VxRail: After upgrading from 4.x to 7.0.x, the VxRail Manager holds old and stale SSL certificates

Zusammenfassung: After upgrading the cluster from VxRail version 4.x to 7.0.x, the VxRail Manager may fail to purge old and stale SSL certificates. These old certificate file names are the fingerprint of the certificate. ...

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Symptome

The VxRail plug-in may fail to load due to issues with the VxRail Manager no longer trusting vCenter. When performing a VxRail code upgrade, the VxRail upgrade composite bundles may fail to upload.

lcm-web.log

2023-05-19 19:31:15,594 ERROR [LCM] [tomcat-http--42] c.e.m.m.w.w.RestErrorHandler [RestErrorHandler.java:189] Get REST error:
 error code=1, http status code=500, message=The server has encountered an unexpected internal error. Please try again later.

The old certificate files have the fingerprint of the certificate as the name and can be found in the following directories:

/var/lib/vmware-marvin/trust
/var/lib/vmware-marvin/trust/crl

cmd showing file contents for directory /var/lib/vmware-marvin/

 

Ursache

The cause is currently unknown.

 

Lösung

NOTE: It is always recommended to have a snapshot of the VxRail Manager VM prior to modifying certificates. If the wrong files are deleted, the VxRail plug-in may no longer load within vCenter.

  1. Take a snapshot of the VxRail Manager VM.

  2. SSH to the VxRM as the mystic user, then switch users to root using the su command.

  3. Change directories to the /var/lib/vmware-marvin/trust directory.

    cd /var/lib/vmware-marvin/trust

  4. Identify the files using the ls command within the trust directory and determine if any of the old certificates exist.

    • The old certificate files contain the fingerprint of the certificate as the file name (example: 33:3B:CC:91:5C:C1:C7:43:DF:11:BD:FC:DB:D1:CF:76:A6:38:B5:ED) while the valid certificates are named similar to "6bb07dc7.0"
      cmd showing file contents for directory /var/lib/vmware-marvin/

  5. Delete the old certificate files stored in the trust directory using the rm -r <file_name> command.

    NOTE: When removing the files it is recommended to type the first two number or letters of the file name, then press the Tab key to autocomplete the file name since when using the command it needs a backslash before each colon symbol.

  6. Change directories to the /var/lib/vmware-marvin/trust/crl directory, then repeat the steps above to remove any old CRL files identified by the thumbprint naming convention.

  7. After the old certificate and CRL files have been removed, restart the vmware-marvin and runjars services on the VxRail Manager.

    systemctl restart vmware-marvin; systemctl restart runjars

 

Betroffene Produkte

VxRail
Artikeleigenschaften
Artikelnummer: 000214449
Artikeltyp: Solution
Zuletzt geändert: 09 Dez. 2024
Version:  2
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.