Remediating VCF Operations certificates after adding new nodes using Admin UI
search cancel

Remediating VCF Operations certificates after adding new nodes using Admin UI

book

Article ID: 430384

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

VCF Operations can be scaled out by adding additional nodes using two supported methods:

  • Build >> Lifecycle >> VCF Management >> Components
  • VCF Operations Admin UI

Both methods are equally valid. However before introducing new replica or data nodes the FQDN / IP info of these new nodes should be added to the certificate used by the VCF Operations deployment.

This step is mandatory and should be completed prior to the scale-out operation. Failure to update the certificate with the new FQDNs will result in a failure of the lifecycle management process.

Follow the steps in the Resolution below in case the nodes were added prior to updating the certificate.

Environment

VCF Operations 9.1

Cause

New VCF Operations nodes added to cluster prior to updating the certificate with the DNS / IP information for the newly added nodes.

Resolution

Workaround if nodes are added to cluster prior to updating certificate:

  1. Login to the VCF Operations UI and browse to Manage >> Fleet Management >> Certificates >> VCF Management
  2. In the table select the object with VCF Component = VCF Operations and Category = TLS Certificate
  3. Click the ... icon and Generate CSRs
  4. Add the FQDN of the newly added nodes in to the DNS/FQDN SAN field and the IPs of the new nodes into the IP Name field.
  5. Click Generate
  6. Click the ... icon and Download CSRs
  7. Select the relevant CSR and click Download
  8. Send the CSR to the Certificate Authority for your environment to get it signed.
  9. The Certificate Authority will return the signed certificate for VCF Operations and their root certificate.
  10. In the Operations UI again, Click the ... icon and Import Certificates
  11. Change the Source from Certificate Chain to Paste Text
  12. Fill in a name for the imported certificate into the Certificate Name field
  13. In the Server Certificate field paste the contents of the signed certificate for VCF Operations
  14. In the Certificate Authority field paste the contents of the Certificate Authority's root certificate.
  15. Click Validate and if everything is correct the following message is displayed: The provided certificate content is valid.
  16. Click Import 
  17. In the table make sure to select the object with VCF Component = VCF Operations and Category = TLS Certificate again.
  18. Click Replace with Imported Certificates
  19. Select the imported certificate from the dropdown and click confirm to replace the certificate.
Powered by Wolken Software