"Unable to find the ovf environment" error when renewing self-signed certificates for VMware Cloud Director cells
search cancel

"Unable to find the ovf environment" error when renewing self-signed certificates for VMware Cloud Director cells

book

Article ID: 325571

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

Symptoms:
  • Regenerating a self-signed certificate fails with the following error:

ERROR: OpenSSL encountered an error creating vcd_ova key.

  • Running the ovfenv command on the Cloud Director cells fails with the following error:

Unable to find the ovf environment

 


Environment

VMware Cloud Director 10.x

Cause

This is a known issue which can affect all versions of Cloud Director if vApp Options are disabled on the cells in vCenter.

Resolution

Cloud Director cells use vApp Options to store configuration parameters set during deployment from OVA and vApp Options should never be disabled on the cell VMs in vCenter.

Workaround:

To workaround this issue we need to have a primary cell with vApp Options enabled as per the example below:

image.png
 

  1. If one of the standby cell VMs has vApp Options enabled with the correct ovf environment variables populated then it can be promted to be the new primary. This new primary replaces the existing old primary cell which has vApp Options disabled.
  2. To promote the standby cell to be the new primary follow the Cloud Director documentation, Switch the Roles of the Primary and a Standby Cell in a Database High Availability Cluster.
  3. After promoting a new primary, the old primary cell should now have the standby role. This old primary can then be unregistered as per the Cloud Director documentation, Unregister a Running Standby Cell in a Database High Availability Cluster.
Note: For the primary node to function normally, at least one standby node must always be running.
  1. After unregistering the old primary node it can be re-added as a new standby cell as per the Cloud Director documentation, Configure Your VMware Cloud Director Standby and Application Cells.
  2. The operation to renew the self-signed certificates can then be retried once it has been confirmed that the cell VMs now have vApp Options enabled and populated in vCenter.

Note: If the Cloud Director deployment has only one cell or none of the standby cells have vApp Options enabled with the correct ovf environment variables populated then Cloud Director will need to be backed up and restored to new cells.
  1. Take a backup of the Cloud Director cell as per the Cloud Director documentation, Back Up the Embedded Database of the VMware Cloud Director Appliance.
  2. Power off, but do not delete, the existing primary and standby cell VMs and rename them if desired.
  3. Deploy a new primary cell and restore Cloud Director as per the Cloud Director documentation, Restore the Primary VMware Cloud Director Appliance. The new primary cell will have its vApp Options enabled after being deployed.
  4. After restoring Cloud Director cell additional standby cells can be added as per the Cloud Director documentation, Configure Your VMware Cloud Director Standby and Application Cells.
  5. The operation to renew the self-signed certificates can then be retried once it has been confirmed that the cell VMs now have vApp Options enabled and populated in vCenter.
  6. Clean up any remaining old powered off cells as desired once Cloud Director has been confirmed to be operating correctly.


Additional Information

Renew Your VMware Cloud Director Appliance Certificates

Impact/Risks:
Warning: A snapshot of the primary cell VM and a backup of the Cloud Director database must be taken before attempting to make any changes to it directly, Back Up the Embedded Database of the VMware Cloud Director Appliance.

Powered by Wolken Software