On a VCP enabled cluster, enabling vSAN can cause drifts in network and network vSwitch standard settings. VCP check compliance will report such drifts post vSAN enablement.
search cancel

On a VCP enabled cluster, enabling vSAN can cause drifts in network and network vSwitch standard settings. VCP check compliance will report such drifts post vSAN enablement.

book

Article ID: 395910

calendar_today

Updated On:

Products

VMware vSphere ESX 8.x

Issue/Introduction

Since VSAN is not yet integrated with the vSphere Configuration Profile (VCP), after enabling vSAN on a VCP enabled cluster, VCP check compliance will report certain drifts in the desired configuration.

 

  • Following settings will show as out of compliance:

Drifts under 'network' settings: 
These are the services that are currently supported and can be enabled on the vmknics. Among them, vsan, vsanExternal and witness services can show up as drifts as part of vSAN cluster workflows:

faultToleranceLogging
management
vsphereProvisioning
vsphereReplication
vsphereReplicationNfc
vmotion
vsan
witness
vsphereBackupNfc
precisionTimeProtocol
nvmeTcp
nvmeRdma
vsanExternal

 

  • Drifts under 'network_vss' settings:

The following drifts might be seen under 'network_vss' settings:

                /<>/esx/network_vss/switches/<vSwitchId>/port_groups/<port_group_id>/policy

             The forged_transmits and allow_promiscuous configs under 'policy' are enabled as part of the vSAN File Services enablement process and are flagged as drifts as it is not configured through VCP. 

Environment

VMware vSphere 8.0U3 and 9.0

Cause

The VSAN cluster workflows use host-level imperative API to configure certain settings on the hosts. However, in a VCP enabled cluster the source of truth for all the host settings is the cluster desired configuration. As a result, such settings changed by VSAN workflows are flagged as drifts w.r.t cluster desired configuration. 

Resolution

Follow the steps mentioned below to absorb all of the reported drifts into the desired configuration:

  • Select the VCP cluster from the inventory then "Configure tab → Configuration → Draft → Import From Host" option on the UI. This will pull configurations from all the hosts and create a new draft that is compliant with all the hosts.

 

  • Select any host in the cluster as a reference host. A new draft will be created using settings from all hosts in the cluster. The draft can be modified if required.

  • Select the VCP cluster from the inventory then "Configure tab → Configuration → Draft → Apply Changes" to save the draft as new desired configuration of the cluster. This will start a Apply task on the cluster, but since the hosts are compliant already, the task would not perform any remediation.

  • Once the "Apply changes" completes, check-compliance is triggered automatically and the hosts should become compliant.

 

Powered by Wolken Software