How To Update Harbor Certificates In TCA & TCA Deployed Clusters After Renewing Them In Harbor
Article ID: 322045
Updated On:
Products
VMware
VMware Telco Cloud Automation
Issue/Introduction
CNF lifecycle management operations might fail for CaaS Workload Clusters which are configured with a Harbor whose certificate has expired. To resolve this, the following procedure details the steps required to renew the Harbor certificates within VMware Telco Cloud Automation.
These steps do not include the process for renewing the Harbor certificate itself which is outside of the scope of this document and should be managed as a separate operation on the Harbor environment.
These steps do not include the process for renewing the Harbor certificate itself which is outside of the scope of this document and should be managed as a separate operation on the Harbor environment.
Environment
VMware Telco Cloud Automation 2.3
VMware Telco Cloud Automation 2.2
VMware Telco Cloud Automation 2.1
VMware Telco Cloud Automation 2.1.1
VMware Telco Cloud Automation 2.2
VMware Telco Cloud Automation 2.1
VMware Telco Cloud Automation 2.1.1
Resolution
These steps are applicable only to v2 clusters.
The Harbor Addon should be deleted and re-added to all the clusters which are registered with the affected Harbor.
Until this procedure is completed, CNF LCM operation should not be performed.
Either of the following procedures can be applied.
Procedure 1
1. Log in to the TCA Manager.
2. Navigate to the 'CaaS Infrastructure' tab in the left navigation panel.
3. Select the cluster to which the Harbor whose certificate expired is attached (hereafter termed as affected Harbor). Click on the CaaS cluster, then go to the 'Addons' tab
4. Choose the 'Harbor Addon' and delete it.
5. Wait for the deletion task to complete.
6. Repeat the same steps on all clusters where the affected Harbor is added.
7. Access the partner system and check the affected Harbor is now in an 'Initiated' state.
8. User should renew the cert on the affected harbor before going to next step.
9. Associate all the VIMs that were previously using the same Harbor.
Procedure 2
High level steps:
• Remove the affected Harbor addon from a single Workload Cluster
• Re-add Harbor addon to the above Workload Cluster
• Repeat steps above for every Workload Cluster which was connected to the affected Harbor
1. Log in to the TCA Manager.
2. Navigate to the "CaaS Infrastructure" tab in the left navigation panel.
3. Select the cluster to which the Harbor whose certificate expired is attached (hereafter termed as affected Harbor). Click on the CaaS cluster, then go to the 'Addons' tab.
4. Choose the 'Harbor Addon' and delete it.
5. Wait for the deletion task to complete.
6. Click on 'Deploy Addon'.
7. Select the Harbor addon and select the Harbor from the Registered Partner Systems.
8. Deploy this addon.
9. Wait for the addon configuration task to complete.
10. Repeat the same steps on all clusters where the affected Harbor is added.
The Harbor Addon should be deleted and re-added to all the clusters which are registered with the affected Harbor.
Until this procedure is completed, CNF LCM operation should not be performed.
Either of the following procedures can be applied.
Procedure 1
1. Log in to the TCA Manager.
2. Navigate to the 'CaaS Infrastructure' tab in the left navigation panel.
3. Select the cluster to which the Harbor whose certificate expired is attached (hereafter termed as affected Harbor). Click on the CaaS cluster, then go to the 'Addons' tab
4. Choose the 'Harbor Addon' and delete it.
5. Wait for the deletion task to complete.
6. Repeat the same steps on all clusters where the affected Harbor is added.
7. Access the partner system and check the affected Harbor is now in an 'Initiated' state.
8. User should renew the cert on the affected harbor before going to next step.
9. Associate all the VIMs that were previously using the same Harbor.
Procedure 2
High level steps:
• Remove the affected Harbor addon from a single Workload Cluster
• Re-add Harbor addon to the above Workload Cluster
• Repeat steps above for every Workload Cluster which was connected to the affected Harbor
1. Log in to the TCA Manager.
2. Navigate to the "CaaS Infrastructure" tab in the left navigation panel.
3. Select the cluster to which the Harbor whose certificate expired is attached (hereafter termed as affected Harbor). Click on the CaaS cluster, then go to the 'Addons' tab.
4. Choose the 'Harbor Addon' and delete it.
5. Wait for the deletion task to complete.
6. Click on 'Deploy Addon'.
7. Select the Harbor addon and select the Harbor from the Registered Partner Systems.
8. Deploy this addon.
9. Wait for the addon configuration task to complete.
10. Repeat the same steps on all clusters where the affected Harbor is added.
Additional Information
Impact/Risks:
Impacts VMware Telco Cloud Automation 2.1, 2.1.1, 2.2 and 2.3.
Impacts VMware Telco Cloud Automation 2.1, 2.1.1, 2.2 and 2.3.
Feedback
Yes
No
Powered by
