Tag Archives: vRA

vRA 8.0 header

TAM Lab 079 – Using vRA Cloud to operate a Multi-Cloud Environment

VMware, , , , ,

Myself and Katherine Skilling (LinkedIn, Twitter) recorded a session for TAM Lab and VMUG Events.

In the below session, we cover how to use vRealize Automation Cloud (or vRA 8.x for on-prem) to operate your Multi-Cloud environment.

So what does this actually mean?

We cover how to use vRealize Automation to deploy and consume your public cloud provider of choice. This is a demo heavy recording and we cover the following;

  • vRealize Automation Core Components
  • Image Mapping
  • Flavour Mapping
  • Machine Flavours
  • Using the Cloud Template canvas in design and code view (Blueprints)
  • Deploying your first virtual machine
  • Deploying your virtual machine to different public cloud providers
  • Creating inputs for configuration
  • Advanced configuration with CloudConfig
  • Basic Troubleshooting

Regards

Dean Lewis
vRA 8.0 header

vRSLCM – vRA fails to update from 8.0 to 8.0.1 – LCMVRAVACONFIG90030

VMware, , , ,

When updating my vRealize Automation instance from 8.0 to 8.0.1, I ran into an issue;

LCMVRAVACONFIG90030

Error Code: LCMVRAVACONFIG90030

vRA VA Upgrade Status Check failed.

Upgrade prepare on vRA VA sc-dc1-vra001.simon.local failed with state error. To know more about the failure, run command "vracli upgrade status --details" on the vRA VA sc-dc1-vra001.simon.local. If the prepare upgrade issue is fixed outside vRSLCM, the vRSLCM request can be proceeded to next step by clicking RETRY with proceedNext property set to true. Optionally, the whole upgrade can be cancelled and started afresh by clicking RETRY with cancelAndStartAfresh property set to true. If both the retry properties are set to true,cancelAndStartAfresh property will take precedence and will be honoured

vRSLCM vRA8 failed upgrade veducate.co .uk

I logged into my vRA node, and ran the recommended command “vracli upgrade status –details”. This basically told me no running application servers were running. Which was odd, as my vRA installation was working.

vRSLCM vRA upgrade failed vracli upgrade status details veducate.co .uk

So I ran “vracli status” and immediately seen that I had some issue with my database in the vRA node. I’m unsure if this was a pre-upgrade issue, or happening during the upgrade.

[ERROR] Exception while getting DB nodes.
...
Error getting database node status

I decided to run “deploy.sh” which re-runs all the Kubernetes configuration, thus killing and restarting all the services. This seemed to resolve my issue, as running the upgrade again worked as expected.

vRSLCM vRA upgrade failed vracli status deploy.sh veducate.co .uk

If you encounter this situation, I would recommend you contact VMware Support for guidance, and information as to why your services have stopped. As this is in my lab environment, I do not have the same considerations as those that run production.

Dean Lewis
vRA 8.0 header

vRSLCM – Replacing vRA key fails with “Failed to apply License key – LCMVRAVACONFIG590007”

VMware, , , , ,

The vRA evaluation license in my homelab had failed, and trying to log in, I was hitting a 402 error.

vRA license expired 402 error

When replacing the license using vRealize LifeCycle Manager, I received the below errors. This happens because the license key has already expired.

Error Code: LCMVRAVACONFIG590007
Failed to apply License key. Please check whether the license provided is correct and retry.
Failed to get vRA License Key.

LCMVRAVACONFIG590007 Failed to apply License key

The Fix

The fix for this is to re-apply the license using the vRA CLI directly on your vRA node. As per the below commands, and then re-inventory your vRA deployment in vRSLCM and finally Retrust with Identity Manager.

###### To check the current license ######

vracli license

###### To remove the license ######

vracli license remove {license key}

###### To add a new license ###### 

vracli license add {license key}

Below are the options to finalise the configuration in vRSLCM.

vRA license expired 402 error Retrust with Identity Manager

The Logs

For those of you who are interested in the log output, and for search engines to track;

Error log from vRSLCM UI as in above screenshot

com.vmware.vrealize.lcm.common.exception.EngineException: Failed to get vRA License Key. at com.vmware.vrealize.lcm.plugin.core.vra80.task.VraVaReplaceLicenseTask.execute(VraVaReplaceLicenseTask.java:134) at com.vmware.vrealize.lcm.automata.core.TaskThread.run(TaskThread.java:45) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)

