vRealize Automation 7 Management Agents Explained
vRA 7.x Iaas Management Agents are required to be installed on each IaaS
Windows server node.
The IaaS management agent components are responsible for various management
layer vRA functionality including:
- Certificate replacement
- Upgrades & patching
- Log collection (Allow collection of IaaS windows logs by vRA appliance)
- Last connected status (for IaaS windows nodes in cluster tab of vami interface)
Management Agent's do not have any impact on day-to-day application functionality in vRA they can be stopped/not functioning correctly and vRA
provisioning will still go through fine, again they are more for management
layer tasks vs application layer.
The management agents essentially act as a bridge between vRA Linux appliances
and IaaS Windows server nodes to facilitate all of the
above management layer tasks.
Communication happens between Management
agent and vRA appliances over port 5480 so it's important to note that
it is leveraging the VAMI(Virtual Appliance Management Interface)
certificate, not the regular vRA cert presented in UI & used for
application traffic over port 443.
- Its configuration file VMware.IaaS.Management.Agent.exe.config is located under C:\Program Files (x86)\VMware\vCAC\Management Agent
- The management agent's main logfile All.log is located under C:\Program Files (x86)\VMware\vCAC\Management Agent\Logs
Troubleshooting Management Agent Issues
Management Agent is a very basic component. As long as it can reach the VRA appliance over port 5480 and the VAMI cert is not expired it should be happy. The most common issue we see is corruption of its config file.
As it does not store any persistent data the best approach in the event of problems is typically to uninstall and re-install the Management Agent. It can be uninstalled using Windows Programs and Features and to re-install simply download & run the installer from vRA appliance: https://vRAFQDN:5480/installer/
If re-install doesn't resolve then potentially there is an issue with the VAMI certificate. To check the VAMI certificate validity hit vRA appliance on port 5480 and use browser to view certificate details: https://vRAFQDN:5480
For more information on VAMI cert & steps on how to replace see official documentation.
*Top Tip*
If
your VAMI cert has expired but your vRA appliance cert is valid the
below commands can be used to replace the vami cert with the regular
application layer certificate so that both components leverage the same certificate: This procedure will require downtime of services and best practise dictates you first snapshot the vRA appliances before proceeding, in a clustered setup it will need to be performed on each vRA appliance.
1) backup current vami cert:
2)Replace vami cert with vra cert
cp /etc/apache2/server.pem /opt/vmware/etc/lighttpd/server.pem
3) restart services:
service vami-lighttp restart
service haproxy restart
Hope this helps. Any questions in relation to Management Agent functionality leave a comment below.
Comments
Post a Comment