环境:
vCenter 7.0
问题现象
no healthy upstream
登陆管理,当时状态为:未知
启用ssh登录
https://xxx:5480/login --访问SSH--启用
ssh登录后,尝试启动服务报错。
command> shell
service-control --start --all
Service-control failed. Error: Failed to start services in profile ALL. RC=2, stderr=Failed to start hvc, vpxd, vpxd-svcs services. Error: Service crashed while starting
解决方法
1,配置解析
vi /etc/hosts
127.0.0.1 localhost localhost
<本地IP地址> localhost localhost
<本地IP地址> <域名解析地址>
:wq
2,配置新SSL证书
测试主机地址10.1.10.100,域名解析为t-vcenter.oc.com
调用命令
/usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 7.0 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| NOTE: Solution user certs will be deprecated in a future |
| release of vCenter. Refer to release notes for more details.|
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
选择4
Option[1 to 8]: 4
Do you wish to generate all certificates using configuration file : Option[Y/N] ? : y
Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]: <回车>
Enter password: <密码>
Please configure certool.cfg with proper values before proceeding to next step.
Press Enter key to skip optional parameters or use Default value.
Enter proper value for 'Country' [Default value : US] : CN
Enter proper value for 'Name' [Default value : CA] : <回车>
Enter proper value for 'Organization' [Default value : VMware] : <回车>
Enter proper value for 'OrgUnit' [Default value : VMware Engineering] : <回车>
Enter proper value for 'State' [Default value : California] : <回车>
Enter proper value for 'Locality' [Default value : Palo Alto] : <回车>
Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] : 10.1.10.100
Enter proper value for 'Email' [Default value : email@acme.com] : <回车>
Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] : t-vcenter.oc.com
Enter proper value for VMCA 'Name' :t-vcenter.oc.com
You are going to regenerate Root Certificate and all other certificates using VMCA
Continue operation : Option[Y/N] ? : y
Status : 60% Completed [Replace vpxd-extension Cert...]
2024-03-12T07:49:24.391Z Updating certificate for "com.vmware.vim.eam" extension
2024-03-12T07:49:24.962Z Updating certificate for "com.vmware.rbd" extension
2024-03-12T07:49:25.617Z Updating certificate for "com.vmware.imagebuilder" extension
Status : 100% Completed [All tasks completed successfully]
测试
root@localhost [ /var/log/vmware/vsphere-ui/logs ]# /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name t-vcenter.oc.com
重启服务
root@localhost [ ~ ]# service-control --stop --all && service-control --start --all
参考官方文档
https://kb.vmware.com/s/article/2112283?lang=zh_cn
