AWS dashboards shows no data even though the adapter collection shows "data receiving"
search cancel

AWS dashboards shows no data even though the adapter collection shows "data receiving"

book

Article ID: 319595

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • The /storage/vcops/log/adapters/AmazonAWSAdapter/AmazonAWSAdapter_ID.log shows errors similar to:
2018-01-22 09:58:41,686 DEBUG [Collector worker thread 6] (2816) com.vmware.adapter3.amazonaws.AWSELBManager.refreshResources - Exception while refreshing Auto Scaling Groups resources:
java.util.concurrent.ExecutionException: com.amazonaws.AmazonClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
          at java.util.concurrent.FutureTask.report(FutureTask.java:122)
          at java.util.concurrent.FutureTask.get(FutureTask.java:206)
          at com.vmware.adapter3.amazonaws.AWSELBManager.refreshResources(AWSELBManager.java:133)
          at com.vmware.adapter3.amazonaws.AmazonAWSAdapter.refreshInventory(AmazonAWSAdapter.java:273)
          at com.vmware.adapter3.amazonaws.AmazonAWSAdapter.onCollect(AmazonAWSAdapter.java:887)
          at com.integrien.alive.common.adapter3.AdapterBase.collectBase(AdapterBase.java:717)
          at com.integrien.alive.common.adapter3.AdapterBase.collect(AdapterBase.java:503)
          at com.integrien.alive.collector.CollectorWorkItem3.run(CollectorWorkItem3.java:46)
          at com.integrien.alive.common.util.ThreadPool$WorkerItem.run(ThreadPool.java:253)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
          at java.lang.Thread.run(Thread.java:748)
Caused by: com.amazonaws.AmazonClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
          at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:471)
          at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:295)
          at com.amazonaws.services.elasticloadbalancing.AmazonElasticLoadBalancingClient.invoke(AmazonElasticLoadBalancingClient.java:2019)
          at com.amazonaws.services.elasticloadbalancing.AmazonElasticLoadBalancingClient.describeLoadBalancers(AmazonElasticLoadBalancingClient.java:1885)
          at com.amazonaws.services.elasticloadbalancing.AmazonElasticLoadBalancingAsyncClient$55.call(AmazonElasticLoadBalancingAsyncClient.java:3032)
          at com.amazonaws.services.elasticloadbalancing.AmazonElasticLoadBalancingAsyncClient$55.call(AmazonElasticLoadBalancingAsyncClient.java:3030)
          at java.util.concurrent.FutureTask.run(FutureTask.java:266)
          ... 3 more


Environment

VMware vRealize Operations Manager 6.x

Cause

This issue occurs because Amazon has recently changed their SSL Root Certificates.

Resolution

This issue is resolved in an upcoming release of the Management Pack for AWS for vRealize Operations Manager 6.x.

To resolve this issue, add the AWS root certificates to the vRealize Operations Manager 6.x trust store:
  1. Download the attached 52482_aws_import_certs.tar.gz tar file.
  2. Copy the 52482_aws_import_certs.tar.gz tar file to /tmp of the vRealize Operations Manager Primary node.
  3. Log into the Primary node as root via SSH or Console.
  4. Change to the /tmp directory:
cd /tmp
  1. Extract the 52482_aws_import_certs.tar.gz tar file:
tar -zxvf 52482_aws_import_certs.tar.gz
  1. Change to the /tmp/aws_import_certs directory:
cd /tmp/aws_import_certs
  1. Execute the script to install the AWS root certificates to the vRealize Operations Manager 6.x trust store:
​./import_aws_certs.py

Note: This script will restart the collector service on the vRealize Operations Manager node.
  1. Repeat steps 2-7 on all other nodes in the cluster.


Additional Information

The above steps only need to be run on vRealize Operations Manager nodes that have, or will have, an active Management Pack for AWS adapter instance running on it.
When the adapter instance's node is not specified in the Solution configuration, the adapter can move to another node.  To avoid a drop in collections, it's recommended to apply the above steps on all vRealize Operations Manager nodes.

Attachments

52482_aws_import_certs.tar.gz get_app
Powered by Wolken Software