Dell VxRail：VxRail 插件程序显示错误“提供的 vCenter 凭据无效”

VxRail 7.0.x 或 8.0.x 插件不起作用。它显示错误：

The provided vCenter credentials are not valid

检查 vCenter 管理帐户用户名和密码，以确认它们正确有效。

• 情况 1：微服务（特别是 do-cluster）中存在名称解析问题。

/var/log/microservice_log/short.term.log 显示 Temporary failure in name resolution 或 No address associated with hostname。

"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737166669Z stderr F 2022-06-23 13:54:04,736 [ERROR] <Dummy-152:139828974536264> executor.py resolve_or_error() (456): An error occurred while resolving field ClusterDomainOwnerQuery.cluster"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737174033Z stderr F Traceback (most recent call last):"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737177269Z stderr F File ""/home/app/api/graphql_query/resolver/ClusterResolver.py"", line 21, in get_cluster"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737179684Z stderr F si = soap_client.get_service_instance()"
...
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737280516Z stderr F File ""/usr/local/venv/lib64/python3.6/site-packages/do_common/socks_proxy.py"", line 40, in create_connection"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737283191Z stderr F sock_addr_info = get_sorted_sock_addr_info(host, port)"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737285535Z stderr F File ""/usr/local/venv/lib64/python3.6/site-packages/do_common/socks_proxy.py"", line 21, in get_sorted_sock_addr_info"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737287589Z stderr F sock_addrs = socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM)"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737289854Z stderr F File ""/usr/local/venv/lib64/python3.6/site-packages/gevent/_socketcommon.py"", line 230, in getaddrinfo"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737291978Z stderr F addrlist = get_hub().resolver.getaddrinfo(host, port, family, type, proto, flags)"
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737294412Z stderr F File ""/usr/local/venv/lib64/python3.6/site-packages/gevent/resolver/thread.py"", line 63, in getaddrinfo"
...
"2022-06-23 13:54:05,524" microservice.do-cluster "2022-06-23T13:54:04.737321073Z stderr F socket.gaierror: [Errno -3] Temporary failure in name resolution"

• 情况 2：从 vCenter 受信任的根 CA 证书下载了无效的 CRL 文件。

2022-05-24T14:04:31.381+0000 INFO  [main] com.vce.commons.core.ssl.MarvinTrustManager MarvinTrustManager.reloadAllowedAuthorities:148 - PostConstruct:reloadAllowedAuthorities
2022-05-24T14:04:31.385+0000 INFO  [main] com.vce.commons.core.ssl.MarvinTrustManager MarvinTrustManager.reloadAllowedAuthorities:166 - Allowing authority permanently for cert /var/lib/vmware-marvin/trust/lin/42727c5a.0
2022-05-24T14:04:31.386+0000 INFO  [main] com.vce.commons.core.ssl.MarvinTrustManager MarvinTrustManager.reloadCrl:186 - reloadCrl
2022-05-24T14:04:31.398+0000 ERROR [main] org.springframework.web.context.ContextLoader ContextLoader.initWebApplicationContext:313 - Context initialization failed
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'backupEVCSettingAction': Unsatisfied dependency expressed through field 'vcConnectionService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean
with name 'VCConnectionServiceImpl': Unsatisfied dependency expressed through field 'connectionService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'connectionHelper': Unsatisfied dependency expressed through field 'connectionFactory'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'vcConnectionService':
 Unsatisfied dependency expressed through field 'marvinTrustManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'marvinTrustManager': Invocation of init method failed; nested exception is java.security.cert.CRLException: Empty input

vxm:/home/mystic # ls -l /var/lib/vmware-marvin/trust/lin/
total 8
-rw-r--r-- 1 tcserver pivotal 1489 May 17 10:47 42727c5a.0
-rw-r--r-- 1 tcserver pivotal  0 May 17 10:47 42727c5a.r0

• 情况 3：Error（错误） certificate verify failed

/var/log/microservice_log/short.term.log

2022-03-21-08:06:25 microservice.do-cluster "ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)"
2022-03-21-08:06:25 microservice.do-cluster ""
2022-03-21-08:06:25 microservice.do-cluster "During handling of the above exception, another exception occurred:"
2022-03-21-08:06:25 microservice.do-cluster ""
2022-03-21-08:06:25 microservice.do-cluster "Traceback (most recent call last):"
2022-03-21-08:06:25 microservice.do-cluster " File ""/usr/local/venv/lib64/python3.6/site-packages/graphql/execution/executor.py"", line 452, in resolve_or_error"
2022-03-21-08:06:25 microservice.do-cluster " return executor.execute(resolve_fn, source, info, **args)"
2022-03-21-08:06:25 microservice.do-cluster " File ""/usr/local/venv/lib64/python3.6/site-packages/graphql/execution/executors/sync.py"", line 16, in execute"
2022-03-21-08:06:25 microservice.do-cluster " return fn(*args, **kwargs)"
2022-03-21-08:06:25 microservice.do-cluster " File ""/home/app/api/graphql_query/cluster_do_query.py"", line 59, in resolve_cluster"
2022-03-21-08:06:25 microservice.do-cluster " cluster = ClusterResolver.get_cluster(vc_conn_info_input, cluster_argument)"
2022-03-21-08:06:25 microservice.do-cluster " File ""/home/app/api/graphql_query/resolver/ClusterResolver.py"", line 23, in get_cluster"
2022-03-21-08:06:25 microservice.do-cluster " raise GraphQLError('Failed to connect to vCenter {}'.format(vc_conn_info_input.get('host')))"
2022-03-21-08:06:25 microservice.do-cluster "graphql.error.base.GraphQLError: Failed to connect to vCenter None"

