Dell VxRail：VxRailプラグインに「指定されたvCenter認証情報が無効です」というエラーが表示される

VxRail 7.0.xまたは8.0.xプラグインが機能しません。次のエラーが表示されます。

The provided vCenter credentials are not valid

vCenter管理アカウントのユーザー名とパスワードが正しいこと、有効なことを確認します。

• シナリオ1：マイクロサービス、特にdo-clusterに名前解決の問題があります。

/var/log/microservice_log/short.term.log が Temporary failure in name resolution または No address associated with hostnameとなります。

"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737166669Z stderr F 2022-06-23 13:54:04,736 [ERROR] <Dummy-152:139828974536264> executor.py resolve_or_error() (456): An error occurred while resolving field ClusterDomainOwnerQuery.cluster"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737174033Z stderr F Traceback (most recent call last):"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737177269Z stderr F File ""/home/app/api/graphql_query/resolver/ClusterResolver.py"", line 21, in get_cluster"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737179684Z stderr F si = soap_client.get_service_instance()"
...
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737280516Z stderr F File ""/usr/local/venv/lib64/python3.6/site-packages/do_common/socks_proxy.py"", line 40, in create_connection"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737283191Z stderr F sock_addr_info = get_sorted_sock_addr_info(host, port)"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737285535Z stderr F File ""/usr/local/venv/lib64/python3.6/site-packages/do_common/socks_proxy.py"", line 21, in get_sorted_sock_addr_info"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737287589Z stderr F sock_addrs = socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM)"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737289854Z stderr F File ""/usr/local/venv/lib64/python3.6/site-packages/gevent/_socketcommon.py"", line 230, in getaddrinfo"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737291978Z stderr F addrlist = get_hub().resolver.getaddrinfo(host, port, family, type, proto, flags)"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737294412Z stderr F File ""/usr/local/venv/lib64/python3.6/site-packages/gevent/resolver/thread.py"", line 63, in getaddrinfo"
...
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737321073Z stderr F socket.gaierror: [Errno -3] Temporary failure in name resolution"

• シナリオ2：vCenterの信頼できるルートCA証明書から無効なCRLファイルがダウンロードされました。

2022-05-24T14:04:31.381+0000 INFO  [main] com.vce.commons.core.ssl.MarvinTrustManager MarvinTrustManager.reloadAllowedAuthorities:148 - PostConstruct:reloadAllowedAuthorities
2022-05-24T14:04:31.385+0000 INFO  [main] com.vce.commons.core.ssl.MarvinTrustManager MarvinTrustManager.reloadAllowedAuthorities:166 - Allowing authority permanently for cert /var/lib/vmware-marvin/trust/lin/42727c5a.0
2022-05-24T14:04:31.386+0000 INFO  [main] com.vce.commons.core.ssl.MarvinTrustManager MarvinTrustManager.reloadCrl:186 - reloadCrl
2022-05-24T14:04:31.398+0000 ERROR [main] org.springframework.web.context.ContextLoader ContextLoader.initWebApplicationContext:313 - Context initialization failed
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'backupEVCSettingAction': Unsatisfied dependency expressed through field 'vcConnectionService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean
with name 'VCConnectionServiceImpl': Unsatisfied dependency expressed through field 'connectionService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'connectionHelper': Unsatisfied dependency expressed through field 'connectionFactory'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'vcConnectionService':
 Unsatisfied dependency expressed through field 'marvinTrustManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'marvinTrustManager': Invocation of init method failed; nested exception is java.security.cert.CRLException: Empty input

vxm:/home/mystic # ls -l /var/lib/vmware-marvin/trust/lin/
total 8
-rw-r--r-- 1 tcserver pivotal 1489 May 17 10:47 42727c5a.0
-rw-r--r-- 1 tcserver pivotal  0 May 17 10:47 42727c5a.r0

• シナリオ3：エラー certificate verify failed

/var/log/microservice_log/short.term.log

2022-03-21-08:06:25 microservice.do-cluster "ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)"
2022-03-21-08:06:25 microservice.do-cluster ""
2022-03-21-08:06:25 microservice.do-cluster "During handling of the above exception, another exception occurred:"
2022-03-21-08:06:25 microservice.do-cluster ""
2022-03-21-08:06:25 microservice.do-cluster "Traceback (most recent call last):"
2022-03-21-08:06:25 microservice.do-cluster " File ""/usr/local/venv/lib64/python3.6/site-packages/graphql/execution/executor.py"", line 452, in resolve_or_error"
2022-03-21-08:06:25 microservice.do-cluster " return executor.execute(resolve_fn, source, info, **args)"
2022-03-21-08:06:25 microservice.do-cluster " File ""/usr/local/venv/lib64/python3.6/site-packages/graphql/execution/executors/sync.py"", line 16, in execute"
2022-03-21-08:06:25 microservice.do-cluster " return fn(*args, **kwargs)"
2022-03-21-08:06:25 microservice.do-cluster " File ""/home/app/api/graphql_query/cluster_do_query.py"", line 59, in resolve_cluster"
2022-03-21-08:06:25 microservice.do-cluster " cluster = ClusterResolver.get_cluster(vc_conn_info_input, cluster_argument)"
2022-03-21-08:06:25 microservice.do-cluster " File ""/home/app/api/graphql_query/resolver/ClusterResolver.py"", line 23, in get_cluster"
2022-03-21-08:06:25 microservice.do-cluster " raise GraphQLError('Failed to connect to vCenter {}'.format(vc_conn_info_input.get('host')))"
2022-03-21-08:06:25 microservice.do-cluster "graphql.error.base.GraphQLError: Failed to connect to vCenter None"

