vRealize Automation brings a raft of benefits to an organisation. The biggest of these is the ability to enable users to consume complex services without having to rely on the corporate IT department. An example of this is the ability to provision a Docker endpoint, in the form of a vSphere Integrated Containers Virtual Container Host, for developers to deploy containers against.

Fortunately, VMware have provided a blog post on how to achieve this, which can be found at:

https://blogs.vmware.com/cloudnative/2017/11/07/using-vrealize-automation-deploy-vmware-virtual-container-hosts/

However, whilst the information provided in the blog post is comprehensive, it doesn’t cover a scenario using SSL certificates issued by a Certificate Authority.

If a user tries to provision a VCH endpoint under these circumstances, the XaaS workflow will fail with the following error:

ERRO[0001] ——————–
ERRO[0001] Failed to create client for validation of operations credentials: Post https://vcsa.xyz.com/sdk: x509: failed to load system roots and no roots provided
ERRO[0001] Create cannot continue: configuration validation failed
ERRO[0001] ——————–
ERRO[0001] vic-machine-linux create failed: validation of configuration failed

This is because the vRealize Orchestrator host does not trust the SSL certificate on the vCenter appliance, and the vic-machine-linux command the XaaS workflow calls subsequently fails.

To resolve this copy the CA root certificate (and the intermediate/issuing certificate, if you have one) to /etc/ssl/certs on the vRO server.  Next, run the following command:

c_rehash /etc/ssl/certs

The vic-machine-linux command will now complete successfully, as will the corresponding XaaS workflow.

To test, just click Request: