"Cloud zone insights not available yet, please check after some time" message on Aria Automation
search cancel

"Cloud zone insights not available yet, please check after some time" message on Aria Automation

book

Article ID: 314894

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:

  • The certificate for Aria operations has been replaced since it was initially added to Aria Automation as an integration.
  • When accessing the Insights pane under Cloud Assembly -> Infrastructure -> Cloud Zone -> Insights the following message is displayed:

 "Cloud zone insights not available yet, please check after some time."

  • The /var/log/services-logs/prelude/hcmp-service-app/file-logs/hcmp-service-app.log file contains ssl errors similar to:  
    2022-08-25T20:06:43.989Z ERROR hcmp-service [host='hcmp-service-app-xxxxxxx-xxxx' thread='Thread-56' user='' org='<org_id>' trace='<trace_id>' parent='<parent_id>' span='<span_id>'] c.v.a.h.a.common.AlertEnumerationHelper.lambda$synchronizeWithDatabase$12:128 - [<IntegrationName>]: [<UUID>]: Error during enumerating alerts
    	javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    		at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
    		at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:353) ~[na:na]
            at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
    	Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    		at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:na]
    		at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)  

     

  • The /var/log/services-logs/prelude/hcmp-service-app/file-logs/hcmp-service-app.log file contains errors similar to:   
    2024-12-04T06:50:48.703Z ERROR hcmp-service [host='hcmp-service-app-7xxxxxx-xxxxx' thread='Thread-1284' user='configadmin' org='<org-id>' trace='<trace_id>' parent='<parent_id>' span='<span_id>] c.v.a.h.p.v.r.ResourcesDomainImpl.lambda$getVropsResourceIdentifier$45:534 - [ID]: Unable to fetch resource's identifier from Aria Operations endpoint
    com.vmware.automation.hcmp.exception.ResourceNotFoundException: CloudZone with ID: <Cloud-Zone-ID> not found.
    at com.vmware.automation.hcmp.provider.vrops.resources.ResourcesDomainImpl.lambda$getVropsResourceIdentifier$43(ResourcesDomainImpl.java:529) ~[hcmp.jar:8.3.0-SNAPSHOT]

Environment

VMware Aria Automation 8.x

VMware vRealize Automation 8.x

Cause

  • The trust between Aria Automation and Aria operations is broken post replacing certificate of Aria operations.
  • The account used for the Aria Automation and Aria Operations integration lacks the necessary privileges.

Resolution

Scenario 1 : When the trust between Aria Automation and Aria operations is broken post replacing certificate of Aria operations.

The issue is pending resolution.

Workaround:

Note: Prior to performing the workaround best practice dictates you first snapshot Aria Automation nodes.

The certificate stored for Aria operations Integration can be updated via a PATCH API call

1. Obtain the Integration ID and the Username from the UI by opening the respective Aria operations integration within the Aria Automation UI under Infrastructure -> Integrations


 

The Integration id portion of the url is everything after '%2F'

The integration id can also be validated in the web browsers developers tools:

 

2. Obtain a Bearer token following the article Generate an Access Token and Bearer Token in VMware Aria Automation for API Authentication

3.  Capture the new Aria operations certificate in PEM format by running the following command:

openssl s_client -connect <AriaoperationsFQDN>:443 2> /dev/null | openssl x509 | awk 'NF {sub(/\r/, "");  printf "%s\\n",$0;}'

replace <AriaoperationsFQDN> with the actual fully qualified domain name of the Aria operations.

4. Submit a PATCH call to url:

https://<Aria automation FQDN>/iaas/api/integrations/<Aria operations integration ID>?apiVersion=2021-07-15

with body:    

 {
         "privateKeyId": "username",
         "privateKey": "password",
         "certificateInfo": {
             "certificate": "certificate from step 3"
         }
     }

 

A 202 accepted status indicates a successful request:

Note: The issue is not specific to Aria operations Integrations and can affect other integrations types added to Aria Automation. The same resolution steps can be applied to update the certificate stored.

Scenario 2 : The account used for the Aria Automation and Aria Operations integration lacks the necessary privileges.

Ensure that the VMware Aria Automation user used for the Aria Operations integration has both organizational owner and Cloud Assembly administrator permissions.

Configuring VMware Aria Automation with VMware Aria Operations

 

Additional Information

If the account used for the Aria Automation and Aria Operations integration lacks the necessary privileges, Aria Automation Cloud Zone objects will not appear when accessing Aria Operations >> Operations >> Configurations >> Inventory Management.