You can use HTTP requests to retrieve information about the health of the applied vSphere Trust Authority component configurations in a Trusted Cluster.

You can retrieve basic and detailed information about the health of Key Provider Service or Attestation Service configurations applied to a Trusted Cluster with respect to the desired state. You can also retrieve detailed information about the health of all applied vSphere Trust Authority component configurations in a Trusted Cluster. The operations require you to specify parameters in the body of the HTTP request according to your vSphere Trust Authority environment. For details about the syntax of each HTTP request body, see the API Reference documentation.

Prerequisites

  • Verify that you have access to a working vSphere Trust Authority environment.
  • Verify that you have Trusted Infrastructure administrative privileges.

Procedure

  1. Retrieve a summary about the health status of all Key Provider Service instances configured for use in a Trusted Cluster. 
    POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trusted-clusters/<cluster>/kms/services-applied-config?action=query&vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>

    If the operation is successful, you can verify whether all Key Provider Service configurations of the Trusted Cluster are applied successfully and every host in the cluster is consistent with the desired state.

  2. Retrieve detailed information about the health status of a specific Key Provider Service instance configured for use in a Trusted Cluster. 
    GET https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trusted-clusters/<cluster>/kms/services-applied-config?vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>

    If the operation is successful, you can verify whether the specified Key Provider Service configuration of the Trusted Cluster is applied successfully and every host in the cluster is consistent with the desired state.

  3. Retrieve a summary about the health status of all Attestation Service instances configured for use in a Trusted Cluster. 
    POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trusted-clusters/<cluster>/attestation/services-applied-config?action=query&vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>

    If the operation is successful, you can verify whether all Attestation Service configurations of the Trusted Cluster are applied successfully and every host in the cluster is consistent with the desired state.

  4. Retrieve detailed information about the health status of a specific Attestation Service instance configured for use in a Trusted Cluster. 
    GET https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trusted-clusters/<cluster>/attestation/services-applied-config?vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>

    If the operation is successful, you can verify whether the specified Attestation Service configuration of the Trusted Cluster is applied successfully and every host in the cluster is consistent with the desired state.

  5. Retrieve detailed information about the health status of all vSphere Trust Authority components configured for use in a Trusted Cluster. 
    GET https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trusted-clusters/<cluster>/services-applied-config?vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>

    If the operation is successful, you can verify whether the vSphere Trust Authority component configuration is applied successfully and every host in the cluster is consistent with the desired state.

What to do next

If there are errors, you can try to remediate the Trusted Cluster. See Remediate a Trusted Cluster.