To update the RabbitMQ server certificate, you must recreate the certificate, register the new AMQP certificate in vCloud Director, and import the new certificate to every vSphere Replication Cloud Service host.

Procedure

  1. Recreate the RabbitMQ server certificate. For more information, see Create Self-Signed Certificates for the Primary RabbitMQ Server.
  2. Restart the amqp service by running the following command.
    # service rabbitmq-server restart
  3. Register the new AMQP certificate in vCloud Director. If vCloud Director is not using SSL to connect with RabbitMQ, you can skip this step.
    1. Create a trusted connection between the RabbitMQ host and the vCloud Availability Installer Appliance.
      # vcav trust add --address=$AMQP_ADDRESS --port=5671 --accept-all
    2. Register the RabbitMQ host with vCloud Director.

      This registration can also be done by using the vCloud Director user interface.

      Standard Command

      Command Using Registry

      # vcav vcd configure-amqp \
      --vcd-address=$VCD_ADDRESS \
      --vcd-user=$VCD_USER \
      --vcd-password-file=~/.ssh/.vcd \
      --amqp-address=$AMQP_ADDRESS \
      --amqp-port=5671 \
      --amqp-user=vcd \
      --amqp-password-file=~/.ssh/.amqp \
      --amqp-vhost=/ \
      --amqp-exchange=systemExchange
      # vcav vcd configure-amqp \
      --vcd=vcd-01-name \
      --amqp-address=$AMQP_ADDRESS \
      --amqp-port=5671 \
      --amqp-user=vcd \
      --amqp-password-file=~/.ssh/.amqp \
      --amqp-vhost=/ \
      --amqp-exchange=systemExchange

      The system returns an OK message, after the process finishes.

    3. Restart vCloud Director and Cloud Proxy hosts after configuring AMQP settings, by creating an SSH connection to the hosts and restarting the vmware-vcd service.
  4. Import the new AMQP certificate to all vSphere Replication Cloud Service hosts by running the following command on the vCloud Availability Installer Appliance.

    Standard Command

    Command Using Registry

    # vcav hcs configure \
    --reconfigure \
    --hcs-address=$HCS_ADDRESS \
    --amqp-password-file=~/.ssh/.amqp \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd \
    --sso-user=$SSO_USER \
    --sso-password-file=~/.ssh/.sso \
    # vcav hcs configure \
    --reconfigure \
    --hcs-address=hcs-IP-address \
    --amqp-password-file=~/.ssh/.amqp \
    --vcd=vcd-01-name

    The system returns an OK message, after the process finishes.

  5. To verify that the hcs service starts successfully, run the following command.

    Standard Command

    Command Using Registry

    # vcav hcs wait-for-extension \
    --hcs-address=$HCS01_ADDRESS \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd \
    --sso-user=$SSO_USER \
    --sso-password-file=~/.ssh/.sso \
    # vcav hcs wait-for-extension \
    --hcs-address=hcs-IP-address \
    --vcd=vcd-01-name

    If the hcs service starts successfully, the system displays an ОК message.

    If the system returns an error, or there is no output in 5 minutes, check the /opt/VMware/logs/hms/hcs.log file for errors.