From the log bundle of vRSLCM

INFO  [pool-2-thread-5] c.v.v.l.d.v.h.VraPreludeInstallHelper -  -- Command to be run : vracli -j license
INFO  [pool-2-thread-5] c.v.v.l.d.v.h.VraPreludeInstallHelper -  -- PRELUDE ENDPOINT HOST :: sc-dc1-vra001.simon.local
INFO  [pool-2-thread-5] c.v.v.l.d.v.h.VraPreludeInstallHelper -  -- COMMAND :: vracli -j license
INFO  [pool-2-thread-5] c.v.v.l.u.SshUtils -  -- Executing command --> vracli -j license
INFO  [pool-2-thread-5] c.v.v.l.u.SshUtils -  -- exit-status: 0
INFO  [pool-2-thread-5] c.v.v.l.u.SshUtils -  -- Command executed sucessfully
INFO  [pool-2-thread-5] c.v.v.l.d.v.h.VraPreludeInstallHelper -  -- Command Status code :: 0 , Output :: {"status_code": 0, "output_data": [{"key": "XXXX-XXXX-XXXX-XXXX", "productName": null, "valid": false, "expirationDate": null, "error": "License expired"}], "error": "", "logs": {"asctime": "2020-01-28T12:55:43Z+0000", "name": "vracli", "processName": "MainProcess", "filename": "license.py", "funcName": "__get_license_result", "levelname": "INFO", "lineno": 325, "module": "license", "threadName": "MainThread", "message": "Running license command: check-serial --serial-number \"XXXX-XXXX-XXXX-XXXX\"", "timestamp": "2020-01-28T12:55:43Z+0000"}}

INFO  [pool-2-thread-5] c.v.v.l.p.c.v.t.VraVaReplaceLicenseTask -  -- Result of fetching License : null
ERROR [pool-2-thread-5] c.v.v.l.p.c.v.t.VraVaReplaceLicenseTask -  -- Failed to get vRA License Key.
INFO  [pool-2-thread-5] c.v.v.l.p.a.s.Task -  -- Injecting task failure event. Error Code : 'LCMVRAVACONFIG590007', Retry : 'true', Causing Properties : '{ CAUSE ::  }' 
com.vmware.vrealize.lcm.common.exception.EngineException: Failed to get vRA License Key.
	at com.vmware.vrealize.lcm.plugin.core.vra80.task.VraVaReplaceLicenseTask.execute(VraVaReplaceLicenseTask.java:134) [vmlcm-vrapreludeplugin-core-2.1.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.automata.core.TaskThread.run(TaskThread.java:45) [vmlcm-engineservice-core-2.1.0-SNAPSHOT.jar!/:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_221]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_221]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_221]

Regards

Dean

Dean Lewis
vRA 8.0 header

vRealize Automation 8.0 – Wildcard SSL certificate support and deployment issues – LCMVRAVACONFIG590003

VMware, , , , , , , ,

Ok, so I’m just going to call it out straight away, when using wildcard SSL certificates with vRealize Automation 8.0, read the release notes.

I did not, and caused myself quite a few headaches with the deployment, which you can read about further in this post.

Cannot set wildcard certs for certain domain names, specifically those not using a Public Suffix.

vRealize Automation 8.0 supports setting a wildcard certificate only for DNS names that match the content of the Public Suffix List ([https://publicsuffix.org/]) 

For example, a valid wildcard certificate: you can use a wildcard certificate with DNS name like "*.myorg.com". This is supported because "com" is part of the Public Suffix List. 

An invalid wildcard certificate example: you cannot use a wildcard certificate with DNS name like "*.myorg.local".This is not supported because "local" is not part of Public Suffix List. 

Workaround: Only use domain names in the Public Suffix List.

The issues caused by using an unsupported wildcard SSL

When deploying vRA 8.0 via vRSLCM, either as part of the easy installer or as part of an existing vRSLCM setup, you will asked to provide an SSL certificate.

This does not validate your certificate is supported for use with the vRA 8.0 deployment. vRSLCM will do some checking on the SSL selected, but is only to ensure the SSL certificate is not about to expire, you will see a Green tick and “healthy” status as below.

vRA deployment SSL issue LCMVRAVACONFIG590003 wild card cert

Once you hit deploy, you will find your vRA appliance finally stood up, however the initialization tasks will stall.

Error Code: LCMVRAVACONFIG590003
Cluster Initialization failed on VRA.

vRA Initialize Cluster failed on vRA VA - ***Hostname***. Please login to the vRA and check /var/log/deploy.log file for more information on failure.

Continue reading vRealize Automation 8.0 – Wildcard SSL certificate support and deployment issues – LCMVRAVACONFIG590003