Brownfield Import of existing vCenter Server Fails with "SSH key not trusted" in VMware Cloud Foundation 9.0.x
search cancel

Brownfield Import of existing vCenter Server Fails with "SSH key not trusted" in VMware Cloud Foundation 9.0.x

book

Article ID: 429391

calendar_today

Updated On:

Products

VCF Operations VMware SDDC Manager / VCF Installer

Issue/Introduction

  • When attempting to perform a Brownfield import of an existing vCenter Server 8.x during a VMware Cloud Foundation (VCF) 9.0.x installation, the process fails with below error in UI:

    Import operation for convert with id ########-####-####-####-############ failed internally. Command was python3 /opt/vmware/vcf/domainmanager/scripts/vcf-import-tool/vcf_brownfield.py convert --auto-proceed --nsx-fqdn <FQDN_OF_NSX_MANAGER> --suppress-warnings --skip-ssh-thumbprint-validation --domain-name <DOMAIN_NAME> --vcenter <FQDN_OF_VCENTER> --sso-user [email protected] --internal-vcf-auth --output-dir /var/log/vmware/vcf/domainmanager/brownfield/########-####-####-####-############/ --non-interactive. Please check the log files located in /var/log/vmware/vcf/domainmanager/brownfield/########-####-####-####-############/ on the SDDC Manager appliance Reference Token: #####

  • The following error is present in the brownfield log file located at /var/log/vmware/vcf/domainmanager/brownfield/<ID>/vcf_brownfield.log:

    [INFO] remote_vc_validator:50: Validating root SSH password for vCenter <vCenter_fqdn>
[INFO] local_command_utils:126: Discovered SSH keys for 1 server(s)
[INFO] sddc_manager_helper:455: Retrieving SDDC Manager known hosts
[INFO] request_helper:25: Response status from retrieving known hosts: 200
[INFO] trust_ssh_keys:36: Found 2 untrusted SSH keys out of 2.
[INFO] trust_ssh_keys:41: Ran in non-interactive mode with skip thumbprint validation enabled, auto-accepting SSH keys
[INFO] sddc_manager_helper:431: Importing known hosts in SDDC Manager
[INFO] request_helper:25: Response status from known hosts import: 200
[INFO] sddc_manager_helper:455: Retrieving SDDC Manager known hosts
[INFO] request_helper:25: Response status from retrieving known hosts: 200
[CRITICAL] remote_vc_validator:58: SSH key not trusted. Exiting

  • Additionally, the JSON progress report at /var/log/vmware/vcf/domainmanager/brownfield/<ID>/output/progress_report_<ID>.json displays the following status:

    {
  "process_id": "########-####-####-####-############",
  "status": "completed with error",
  "progress": {},
  "total_steps": 4,
  "errors": [
    {
      "error_code": "OPERATION_ISSUE",
      "message": "SSH key not trusted. Exiting",
      "remediation_message": null,
      "severity": "ERROR"
    }
  ]
}

Environment

VCF 9.0.x

Resolution

To resolve this issue, manually retrieve the SSH keys from the target vCenter Server and append them to the trusted known_hosts files on the SDDC Manager/VCF Installer appliance.

  1. Take a snapshot of the VCF installer appliance VM from vCenter.

  2. Log in to the VCF Installer appliance via SSH and change to root user.

  3. Scan the SSH keys of the target vCenter Server using the following command:

    ssh-keyscan -t rsa,ecdsa <vCenter_fqdn>

  4. Copy the entire contents from the output of the scan.

  5. Append the output of above command into the given below files:

    /etc/vmware/vcf/commonsvcs/known_hosts
/root/.ssh/known_hosts
/home/vcf/.ssh/known_hosts

  6.  Re-attempt the Brownfield import again.

Additional Information

For scripted method, please refer the article How to update the SSH host keys on the SDDC Manager

Powered by Wolken Software