Add troubleshooting doc about encrypted private key when providing TLS cert #1282
Comments
|
@pthurnherr I’ve seen this error about ext3 incompatibilities before and it hasn’t had system impact. |
AngieCris
added
source/customer
|
Cc @andrewtchin |
AngieCris
added
the
product/ova
|
It looks like the ext4 message is not the problem. All disks are mounted but harbor and admiral do not start. So the vic management page is not accessible. Starting harbor manual by using systemctl restart harbor didn't help, same with admiral. docker ps shows quick running the container but stops immediately. |
|
Another thing: if you go to the official vmware.com vic website and try to download the vic ova, there is a wrong redirection of https://www.vmware.com/go/download-vic to https://my-test41.vmware.com/en/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere_integrated_containers/1_3 |
|
we haven't released the 1.3 yet. When it has released it will be available on vmware.com @pthurnherr. someone jumped the gun on download-vic :(. |
|
@pthurnherr Are you able to successfully initialize the appliance via the Getting Started page as mentioned in Step 13 of the |
AngieCris
added
the
status/needs-attention
|
@mdubya66 Sorry, Vmware site was or is still broken with the link and 1.3 ova was from https://storage.googleapis.com/vic-product-ova-releases and not from ...ova-builds ;) @anchal-agrawal Initialize was not showing up on $appliance_ip:9443 I'll wait for the official 1.3 release. |
|
Someone jumped the gun, that's the test link. We have a new OVA published now due to #1286 Were you able to reach $appliance_id:9443 at all? On my setup using Chrome I could not until I forced the certificate acceptance. I did that by going to http://appliance_id first. Convoluted I know and something we need to document and fix. |
|
Also I'm re-opening this since the bits used are identical except for the version used. |
|
@pthurnherr Thanks for the update - the build you used from https://storage.googleapis.com/vic-product-ova-releases is in the pipeline for the official 1.3 release, so if you have the time, it'd be worth root-causing your issue. After you powered on the OVA from the vSphere web client, did you see the web console of the OVA? It looks like this: Please note that it takes a few minutes (sometimes even 5-10 mins) after powering on for this screen to appear, since the OVA prepares for starting the services and only shows the web console when it is ready to be initialized. |
|
Additionally after the console screen shows up it may take additional time for the web server running on the VIC Appliance to start. During this time connection attempts to the Getting Started Page will time out. You must wait for the web server to start and then initialize the appliance from the Getting Started Page before attempting to use VIC services. |
|
@anchal-agrawal vSphere web client shows welcome screen but webservices wont start. I'm not able to initialize the appliance. On the vSphere web client I also get a gateway Mismatch but it's set correct. IP stack is up and ssh access to the appliance is possible.
|
|
@pthurnherr by webservices do you mean the Getting Started Page webserver? |
|
root@svthps02t [ ~ ]# systemctl status fileserver Jan 09 05:30:49 svthps02t.gv.li systemd[1]: fileserver.service: Main process exited, code=exited, status=1/FAILURE |
|
Found the issue. I'm usinga custom certificate and the private key as encrypted! Following 1.3 Dokumentation it must be a unencrypted PEM-encoded PKCS#8-formatted file. |
|
Great thanks @pthurnherr Could you provide the log line(s) that show the error message for the encrypted private key? These should be found in Problem:
Symptoms:
Solution:
|
andrewtchin
removed
status/need-info
|
@pthurnherr furthermore, it seems like the gateway ip is blank because net-tools is missing in the ova, which would be causing your mismatch. We didn't catch it because our test environments are using DHCP - this was tracked in #1267. @andrewtchin I have this fix in pr #1266, can pull it out to a separate 1.3.1 pr if #1266 doesn't make it in. |
|
-- Logs begin at Tue 2018-01-09 17:04:26 UTC, end at Tue 2018-01-09 17:06:59 UTC |
|
@andrewtchin yes it looks like a candidate for a TS topic. Can I just repurpose this issue, or do you want to keep this one and have me open a new one? |
andrewtchin
added
area/pub
|
Thanks @pthurnherr! |
andrewtchin
changed the title
|
It seems that more than one customer has hit this. We do state that the key must be unencrypted, but a TS topic that includes the error wouldn't hurt. |
|
@vidya-v can you please take the info from #1282 (comment) above and make it into a new troubleshooting topic? It would need to be nested under https://vmware.github.io/vic-product/assets/files/html/1.4/vic_vsphere_admin/ts_deploy_appliance.html You can use one of the other troubleshooting topics as a template, for example https://vmware.github.io/vic-product/assets/files/html/1.4/vic_vsphere_admin/ts_cert_error.html. Thanks! |
VIC Product version:
OVA version vic-v1.3.0-f8cc7317.ova
Deployment details:
OVA import to vSphere 6.5. Fist boot up shows EXT4-fs (sda2): couldnt't mount as ext3 due to feature incompatibilities
Steps to reproduce:
OVA import to vSphere Host and power up
Actual behavior:
VIC Management dosen't run
Expected behavior:
Logs:
Additional details as necessary:
The text was updated successfully, but these errors were encountered: