Unable to connect VMware Cloud Director to Aria Operations for Logs using Log Ingestion feature

search cancel

Unable to connect VMware Cloud Director to Aria Operations for Logs using Log Ingestion feature

book

Article ID: 383406

calendar_today

Updated On:

Products

VMware Cloud Director VMware Aria Suite

Issue/Introduction

When trying to configure Aria Operations for Logs in VMware Cloud Director the page keeps loading and the configuration is not successful as per below screenshot:
Or the task gets stuck and after a few minutes you see Error: 'Connection could not be established to Aria Operations for logs. Certificates have not been trusted.'

Environment

VMware Cloud Director 10.6
VMware Aria Operations for Logs 8.18.x

Cause

The default self signed certificate used by Aria Operations for Logs does not contain SAN details which is required by Cloud Director for this integration.

Resolution

If possible, request a CA signed certificate from your certificate authority which contains the DNS information for all Aria Operations for Logs nodes in its SAN details.

Please see Install a Custom SSL Certificate for further details.

If it is not possible to obtain a CA signed certificate from a certificate authority, follow the Workaround below to generate a new self signed certificate:

Workaround:

Take a snapshots of each node in the Aria Operations for Logs cluster as per How to take a Snapshot of VMware Aria Operations for Logs
SSH to the primary Aria Operations for Logs node as the root user.
Ensure that you are in the /root directory by running the following command:

cd /root

Note: Ensure that you do not change directories between running steps 4 and 5
Edit the details of one of the following commands depending on your cluster configuration and run:

Single Node cluster example:

(Replace <Primary_Node_FQDN>, <Primary_Node_shortName>, <Primary_Node_IP_address>)

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-keyout aofl.key -out aofl.crt -subj "/CN=<Primary_Node_FQDN>" \
-addext "subjectAltName=DNS:<Primary_Node_FQDN>,DNS:<Primary_Node_shortName>,IP:<Primary_Node_IP_address>"

Multi-node cluster example:

(Replace <Primary_Node_FQDN>, <Primary_Node_shortName>, <Primary_Node_IP_address>, <Worker1_FQDN>, <Worker1_shortName>, <Worker1_IP_address>)

Note: You will need to repeat the syntax on the -addext line to add additional nodes information depending on how many nodes are in the cluster.

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-keyout aofl.key -out aofl.crt -subj "/CN=<Primary_Node_fqdn>" \
-addext "subjectAltName=DNS:<Primary_Node_FQDN>,DNS:<Primary_Node_shortName>,IP:<Primary_Node_IP_address>,DNS:<Worker1_FQDN>,DNS:<Worker1_shortName>,IP:<Worker1_IP_address>"
Running the previous commands will output 2 files (aofl.key, aofl.crt), combine these files using the following command:

cat aofl.key aofl.crt > multi_part.pem
Upload multi_part.pem to Aria Operations for Logs as per Upload Signed Certificate

With the new cert now in place, the Log Ingestion integration from Cloud Director to Aria Operations Logs will now work as expected.

Feedback

thumb_up Yes

thumb_down No