• シナリオ4: vCenterのSSL証明書が完全に認定されていない。

/var/log/microservice_log/short.term.log

2022-04-20-06:00:16 microservice.do-cluster " File ""/usr/lib64/python3.6/ssl.py"", line 694, in do_handshake"
2022-04-20-06:00:16 microservice.do-cluster " match_hostname(self.getpeercert(), self.server_hostname)"
2022-04-20-06:00:16 microservice.do-cluster " File ""/usr/lib64/python3.6/ssl.py"", line 331, in match_hostname"
2022-04-20-06:00:16 microservice.do-cluster " % (hostname, dnsnames[0]))"
2022-04-20-06:00:16 microservice.do-cluster "ssl.CertificateError: hostname 'VC_FQDN' does not match 'VC_IP'"

vCenter's cert does not contain FQDN in Subject Alternative Name, it may contain IP address only:
echo | openssl s_client -connect <vc_fqdn>:443 2>/dev/null |openssl x509 -noout -text

X509v3 Subject Alternative Name: 
                IP Address:xx.xx.xx.xx

Example in lab:
X509v3 Subject Alternative Name:
                DNS:xxxxxxx, IP Address:xx.xx.xx.xx

• シナリオ5：マイクロサービスがエラーでvCenterに接続できない No route to hostとなります。

コマンド firewall-cmd --reload が最近VxRail Managerで実行されました。
/var/log/microservice_log/short.term.log

"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540928759Z stderr F   File ""/usr/local/venv/lib64/python3.6/site-packages/pyVmomi/SoapAdapter.py"", line 1039, in connect"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540932851Z stderr F     http_client.HTTPSConnection.connect(self)"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540936399Z stderr F   File ""/usr/lib64/python3.6/http/client.py"", line 1444, in connect"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540939008Z stderr F     super().connect()"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.54094136Z stderr F   File ""/usr/lib64/python3.6/http/client.py"", line 956, in connect"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540943688Z stderr F     (self.host,self.port), self.timeout, self.source_address)"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540946025Z stderr F   File ""/usr/local/venv/lib64/python3.6/site-packages/do_common/socks_proxy.py"", line 71, in create_connection"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540948554Z stderr F     raise err"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540950893Z stderr F   File ""/usr/local/venv/lib64/python3.6/site-packages/do_common/socks_proxy.py"", line 61, in create_connection"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540955153Z stderr F     sock.connect((sa[0], sa[1]))"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540958727Z stderr F   File ""/usr/local/venv/lib64/python3.6/site-packages/socks.py"", line 47, in wrapper"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.54096135Z stderr F     return function(*args, **kwargs)"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540963723Z stderr F   File ""/usr/local/venv/lib64/python3.6/site-packages/socks.py"", line 780, in connect"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.54096604Z stderr F     super(socksocket, self).connect((dest_addr, dest_port))"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540968413Z stderr F OSError: [Errno 113] No route to host"

シナリオ1：マイクロサービスに名前解決の問題があります。

1. VxRail Managerの再起動 dnsmasq serviceが使用するJava Runtime Environmentへのパスを定義します。

service dnsmasq stop
service dnsmasq start

2. 再起動する場合 nsmasq service 問題が解決しない場合は、VxRail Manager DNSサーバーが外部パブリックDNS(8.8.8.8など)で構成されているかどうかを確認します。
3. それでも名前解決が失敗する場合は、 Dellサポート に連絡し、この記事番号をDNSチェック ツールを実行するための000214621見積もりを提示してください。

シナリオ2：vCenterの信頼できるルートCA証明書からダウンロードされた無効なCRLファイル

記事「 VxRail: 空または破損したCRLファイルが原因でvCenterルート証明書をインポートできない 空または破損したCRLファイルをvCenterから削除し、vCenterの信頼できるルート証明書をVxRail Managerに再インポートするには、次の手順に従います。

シナリオ3：エラー certificate verify failed

証明書の問題を解決するには、 Dellサポート にお問い合わせの上、この記事番号000157888をお伝えください。

シナリオ4:vCenterのSSL証明書が完全に認定されていない。

vCenter ServerマシンのSSL証明書を再生成します > SubjectAltName 次を含める必要があります DNS Name=machine_FQDNとなります。

シナリオ5：マイクロサービスがエラーでvCenterに接続できない No route to hostとなります。

再起動 rke2 次の2つのコマンドを実行して、サーバを構築します。

bash /usr/local/bin/rke2-killall.sh
systemctl start rke2-server

または

VxRail Managerを再起動します。