To add an updated vSphere machine SSL certificate to vCloud Availability for vCloud Director, you must reconfigure the vSphere Replication Manager and vSphere Replication Cloud Service hosts.

Prerequisites

Verify that you successfully replaced the vSphere machine SSL certificate. For more information about vSphere security certificates, see the following:

Procedure

  1. From the vCloud Availability Installer Appliance, create a trust between the vSphere instance and the vCloud Availability Installer Appliance by running the following command:
    # vcav trust add --address=$VSPHERE_ADDRESS --port=443 --accept-all
  2. Reconfigure the associated vSphere Replication Manager.

    Standard Command

    Command Using Registry

    # vcav hms configure \
    --reconfigure \
    --hms-address=$HMS_ADDRESS \
    --vsphere-address=$VSPHERE_ADDRESS \
    --vsphere-user=$SSO_USER \
    --vsphere-password-file=~/.ssh/.sso \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd \
    --sso-user=$SSO_USER \
    --sso-password-file=~/.ssh/.sso
     
    # vcav hms configure \
    --reconfigure \
    --hms-address=$HMS_ADDRESS \
    --vsphere=vsphere-name \
    --vcd=vcd-name
      
    
    

    The system returns an OK message, after the process finishes.

  3. Verify that the hms service starts successfully.

    Standard Command

    Command Using Registry

    # vcav hms wait-for-extension \
    --hms-address=$HMS01_ADDRESS \
    --vsphere-address=$VSPHERE01_ADDRESS \
    --vsphere-user=$SSO_USER \
    --vsphere-password-file=~/.ssh/.sso \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd \
    --sso-user=$SSO_USER \
    --sso-password-file=~/.ssh/.sso
    # vcav hms wait-for-extension \
    --hms-address=$HMS01_ADDRESS \
    --vsphere=vsphere-01-name \
    --vcd=vcd-01-name

    If the hms service starts successfully, the system displays an ОК message.

    If the system returns an error, or there is no output in 5 minutes, check the /opt/vmware/logs/hms/hms.log file.

  4. Reconfigure the vSphere Replication Cloud Service Appliance.

    The cassandra-replication-factor argument in the vcav hcs configure command defines the number of data replicas across the Cassandra cluster. Replication factor 4 means that there are four copies of each row, where each copy is on a different node.

    Note:

    The replication factor must not exceed the number of nodes in the Cassandra cluster.

    By default, the vcav hcs configure command uses the AMQP settings from vCloud Director. If vCloud Director is configured to communicate with AMQP without SSL, the vcav hcs configure operation returns an error. To avoid this, you can specify the correct port to use with the --amqp-port=port-number argument.

    Run the vcav hcs configure command for all vSphere Replication Cloud Service hosts.

    Standard Command

    Command Using Registry

    # vcav hcs configure \
    --reconfigure \
    --hcs-address=$HCS_ADDRESS \
    --amqp-password-file=~/.ssh/.amqp \
    --cassandra-replication-factor=number-of-Cassandra-nodes \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd \
    --sso-user=$SSO_USER \
    --sso-password-file=~/.ssh/.sso 
    # vcav hcs configure \
    --reconfigure \
    --hcs-address=$HCS_ADDRESS \
    --amqp-password-file=~/.ssh/.amqp \
    --cassandra-replication-factor=number-of-Cassandra-nodes \
    --vcd=vcd-01-name

    The system returns an OK message, after the process finishes.

  5. Verify that the hcs service starts successfully.

    Standard Command

    Command Using Registry

    # vcav hcs wait-for-extension \
    --hcs-address=$HCS01_ADDRESS \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd \
    --sso-user=$SSO_USER \
    --sso-password-file=~/.ssh/.sso 
    # vcav hcs wait-for-extension \
    --hcs-address=$HCS01_ADDRESS \
    --vcd=vcd-01-name
    

    If the hcs service starts successfully, the system displays an ОК message.

    If the system returns an error, or there is no output in 5 minutes, check the /opt/VMware/logs/hms/hcs.log file.

Results

You have successfully added the updated vSphere machine SSL certificate to the vCloud Availability for vCloud Director instance.