{"id":1043,"date":"2022-02-16T10:19:39","date_gmt":"2022-02-16T09:19:39","guid":{"rendered":"https:\/\/vblog.hochsticher.de\/?p=1043"},"modified":"2023-03-16T22:51:13","modified_gmt":"2023-03-16T21:51:13","slug":"autodeploy-errors-after-vcenter-certificate-change","status":"publish","type":"post","link":"https:\/\/vblog.hochsticher.de\/?p=1043","title":{"rendered":"AutoDeploy errors after vCenter Certificate change"},"content":{"rendered":"\n<p>Recently I changed my vCenter Certificate. But the AutoDeploy Service didn&#8217;t learned the new vCenter Certificate. So I got errors in \/var\/log\/vmware\/rbd\/rbd-syslog.log<\/p>\n\n\n\n<!--more-->\n\n\n\n<pre class=\"wp-block-code\"><code>Server has wrong SHA thumbprint: b6400b7d184a6c47a00cfb9e1ec7e739e8bf472b (required) != 37d257791d978852037c4bbea74d777409bea71d (server)\n\nerr rbd  &#91;38480]pluginmaster:ERROR:exception:rbdplugins.addhost.vmwProvisionHost -- Server has wrong SHA thumbprint: 6307cf0a1c33fb9a0b6bbf0f8c29616cf12e9966 (required) != f64c7235b432187c1e55ace1aeef640551c72d8c (server)\n<\/code><\/pre>\n\n\n\n<p class=\"has-text-align-left\">AutoDeploy partially continues to work. Configured Hosts could boot successfully. But changes that requires the rbd DB does not work like delete or add new Hosts, change Image etc.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-text-align-left\">So first step was to check via lsdoctor about a certificate problem. <a href=\"https:\/\/kb.vmware.com\/s\/article\/80469?lang=en_US&amp;queryTerm=lsdoctor\">https:\/\/kb.vmware.com\/s\/article\/80469?lang=en_US&amp;queryTerm=lsdoctor<\/a><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>root@myvCenter-01 &#91; \/home\/lsdoctor\/lsdoctor-master ]# python lsdoctor.py -l\n \n    ATTENTION:  You are running a reporting function.  This doesn't make any changes to your environment.\n    You can find the report and logs here: \/var\/log\/vmware\/lsdoctor\n \n2022-01-18T07:36:15 INFO main: You are reporting on problems found across the SSO domain in the lookup service.  This doesn't make changes.\n2022-01-18T07:36:15 INFO live_checkCerts: Checking services for trust mismatches...\n2022-01-18T07:36:15 INFO generateReport: Listing lookup service problems found in SSO domain\n2022-01-18T07:36:15 INFO generateReport: No issues detected in the lookup service entries for <meta charset=\"utf-8\">myvCenter-01.<meta charset=\"utf-8\">mytestdom.com (VC 7.0 or CGW).\n2022-01-18T07:36:15 INFO generateReport: Report generated:  \/var\/log\/vmware\/lsdoctor\/<meta charset=\"utf-8\">myvCenter-01.mytestdom.com-2022-01-18-073615.json<\/code><\/pre>\n\n\n\n<p class=\"has-text-align-left\">Lsdoctor doesn&#8217;t show any errors.<\/p>\n\n\n\n<p class=\"has-text-align-left\">So we looked in the rbd DB for the configured thumbprint.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><meta charset=\"utf-8\">root@myvCenter-01 &#91; ~ ]# sqlite3 \/var\/lib\/rbd\/db\nSQLite version 3.32.1 2020-05-25 16:19:56\nEnter \".help\" for usage hints.\nsqlite&gt; select * from vc_servers;\n1|{myvCenterIP}|80|BEA0F084-D699-42C9-B2C8-AF2CB8C0EF6B|8088|B6:40:0B:7D:18:4A:6C:47:A0:0C:FB:9E:1E:C7:E7:39:E8:BF:47:2B\n<\/code><\/pre>\n\n\n\n<p class=\"has-text-align-left\">Let&#8217;s check if this is the right one or the outdated!