After you replace the certificate of vRealize Log Insight in Region B, you update log forwarding from vRealize Log Insight in Region A to vRealize Log Insight in Region B. Log forwarding in this validated design uses SSL connection to exchange log data

Procedure

  1. Import the root certificate in the Java truststore on each vRealize Log Insight node in Region A.
    1. Open an SSH session to the vRealize Log Insight node.

      Name

      Role

      sfo01vrli01a.sfo01.rainpole.local

      Master node

      sfo01vrli01b.sfo01.rainpole.local

      Worker node 1

      sfo01vrli01c.sfo01.rainpole.local

      Worker node 2

    2. Log in using the following credentials.

      Setting

      Value

      User name

      root

      Password

      vrli_regionA_root_password

    3. Create a working directory on the vRealize Log Insight node.
      mkdir /tmp/ssl
      cd /tmp/ssl
    4. Extract the root certificate from the destination vRealize Log Insight in Region A.
      echo "" | openssl s_client -showcerts -servername lax01vrli01a.lax01.rainpole.local -connect lax01vrli01a.lax01.rainpole.local:443 -prexit 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > cert.pem
      csplit -f individual- cert.pem '/-----BEGIN CERTIFICATE-----/' '{*}' 
      root_cert=$(ls individual-* | sort -n -t- | tail -1)
      cp -f -- "$root_cert" root.crt
    5. Import the root certificate in the Java truststore of the vRealize Log Insight node in Region A.
      cd /usr/java/default/lib/security/ 
      
      ../../bin/keytool -import -alias loginsight -file /tmp/ssl/root.crt -keystore cacerts
    6. When prompted for a keystore password, type changeit
    7. When prompted to accept the certificate, type yes
    8. Reboot the vRealize Log Insight node.
      reboot
    9. Repeat this operation on all vRealize Log Insight nodes in Region A.
  2. Log in to the vRealize Log Insight user interface.
    1. Open a Web browser and go to https://sfo01vrli01.sfo01.rainpole.local.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      vrli_admin_password

  3. In the vRealize Log Insight user interface, click the configuration drop-down menu icon  and select Administration.
  4. Under Management, click Event Forwarding.
  5. On the Event Forwarding page, select SFO01 to LAX01 and select the Edit icon. 
  6. In the Edit Destination dialog box, click Test to verify that the connection settings are correct.
  7. Click Save to save the forwarding new destination.