Errors Deploying Appliance.
search cancel

Errors Deploying Appliance.

book

Article ID: 399871

calendar_today

Updated On:

Products

VMware vSAN 8.x

Issue/Introduction

  • VMware vSAN Snapshot Manager UI Plugin is not registered in vCenter.
  • The certificate has multiple DNS names.
  • var/log/vmware/snapservice/snap-service.log
    failed to verify certificate: x509: certificate signed by unknown authority": "message":"Failed to initialize VC client","error": "Post \"https:///sdk\": tls: failed to verify certificate: x509: certificate signed by unknown authority"

Environment

8.0.3.0

Cause

This is a known issue

Resolution

Deploy the vSAN Snapshot Appliance.

  1. Allow the initial deployment to run until it fails (this failure on first boot is expected).

Replace the cap-firstboot.sh 
cap-firstboot.sh The script ensures the proper parsing of certificates with multiple DNS Names.

  1. Copy the attached cap-firstboot.sh into /etc/vmware/cap (for example, using scp or another file-transfer method).

  2. Make the new script executable:
     chmod +x /etc/vmware/cap/cap-firstboot.sh

Import vCenter CA Certificates
The appliance is missing the trusted vCenter CA certificates. Follow these steps to import them:

  1. Download the vCenter certificate bundle.
     https://<vCenter_FQDN>/certs/download.zip

  2. Locate all files ending in .0 under the /certs/lin/ directory.

  3. Copy the certificates into the SnapService trust store on the appliance.
    /etc/ssl/certs/snapservice/

  4. Update ownership
     chown snapservice:snapservice /etc/ssl/certs/snapservice/*.0

Provide vCenter Credentials
During the first boot process, the appliance requires valid vCenter credentials. These credentials are obfuscated after a successful installation.

  1. Open the SnapService configuration file for editing:
    vi /opt/vmware/snapservice/app/deployment/compose_snapservice_config.yaml

  2. Update the vCenter credential fields labeled 'username' and 'password'.

Run the First-Boot Script

  1. Execute the first-boot script to complete initialization.
    /etc/vmware/cap/cap-firstboot.sh

Additional Information

  1. Bring up the SnapService containers manually
     /usr/bin/docker-compose -f /opt/vmware/snapservice/app/docker-compose.yaml up

  2. Check the status of the SnapService container:
    docker ps -a | grep snap-service

  3. Collect a support log bundle:
     /usr/bin/vm-support

  4. log files
    /var/log/firstboot
    /opt/vmware/cap/bin/ovfenv.log
    /var/log/vmware/snapservice/snap-service.log

Attachments

cap-firstboot.sh get_app
Powered by Wolken Software