vmware-rbd-watchdog service fails to start with "Could not retrieve certificate and key for service: vpxd-extension"
search cancel

vmware-rbd-watchdog service fails to start with "Could not retrieve certificate and key for service: vpxd-extension"

book

Article ID: 343743

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

  • When we start the vmware-rbd-watchdog service, it will immediately fail with the following error in the logs.
  • In rbd-syslog.log, You see entries similar to:

BadStatusLine: ''
YYYY-MM-DDTHH:MM:SS.Z+00:00 err rbd  [49##4]logutil:ERROR:IOLogger :
YYYY-MM-DDTHH:MM:SS.Z+00:00 warning rbd  [4##5]rbd_watchdog_linux:WARNING:daemon rbd-cgi with pid 4##4 did not respond to signal 2
YYYY-MM-DDTHH:MM:SS.Z+00:00 err rbd  [24##7]vmcacertutil:ERROR:Could not retrieve certificate and key for service: vpxd-extension
rc: 0
out: Error Code : 5

err: Operation Failed: unidentifiable C++ exception
YYYY-MM-DDTHH:MM:SS.Z+00:00 err rbd  [24##7]rbd_watchdog_linux:ERROR:Unable to get client side certificate and key
Traceback (most recent call last):
  File "/build/mts/release/bora-11347054/bora/build/vcenter/release/pylib/rbd_watchdog_linux.py", line 256, in main
  File "/build/mts/release/bora-11347054/bora/install/vmvisor/autodeploy/site-packages/vmware/rbd/utils/vmcacertutil.py", line 166, in getClientCertAndKey
Exception: 0:Error Code : 5
:Operation Failed: unidentifiable C++ exception
YYYY-MM-DDTHH:MM:SS.Z+00:00 err rbd  [38##1]vmcacertutil:ERROR:Could not retrieve certificate and key for service: vpxd-extension
rc: 0
out: Error Code : 5

 

  • In vmafdd-syslog.log, you see entries similar to:

YYYY-MM-DDTHH:MM:SS.Z+00:00 err vmafdd  t@139#######544: [Error - 5, ../../../server/vmafd/authutil.c:1055]
YYYY-MM-DDTHH:MM:SS.Z+00:00 err vmafdd  t@139#######544: [Error - 5, ../../../server/vmafd/authutil.c:356]
YYYY-MM-DDTHH:MM:SS.Z+00:00 err vmafdd  t@139#######544: [Error - 5, ../../../server/vmafd/ipclocalapi.c:868]
YYYY-MM-DDTHH:MM:SS.Z+00:00 err vmafdd  t@139#######544: ERROR! VecsIpcGetEntryByAlias failed. Exiting with error : [5]
YYYY-MM-DDTHH:MM:SS.Z+00:00 err vmafdd  t@139#######544: [Error - 5, ../../../server/vmafd/authutil.c:1055]
YYYY-MM-DDTHH:MM:SS.Z+00:00 err vmafdd  t@139#######544: [Error - 5, ../../../server/vmafd/authutil.c:356]
YYYY-MM-DDTHH:MM:SS.Z+00:00 err vmafdd  t@139#######544: [Error - 5, ../../../server/vmafd/ipclocalapi.c:868]
YYYY-MM-DDTHH:MM:SS.Z+00:00 err vmafdd  t@139#######544: ERROR! VecsIpcGetEntryByAlias failed. Exiting with error : [5]


 
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.



Environment

VMware vCenter Server Appliance 6.7.x
VMware vCenter Server 6.5.x
VMware vCenter Server 6.7.x
VMware vCenter Server Appliance 6.5.x

Resolution

To solve this issue add read permission for "deploy" user on vpxd-extension store:

  1. To add the permission  : 
/usr/lib/vmware-vmafd/bin/vecs-cli store permission --name vpxd-extension --user deploy --grant read
  1. To check permission run the below command 
/usr/lib/vmware-vmafd/bin/vecs-cli store get-permissions --name vpxd-extension --server localhost --upn [email protected]
 
Example output : 
 
PERMISSIONS FOR STORE: [vpxd-extension]
OWNER : root
USER            ACCESS
deploy             read
updatemgr       read
vsphere-ui        read
vpxd                 read
vsphere-client  read
vsm                  read
imagebuilder    read
content-library read
eam                 read
mbcs               read



Powered by Wolken Software