Greetings,
I have been attempting to deploy the NSX Intelligence Appliance under NSX-T Manager. Each deployment stays at 75%.
on the NSX-IA console, I am getting the SSL handshake failed with NSX-T Manager Cluster
Even though I restarted the kafka service but no positive results:
Please suggest, what could be the missing piece in this deployment or overcome the SSL handshake failed error?
What NSX-T version are you running?
Have you made any change to NSX-T manager certificates?
Hi The NSX-T is of 3.0.0 version.
I think I have passed that error, it seemed that I was redeploying a new instance of NSX-IA with same FQDN and IP and NSX-T manager had accepted the certificates of old previous instance of NSX-IA. The workaround was to redeploy with new FQDN and new IP address for NSX - IA.
From the below output in the admin CLI access to NSX IA
get log-file syslog | find pace-monitor
I am getting this response:
Based on the https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.5/administration/GUID-FEEA2270-580F-47C9-B471-...
I cross checked all the services, the services are in STABLE status:
Based on the root CLI access with cat /var/log/pace/health-monitor.log
Finished health monitor task at Wed Apr 22 19:32:19 UTC 2020.
Start health monitor task at Wed Apr 22 19:45:02 UTC 2020.
NSX-Intelligence Status: {
"_schema": "IntelligenceApplianceHealthProperties",
"_self": {
"href": "/node/intelligence/appliance-health",
"rel": "self"
},
"appliance_health": {
"reason": "",
"status": "STABLE",
"sub_system_status": {
"app_services": {
"reason": "",
"services": [
{
"health": "STABLE",
"reason": "",
"service_name": "anomaly-detection"
},
{
"health": "STABLE",
"reason": "",
"service_name": "continuous-monitoring"
},
{
"health": "STABLE",
"reason": "",
"service_name": "pace-server"
},
{
"health": "STABLE",
"reason": "",
"service_name": "nsx-config"
},
{
"health": "STABLE",
"reason": "",
"service_name": "proxy"
},
{
"health": "STABLE",
"reason": "",
"service_name": "configure-zookeeper"
},
{
"health": "STABLE",
"reason": "",
"service_name": "configure-druid"
},
{
"health": "STABLE",
"reason": "",
"service_name": "pace-monitor.timer"
},
{
"health": "STABLE",
"reason": "",
"service_name": "processing"
},
{
"health": "STABLE",
"reason": "",
"service_name": "spark-job-scheduler"
},
{
"health": "STABLE",
"reason": "",
"service_name": "configure-hadoop-hdfs"
},
{
"health": "STABLE",
"reason": "",
"service_name": "pre-hadoop-hdfs"
}
],
"status": "STABLE"
},
"base_infra_services": {
"reason": "",
"services": [
{
"druid_health": {
"broker": {
"health": "STABLE",
"reason": ""
},
"coordinator": {
"health": "STABLE",
"reason": ""
},
"historical": {
"health": "STABLE",
"reason": ""
},
"middlemanager": {
"health": "STABLE",
"reason": ""
},
"middlemanager_correlatedflow": {
"health": "STABLE",
"reason": ""
},
"overlord": {
"health": "STABLE",
"reason": ""
}
},
"service_name": "druid"
},
{
"health": "STABLE",
"reason": "",
"service_name": "kafka"
},
{
"health": "STABLE",
"reason": "",
"service_name": "postgres"
},
{
"health": "STABLE",
"reason": "",
"service_name": "spark"
},
{
"health": "STABLE",
"reason": "",
"service_name": "zookeeper"
},
{
"health": "STABLE",
"reason": "",
"service_name": "hadoop-hdfs"
}
],
"status": "STABLE"
},
"metadata_services": {
"reason": "",
"services": [
{
"health": "STABLE",
"reason": "",
"service_name": "nsx-config-sync"
}
],
"status": "STABLE"
}
}
}
}
Fetching NSX-Intelligence information from NSX manager.
NSX-Intelligence health DEGRADED. Return code 403 is not HTTP OK.
Finished health monitor task at Wed Apr 22 19:45:04 UTC 2020.
root@nsxtm-ia:/opt/vmware/pace/monitor#
i believe this is a known issue please take a look at VMware Knowledge Base
I am running into the same issue on NSX-T 3.0 and Intelligence Appliance 1.1, I am not using CA signed Cert.
it does seem to match "Issue 2543655 - SSL handshake failure might occur between a transport node and a Kafka Broker in NSX Intelligence." mentioned in the release notes (VMware NSX Intelligence 1.1.0 Release Notes) unfortunately the workaround (restart service kafka) did not work for me.
I have tried re-installing while changing the name / ip of the appliance as suggested in this thread. This did not change the outcome and I can not get past the 75% on the install.
Any suggestion will be appreciated!
Contact VMware Technical Support and reference this KB article (76583) requesting the FTP link to download the WAR files (proton and policy)
Thanks for this. Will do, but that KB (76583) specifically states :
"This issue is resolved in VMware NSX-T Data Center 3.0.0 with NSX Intelligence 1.1.0, available at VMware Downloads."
I will try it nonetheless and see what happens.
Best,