Unable to connect VMware Cloud Director to Aria Operations for Logs using Log Ingestion feature
search cancel

Unable to connect VMware Cloud Director to Aria Operations for Logs using Log Ingestion feature

book

Article ID: 383406

calendar_today

Updated On:

Products

VMware Cloud Director VMware Aria Suite

Issue/Introduction

  • When trying to  try to configure Aria Operations for Logs in VMware Cloud Director the page keeps loading and the configuration is not successful as per below screenshot:



  • The task does not fail and no error is generated.

 

 

Environment

  • VMware Cloud Director 10.6
  • VMware Aria Operations for Logs 8.18.0

Cause

The default self signed certificate used by Aria Operations for Logs does not contain SAN details which is required by Cloud Director for this integration.

Resolution

If possible, request a CA signed certificate from your certificate authority which contains the DNS information for all Aria Operations for Logs nodes in its SAN details.

Please see Install a Custom SSL Certificate for further details.

If it is not possible to obtain a CA signed certificate from a certificate authority, follow the Workaround below to generate a new self signed certificate:

 

Workaround:

  1. SSH to the primary Aria Operations for Logs node.
    Edit the details of one of the following commands depending on your cluster configuration and run:

    Single Node cluster example: 

    (Replace <Primary_Node_FQDN>, <Primary_Node_shortName>, <Primary_Node_IP_address>):

    openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
      -keyout aofl.key -out aofl.crt -subj "/CN=<Primary_Node_FQDN>" \
      -addext "subjectAltName=DNS:<Primary_Node_FQDN>,DNS:<Primary_Node_shortName>,IP:<Primary_Node_IP_address>"


    Multi-node cluster example:

    Replacing <Primary_Node_FQDN>, <Primary_Node_shortName>, <Primary_Node_IP_address>, <Worker1_FQDN>, <Worker1_shortName>, <Worker1_IP_address>:

    Note: You will need to repeat the syntax on the -addext line to add additional nodes information depending on how the cluster is configured.

    openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
      -keyout aofl.key -out aofl.crt -subj "/CN=<Primary_Node_fqdn>" \
      -addext "subjectAltName=DNS:<Primary_Node_FQDN>,DNS:<Primary_Node_shortName>,IP:<Primary_Node_IP_address>,DNS:<Worker1_FQDN>,DNS:<Worker1_shortName>,IP:<Worker1_IP_address>"

  2. Running the previous commands will output 2 files (aofl.key, aofl.crt), combine these files using the following command:

    cat aofl.key aofl.crt > multi_part.pem

  3. Upload multi_part.pem to Aria Operations for Logs as per Upload Signed Certificate
  4. With the new cert now in place, the Log Ingestion integration from Cloud Director to Aria Operations Logs will now work as expected.

Additional Information

 

 

 

 

Powered by Wolken Software