Password/Credentials rotate operation in VMware SDDC Manager fails with 504 gateway timed out
Article ID: 323995
Updated On:
Products
VMware Cloud Foundation
Issue/Introduction
Symptoms:
- SDDC Manager UI shows "504 gateway timed out" error.
- The workflows fails in a large scale environment or an old deployments with large amount of historical credentials/password rotate operations.
- Attempting to retry the workflow also shows "504 gateway timed out."
Cause
The backend services take more than 60 seconds to fetch details of the FAILED task to provide RETRY option but since UI gateway at nginx is configured to wait only for 60 seconds so it sends back a timeout error message to the UI.
Resolution
To fix the issue in existing environments it's advised to increase the gateway timeout from 60 seconds to 900 seconds. This will allow the SDDC Manager UI to wait longer to complete the operation.
In the unlikely event the timeout error is still observed after making the below changes, the timeout value can be increased to an even larger value, for example 1200 seconds.
Please find below the workaround needed to be applied to nginx.conf file where we increase the timeout for credentials API's.
In the unlikely event the timeout error is still observed after making the below changes, the timeout value can be increased to an even larger value, for example 1200 seconds.
Please find below the workaround needed to be applied to nginx.conf file where we increase the timeout for credentials API's.
Steps to update nginx.conf File:
- Open a SSH session to the SDDC Manager VM and switch to the root user:
su -
- Using a text editior, open the nginx.conf file at following location /etc/nginx/nginx.conf.
- Search for the string "credentials" where the line matches the following:
location ~ ^/v1/(hosts|license-keys|credentials|certificate-authorities|skyline)":
- Modify the line from the following:
# operationsmanager v1 public APIs
location ~ ^/v1/(hosts|license-keys|credentials|certificate-authorities|skyline)(.*) {
}
Replacing with:
# operationsmanager v1 public APIs
location ~ ^/v1/(hosts|license-keys|credentials|certificate-authorities|skyline)(.*) {
proxy_read_timeout 900;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_pass http://127.0.0.1:7300/operationsmanager/v1/$1$2$is_args$args;
}
location ~ ^/v1/(hosts|license-keys|credentials|certificate-authorities|skyline)(.*) {
proxy_read_timeout 900;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_pass http://127.0.0.1:7300/operationsmanager/v1/$1$2$is_args$args;
}
For requests coming from the UI, re-configure the nginx.conf file specifically for UI server request.
Please find below steps:
- Search for the string ""location ~ /ui/.* {"" where the line matches the following.
- Add the entry to reflect the same as below:
location ^~ /ui/api/v1/credentials {
proxy_read_timeout 900;
proxy_connect_timeout 900;
proxy_send_timeout 900;
# UI server handles auth via PSC/SSO
proxy_pass http://127.0.0.1:7500;
}
proxy_read_timeout 900;
proxy_connect_timeout 900;
proxy_send_timeout 900;
# UI server handles auth via PSC/SSO
proxy_pass http://127.0.0.1:7500;
}
- Restart the nginx servce:
systemctl restart nginx.service
The timeout setting on the nodejs server service will also need to be increased from the default of 2 minutes.
- Open a SSH session to the SDDC Manager VM and switch to the root user:
su -
- Stop SDDC Manager UI service
systemctl stop sddc-manager-ui-app
- Update UI server connection timeout value by editing /opt/vmware/vcf/sddc-manager-ui-app/server/src/servers/sddcManagerServer/www.js file
- Search for the string "server.listen" in the file and Add line "server.timeout = 900000; " below.
- Save and exit the file.
- Start SDDC Manager UI service
systemctl start sddc-manager-ui-app
- Allow some time of the service to start, check the status by running:
systemctl status sddc-manager-ui-app
- At this time, the password workflow can be started.
Feedback
Yes
No
Powered by
