Hey guys -
I'm getting the following error when trying to run the "Configure The Serengeti Host" workflow
I have BDE appliance 2.0 and the 2.0 version of the orchestrator plugin installed
[2015-03-02 16:24:19.006] [I] vShield Manager - Targe [2015-03-02 16:24:19.171] [I] https://10.69.255.184:8443/serengeti [2015-03-02 16:24:34.133] [I] REST host: DynamicWrapper (Instance) : [RESTHost]-[class com.vmware.o11n.plugin.rest.RESTHost] -- VALUE : com.vmware.o11n.plugin.rest.RESTHost@e8f027e0 [2015-03-02 16:24:34.133] [I] REST host authentication: DynamicWrapper (Instance) : [RESTAuthentication]-[class com.vmware.o11n.plugin.rest.Authentication] -- VALUE : NONE [2015-03-02 16:24:34.184] [I] REST host added: DynamicWrapper (Instance) : [RESTHost]-[class com.vmware.o11n.plugin.rest.RESTHost] -- VALUE : com.vmware.o11n.plugin.rest.RESTHost@1f9746b [2015-03-02 16:24:34.318] [I] op: DynamicWrapper (Instance) : [RESTOperation]-[class com.vmware.o11n.plugin.rest.RESTOperation] -- VALUE : Login 452e4501-4ba7-4b47-81b1-c46716ca0210 /j_spring_security_check?j_username=YWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2Fs&j_password=xxxxxxx POST 0 application/json [2015-03-02 16:24:34.318] [I] host: DynamicWrapper (Instance) : [RESTHost]-[class com.vmware.o11n.plugin.rest.RESTHost] -- VALUE : com.vmware.o11n.plugin.rest.RESTHost@f64b2fcb [2015-03-02 16:24:34.541] [I] vShield Manager - Targe [2015-03-02 16:24:34.546] [I] Serengeti [2015-03-02 16:24:34.662] [I] Login [2015-03-02 16:24:34.755] [I] Request: DynamicWrapper (Instance) : [RESTRequest]-[class com.vmware.o11n.plugin.rest.Request] -- VALUE : com.vmware.o11n.plugin.rest.Request@60986bab [2015-03-02 16:24:34.755] [I] Request URL: https://10.69.255.184:8443/serengeti/j_spring_security_check?j_username=YWRtaW5pc3RyYXRvckB2c3BoZXJl... [2015-03-02 16:24:34.797] [I] Cannot execute request: hostname in certificate didn't match: != (Workflow:Execute Login Operation / Execute Operation (item2)#14) [2015-03-02 16:24:34.898] [I] REST host removed: DynamicWrapper (Instance) : [RESTHost]-[class com.vmware.o11n.plugin.rest.RESTHost] -- VALUE : com.vmware.o11n.plugin.rest.RESTHost@79e5b22
I'd really appreciate some pointers of people that know what they are doing before i start poking arround.
Let me know if more info is needed
Cheers!
Hi eatVM,
Have you resolved this issue?
HTTP-REST plugin of vRO6.0 added new stricter verifications.
VMware has just published technical preview version of vRO REST plugin having an option for disabling host verification.
So if you want to have BDE plugin works fine with vRA 6.2, you should upgrade the HTTP-REST plugin.
You can download the plugin from here .
Technical preview version of REST plug-in
Upgrade the HTTP-REST 1.0.4.2229037 to HTTP-REST 1.0.7-2563729 from vRO configuration web page.
Make sure that set false for parameter "hostVerification" during run workflow "Configuration The Serengeti Host"
Have a try, hope everything goes fine with you!
Regards,
Xiaoting
Hello eatVM,
When you ran the workflow, normally there should be a popup window to show your the certificate info of serengeti server and ask you to accept it, do you see it and accept it?
Best regards
Li Xiaoliang
Hey - yeah the popup appears, it states that there is a name miss match on the certificate, but I select import anyway. It fails shortly after.
Hello eatVM,
Yes, you should get the warning message saying certificate miss-match. But normally after you confirm accepting this exception, you should be able to run the workflow without error.
May I know which version of vCAC/vCO are you using? Note we only support vCAC 6.0 for serengeti plugin 2.0.
Best regards
Li Xiaoliang
Hello,
It's actually vCAC 6.2...along with vCO 6 (as this is our testing vCAC instance) so this might explain it..
I thought that the Serengeti plugin was intendant of vCAC until you consumed it in Advances Services Designer. 😞
Hello,
Yes, I guess the vCAC 6.2 has a stricter security policy that forbid a plugin to access a https server, whose certificate is not good in term of host name.
Maybe if it's possible, please test it with vCAC 6.1. Sorry for this inconvenience.
Best regards
Li Xiaoliang
Thanks for your help with this. Sadly I don't have a 6.1 environment to test on at the moment. I might have a poke around
What I am failing to understand is where exactly is the "Configure The Serengeti Host" workflow made aware of vCAC. All that it appears to do is make a rest host and add some operations to it?
Could it be down to the REST plugin?
Is it worth trying 2.1?
The configure Serengeti Host will test the connection to the Serengeti server, and if successful, it will creates several REST API invocation stubs.
I don't think so, because you will meet the same issue with Serengeti plugin 2.1. Sorry for that.
Best regards
Li Xiaoliang
Thank you for your help!
FYI - Just found this thread: Technical Preview - HTTPRest Certificate issue
So it looks like the REST error I get could be something to do with the REST plugin.
Just confirmed this. It works with version 1.0.3 of the REST plugin. Looks like the whole certificate config has changed.
Hey eatVM,
It is possible to change BDE's SSL certs. You could try either self signed certs with valid a valid comman name and add it to the trust store of the other components or buy a cheap valid cert?
Cheers
Charlie
Hi eatVM,
Have you resolved this issue?
HTTP-REST plugin of vRO6.0 added new stricter verifications.
VMware has just published technical preview version of vRO REST plugin having an option for disabling host verification.
So if you want to have BDE plugin works fine with vRA 6.2, you should upgrade the HTTP-REST plugin.
You can download the plugin from here .
Technical preview version of REST plug-in
Upgrade the HTTP-REST 1.0.4.2229037 to HTTP-REST 1.0.7-2563729 from vRO configuration web page.
Make sure that set false for parameter "hostVerification" during run workflow "Configuration The Serengeti Host"
Have a try, hope everything goes fine with you!
Regards,
Xiaoting
Hey yes - it's all sorted for me... I actually ended up using another vCO with the older rest plugin to test.
And on the subject of the new REST plugin, the guys at VMware kindly announced it after this discussion:
Technical Preview - HTTPRest Certificate issue
Thanks for your response though!