vRA8 Azure cloud account storage exception
Transparent HTTPS proxy causing troubles.
An Azure cloud account is added in Cloud Assembly following Configure Microsoft Azure for use with vRealize Automation Cloud Assembly.
It showed regions and storage accounts, could access flavors and images, but Compute resources had no Azure entries.
The account reported a warning and showed data collection error:
1java.lang.IllegalStateException: Azure enumeration adapter '/provisioning/azure/storage-enumeration-adapter-v2' for '/resources/endpoints/yyyyyyyyyyyyyyyyyyyy': FAILED with com.microsoft.azure.storage.StorageException:
2 at com.microsoft.azure.storage.StorageException.translateException(StorageException.java:87)
3 at com.microsoft.azure.storage.core.ExecutionEngine.executeWithRetry(ExecutionEngine.java:220)
4 at com.microsoft.azure.storage.blob.CloudBlobClient.listContainersWithPrefixSegmented(CloudBlobClient.java:348)
5 at com.microsoft.azure.storage.blob.CloudBlobClient.listContainersSegmented(CloudBlobClient.java:261)
6 at com.vmware.photon.controller.model.adapters.azure.enumeration.AzureStorageEnumerationAdapterServiceV2.lambda$getStorageContainersAndDisks$37(AzureStorageEnumerationAdapterServiceV2.java:1120)
7 at com.vmware.photon.controller.model.resources.util.PhotonModelUtils.lambda$runInExecutor$20(PhotonModelUtils.java:1043)
8 at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
9 at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
10 at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
11 at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
12 at java.base/java.lang.Thread.run(Thread.java:834)
13Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
14 at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
15 at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326)
16 at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269)
17 at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
18 at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645)
19 at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464)
20 at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
21 at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
22 at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
23 at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
24 at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)
25 at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:168)
26 at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1148)
27 at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1057)
28 at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395)
29 at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
30 at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
31 at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1587)
32 at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1515)
33 at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
34 at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:334)
35 at com.microsoft.azure.storage.core.ExecutionEngine.executeWithRetry(ExecutionEngine.java:115)
36 ... 9 more
37Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
38 at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
39 at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
40 at java.base/sun.security.validator.Validator.validate(Validator.java:264)
41 at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
42 at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
43 at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
44 at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629)
45 ... 26 more
46Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
47 at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
48 at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
49 at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
50 at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
51 ... 32 more
Looks like it has certificate issues. At our environment a transparent HTTPS proxy is installed, its certificate needs to be installed in vRA.
Upload the certificate to the vRA appliance and check it:
1vracli certificate proxy --validate proxy.cer
The output shows sha256 sum of the certificate:
1Certificate is signed by itself according to our internal policy
2Certificate with sha256 sum: 50dfa6f5780f5d7341b2436b3253deb0812b29da28ef28446f8dfe34c558f cannot be validated as it is self-signed.
3If you want to proceed with that certificate, please confirm the sha256 sum using parameter '--sha256' and the sha256 sum of the certificate.
Import the certificate and redeploy vRA services:
1vracli certificate proxy --set proxy.cer --sha256 50dfa6f5780f5d7341b2436b3253deb0812b29da28ef28446f8dfe34c558f
2/opt/scripts/deploy.sh