Nutanix Discovery pattern question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2020 11:42 PM
Hi Everyone,
We are running Prism Central to manage Nutanix storage clusters under VMware and have configured the Nutanix discovery pattern following the below page to discover the lab configuration. VMware discovery is already working well.
I have followed this document and created a credential, a discovery schedule and address range set for the prism central appliance.
When discovery is run i can see it is connecting but not discovering The error in the pattern log for Nutanix contains:
"Exception occurred while executing operation Nutanix API Query. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: No issuer certificate for certificate in certification path found."
The certificate has a valid intermediate certificate and root certificate.
Is this erorr due to the attribute using IP address to connect to the prism central URL vs FQDN which won't match the certificate SAN or is is that the MID Server cannot follow the certificate path. I haven't checked whether the intermediate certificate or root certificate is in the Windows Certificate Store on the MID Server yet.
Attribute set from the pattern log.
setAttribute(prism_url,https://172.30.0.17:9440)
Any ideas where to check or what actions to take ?
Kind Regards,
Aron Campbell
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2020 03:26 AM
Aron,
I've never discovered these types of devices before but you may need to add the certificate of those devices into your MID servers trust store. I would look at doing that as I am pretty sure that's the issue.
Hope this works for you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2020 07:11 PM
Hi Community,
Just a quick update on this, we could move beyond the certificate issue but now falling into this issue below.
https://hi.service-now.com/kb_view.do?sysparm_article=KB0789251
We have a case open with Nutanix since it isn't clear why the user that was provisioned doesn't have access to the API's. Once we get that solved it should be good and will share back.
Regards,
Aron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2020 07:11 AM
Hi Aron,
How were you able to get through the certificate error? I am experiencing the same issue right now and am at a loss...
Any help you could offer would be very much appreciated.
Thank you,
Jim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2020 02:56 PM
Hi Jim, yes we got through the certificate issue, the suggestion to store the cert in the mid server instance worked.
Credential issues also fixed.
1. The Nutanix credential for Prism Central also needs to be created in the Prism Element instances as well otherwise the discovery will fail. That should be documented in the discovery pattern document more clearly. All it states is that the credential must have access to the API.
2. The API calls start at Prism Central and then go to the Prism element nodes once the prism element nodes are identified. You only see this when you read the pattern log.
I'm retesting the discovery on a non prod instance running Orlando where the pattern logging has been restructured. The JSON responses are very large and were failing with the bug listed above. However that said the discovery runs and all green lights/ticks but returns with nothing discovered so still not close to knowing what the discovery result should be, the documentation is sparse from Nutanix / Servicenow to say the least.
We have VMware with Nutanix managing the storage so no Acropolis in the picture.
Regards,
Aron
