Wednesday Tidbit: Enable VIC-as-a-Service on vRealize Automation with custom SSL certificates

20161114-1vRealize Automation brings a raft of benefits to an organisation. The biggest of these is the ability to enable users to consume complex services without having to rely on the corporate IT department. An example of this is the ability to provision a Docker endpoint, in the form of a vSphere Integrated Containers Virtual Container Host, for developers to deploy containers against.

Fortunately, VMware have provided a blog post on how to achieve this, which can be found at:

However, whilst the information provided in the blog post is comprehensive, it doesn’t cover a scenario using SSL certificates issued by a Certificate Authority.

If a user tries to provision a VCH endpoint under these circumstances, the XaaS workflow will fail with the following error:

ERRO[0001] ——————–
ERRO[0001] Failed to create client for validation of operations credentials: Post x509: failed to load system roots and no roots provided
ERRO[0001] Create cannot continue: configuration validation failed
ERRO[0001] ——————–
ERRO[0001] vic-machine-linux create failed: validation of configuration failed

This is because the vRealize Orchestrator host does not trust the SSL certificate on the vCenter appliance, and the vic-machine-linux command the XaaS workflow calls subsequently fails.

To resolve this copy the CA root certificate (and the intermediate/issuing certificate, if you have one) to /etc/ssl/certs on the vRO server.  Next, run the following command:

c_rehash /etc/ssl/certs

The vic-machine-linux command will now complete successfully, as will the corresponding XaaS workflow.

To test, just click Request:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.