ERROR com. vmware. hybridity.nfvm. VnfUtils- Failed to query the TCA-CP Api POST:/hybridity/api//repositories/query
search cancel

ERROR com. vmware. hybridity.nfvm. VnfUtils- Failed to query the TCA-CP Api POST:/hybridity/api//repositories/query

book

Article ID: 371488

calendar_today

Updated On:

Products

VMware Telco Cloud Automation VMware Telco Cloud Platform

Issue/Introduction

  • Users notice that their K8S VIMs are Disconnected in TCA-M, or the status of the Workload Cluster is disconnected (indicated with a red dot) in TCA-CP Appliance Management portal (9443) or the Harbor is in initiated state.
  • The harbor connection status will be in Initiated state as shown in below snippet

  • Users can face "HttpStatus : 401 : unauthorized"  error while adding the addons (eg systemsettings)
  • TCA web.log will show below errors

2024-10-01 10:56:34.245 UTC [https-jsse-nio-127.0.0.1-8443-exec-5, Ent: HybridityAdmin, Usr: abc@example, TxId: ########-####-####-####-############] INFO c.v. vca.hybridity.util. NSPRestClient- Token last updated 14+ minutes ago, refreshing token ..
2024-10-01 10:56:34.316 UTC [https-jsse-nio-127.0.0.1-8443-exec-5, Ent: HybridityAdmin, Usr: abc@example, TxId: ########-####-####-####-############] WARN c
c.v.vca. hybridity. util. NSPRestClient- Login to cloud https://<TCACP FQDN> failed, with status 401:
Usr: abc@example, TxId: ########-####-####-####-############] ERROR com. vmware. hybridity.nfvm. VnfUtils- Failed to query the TCA-CP Api POST:/hybridity/api//repositories/query.
java. lang.SecurityException: Login to cloud https://<TCACP FQDN> failed, with status 401:
2024-10-01 10:56:40.296 UTC [https-jsse-nio-127.0.0.1-8443-exec-8, Ent: HybridityAdmin, Usr: abc@example, TxId: ########-####-####-####-############] WARN c.v.vca.hybridity.util.NSPRestClient- Login to cloud https://<TCACP FQDN> failed, with status 401:
Note: It's not always necessary that the TCA UI show disconnected when there is an issue with kubeconfig. Please check the logs to verify the authentication errors

 

Environment

TCA: 3.3.0.1

TCP: 5.0.2

Cause

Starting from TCA 2.3, TCA supports automatic certificate renewal for both management cluster and v2 workload clusters.

In certain cases, the certificates are renewed, but these are not synced to the TCA appliances. In such scenarios, users would notice that the relevant K8S VIM is Disconnected in TCA-M, or the status of this Cluster might be disconnected (indicated with a red dot) in TCA-CP Appliance Management portal (9443).

In such cases, it is required to manually update the Cluster certificates and / or kubeconfig stored in TCA database.

There are 2 parts to updating the CaaS Cluster certificates:

  1. Updating the Cluster certificate within the Cluster itself.  See KB Manually renew cluster certificates
  2. Updating the references of new Cluster Certificates within TCA-M and TCA-CP.  See below.

 

Resolution

Resolved in TCA 3.3.0.1
Powered by Wolken Software