VMware Cloud Community
BobbyW
Contributor
Contributor
‎03-15-2013 03:06 PM

Unable to add vShield Manager to vCloud Director [PKI]

I've got a new install of vCloud Director and vShield manager and I'm trying to add the vSM to vCD. This is a PKI environment with certs for the vCD, vCenter Server, and vShield Manager replaced with signed certs from the CA. The vCD has also been configured to verify vSphere, vShield, and SSO certs with a keystore that was uploaded containing the root and intermediate certs. I am able to add the vCenter Server to the vCD, but the next step of adding the vShield Manager fails. If I disable cert verification, the vSM is able to be added. This error shows up in the vCD logs when trying to add with cert verification enabled:

==> /opt/vmware/vcloud-director/logs/vcloud-container-debug.log <==
2013-03-15 21:43:53,831 | DEBUG    | pool-jetty-65             | AuthorizationMethodInterceptor | Authorizing method: public abstract void com.vmware.vcloud.api.presentation.service.SystemService.testShieldManagerParams(com.vmware.vcloud.api.presentation.entity.common.Url,java.lang.String,java.lang.String,java.lang.String). |
2013-03-15 21:43:53,833 | INFO     | pool-jetty-65             | ShieldSessionManager           | Test connection to vsm:<IP ADDRESS> vsmManager.loginToVSM(). |
==> /opt/vmware/vcloud-director/logs/vcloud-container-info.log <==
2013-03-15 21:43:53,833 | INFO     | pool-jetty-65             | ShieldSessionManager           | Test connection to vsm:<IP ADDRESS> vsmManager.loginToVSM(). |
==> /opt/vmware/vcloud-director/logs/vcloud-container-debug.log <==
2013-03-15 21:43:53,833 | INFO     | pool-jetty-65             | CapabilityManager              | VSMCLIENT-2.0.0 getVsmVersion; URI :https://<IP ADDRESS>:443/api/1.0/global/heartbeat |
==> /opt/vmware/vcloud-director/logs/vcloud-container-info.log <==
2013-03-15 21:43:53,833 | INFO     | pool-jetty-65             | CapabilityManager              | VSMCLIENT-2.0.0 getVsmVersion; URI :https://<IP ADDRESS>:443/api/1.0/global/heartbeat |
==> /opt/vmware/vcloud-director/logs/vcloud-container-debug.log <==
2013-03-15 21:43:53,834 | DEBUG    | pool-jetty-65             | RestFulCallManager             | VSMCLIENT-2.0.0 trustAllHttpsCertificates; Message : User has NOT set the SSL context, using the default. |
2013-03-15 21:43:53,858 | DEBUG    | pool-jetty-65             | RestFulCallManager             | VSMCLIENT-2.0.0 verify; Message : Returning from hostname verification. |
2013-03-15 21:43:53,953 | INFO     | pool-jetty-65             | RestFulCallManager             | VSMCLIENT-2.0.0 getVsmVersion; Response :HTTP/1.1 200 OK (Operation Succeeded) |
==> /opt/vmware/vcloud-director/logs/vcloud-container-info.log <==
2013-03-15 21:43:53,953 | INFO     | pool-jetty-65             | RestFulCallManager             | VSMCLIENT-2.0.0 getVsmVersion; Response :HTTP/1.1 200 OK (Operation Succeeded) |
==> /opt/vmware/vcloud-director/logs/vcloud-container-debug.log <==
2013-03-15 21:43:53,953 | INFO     | pool-jetty-65             | CapabilityManager              | VSMCLIENT-2.0.0 getVsmVersion; Request Body :<?xml version="1.0" encoding="UTF-8" standalone="yes"?><VsmGlobalConfig><VsmVersion>5.1</VsmVersion></VsmGlobalConfig> |
==> /opt/vmware/vcloud-director/logs/vcloud-container-info.log <==
2013-03-15 21:43:53,953 | INFO     | pool-jetty-65             | CapabilityManager              | VSMCLIENT-2.0.0 getVsmVersion; Request Body :<?xml version="1.0" encoding="UTF-8" standalone="yes"?><VsmGlobalConfig><VsmVersion>5.1</VsmVersion></VsmGlobalConfig> |
==> /opt/vmware/vcloud-director/logs/vcloud-container-debug.log <==
2013-03-15 21:43:53,988 | INFO     | pool-jetty-65             | LoginManager                   | VSMCLIENT-2.0.0 doLogin; URI :https://<IP ADDRESS>:443/api/1.0/global/login |
==> /opt/vmware/vcloud-director/logs/vcloud-container-info.log <==
2013-03-15 21:43:53,988 | INFO     | pool-jetty-65             | LoginManager                   | VSMCLIENT-2.0.0 doLogin; URI :https://<IP ADDRESS>:443/api/1.0/global/login |
==> /opt/vmware/vcloud-director/logs/vcloud-container-debug.log <==
2013-03-15 21:43:53,988 | DEBUG    | pool-jetty-65             | RestFulCallManager             | VSMCLIENT-2.0.0 trustAllHttpsCertificates; Message : User has NOT set the SSL context, using the default. |
2013-03-15 21:43:54,010 | DEBUG    | pool-jetty-65             | RestFulCallManager             | VSMCLIENT-2.0.0 verify; Message : Returning from hostname verification. |
2013-03-15 21:43:54,090 | INFO     | pool-jetty-65             | RestFulCallManager             | VSMCLIENT-2.0.0 doLogin; Response :HTTP/1.1 204 No Content (Operation Succeeded) |
==> /opt/vmware/vcloud-director/logs/vcloud-container-info.log <==
2013-03-15 21:43:54,090 | INFO     | pool-jetty-65             | RestFulCallManager             | VSMCLIENT-2.0.0 doLogin; Response :HTTP/1.1 204 No Content (Operation Succeeded) |
==> /opt/vmware/vcloud-director/logs/vcloud-container-debug.log <==
2013-03-15 21:43:54,109 | DEBUG    | pool-jetty-65             | LoggingRestTemplate            | Created GET request for "https://<VSHIELD MANAGER FQDN>:443/api/2.0/global/config" |
2013-03-15 21:43:54,109 | DEBUG    | pool-jetty-65             | LoggingRestTemplate            | Setting request Accept header to [application/xml, text/xml, application/*+xml] |
2013-03-15 21:43:54,109 | DEBUG    | pool-jetty-65             | LoggingRestTemplate            | Request::URI:https://<VSHIELD MANAGER FQDN>/api/2.0/global/config method:GET |
2013-03-15 21:43:54,110 | DEBUG    | pool-jetty-65             | LoggingRestTemplate            | Request body :<none> |
2013-03-15 21:43:54,110 | INFO     | pool-jetty-65             | ShieldSessionManager           | Test connection with vsm:<IP ADDRESS> failed to establish. |
Tags (2)
0 Kudos
0 Replies