• 情景 4： vCenter 的 SSL 证书未完全限定。

/var/log/microservice_log/short.term.log

2022-04-20-06:00:16 microservice.do-cluster " File ""/usr/lib64/python3.6/ssl.py"", line 694, in do_handshake"
2022-04-20-06:00:16 microservice.do-cluster " match_hostname(self.getpeercert(), self.server_hostname)"
2022-04-20-06:00:16 microservice.do-cluster " File ""/usr/lib64/python3.6/ssl.py"", line 331, in match_hostname"
2022-04-20-06:00:16 microservice.do-cluster " % (hostname, dnsnames[0]))"
2022-04-20-06:00:16 microservice.do-cluster "ssl.CertificateError: hostname 'VC_FQDN' does not match 'VC_IP'"

vCenter's cert does not contain FQDN in Subject Alternative Name, it may contain IP address only:
echo | openssl s_client -connect <vc_fqdn>:443 2>/dev/null |openssl x509 -noout -text

X509v3 Subject Alternative Name: 
                IP Address:xx.xx.xx.xx

Example in lab:
X509v3 Subject Alternative Name:
                DNS:xxxxxxx, IP Address:xx.xx.xx.xx

• 情况 5：微服务无法连接到 vCenter，并显示错误 No route to host。

命令 firewall-cmd --reload 最近在 VxRail Manager 中运行。
/var/log/microservice_log/short.term.log

"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540928759Z stderr F   File ""/usr/local/venv/lib64/python3.6/site-packages/pyVmomi/SoapAdapter.py"", line 1039, in connect"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540932851Z stderr F     http_client.HTTPSConnection.connect(self)"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540936399Z stderr F   File ""/usr/lib64/python3.6/http/client.py"", line 1444, in connect"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540939008Z stderr F     super().connect()"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.54094136Z stderr F   File ""/usr/lib64/python3.6/http/client.py"", line 956, in connect"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540943688Z stderr F     (self.host,self.port), self.timeout, self.source_address)"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540946025Z stderr F   File ""/usr/local/venv/lib64/python3.6/site-packages/do_common/socks_proxy.py"", line 71, in create_connection"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540948554Z stderr F     raise err"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540950893Z stderr F   File ""/usr/local/venv/lib64/python3.6/site-packages/do_common/socks_proxy.py"", line 61, in create_connection"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540955153Z stderr F     sock.connect((sa[0], sa[1]))"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540958727Z stderr F   File ""/usr/local/venv/lib64/python3.6/site-packages/socks.py"", line 47, in wrapper"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.54096135Z stderr F     return function(*args, **kwargs)"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540963723Z stderr F   File ""/usr/local/venv/lib64/python3.6/site-packages/socks.py"", line 780, in connect"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.54096604Z stderr F     super(socksocket, self).connect((dest_addr, dest_port))"
"2024-01-20 04:18:35,083" microservice.do-cluster "2024-01-20T04:18:34.540968413Z stderr F OSError: [Errno 113] No route to host"

情况 1：微服务中存在名称解析问题。

1. 重新启动 VxRail Manager 的 dnsmasq service：

service dnsmasq stop
service dnsmasq start

2. 如果重新启动 nsmasq service 不起作用，请检查 VxRail Manager DNS 服务器是否配置了外部公共 DNS，例如 8.8.8.8。
3. 如果仍然无法解析名称，请联系 戴尔支持 并引用本文编号000214621以运行 DNS 检查工具。

情况 2：从 vCenter 信任的根 CA 证书下载的 CRL 文件无效

遵循文章 VxRail：由于 CRL 文件为空或损坏，无法导入 vCenter 根证书，请从 vCenter 中删除空的或损坏的 CRL 文件，并将 vCenter 受信任的根证书重新导入 VxRail Manager。

情况 3：Error（错误） certificate verify failed

请联系 戴尔支持 ，并引用本文编号000157888以解决证书问题。

情景 4：vCenter 的 SSL 证书未完全限定。

重新生成 vCenter Server 计算机 SSL 证书 > SubjectAltName 必须包含 DNS Name=machine_FQDN。

情况 5：微服务无法连接到 vCenter，并显示错误 No route to host。

重新启动 rke2 服务器，请运行以下两个命令：

bash /usr/local/bin/rke2-killall.sh
systemctl start rke2-server

或

重新启动 VxRail Manager。