Application Services deployments fails in vRealize Automation 7.0
search cancel

Application Services deployments fails in vRealize Automation 7.0

book

Article ID: 336938

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

The article provides information to restore vRealize Automation application Services functionality in an upgraded VMware vRealize Automation 7 environment where the issue arise.

Symptoms:
  • Application Services deployments fail in a recently upgraded vRealize Automation 7.0 environment.

  • In the /opt/vmware-appdirector/agent/logs/agent_bootstrap.log file of the deployed virtual machine, you see entries similar to:
Exception in thread "main" org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'agentKeystoreInitializer' defined in URL [jar:file:/C:/opt/vmware-appdirector/agent/nobel-agent.jar!/META-INF/spring/agent/ssl-httpclient-context.xml]: Invocation of init method failed; nested exception is org.springframework.web.client.HttpClientErrorException: 400 Bad Request


Environment

VMware vRealize Automation 7.0.x

Cause

This issue occurs when the rabbitmq_ca cert is not imported and a property is missing from /etc/vcac/security.properties file.

During the virtual machine provisioning, the agent on the deployed virtual machine tries to register itself with the vRealize Automation server. vRealize Automation server fetches the key rabbitmq_ca. The authentication fails as the rabbitmq_ca is missing from the configuration file and the keystore. The vRealize Automation server fails to connect and eventually the provisioning fails.

Resolution

To resolve this issue, import the rabbitmq_ca cert file and add it to the security.properties file:

  1. Connect to vRealize Automation appliance using SSH.

  2. Import the rabbitmq_ca cert by running the command.

    $ openssl pkcs12 -export -name rabbitmq_ca -in /etc/rabbitmq/certs/ca/cacert.pem -inkey /etc/rabbitmq/certs/ca/private/cakey.pem -out /tmp/rabbitmq_keystore.p12 -password pass:password
    $ keytool -importkeystore -destkeystore /etc/vcac/vcac.keystore -deststorepass password -srckeystore /tmp/rabbitmq_keystore.p12 -srcstoretype pkcs12 -srcstorepass password -alias rabbitmq_ca
  3. To add a property to configuration file, add rabbitmq_ca configuration to /etc/vcac/security.properties by running the command:

    $ grep -q certificate.store.ssl.rabbit.ca.alias=rabbitmq_ca /etc/vcac/security.properties || echo 'certificate.store.ssl.rabbit.ca.alias=rabbitmq_ca' >> /etc/vcac/security.properties


    Note: Take a back up of properties file: /etc/vcac/security.properties before making changes to configuration file.

  4. Restart the vRA server service by running the commands:

    $ service vcac-server stop
    $ service vcac-server start


Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box

Powered by Wolken Software