问题描述
如上图所示,在创建自定义规范时提示失败,错误代码:vim.fault.NotFound
[ERROR] http-nio-5090-exec-40 70000153 100004 200001 c.v.v.c.vm.customizations.impl.VmCustomizationMutationProvider Error occurred while creating vm customization spec.
com.vmware.vim.binding.vmodl.fault.SystemError: vim.fault.NotFound
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at com.vmware.vim.vmomi.core.types.impl.ComplexTypeImpl.newInstance(ComplexTypeImpl.java:174)
at com.vmware.vim.vmomi.core.types.impl.DefaultDataObjectFactory.newDataObject(DefaultDataObjectFactory.java:25)
at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.ComplexStackContext.<init>(ComplexStackContext.java:30)
at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl$UnmarshallSoapFaultContext.parse(UnmarshallerImpl.java:159)
at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl$UnmarshallSoapFaultContext.unmarshall(UnmarshallerImpl.java:105)
at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl.unmarshalSoapFault(UnmarshallerImpl.java:92)
at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl.unmarshalSoapFault(UnmarshallerImpl.java:86)
at com.vmware.vim.vmomi.client.common.impl.SoapFaultStackContext.setValue(SoapFaultStackContext.java:40)
at com.vmware.vim.vmomi.client.common.impl.ResponseUnmarshaller.processNextElement(ResponseUnmarshaller.java:127)
at com.vmware.vim.vmomi.client.common.impl.ResponseUnmarshaller.unmarshal(ResponseUnmarshaller.java:70)
at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.unmarshalResponse(ResponseImpl.java:284)
at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setResponse(ResponseImpl.java:239)
at com.vmware.vim.vmomi.client.http.impl.HttpExchangeBase.parseResponse(HttpExchangeBase.java:156)
at com.vmware.vim.vmomi.client.http.impl.HttpAsyncExchange$1$2.run(HttpAsyncExchange.java:149)
at com.vmware.vim.vmomi.core.impl.BlockingFuture.executeRunnable(BlockingFuture.java:150)
at com.vmware.vim.vmomi.core.impl.BlockingFuture.get(BlockingFuture.java:75)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$RetryingFuture.get(MethodInvocationHandlerImpl.java:588)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:682)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:371)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeFetch(MethodInvocationHandlerImpl.java:347)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:191)
at com.sun.proxy.$Proxy118.getEncryptionKey(Unknown Source)
原因分析:
data-encipherment.crt 中key usage参数 缺少了Data Encipherment
解决方案:
官网KB:VMware Knowledge Base
https://kb.vmware.com/s/article/74963?lang=en_US
1.删除原有证书(操作之前可以先查看下证书信息确认是否是缺失了Data Encipherment)
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store data-encipherment --alias data-encipherment --server localhost --upn administrator@vsphere.local
注:其中localhost为VCSA主机名
2.创建私钥和公钥
/usr/lib/vmware-vmca/bin/certool --genkey --privkey=/etc/vmware-vpx/ssl/data-encipherment.key --pubkey=/etc/vmware-vpx/ssl/data-encipherment.pub
3.创建证书
/usr/lib/vmware-vmca/bin/certool --server=FQDN --genCIScert --dataencipherment --privkey=/etc/vmware-vpx/ssl/data-encipherment.key --cert=/etc/vmware-vpx/ssl/data-encipherment.crt --Name=data-encipherment --FQDN=FQDN
注:代码中FQDN为VCSA主机的FQDN
4.验证证书是否已包含Data Encipherment
/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store data-encipherment --text | less
5.重启VCSA或服务
提供CDN加速