vRealize Automation 7 Management Agents Explained

 vRA 7.x Iaas Management Agents are required to be installed on each IaaS
Windows server node.




The IaaS management agent components are responsible for various management
layer vRA functionality including:


- Certificate replacement
- Upgrades & patching
- Log collection                    (Allow collection of IaaS windows logs by vRA appliance)
- Last connected status     (for IaaS windows nodes in cluster tab of vami interface)


Management Agent's do not have any impact on day-to-day application functionality in vRA they can be stopped/not functioning correctly and vRA provisioning will still go through fine, again they are more for management layer tasks vs application layer.








The management agents essentially act as a bridge between vRA Linux appliances
and IaaS Windows server nodes to facilitate all of the above management layer tasks.

Communication happens between Management agent and vRA appliances over port 5480 so it's important to note that it is leveraging the VAMI(Virtual Appliance Management Interface) certificate, not the regular vRA cert presented in UI & used for application traffic over port 443.



- Its configuration file VMware.IaaS.Management.Agent.exe.config is located under C:\Program Files (x86)\VMware\vCAC\Management Agent



- The management agent's main logfile All.log is located under C:\Program Files (x86)\VMware\vCAC\Management Agent\Logs




Troubleshooting Management Agent Issues



Management Agent is a very basic component.  As long as it can reach the VRA appliance over port 5480 and the VAMI cert is not expired it should be happy. The most common issue we see is corruption of its config file.



As it does not store any persistent data the best approach in the event of problems is typically to uninstall and re-install the Management Agent. It can be uninstalled using Windows Programs and Features and to re-install simply download & run the installer from vRA appliance: https://vRAFQDN:5480/installer/







If re-install doesn't resolve then potentially there is an issue with the VAMI certificate. To check the VAMI certificate validity hit vRA appliance on port 5480 and use browser to view certificate details: https://vRAFQDN:5480


For more information on VAMI cert & steps on how to replace see official documentation.


*Top Tip*

If your VAMI cert has expired but your vRA appliance cert is valid the below commands can be used to replace the vami cert with the regular application layer certificate so that both components leverage the same certificate: This procedure will require downtime of services and best practise dictates you first snapshot the vRA appliances before proceeding, in a clustered setup it will need to be performed on each vRA appliance.

1) backup current vami cert:

cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem-bak


2)Replace vami cert with vra cert

cp /etc/apache2/server.pem /opt/vmware/etc/lighttpd/server.pem

3) restart services:

service vami-lighttp restart
service haproxy restart

 


Hope this helps. Any questions in relation to Management Agent functionality leave a comment below.





Comments

Post a Comment

Popular posts from this blog

vRealize Automation appliance services not registering

Image
Note this article covers only vRA 7.x, for vRA 8.x be sure to check out vRA 8 related articles: vRA 8.x basics vRA 8.x health check failing vRA 8.x Tutorial A common issue can be vRealize Automation appliance services not registering. This issue is typically noticed after a reboot or unplanned service outtage. The following article is intended to provide a walkthrough of troubleshooting such a scenario. Unfortunately the vRA catalina.out logfile located under /var/log/vmware/vcac can be quite cryptic in these scenario's and often just reports generic http response response codes. The service registry can be checked under the vami interface in vRA Settings -> Services tab and also via the component registry URL: https://vRAappliance/component-registry/ services / status / current Based on my experience the main offenders for vRA appliance service registry issues are as follows: Disk space. RabbitMQ  - internal messaging broker service leveraged by vRA. vIDM 
Read more

IaaS service not registering

Image
IaaS refers to the collection components installed on the Windows servers in a vRealize Automation environment. This article will focus specifically on the troubleshooting methodology applied when this IaaS service is not registering on the vRA appliances, I intend to create a separate post at a later date to focus solely on the purpose of each individual IaaS component. See vRA Management agents explained article for further explanation specifically for IaaS Management Agent components. The Problem The IaaS service registry status can be viewed in the Services tab of the VAMI interface or at the vRA appliance component service registry health check URL. https://vRA:5480 https://vRA/ component-registry/services/status/ current   Typically, IaaS service registry issues will be noticed here first. Other common symptoms of IaaS service registry issues include problems accessing the Infrastructure tab or general provisioning/data collection failures.      
Read more

vRA 7.x Certificate Replacement Process

Image
  vRA 7.x Certificate Replacement Process Certificate for component "website" on node "<node name>" will expire on <date> Certificate for component "ManagerService" on node "<node name>" will expire on <date> Seeing the above message in your vRA vami interface, that means its time to replace your vRA ssl certificates. This post will cover the vRA 7.x cert replacement process. Certificate Management in vRA 7.x has been simplified and is all performed from the Certificates tab of the VAMI interface: https:<vRAFQDN>:5480 -> vRA -> Certificates A distributed vRA will have three main certificate components: vRA cert itself IaaS web certificate IaaS manager certificate !! In a simple install with a single IaaS web server the Manager and Web component will share the same certificate!! You have two options when choosing a certificate: Self-signed certificate generated by vRA itself Certificate Authority Signed certif
Read more