FIPS-enabled deployment issue with vracli vro register and unregister commands
Article ID: 326100
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
In FIPS enabled deployment, vracli vro register/unregister commands fail with the following exceptions:
In FIPS enabled deployment, vracli vro register/unregister commands fail with the following exceptions:
java.security.NoSuchAlgorithmException: SSL SSLContext not available.Environment
VMware vRealize Automation 8.x
VMware vRealize Orchestrator 8.x
VMware vRealize Orchestrator 8.x
Cause
vracli vro vcoin commands do not properly work with FIPS enabled properties.
Resolution
This issue is resolved in Aria Orchestrator 8.12 and above.
Workaround:
Workaround:
Prerequisites
- Please take simultaneous non-memory snapshots of each virtual appliance(s) in the cluster.
- You have access to vSphere administrator user and password.
- You have SSH or console access to each virtual appliance.
Procedure: Register the vCOIN extension in vCenter server through the vCenter MOB endpoint
- Connect to the vCenter Managed Object Browser (MOB) on address https://vCenter-hostname/mob/ and authenticate with the administrator account.
- Select serviceContent > ExtensionManager.
- Select RegisterExtension.
- Delete the default body of the request and paste the below content, after replacing the variable values (vRO-Hostname and vRO SHA-1 thumbprint where the thumbprint is in AB:CD:12:34... format)
<extension> <description> <label>VMware vRealize Orchestrator Plugin</label> <summary>VMware vRealize Orchestrator Plugin for vSphere Web Client</summary> </description> <key>com.vmware.o11n.vcoin.next</key> <company>VMware, Inc.</company> <version>1.0.0</version> <server> <url>https://vRO-Hostname/vcoin/plugin.json</url> <description> <label>VMware vRealize Orchestrator Plugin</label> <summary>VMware vRealize Orchestrator Plugin for vSphere Web Client</summary> </description> <company>VMware, Inc.</company> <type>MANIFEST_SERVER</type> <adminEmail>[email protected]</adminEmail> <serverThumbprint>vRO SHA-1 thumbprint</serverThumbprint> </server> <client> <version>1.0.0</version> <description> <label>VMware vRealize Orchestrator Plugin</label> <summary>VMware vRealize Orchestrator Plugin for vSphere Web Client</summary> </description> <company>VMware, Inc.</company> <type>vsphere-client-remote</type> <url>https://vRO-Hostname/vcoin/plugin.json</url> </client> <lastHeartbeatTime>1970-01-01T00:00:00Z</lastHeartbeatTime> </extension> - Invoke the action.
- Create an extension record in the vCOIN database:
- Create a new SSH session to the vRO appliance.
- Connect to the vRO database:
vracli dev psql vco-db - Insert a record for the extension registration using the provided insert statement, replacing unique-id, vCenter-hostname, and vCenter-guid with appropriate values:
insert into vmo_vcoinextensionrecord values('unique-id', 'vCenter-hostname', 'vCenter-guid');
Replace the following placeholders:
unique-id: Any unique string for the table (e.g., 'id-123456').vCenter-hostname: The hostname for the vCenter (e.g., 'vcenter-test.eng.vmware.com').vCenter-guid: The GUID of the vCenter (e.g., '03426901-6216-4c81-8a3a-0e01f0bad9fb').
Procedure: Finding the vCenter GUID
- Log into the vCenter Web Client.
- Go to the Inventory.
- Select the top element - the vCenter host.
- The GUID will be the value in the address bar after urn:vmomi:Folder:group-d1:. For example, urn:vmomi:Folder:group-d1:03426901-6216-4c81-8a3a-0e01f0bad9fb.
Additional Information
Feedback
Yes
No
Powered by
