : 61840acf55e38f18f78abd039ae5078fafbbf5d0
Entry type : Trusted Cert
Certificate : -----BEGIN CERTIFICATE-----
MIIEGTCCAwGgAwIBAgIJAM6Rjwr+jvTjMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD
VQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZ
FgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExGTAXBgNV
BAoMEHBzYy52c3BleDIubG9jYWwxGzAZBgNVBAsMElZNd2FyZSBFbmdpbmVlcmlu
ZzAeFw0xOTAyMTkwMDI5MDdaFw0yOTAyMTYwMDI5MDdaMIGXMQswCQYDVQQDDAJD
QTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2Nh
bDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExGTAXBgNVBAoMEHBz
Yy52c3BleDIubG9jYWwxGzAZBgNVBAsMElZNd2FyZSBFbmdpbmVlcmluZzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2tkUubbaMqXwLG66GfsG7w2sn8
5E+IvhzAIL1UCIidnbkHfTKwWJjF3Pgn8RSyE/xOhpawUzt/zCt6XKrUeCXp2L7X
Aw4x4IadKPdERM9t/9f5qVWvMRj/UE4OF+sEOUXcS+tRJiw0Q1gqva8XOaCwRgcP
8R16sCNMMFj+3nY9jXhs62Os59qbO0rocdllI1AQKVfrljbmu1WC0BkyW78HMUUF
SlelNUBrfvQ9CA36XaAm/VXdBQ04eK+6XwEcMJKoHX/1yR8eHQPdnHIL7aS6C07a
23PDF/IDuDU0lLxPTae8swbl5zjObocwwMrNxNLNinIMlLTBEP1HwN4EB2MCAwEA
AaNmMGQwHQYDVR0OBBYEFLcshOTQpKh8NccOddgdqp4yJtiCMB8GA1UdEQQYMBaB
DmVtYWlsQGFjbWUuY29thwR/AGABMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E
CDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQC6r8J0yuWidPKQkj/nsjI/dDh8
eXPFQ9gdsNBDfSVmbrHvsGCOXv/E+WqnzNsXa73wjpJSzHVGKcZTV01MVGmJr5gQ
0in5bVzm2f3hCE+POsOLbfhjWsCVMgOrldK1lN2Xr/oyx7OEJDV63nrJ/0Yw8YSZ
vfyAdjpbHx0+QWtu9kPrSgdImX21WnBalHdsK7j84KvGpcDsM8UiG9Cyrd4jYTke
7GP2du0MDAQ3WL9anUDL5OsyeqtvTUmnz38/3hrJNvM21ZZceJopelPi8FHGm9yA
Psnjin7UASM7wYd53sYs2k1WZ9tk/kwuUlcPCDhEHqUWuO7KOLnrKo6b4TB5
-----END CERTIFICATE-----
2) 通过 ssh 连接到与 vCenter 存在信任问题的 ESXi 节点。
3) 备份用于存储 SSL 证书的 castore.pem 文件:
cd /etc/vmware/ssl
cp castore.pem castore.pem.bk
4) 在 vi 中打开 castore.pem,并复制粘贴从步骤 1 获得的证书。
5) 重新 services.sh。 |
| |
| 主要产品: | VxRail 一体机系列 |
| |
| 产品: | VxRail 一体机系列 |
| |
#IWork4Dell
请您将合适的回复标记为“接受的回答”,并为喜欢的帖子“点赞”。这对我们非常重要!
