Accessing Fleet Manager from VCF Operations reports the error "VCF Operations Fleet Management is not Ready"
search cancel

Accessing Fleet Manager from VCF Operations reports the error "VCF Operations Fleet Management is not Ready"

book

Article ID: 429755

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • In the VCF Operations UI, the Fleet Management  >> Lifecyle section displays the following error

"VCF Operations Fleet Management is not Ready"

  • Ping and nslookup from VCF Operations to Fleet Manager is successful
  • Curl over port 443 from VCF Operations to Fleet Manager fails

curl -v telnet://FleetMgrFQDN_or_IP:443

  • Running the following command on Fleet Manager shows all core services running successfully

vrlcm-cli --health-status
bootstrap ------------- SUCCESS
postgres -------------  Running
vrlcm-server ------------- Running
blackstone ------------- Running

  • Running the following command shows nginx service has failed

service nginx status

Cause

This issue occurs due to a misconfigured nginx.conf file for Fleet Manager which breaks port 443 service access

This can happen while applying STIGs to the Fleet Manager appliance

Resolution

Verify the /etc/nginx/nginx.conf file on the Fleet Manager looks correct and there are no typos. See sample /etc/nginx/nginx.conf below.

Ensure the nginx service is active and running

 

Sample /etc/nginx/nginx.conf.

user  root;
worker_processes  auto;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;
# TODO:  http redirection on port 80 has to happen through iptables.

events {
  worker_connections  1024;
}

 

http {

  upstream vrlcm-server {
    #Multiple server can be added as part of upstream.
    server 127.0.0.1:8080;
  }

  include       mime.types;
  default_type  application/json;
  client_max_body_size 10240M;
  limit_req_zone $binary_remote_addr zone=mylimit:10m rate=50r/s;
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

  #access_log  logs/access.log  main;

  sendfile        on;
  keepalive_timeout  65;
  server_tokens off;

  gzip  on;
  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon application/javascript;

  server {
    listen 80;
    server_name lcm-http-server;

    location / {
        rewrite ^(.*) https://$hostname$request_uri;
    }
   }


  server {

    # listen       [::]:80;
    include ssl.conf*;

    server_name   $hostname;

    root /var/lib/vrlcm-ui;

    index index.html index.htm;

    # Uncomment below line for enabling CORS for development
    # add_header Access-Control-Allow-Origin *;

    proxy_pass_header Server;
    proxy_set_header X-Forwarded-By Lcm-Proxy;
    add_header Lcm-API-Version 8.0;

    location /lcm/lcops/api/v2/settings/binaries/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
      proxy_read_timeout 15m;
      proxy_send_timeout 120m;
      client_max_body_size 35G;
      client_body_temp_path /data/temp/;
    }

    location /lcm/lcops/api/settings/vcfmodesettings {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
      proxy_read_timeout 15m;
      proxy_send_timeout 15m;

    }

    location /lcm/lcops/api/v2/findUpgradePath {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
      proxy_read_timeout 20m;
      proxy_send_timeout 20m;

    }

    location /lcm/lcops/api/policy/products {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
      proxy_read_timeout 5m;
      proxy_send_timeout 5m;
    }

    location /lcm/lcops/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
      proxy_max_temp_file_size 100m;
    }

    location /lcm/dbservice/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/shell/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/service-account/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/notification/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/login/vidm {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_set_header        Host            $hostname;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto https;
      proxy_pass http://vrlcm-server;
    }

    location /repo/ {
      proxy_pass http://vrlcm-server;
      proxy_max_temp_file_size 3072m;
      proxy_temp_path /data/temp/;
    }

    location /lcm/authzn/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/bootstrap/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/health/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      error_page 500 501 502 503 504 = @fallback;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/marketplace/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/request/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/locker/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/flex/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/vrcc/api/ {
          limit_req zone=mylimit burst=20 nodelay;
          proxy_pass http://vrlcm-server;
    }

    location /node/ {
      proxy_pass http://vrlcm-server;
    }

    location /command/ {
      proxy_pass http://vrlcm-server;
    }

    location /lcm/crepo/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/crepo/api/content/upload/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_read_timeout 120m;
      proxy_send_timeout 120m;
      client_max_body_size 35G;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/common/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    # Uncomment this for dev setups
    # location /lcm/automata/api/ {
    #   proxy_pass http://vrlcm-server;
    # }

    location /lcm/automata/api/engine/configproperty {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/designer/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/migration/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location /lcm/certificate-management/api/ {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

     location /data/APUAT/ {
      alias /data/APUAT/;
      try_files $uri $uri/ /index.html;
    }

    location /lcm/cms/webhook/ {
      limit_req zone=mylimit burst=100 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location = /lcm/cms/api {
      return 301 "/lcm/cms/api/swagger-ui.html";
    }
    location = /lcm/cms/api/ {
      return 301 "/lcm/cms/api/swagger-ui.html";
    }
    location ~* ^/lcm/cms/api/(?!v1)(.+)$ {
      proxy_set_header Host $host;
      proxy_pass http://127.0.0.1:8083/$1;
    }
    location /lcm/cms/api/v1/ {
      limit_req zone=mylimit burst=100 nodelay;
      proxy_pass http://vrlcm-server;
    }
    location /lcm/cms/ {
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
      add_header X-Frame-Options SAMEORIGIN;
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Content-Type-Options nosniff;
      add_header Content-Security-Policy "frame-ancestors 'self'";
      root /var/lib/vrlcm-ui;
      try_files $uri $uri/ /lcm/cms/index.html;
    }

    location = /api {
      return 301 "/api/swagger-ui.html";
    }

    location = /api/ {
      return 301 "/api/swagger-ui.html";
    }

    location /api/plugins {
      limit_req zone=mylimit burst=20 nodelay;
      proxy_pass http://vrlcm-server;
    }

    location ~* ^/api/(?!plugins)(.+)$ {
      proxy_set_header Host $host;
      proxy_pass http://vrlcm-server/$1$is_args$args;
    }

    location = /lcm/ {
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
      add_header X-Frame-Options SAMEORIGIN;
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Content-Type-Options nosniff;
      add_header Content-Security-Policy "frame-ancestors 'self'";
      return 301 /var/lib/vrlcm-ui/index.html;
    }

    location / {
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
      add_header X-Frame-Options SAMEORIGIN;
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Content-Type-Options nosniff;
      add_header Content-Security-Policy "frame-ancestors 'self'";
      root /var/lib/vrlcm-ui;
      access_log off;
      try_files $uri $uri/ /index.html;
    }

    error_page   500  /50x.html;
    location = /50x.html {
      root   html;
    }

    location @fallback {
      return 200 '{"bootstrap": "UNKNOWN", "postgres": "UNKNOWN", "blackstone": "UNKNOWN", "vrclm-server": "DOWN"}';
    }

  }
}

Powered by Wolken Software