VMware Cloud Community
Craig_G2
Hot Shot
Hot Shot
Jump to solution

Configure The Serengeti Host

Hey guys -

I'm getting the following error when trying to run the "Configure The Serengeti Host" workflow

I have BDE appliance 2.0 and the 2.0 version of the orchestrator plugin installed

[2015-03-02 16:24:19.006] [I] vShield Manager - Targe
[2015-03-02 16:24:19.171] [I] https://10.69.255.184:8443/serengeti
[2015-03-02 16:24:34.133] [I] REST host: DynamicWrapper (Instance) : [RESTHost]-[class com.vmware.o11n.plugin.rest.RESTHost] -- VALUE : com.vmware.o11n.plugin.rest.RESTHost@e8f027e0
[2015-03-02 16:24:34.133] [I] REST host authentication: DynamicWrapper (Instance) : [RESTAuthentication]-[class com.vmware.o11n.plugin.rest.Authentication] -- VALUE : NONE
[2015-03-02 16:24:34.184] [I] REST host added: DynamicWrapper (Instance) : [RESTHost]-[class com.vmware.o11n.plugin.rest.RESTHost] -- VALUE : com.vmware.o11n.plugin.rest.RESTHost@1f9746b
[2015-03-02 16:24:34.318] [I] op: DynamicWrapper (Instance) : [RESTOperation]-[class com.vmware.o11n.plugin.rest.RESTOperation] -- VALUE : Login 452e4501-4ba7-4b47-81b1-c46716ca0210 /j_spring_security_check?j_username=YWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2Fs&j_password=xxxxxxx POST 0 application/json
[2015-03-02 16:24:34.318] [I] host: DynamicWrapper (Instance) : [RESTHost]-[class com.vmware.o11n.plugin.rest.RESTHost] -- VALUE : com.vmware.o11n.plugin.rest.RESTHost@f64b2fcb
[2015-03-02 16:24:34.541] [I] vShield Manager - Targe
[2015-03-02 16:24:34.546] [I] Serengeti
[2015-03-02 16:24:34.662] [I] Login
[2015-03-02 16:24:34.755] [I] Request: DynamicWrapper (Instance) : [RESTRequest]-[class com.vmware.o11n.plugin.rest.Request] -- VALUE : com.vmware.o11n.plugin.rest.Request@60986bab
[2015-03-02 16:24:34.755] [I] Request URL: https://10.69.255.184:8443/serengeti/j_spring_security_check?j_username=YWRtaW5pc3RyYXRvckB2c3BoZXJl...
[2015-03-02 16:24:34.797] [I] Cannot execute request: hostname in certificate didn't match:  !=  (Workflow:Execute Login Operation / Execute Operation (item2)#14)
[2015-03-02 16:24:34.898] [I] REST host removed: DynamicWrapper (Instance) : [RESTHost]-[class com.vmware.o11n.plugin.rest.RESTHost] -- VALUE : com.vmware.o11n.plugin.rest.RESTHost@79e5b22

I'd really appreciate some pointers of people that know what they are doing before i start poking arround.

Let me know if more info is needed

Cheers!

Reply
0 Kudos
1 Solution

Accepted Solutions
fuxiaoting0822
VMware Employee
VMware Employee
Jump to solution

Hi eatVM,

Have you resolved this issue?


HTTP-REST plugin of vRO6.0 added new stricter verifications.

VMware has just published technical preview version of vRO REST plugin having an option for disabling host verification.

So if you want to have BDE plugin works fine with vRA 6.2, you should upgrade the HTTP-REST plugin.

You can download the plugin from here .

Technical preview version of REST plug-in

Upgrade the HTTP-REST 1.0.4.2229037 to HTTP-REST 1.0.7-2563729 from vRO configuration web page.


Make sure that set false for parameter "hostVerification" during run workflow "Configuration The Serengeti Host"


Have a try, hope everything goes fine with you!


Regards,

Xiaoting

View solution in original post

Reply
0 Kudos
12 Replies
Xiaoliangl
Contributor
Contributor
Jump to solution

Hello eatVM,

When you ran the workflow, normally there should be a popup window to show your the certificate info of serengeti server and ask you to accept it, do you see it and accept it?

