FIPS-enabled deployment issue with vracli vro register and unregister commands
search cancel

FIPS-enabled deployment issue with vracli vro register and unregister commands

book

Article ID: 326100

calendar_today

Updated On: 04-14-2023

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
In FIPS enabled deployment, vracli vro register/unregister commands fail with the following exceptions: 
java.security.NoSuchAlgorithmException: SSL SSLContext not available.


Environment

VMware vRealize Automation 8.x
VMware vRealize Orchestrator 8.x

Cause

vracli vro vcoin commands do not properly work with FIPS enabled properties.

Resolution

This issue is resolved in Aria Orchestrator 8.12 and above.

Workaround:

Prerequisites

  • Please take simultaneous non-memory snapshots of each virtual appliance(s) in the cluster.
  • You have access to vSphere administrator user and password.
  • You have SSH or console access to each virtual appliance.

Procedure: Register the vCOIN extension in vCenter server through the vCenter MOB endpoint

  1. Connect to the vCenter Managed Object Browser (MOB) on address https://vCenter-hostname/mob/ and authenticate with the administrator account.
  2. Select serviceContentExtensionManager.
  3. Select RegisterExtension.
  4. Delete the default body of the request and paste the below content, after replacing the variable values (vRO-Hostname and vRO SHA-1 thumbprint where the thumbprint is in AB:CD:12:34... format) 
    <extension>
  <description>
    <label>VMware vRealize Orchestrator Plugin</label>
    <summary>VMware vRealize Orchestrator Plugin for vSphere Web Client</summary>
  </description>
  <key>com.vmware.o11n.vcoin.next</key>
  <company>VMware, Inc.</company>
  <version>1.0.0</version>
  <server>
    <url>https://vRO-Hostname/vcoin/plugin.json</url>
    <description>
      <label>VMware vRealize Orchestrator Plugin</label>
      <summary>VMware vRealize Orchestrator Plugin for vSphere Web Client</summary>
    </description>
    <company>VMware, Inc.</company>
    <type>MANIFEST_SERVER</type>
    <adminEmail>noreply@vmware.com</adminEmail>
    <serverThumbprint>vRO SHA-1 thumbprint</serverThumbprint>
  </server>
  <client>
    <version>1.0.0</version>
    <description>
      <label>VMware vRealize Orchestrator Plugin</label>
      <summary>VMware vRealize Orchestrator Plugin for vSphere Web Client</summary>
    </description>
    <company>VMware, Inc.</company>
    <type>vsphere-client-remote</type>
    <url>https://vRO-Hostname/vcoin/plugin.json</url>
  </client>
  <lastHeartbeatTime>1970-01-01T00:00:00Z</lastHeartbeatTime>
</extension>
  5. Invoke the action.
  6. Create an extension record in the vCOIN database:
    1. Create a new SSH session to the vRO appliance.
    2. Connect to the vRO database: 
      vracli dev psql vco-db
    3. Insert a record for the extension registration using the provided insert statement, replacing unique-id, vCenter-hostname, and vCenter-guid with appropriate values: 
      insert into vmo_vcoinextensionrecord values('unique-id', 'vCenter-hostname', 'vCenter-guid');

Replace the following placeholders:

  • unique-id: Any unique string for the table (e.g., 'id-123456').
  • vCenter-hostname: The hostname for the vCenter (e.g., 'vcenter-test.eng.vmware.com').
  • vCenter-guid: The GUID of the vCenter (e.g., '03426901-6216-4c81-8a3a-0e01f0bad9fb').

Procedure: Finding the vCenter GUID

  1. Log into the vCenter Web Client.
  2. Go to the Inventory.
  3. Select the top element - the vCenter host.
  4. The GUID will be the value in the address bar after urn:vmomi:Folder:group-d1:. For example, urn:vmomi:Folder:group-d1:03426901-6216-4c81-8a3a-0e01f0bad9fb.


Additional Information

Impact/Risks:
You are unable to register/unregister vCOIN plugin extension with vCenter.

Powered by Wolken Software