Symptoms:

• After following Add a Worker Node to a VMware Aria Operations for Logs Cluster, the worker node will join, but fail to start.

VMware Aria Operations for Logs 8.12.x

Due to the certificate expiration and remediation in VMware Aria Operations for Logs (formerly known as vRealize Log Insight) versions prior to 8.12, additional steps are required to expand the existing clusters that have completed the certificate remediation or upgraded to VMware Aria Operations for Logs 8.12.

To resolve the issue, complete the steps below to apply the certificate to the new worker node depending on the version you're on.
See VMware Aria Operations for Logs 8.12 for VMware Aria Operations for Logs 8.12, or vRealize Log Insight 8.10.x or Below for versions 8.10.x or below.

Quick Links:

• VMware Aria Operations for Logs 8.12
  • Download Required 8.12 Certificate
  • Install Certificate on 8.12 Worker Node
• vRealize Log Insight 8.10.x or Below
  • Download Required Certificate
  • Install Certificate on Worker Node

 

VMware Aria Operations for Logs 8.12

This issue was resolved in the latest patched release of VMware Aria Operations for Logs 8.12 released 05/01/2023  (Displayed date 04/20/2023), build number 21696970 available at VMware Downloads.
If you are running on the original VMware Aria Operations for Logs 8.12 release (21618456) it is recommended to upgrade to the newly released 8.12 build.
If you are unable to upgrade to the latest patched release of VMware Aria Operations for Logs 8.12, you can instead use the resolution below.

Quick Links:

• Download Required 8.12 Certificate
• Install Certificate on 8.12 Worker Node

 

Download Required 8.12 Certificate

1. Download the extract_cert.tar file attached to this article form the Attachments section on the right.
2. Using an SCP utility like WinSCP, copy the extract_cert.tar file to the /tmp directory on the Primary node.
3. Log into the Primary node as root via SSH or Console.
4. Run the following command to change to the /tmp directory:

5. Run the following command to extract the script from extract_cert.tar:

6. Run the following command to update the permissions of the script:

7. Run the following command to run the extrct_cert.sh script:

Note: The script will create custom.pem in the /tmp folder.  You should see output similar to:

 

Install Certificate on 8.12 Worker Node

1. Using an SCP utility like WinSCP, copy the /tmp/custom.pem file from the Primary node to the /usr/lib/loginsight/application/etc/certs directory on the new Worker node.
2. Log into the new Worker node as root via SSH or Console.
3. Run the following command to stop loginsight service:

4. Run following command to apply the custom.pem certificate to the new Worker node:

5. Run the following command to start loginsight service:

vRealize Log Insight 8.10.x or Below

• Download Required Certificate
• Install Certificate on Worker Node

Download Required Certificate

1. Download the extract_cert.tar file attached to this article form the Attachments section on the right.
2. Using an SCP utility like WinSCP, copy the extract_cert.tar file to the /tmp directory on the Primary node.
3. Log into the Primary node as root via SSH or Console.
4. Run the following command to change to the /tmp directory:

5. Run the following command to extract the script from extract_cert.tar:

6. Run the following command to update the permissions of the script:

7. Run the following command to run the extrct_cert.sh script:

Note: The script will create custom.pem in the /tmp folder.  You should see output similar to:

 

Install Certificate on Worker Node

1. Using an SCP utility like WinSCP, copy the /tmp/custom.pem file from the Primary node to the /usr/lib/loginsight/application/etc/certs directory on the new Worker node.
2. Follow the Install Certificate steps in Replace expired internal certificate in vRealize Log Insight (92080) to install the certificate on the new Worker node.