Not able to replace certificate of Aria Operations for Logs instance - LCMVRLISYSTEM45038
search cancel

Not able to replace certificate of Aria Operations for Logs instance - LCMVRLISYSTEM45038

book

Article ID: 404769

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Attempting to replace the certificate of Aria Operation for Logs using Aria Suite Lifecycle fails with the following error:

    LCMVRLISYSTEM45038. There is no integration between Aria Operation for Logs and Vmware Identity manager.

  • Accessing Aria Operations for Logs node(s) using root credentials: 

    • The following command shows a DN status on some or all Aria Operations for Logs nodes

      nodetool-no-pass status

    • The following command shows that the Aria Operation for Logs certificate is expired

      echo "" | keytool -list -keystore /usr/lib/loginsight/application/etc/3rd_config/keystore -rfc 2> /dev/null | openssl x509 -noout -enddate

Environment

Aria Operations for Logs 8.18.x

Aria Suite Lifecycle 8.18.x 

Resolution

  1. Create snapshots without memory for all Aria Operations for Logs nodes as per How to take a Snapshot of VMware Aria Operations for Logs
  2. Check Cassandra status by running this command:

    nodetool-no-pass status
     
  3. Force start Cassandra for those Aria operations for logs nodes that show DN status:

    /usr/lib/loginsight/application/sbin/li-cassandra.sh --startnow --force

  4. To check Cassandra status, repeat step 2.

  5. If all nodes show Cassandra is in up (UN status), repair Cassandra cluster by running these commands:
     
    nodetool-no-pass flush
    nodetool-no-pass repair

  6. Once the repair is complete, stop Cassandra and start Aria Operations for Logs Daemon on each node using the following commands:

    /usr/lib/loginsight/application/sbin/li-cassandra.sh --stopnow --force
    systemctl start loginsight


  7. Note: Only If the Aria Operations for logs instance certificate is expired proceed with this step, otherwise skip to step 8:

    For all Aria Operations for logs nodes reset to default certificate by using this command:

    /opt/vmware/bin/li-ssl-cert.sh --restore --force

  8. Create new snapshots without memory for all Aria Operations for logs nodes.

  9. Now replace the Aria Operations for logs certificates with the desired certificates via Aria Suite Lifecycle.

Additional Information

Powered by Wolken Software