Support Migration Notice: To update migrated JIRA cases click here to open a new case use www.vmware.com/go/sr | vFabric Hyperic 5.7.0 is Now Available

Hyperic HQ

HQ vSphere continue to function with vCenter SSL certificate removed from keystore

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 4.6
  • Fix Version/s: 4.6, 4.x Sprint 28
  • Component/s: Plugins
  • Environment:
    Hyperic server 4.6.0-EE-242 on CentOS 5.4 x64 with external MySQL DB
    Hyperic agent 4.6.0-EE-242 on Windowws 2008
     - vCenter Server 4.0 running on agent platform
  • Case Links:
    none
  • Regression:
    No
  • Story Points:
    3
  • Tags:

Description

HQ vSphere continue to function with SSL certificate removed from keystore

After initially configuring vSphere successfully with an imported vCenter SSL certificate into a keystore, HQ vSphere continues to function when the SSL certificate is removed from the keystore even though the 'VMware vCenter' server does not show as available nor collect metrics.

Expected Result:
If the vCenter SSL certificate is removed from keystore, HQ vSphere and VMware vCenter server will no longer function

Actual Result:
With removed vCenter SSL certificate from keystore, HQ vSphere remains functional but VMware vCenter server does not

Steps to Reproduce:

  1. Install Hyperic agent on platform running vCenter Server
  2. Start Hyperic agent
  3. Log into Hyperic
  4. Note platform running vCenter server resides in AIQ
  5. Add platform running vCenter server into Inventory from AIQ
  6. Select VMware vCenter server
  7. Note configuration is not configured
  8. Attempt to configure vSphere
  9. Note configuration cannot be set with no valid SSL certificate
  10. Import SSL certificate into keystore
  11. Restart Hyperic agent
  12. Select VMware vCenter server
  13. Note configuration is not configured
  14. Configure vSphere
  15. Note configuration is successfully set with valid SSL certificate imported into keystore
  16. Stop Hyperic agent
  17. Delete vCenter SSL certificate from keystore
  18. Start Hyperic agent
  19. Note VMware vCenter server remains offline and no metrics collect
  20. View HQ vSphere
  21. Note all running servers show online correctly and servers with agents show performance metrics

Issue Links

Activity

Hide
Patrick Nguyen added a comment -

FIX: For metric collection, do not ignore the SSL cert

Show
Patrick Nguyen added a comment - FIX: For metric collection, do not ignore the SSL cert
Hide
Patrick Nguyen added a comment -

not working for new server configuration

Show
Patrick Nguyen added a comment - not working for new server configuration
Hide
Patrick Nguyen added a comment -

FIX 2: Configure the SSL keystore for vijava to use before creating the ServiceInstance

Show
Patrick Nguyen added a comment - FIX 2: Configure the SSL keystore for vijava to use before creating the ServiceInstance
Hide
Frederic Calindas added a comment -

With the latest build 247 (7/22/11), the vCenter Server stops collecting Availability and Metrics when vCenter SSL certificate removed from keystore. The associated resources of 'VMware vSphere Host' also stop collecting Availability and Metrics.

Additionally, the resources of type 'VMware vSphere VM' do not stop collecting Availability and Metrics. They continue to show as online. The HQ vSphere UI functions as if they were working with a SSL certificate.

Restoring the vCenter SSL certificate to the keystore, the vCenter Server resumes collecting Availability and Metrics; however, the resources of 'VMware vSphere Host' do not resume collection. They remain offline until the agent is restarted.

So there are two problems:

  1. VMware vSphere VMs do not stop collecting Availability and Metrics with the vCenter SSL certificate removed from the keystore
  2. VMware vSphere Hosts do not resume collecting Availability and Metrics when vCenter SSL certificate is restored to the keystore; an agent restart is required
Show
Frederic Calindas added a comment - With the latest build 247 (7/22/11), the vCenter Server stops collecting Availability and Metrics when vCenter SSL certificate removed from keystore. The associated resources of 'VMware vSphere Host' also stop collecting Availability and Metrics. Additionally, the resources of type 'VMware vSphere VM' do not stop collecting Availability and Metrics. They continue to show as online. The HQ vSphere UI functions as if they were working with a SSL certificate. Restoring the vCenter SSL certificate to the keystore, the vCenter Server resumes collecting Availability and Metrics; however, the resources of 'VMware vSphere Host' do not resume collection. They remain offline until the agent is restarted. So there are two problems:
  1. VMware vSphere VMs do not stop collecting Availability and Metrics with the vCenter SSL certificate removed from the keystore
  2. VMware vSphere Hosts do not resume collecting Availability and Metrics when vCenter SSL certificate is restored to the keystore; an agent restart is required
Hide
Patrick Nguyen added a comment -

FIX 3: If there is an error obtaining a new vSphere connection, make sure to evict any cached vSphere connections.

Show
Patrick Nguyen added a comment - FIX 3: If there is an error obtaining a new vSphere connection, make sure to evict any cached vSphere connections.
Hide
Frederic Calindas added a comment -

Verified with Hyperic Server Daily Build 4.6.0-EE-252 (7/28/11) and upgraded agent via UI.

AFter manually removing vCenter certificate from keystore, vCenter Server Availability and Metrics no longer reported. HQ vSphere also showed VMs no longer reporting.

Show
Frederic Calindas added a comment - Verified with Hyperic Server Daily Build 4.6.0-EE-252 (7/28/11) and upgraded agent via UI. AFter manually removing vCenter certificate from keystore, vCenter Server Availability and Metrics no longer reported. HQ vSphere also showed VMs no longer reporting.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
    Last comment:
    2 years, 38 weeks, 5 days ago