You can use the ServicesAppliedConfig interface from the com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms, com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation, and com.vmware.vcenter.trusted_infrastructure.trusted_clusters packages to remediate vSphere Trust Authority component configurations in a Trusted Cluster or remove the configurations.
You can update the applied Key Provider Service or Attestation Service configurations in a Trusted Cluster to become consistent with the desired state or you can remove the applied Key Provider Service or Attestation Service configurations. You can also update all applied vSphere Trust Authority component configurations in a Trusted Cluster or remove the configurations. By removing the configurations, you can move hosts from a Trusted Cluster to another cluster.
Prerequisites
- Verify that you have access to a working vSphere Trust Authority environment.
- Verify that you have Trusted Infrastructure administrative privileges.
Procedure
- Remediate all Key Provider Service instances configured for use in a Trusted Cluster by calling the update_Task(java.lang.String cluster) method of the ServicesAppliedConfig interface from the com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms package.
If the operation is successful, the Key Provider Service configuration of every host in the cluster is consistent with the desired state.
- Remove all Key Provider Service configurations from a Trusted Cluster by calling the delete_Task(java.lang.String cluster) method of the ServicesAppliedConfig interface from the com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms package.
If the operation is successful, the applied Key Provider Service configurations are removed from the configuration of every host in the cluster without affecting the desired state.
- Remediate all Attestation Service instances configured for use in a Trusted Cluster by calling the update_Task(java.lang.String cluster) method of the ServicesAppliedConfig interface from the com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation package.
If the operation is successful, the Attestation Service configuration of every host in the cluster is consistent with the desired state.
- Remove all Attestation Service configurations from a Trusted Cluster by calling the delete_Task(java.lang.String cluster) method of the ServicesAppliedConfig interface from the com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation package.
If the operation is successful, the applied Attestation Service configurations are removed from the configuration of every host in the cluster without affecting the desired state.
- Remediate all vSphere Trust Authority components configured for use in a Trusted Cluster by calling the update_Task(java.lang.String cluster) method of the ServicesAppliedConfig interface from the com.vmware.vcenter.trusted_infrastructure.trusted_clusters package.
If the operation is successful, the vSphere Trust Authority component configuration of every host in the cluster is consistent with the desired state.
- Remove all vSphere Trust Authority component configurations from a Trusted Cluster by calling the delete_Task(java.lang.String cluster) method of the ServicesAppliedConfig interface from the com.vmware.vcenter.trusted_infrastructure.trusted_clusters package.
If the operation is successful, the applied vSphere Trust Authority component configurations are removed from the configuration of every host in the cluster without affecting the desired state.
What to do next
You can recheck the Trusted Cluster health after the remediation. See Check Trusted Cluster Health.