Pure Storage Plugin deployment fails on vCenter.
Article ID: 394282
Updated On:
Products
VMware vCenter Server
Issue/Introduction
In vCenter UI >> Home >> Administration >> Solutions >> Client Plugins, Pure Storage plugin shows in Failed state.
The below log entries are seen in the log file, /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log
[yyyy-mm-ddThh:mm:ss.251Z] [INFO ] plugin-discovery-bus-thread 70160221 101859 200252 com.vmware.vise.plugin.registry.VcExtensionStateRegistry Registering plugin: 'com.purestorage.purestoragehtml:4.5.0.0' with vCenter: 'vcenterfqdn (#######-68F2-4312-8DA3-############)
[yyyy-mm-ddThh:mm:ss.251Z] [INFO ] plugin-discovery-bus-thread 70160221 101859 200252 com.vmware.vise.plugin.registry.VcExtensionStateRegistry Checking entry existence: Plugin: 'com.purestorage.purestoragehtml:4.5.0.0', State: '[FAILED_DOWNLOAD]'.
[yyyy-mm-ddThh:mm:ss.251Z] [INFO ] plugin-discovery-bus-thread 70160221 101859 200252 com.vmware.vise.plugin.registry.VcExtensionStateRegistry Updating entry: Plugin: 'com.purestorage.purestoragehtml:4.5.0.0', State: 'DOWNLOADING'
[yyyy-mm-ddThh:mm:ss.251Z] [INFO ] ync-task-executor-pool-50172 com.vmware.vise.plugin.async.task.PluginDownloadTask Starting download of plugin package: 'com.purestorage.purestoragehtml:4.5.0.0'.
[yyyy-mm-ddThh:mm:ss.267Z] [INFO ] ync-task-executor-pool-50172 com.vmware.vise.vim.extension.PluginStatusTaskManager User: VSPHERE.LOCAL\vsphere-webclient-0d5c42b5-d468-47a1-8990-2c86b87a3592 initiated plugin DOWNLOAD task for plugin com.purestorage.purestoragehtml:4.5.0.0.
[yyyy-mm-ddThh:mm:ss.267Z] [INFO ] ync-task-executor-pool-50172 com.vmware.vise.plugin.status.PluginStatusServiceImpl DOWNLOADING: Downloading plugin package com.purestorage.purestoragehtml:4.5.0.0 from https://purestorageserverIP/download/purestorage-vsphere-plugin.zip?version=4.5.0 ...
[yyyy-mm-ddThh:mm:ss.267Z] [INFO ] ync-task-executor-pool-50172 com.vmware.vise.plugin.download.PluginDownloadServiceImpl Found invalid cached plugin package: 'com.purestorage.purestoragehtml:4.5.0.0'. Will retry the download.
[yyyy-mm-ddThh:mm:ss.267Z] [INFO ] ync-task-executor-pool-50172 com.vmware.vise.plugin.download.PluginDownloadServiceImpl Downloading plug-in package 'com.purestorage.purestoragehtml:4.5.0.0' with temporary name '/etc/vmware/vsphere-ui/vc-packages/vsphere-client-serenity/com.purestorage.purestoragehtml-4.5.0.0/plugin-package.tmp'.
[yyyy-mm-ddThh:mm:ss.267Z] [INFO ] ync-task-executor-pool-50172 com.vmware.vise.plugin.download.PluginDownloadServiceImpl Downloading plugin package from https://purestorageserverIP/download/purestorage-vsphere-plugin.zip?version=4.5.0 (no proxy defined)
[yyyy-mm-ddThh:mm:ss.274Z] [ERROR] ync-task-executor-pool-50172 com.vmware.vise.plugin.download.PluginDownloadServiceImpl Downloading plug-in package 'com.purestorage.purestoragehtml:4.5.0.0' to '/etc/vmware/vsphere-ui/vc-packages/vsphere-client-serenity/com.purestorage.purestoragehtml-4.5.0.0/plugin-package.tmp' has failed due to unknown reasons. Removing failed plugin package folder '/etc/vmware/vsphere-ui/vc-packages/vsphere-client-serenity/com.purestorage.purestoragehtml-4.5.0.0'. javax.net.ssl.SSLHandshakeException: Server certificate chain is not trusted and thumbprint doesn't match
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
..
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at com.vmware.vise.util.concurrent.WorkerThreadFactory$1.run(WorkerThreadFactory.java:64)
at java.lang.Thread.run(Thread.java:750)
Caused by: com.vmware.vim.vmomi.client.exception.VlsiCertificateException: Server certificate chain is not trusted and thumbprint doesn't match
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager.checkServerTrusted(ThumbprintTrustManager.java:260)
at sun.reflect.GeneratedMethodAccessor1464.invoke(Unknown Source)
..
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
... 37 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456)
..
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:110)
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager.checkServerTrusted(ThumbprintTrustManager.java:236)
... 44 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
... 50 common frames omittedEnvironment
vCenter 7.x
Cause
vCenter Server is unable to trust the certificate on the purestorage server.
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert publish --cert /newlycreated.crtResolution
To work around the issue,
- Run the below command to get the ca cert of the purestorage server.
openssl s_client -showcerts -connect purestorageserverIPorFQDN:443 - Copy the certificate from the output create a new file using vi editor in vcsa, from begin certificate to end certificate.
-----BEGIN CERTIFICATE----- .. .. -----END CERTIFICATE----- - If multiple certificates in the chain, please include all certs to create new cert file.
-----BEGIN CERTIFICATE----- .. .. -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- .. .. -----END CERTIFICATE----- - Import the cert or certchain file to vCenter's trusted store with below command,
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert publish --cert /newlycreated.crt - Restart vsphere-ui service with below command,
service-control --stop vsphere-ui; service-control --start vsphere-ui
Feedback
Yes
No
Powered by