<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>root@myvCenter-01 &#91; ~ ]# \/usr\/lib\/vmware-vmafd\/bin\/vecs-cli entry getcert --store  BACKUP_STORE --alias bkp___MACHINE_CERT --output \/tmp\/oldmachinessl.crt\n\nroot@myvCenter-01 &#91; ~ ]# \/usr\/lib\/vmware-vmafd\/bin\/vecs-cli entry getcert --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output \/tmp\/machineSSL.crt\n\nroot@myvCenter-01 &#91; ~ ]# openssl x509 -in \/tmp\/machineSSL.crt -fingerprint -noout\nSHA1 Fingerprint=37:D2:57:79:1D:97:88:52:03:7C:4B:BE:A7:4D:77:74:09:BE:A7:1D\n\n<meta charset=\"utf-8\">root@myvCenter-01 &#91; ~ ]# openssl x509 -in \/tmp\/oldmachinessl.crt  -fingerprint -noout\nSHA1 Fingerprint=B6:40:0B:7D:18:4A:6C:47:A0:0C:FB:9E:1E:C7:E7:39:E8:BF:47:2B<\/code><\/pre>\n\n\n\n<p class=\"has-text-align-left\">We could see in the rbd DB is the old thumbprint that ends with &#8220;47:2B&#8221; and we have to change it to the one that ends with &#8220;A7:1D&#8221;.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>root@myvCenter-01 &#91; ~ ]# service-control --stop vmware-rbd-watchdog\nOperation not cancellable. Please wait for it to finish...\nPerforming stop operation on service rbd...\nSuccessfully stopped service rbd\nroot@myvCenter-01 &#91; ~ ]# sqlite3 \/var\/lib\/rbd\/db\nSQLite version 3.32.1 2020-05-25 16:19:56\nEnter \".help\" for usage hints.\nsqlite&gt; select * from vc_servers;\n1|{myvCenterIP}|80|BEA0F084-D699-42C9-B2C8-AF2CB8C0EF6B|8088|B6:40:0B:7D:18:4A:6C:47:A0:0C:FB:9E:1E:C7:E7:39:E8:BF:47:2B\n\nupdate vc_servers set thumbprint = \"37:D2:57:79:1D:97:88:52:03:7C:4B:BE:A7:4D:77:74:09:BE:A7:1D\";\nsqlite&gt; select * from vc_servers;\n1|<meta charset=\"utf-8\">myvCenterIP|80|BEA0F084-D699-42C9-B2C8-AF2CB8C0EF6B|8088|37:D2:57:79:1D:97:88:52:03:7C:4B:BE:A7:4D:77:74:09:BE:A7:1D\nsqlite&gt; .quit\nroot@myvCenter-01 &#91; ~ ]# \n\nroot@myvCenter-01 &#91; ~ ]# service-control --start vmware-rbd-watchdog\nOperation not cancellable. Please wait for it to finish...\nPerforming start operation on service rbd...\nSuccessfully started service rbd\n<\/code><\/pre>\n\n\n\n<p>That&#8217;s it \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently I changed my vCenter Certificate. But the AutoDeploy Service didn&#8217;t learned the new vCenter Certificate. So I got errors in \/var\/log\/vmware\/rbd\/rbd-syslog.log<\/p>\n","protected":false},"author":1,"featured_media":1067,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[10,7],"tags":[],"class_list":["post-1043","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vcenter","category-vsphere"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/vblog.hochsticher.de\/index.php?rest_route=\/wp\/v2\/posts\/1043","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vblog.hochsticher.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vblog.hochsticher.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vblog.hochsticher.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vblog.hochsticher.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1043"}],"version-history":[{"count":10,"href":"https:\/\/vblog.hochsticher.de\/index.php?rest_route=\/wp\/v2\/posts\/1043\/revisions"}],"predecessor-version":[{"id":1087,"href":"https:\/\/vblog.hochsticher.de\/index.php?rest_route=\/wp\/v2\/posts\/1043\/revisions\/1087"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vblog.hochsticher.de\/index.php?rest_route=\/wp\/v2\/media\/1067"}],"wp:attachment":[{"href":"https:\/\/vblog.hochsticher.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1043"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vblog.hochsticher.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1043"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vblog.hochsticher.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1043"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}