vSAN Health Service does not start due incorrect configuration

Products

VMware vCenter Server 8.0

Issue/Introduction

The vSAN health service will not start in an environment where VCHA is enabled
When attempting to start the vmware-vsan-health service, it fails with the following:

service-control --start vmware-vsan-health
Operation not cancellable. Please wait for it to finish...
Performing start operation on service vsan-health...
Error executing start on service vsan-health. Details {
"detail": [
{
"id": "install.ciscommon.service.failstart",
"translatable": "An error occurred while starting service '%(0)s'",
"args": [
"vsan-health"
],
"localized": "An error occurred while starting service 'vsan-health'"
}
],
"componentKey": null,
"problemId": null,
"resolution": null
}
Service-control failed. Error: {
"detail": [
{
"id": "install.ciscommon.service.failstart",
"translatable": "An error occurred while starting service '%(0)s'",
"args": [
"vsan-health"
],
"localized": "An error occurred while starting service 'vsan-health'"
}
],
"componentKey": null,
"problemId": null,
"resolution": null
}

Environment

VMware vCenter Server 8.0

VCHA enabled

Cause

The user "vsanhealth" within the /storage/db/vpostgres/pg_hba.conf file is missing.

Resolution

Edit the pg_hba.conf file to include the missing vsanhealth user.

SSH to the vCenter via root
Backup the pg_hba.conf file

cp /storage/db/vpostgres/pg_hba.conf /tmp/pg_hba.conf-backup
Edit the pg_hba.conf file

vi storage/db/vpostgres/pg_hba.conf
Add in the following entries

# hba entries for role vsanhealth
local VCDB vsanhealth peer map=vcdb
Save the file

:wq!
Reload the database

/opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -c "select pg_reload_conf();"
Restart all services

service-control --stop --all;service-control --start --all

Additional Information

If VCHA is enabled, it may be required to disable/delete VCHA.

Example of a default /storage/db/vpostgres/pg_hba.conf file:

###############################
# pg_hba.conf
###############################

# hba entries for role vstatsuser
local VCDB vstatsuser peer

# hba entries for role postgres
local all postgres peer map=applmgmt

# hba entries for role archiver
local replication archiver peer map=archiver

# hba entries for role lookupsvc_sync_db
local VCDB lookupsvc_sync_db peer map=vcdb

# hba entries for role vpxd_svcs_tagging
local VCDB vpxd_svcs_tagging peer map=vcdb

# hba entries for role vpxd_svcs_computepolicy
local VCDB vpxd_svcs_computepolicy peer map=vcdb

# hba entries for role vpxd_svcs_kv_store
local VCDB vpxd_svcs_kv_store peer map=vcdb

# hba entries for role vpxd
local VCDB vpxd peer map=vcdb

# hba entries for role observability
local VCDB observability peer

# hba entries for role trustmanagement_sync_db
local VCDB trustmanagement_sync_db peer map=vcdb

# hba entries for role vsanhealth
local VCDB vsanhealth peer map=vcdb

# hba entries for role wcpuser
local VCDB wcpuser peer map=vcdb

# hba entries for role hdcsuser
local VCDB hdcsuser peer map=vcdb

# hba entries for role fcduser
local VCDB fcduser peer map=vcdb

# hba entries for role certmgr_subscription
local VCDB certmgr_subscription peer map=vcdb

# hba entries for role certmgr_syncaas
local VCDB certmgr_syncaas peer map=vcdb

# hba entries for role cls
local VCDB cls peer map=vcdb

# hba entries for role vlcmuser
local VCDB vlcmuser peer map=vcdb

# hba entries for role hvc
local VCDB hvc peer map=vcdb

# hba entries for role vumuser
local VCDB vumuser peer map=updatemgr

# hba entries for role vidm_services_user
local VCDB vidm_services_user peer map=vcdb

# hba entries for role perfchartsuser
local VCDB perfchartsuser peer map=vcdb

# hba entries for role all
local all all scram-sha-256
host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256