Error "Lifecycle Metadata sync failed" when syncing binaries on VCF Operations Fleet Manager from Offline Depot
search cancel

Error "Lifecycle Metadata sync failed" when syncing binaries on VCF Operations Fleet Manager from Offline Depot

book

Article ID: 441668

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

  • Unable to sync binaries on VCF Operations Fleet Manager from Offline Depot when configured with HTTPs. 
  • Having configured the Offline Depot on VCF Operations > Build > Software Depot > Configured using HTTPs with Authentication, Attempting to validate the connection prompts the HTTPs certificate prior trusting it, each time a validation is attempted, despite having trusted the certificate earlier. The Depot configurations get saved successfully. 
  • However, upon attempting to sync binaries on VCF Operations > Build > Lifecycle > VCF Instance > specific instance > Binary Management > Sync Images prompts failure with "Lifecycle Metadata sync failed lifecycle compatibility data download failed" Stating last sync attempt as failed. 
  • The Binary sync is successful, if the offline depot is configured using HTTP, instead of enabling HTTPs. 
  • When attempting to sync, on the SDDC manager server, on lifecycle-debug.log showing the source site location:
    DEBUG [vcf_lcm, 0000000000000000, 0000] [c.v.e.s.l.b.d.depot.DepotDownloader, DepotSync-1] Getting file size for [/metadata/Compatibility/v1/VmwareCompatibilityData.json] from URL[https://<fqdn>/depot-service/content-gateway/<tenant>/metadata/Compatibility/v1/VmwareCompatibilityData.json]
DEBUG [vcf_lcm, 0000000000000000, 0000] [c.v.e.s.l.b.d.depot.DepotDownloader, DepotSync-1] Got response: 502 Bad Gateway HTTP/1.1
ERROR [vcf_lcm, 0000000000000000, 0000] Error getting file size, got response: 502 Bad Gateway HTTP/1.1
  • The bundle sync fails
    ERROR [vcf_lcm, 0000000000000000, 0000] [c.v.e.s.l.s.i.VmwareCompatibilityDataDownloadServiceImpl, DepotSync-1] VVS Compatibility Data download failed com.vmware.evo.sddc.lcm.model.error.LcmException: null at {...}
Caused by: com.vmware.evo.sddc.lcm.bundle.download.depot.exception.HTTPException: 502 Bad Gateway HTTP/1.1
at com.vmware.evo.sddc.lcm.bundle.download.depot.DepotDownloader.getFileSizeFromHeadResponse(DepotDownloader.java:673) {....}
com.vmware.evo.sddc.lcm.bundle.download.depot.DepotBundleDownloadServiceImpl.getOfflineDepotVvsMetadata(DepotBundleDownloadServiceImpl.java:1884)
... 7 common frames omitted

    and errors similar to:

    ERROR [vcf_lcm, 0000000000000000, 0000] [c.v.e.s.l.s.i.DepotSyncServiceImpl, DepotSync-1] Error occurred while running bundle manifest sync.
com.vmware.evo.sddc.lcm.model.error.LcmException: Vmware compatibility data download failed.
at com.vmware.evo.sddc.lcm.services.impl.VmwareCompatibilityDataDownloadServiceImpl.downloadAndUpdate(VmwareCompatibilityDataDownloadServiceImpl.java:128)
at com.vmware.evo.sddc.lcm.services.impl.DepotSyncServiceImpl.lambda$sync$0(DepotSyncServiceImpl.java:101) {...}
Caused by: com.vmware.evo.sddc.lcm.model.error.LcmException: null
at {...} at com.vmware.evo.sddc.lcm.services.impl.VmwareCompatibilityDataDownloadServiceImpl.downloadAndUpdate(VmwareCompatibilityDataDownloadServiceImpl.java:110)
... 5 common frames omitted
Caused by: com.vmware.evo.sddc.lcm.bundle.download.depot.exception.HTTPException: 502 Bad Gateway HTTP/1.1
at com.vmware.evo.sddc.lcm.bundle.download.depot.DepotDownloader.getFileSizeFromHeadResponse(DepotDownloader.java:673)
{...} at com.vmware.evo.sddc.lcm.bundle.download.depot.DepotBundleDownloadServiceImpl.getOfflineDepotVvsMetadata(DepotBundleDownloadServiceImpl.java:1884)
... 7 common frames omitted

Environment

  • VCF Operations 9.1

Cause

  • This issue is caused by an incorrectly configured entry on the software depot's certificate’s Common Name (CN) and/or Subject Alternative Name (SAN) entries.
  • VCF Operations performs strict TLS hostname validation. Even if the certificate is trusted, the TLS handshake will fail if the connection target does not match the CN or SAN fields in the certificate.
  • Supported certificate configuration 1 (Recommended)
    • CN = FQDN
    • SAN includes:
      • DNS: FQDN
        IP: ##.##.##.##
    • Note: In this configuration, the VCF Operations can connect to the offline depot using either FQDN or IP address

Resolution

  • Ensure that the offline depot https server certificate is configured according to the following requirements:
    • CN (Common Name) must be the FQDN of the offline depot server.
    • SAN (Subject Alternative Name) should include:
      • DNS: <FQDN>
      • IP: <IP address> (optional)
    • The FQDN and IP address used in the VCF Operations Depot configuration must exactly match the values specified in the certificate’s CN and SAN fields
  • For more information, refer : Set Up an Offline Depot
Powered by Wolken Software