Best regards

Li Xiaoliang

Reply
0 Kudos
Craig_G2
Hot Shot
Hot Shot
Jump to solution

Hey - yeah the popup appears, it states that there is a name miss match on the certificate, but I select import anyway. It fails shortly after.

Reply
0 Kudos
Xiaoliangl
Contributor
Contributor
Jump to solution

Hello eatVM,

Yes, you should get the warning message saying certificate miss-match. But normally after you confirm accepting this exception, you should be able to run the workflow without error.

May I know which version of vCAC/vCO are you using? Note we only support vCAC 6.0 for serengeti plugin 2.0.

Best regards

Li Xiaoliang

Reply
0 Kudos
Craig_G2
Hot Shot
Hot Shot
Jump to solution

Hello,

It's actually vCAC 6.2...along with vCO 6 (as this is our testing vCAC instance) so this might explain it..

I thought that the Serengeti plugin was intendant of vCAC until you consumed it in Advances Services Designer. 😞

Reply
0 Kudos
Xiaoliangl
Contributor
Contributor
Jump to solution

Hello,

Yes, I guess the vCAC 6.2 has a stricter security policy that forbid a plugin to access a https server, whose certificate is not good in term of host name.

Maybe if it's possible, please test it with vCAC 6.1. Sorry for this inconvenience.

Best regards

Li Xiaoliang

Reply
0 Kudos
Craig_G2
Hot Shot
Hot Shot
Jump to solution

Thanks for your help with this. Sadly I don't have a 6.1 environment to test on at the moment. I might have a poke around


What I am failing to understand is where exactly is the "Configure The Serengeti Host" workflow made aware of vCAC. All that it appears to do is make a rest host and add some operations to it?

Could it be down to the REST plugin?

Is it worth trying 2.1?

Reply
0 Kudos
Xiaoliangl
Contributor
Contributor
Jump to solution

The configure Serengeti Host will test the connection to the Serengeti server, and if successful, it will creates several REST API invocation stubs.

I don't think so, because you will meet the same issue with Serengeti plugin 2.1. Sorry for that.

Best regards

Li Xiaoliang

Craig_G2
Hot Shot
Hot Shot
Jump to solution

Thank you for your help!

Reply
0 Kudos
Craig_G2
Hot Shot
Hot Shot
Jump to solution

FYI - Just found this thread: Technical Preview - HTTPRest Certificate issue

So it looks like the REST error I get could be something to do with the REST plugin.

Just confirmed this. It works with version 1.0.3 of the REST plugin. Looks like the whole certificate config has changed.

Reply
0 Kudos
charliejllewell
Enthusiast
Enthusiast
Jump to solution

Hey eatVM,

It is possible to change BDE's SSL certs. You could try either self signed certs with valid a valid comman name and add it to the trust store of the other components or buy a cheap valid cert?

Cheers

Charlie

Reply
0 Kudos
fuxiaoting0822
VMware Employee
VMware Employee
Jump to solution

Hi eatVM,

Have you resolved this issue?


HTTP-REST plugin of vRO6.0 added new stricter verifications.

VMware has just published technical preview version of vRO REST plugin having an option for disabling host verification.

So if you want to have BDE plugin works fine with vRA 6.2, you should upgrade the HTTP-REST plugin.

You can download the plugin from here .

Technical preview version of REST plug-in

Upgrade the HTTP-REST 1.0.4.2229037 to HTTP-REST 1.0.7-2563729 from vRO configuration web page.


Make sure that set false for parameter "hostVerification" during run workflow "Configuration The Serengeti Host"


Have a try, hope everything goes fine with you!


Regards,

Xiaoting

Reply
0 Kudos
Craig_G2
Hot Shot
Hot Shot
Jump to solution

Hey yes - it's all sorted for me... I actually ended up using another vCO with the older rest plugin to test.

And on the subject of the new REST plugin, the guys at VMware kindly announced it after this discussion:

Technical Preview - HTTPRest Certificate issue

Thanks for your response though!

Reply
0 Kudos