i have a working vRA7 installation (very simmilar to the VMware vRA reference architecture for a minimal deployment Page 35)
vRA Appliance & IaaS server internal IP addresses. vRA Appliance is published to the internet via NAT. All hostnames (internal and external a part of the SAN certificate).
Using the Webinterface of vRA -> Everything fine (corp. network and internet)
Now we have some developers accessing the system external via internet with the Cloud Client 4.1 which getting an error message:
CloudClient>vra login userpass --server privatecloud.domain.de --tenant demo --user demo_admin --password ******************
vra-inf-1.server.domain.de is the internal DNS name of my IaaS host. So if i check the reference architecture picture http://pubs.vmware.com/vra-70/topic/com.vmware.ICbase/PDF/vrealize-automation-70-reference-architect... Page 35 the user only need access to the vRA appliance, but not to the IaaS host (which is in my case not reachable from the internet).
If i add a manual entry
to the hostfile of my client, i can connect (but got not authenticated to the IaaS Model Manager)
CloudClient>vra login userpass --server privatecloud.domain.de --tenant demo --user demo_admin --password *******************
vRA 7.0 login: [ACTIVE], session: [INACTIVE], user=[demo_admin], server=[https://privatecloud.domain.de], tenant=[demo]
IaaS Model Manager login: [INACTIVE]
I also attached the logfiles from the cloud client.
Any reason for this?
The cloud client uses some private APIs directly on the IaaS server. If there isn't a need for this access (or use of these commands) then don't worry about it.
But why will login fail if the Cloud Client can't resolve the hostname of the IaaS Server?