Issue:
Deployments fail.
History shows the placement error message:
Create - Failed
No placement exists that satisfies all of the request requirements. See if suitable placements and cloud zones exist for the current project and they have been properly tagged.
Verified vCenter is up-and-running.
Verified that storage and compute are available.
Also, confirmed IPs are available, although that would deliver a different message later in the allocation.
Issue:
Check the cloud zone and also the cloud accounts for an error.
Check the Cloud Account:
vRA/vRO 8 appliance --> Login --> Assembler --> Connections (left menu twistie) --> Cloud Accounts (left menu view option) --> filter to the name of the zone with the issue --> Click Open to view the cloud account --> Status (heading area)
Check for warning or caution messages. They include:
- Data collection failed. See details ...
- Image synchronization failed. See details ...
- Unable for deployment. [UPDATE]
For the top two, you can click the See details text link.
For the lower one, you can click the UPDATE button to try again.
In this case, above the Status heading, the cloud account showed the following error for the target cloud zone. This error was causing the Unable for deployment text to be displayed.
Unable to find valid certification path to requested target
or (in Aria Automation 8.17 and 8.18):
Revalidate the certificate associated with the endpoint; PKIX path building failed: sun.securityprovider.certpath.SunCertPathBuilderException: unable to find valid certificate path to requested target
Typical Causes:
The vCenter certificate has been replaced but vRA doesn't trust it, or the vCenter software was upgraded and the certificate was update/reverted as part of the change back to a self-certificate, or the certificate has expired.
Resolution:
a. On the Cloud Account, re-enter the credentials for the vCenter cloud account. Click VALIDATE.
b. In the pop-up dialog, ACCEPT the certificate.
c. Back on the main account page. click SAVE.
d. Return to the cloud account and verify the data collection and updates are working again.
WARNING
It is highly possible in Aria Automation/vRA 8.x that the SAVE button will NOT be presented and an red box error "Failed to Validate" will be displayed next to the VALIDATE button at step b above, and the cloud account's SAVE button will be dimmed-out/disabled. The cloud account endpoint itself will never get the new certificate since it is added by the saving of the cloud account.
Fortunately, Broadcom/VMware has published an article 318756, vSphere Cloud Account Certificate is Changed Causing Error ... Failed to Validate. The articles includes that this issue will be fixed in VMware Cloud Foundation 9.0. The article includes a packaged workflow, net.broadcom.vra.update.ca.certificate.package, which is an excellent workaround to fix the cloud account(s).
Instructions:
1. Download the workflow package.
 net.broadcom.vra.update.ca.certificate.package
2. Import the package:
a. Aria Automation/vRA 8 --> Orchestrator --> Assets (twistie - left menu) --> Packages
b. Click IMPORT button, in the system Open dialog, select the net.broadcom.vra.update.ca.certificate.package downloaded, click Open.
c. Click the TRUST button to clear the Package publisher certificate must be trusted message.
d. Click the Package elements tab to view the workflow and its four actions.
e. There are no configuration elements, but we can disable the Import configuration attribute values field.
f. Click IMPORT.
3. Only if you do not already have one created, create a local vRA Host in the plug-in inventory:
Orchestrator --> Workflows (left menu) --> Library (folder) --> vRealize Automation 8.x and Cloud Services (folder) --> vRA (folder) --> Add vRA Host
4. Run the repair workflow:
a. Orchestrator --> Workflows (left menu) --> Samples (folder) --> Update Cloud Account Certificate --> Click RUN
b. In the kick-off form:
- Tenant Admin Host: <click to open hosts>
- - Open twistie, VMware Aria Automation --> Select the host (e.g. Default)
- - Click SELECT to return to the workflow kick-off form
- Under vSphere Cloud Accounts to Update
- - Select the cloud account name to repair. Once selected, an edit pencil icon is available. Click the pencil icon.
- - - In the vSphere Cloud Accounts to Update dialog, enter the password in the Administrator password field.
- - - Typically, the other fields can be left autopopulated, as is.
- - - Click APPLY.
- - Select any other cloud account names to be repaired, as well.
- Click RUN.
c. Review the logs and confirm the endpoints are updated successfully:
. . .
20240102 01:02:03.123 -05:00 INFO Update certificate of cloud account: <cloud account name>
20240102 01:02:03.124 -05:00 INFO Get endpoint <vCenter cloud FQDN> certificate
20240102 01:02:03.212 -05:00 INFO Update cloud account <cloud account name>
20240102 01:02:03.312 -05:00 INFO Cloud account <cloud account name> updated successfully
. . .
5. Complete updating the cloud account(s)
a. Assembler --> Infrastructure (top menu) --> Connections (twistie - left menu) --> Cloud Accounts
b. Click <cloud account name> to open.
c. Click UPDATE.
<wait for the Status to be updated to "Available for deployment". The Data collection will be automatically started shortly after the status updates to Available.>
d. Once status and data collection are complete, click SYNC IMAGES.
<wait for sync to complete>
e. Click SAVE.
previous page
|