Ensure we use the ESX management IP specifically for http datastore access

[hickeng]

Issue Error seen while collecting log bundle in #6390 and may impact docker logs: "ServerFaultCode: A specified parameter was not correct: spec.url" (follow up from https://github.com/vmware/vic/issues/5685#issuecomment-314539043)

Details If an ESX has multiple NICs and not all of them are configured for management traffic then we can get the above error when trying to perform http based datastore access. We need to ensure that the IP we chose for a host is configured for management traffic. As @dougm has noted in the comments we already filter for NICs that are enabled for management traffic, so we may need to investigate in the problem environment. @bladeraptor has volunteered access to the environment if necessary

Speculation: sanity check it's actually the management role that we need for datastore http access and not another role that defaults to management if not explicit (e.g. provisioning).

[dougm]

Note that we do: https://github.com/vmware/govmomi/blob/849e47a1ef1ee62d7a4da7736a0b2d6353311747/object/host_system.go#L86

[bladeraptor]

Hi

So in my setup I have the following based on a cumulation of best practice tribal knowledge over the years

4x ‘physical NICs’

6 x VMKernel interfaces – 2x management, 1 x vSAN, 1 x vMotion, 1 x NFS storage traffic and 1 x VXLAN

For the most parts the distributed port groups to which those VMKernel interfaces are linked are spread across all 4 x physical NICs but in some cases 2 of the NICs are active and 2 standby

Not all VMKernel interfaces are enabled for Management traffic

The VCH-Host ‘management’ NIC is on an NSX segment connected to a NSX Edge and has its IP delivered by DHCP. The management stack is on 192.168.110.x and the VCH-Host is on 172.16.10.x the two segments know about each other via dynamic routing advertisement

Best regards

Alex Tanner

Alex Tanner | VCP | Specialist SE – VMware Cloud Provider Program | VMwarehttps://www.vmware.com/files/campaigns/cloud/files/vmware-hybrid-cloud-infographic.pdf

VMware Cloud Provider Programhttp://www.vmware.com/partners/service-provider?src=www_bestmatch_us VMware Cloud Provider Program Overviewhttp://www.vmware.com/files/pdf/partners/vspp/vmw-vcloud-air-network-program-overview.pdf VMware Cloud Provider Program Newshttps://cloudsolutions.vmware.com/ VMware Cloud Provider Program Architecturehttp://www.vmware.com/uk/solutions/cloud-computing/vcat-sp.html VMware Cloud Provider Program Bloghttp://blogs.vmware.com/vcat VMware Cloud Provider Program LinkedINhttps://www.linkedin.com/groups/3148182

VMware Europe, Flow 1 & 2, River Park Avenue, Staines-upon-Thames TW18 3FA m: +44 7917 722 137 |e: [email protected]mailto:[email protected] | t: +44 1276 414 300 (Switchboard) [Cloud_Provider_Program_blk AT Edit]

From: George Hicken [mailto:[email protected]] Sent: 25 September 2017 17:38 To: vmware/vic [email protected] Cc: Alex Tanner [email protected]; Mention [email protected] Subject: [vmware/vic] Ensure we use the ESX management IP specifically for http datastore access (#6401)

Issue Error seen while collecting log bundle in #6390https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vmware_vic_issues_6390&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=xxjvi1IABy7DqNNU-fIbAhwsawlnrc_pqiKQonyjXb0&m=rPV13iEwwHBUvDhKISfL7jtby1yU1mNXAHA5_ZR1FVE&s=HeiPlE1XKejh8L57zRzr6dZj5AkjSad-c4S_MkLqL04&e= and may impact docker logs: "ServerFaultCode: A specified parameter was not correct: spec.url" (follow up from #5685 (comment)https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vmware_vic_issues_5685-23issuecomment-2D314539043&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=xxjvi1IABy7DqNNU-fIbAhwsawlnrc_pqiKQonyjXb0&m=rPV13iEwwHBUvDhKISfL7jtby1yU1mNXAHA5_ZR1FVE&s=UCftrKHB0l5-aV-ZUEAg0bMzBCmayh6cCPKR16l4N18&e=)

Details If an ESX has multiple NICs and not all of them are configured for management traffic then we can get the above error when trying to perform http based datastore access. We need to ensure that the IP we chose for a host is configured for management traffic. As @dougmhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_dougm&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=xxjvi1IABy7DqNNU-fIbAhwsawlnrc_pqiKQonyjXb0&m=rPV13iEwwHBUvDhKISfL7jtby1yU1mNXAHA5_ZR1FVE&s=YrWJ_PwpbtAPxKveme-P0vFS8InI7_uwXF36n0PbUf8&e= has noted in the comments we already filter for NICs that are enabled for management traffic, so we may need to investigate in the problem environment. @bladeraptorhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_bladeraptor&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=xxjvi1IABy7DqNNU-fIbAhwsawlnrc_pqiKQonyjXb0&m=rPV13iEwwHBUvDhKISfL7jtby1yU1mNXAHA5_ZR1FVE&s=y895E-dzYhRYP37MqsJQQkb80TEtXodD7JIqmemoT_A&e= has volunteered access to the environment if necessary

Speculation: sanity check it's actually the management role that we need for datastore http access and not another role that defaults to management if not explicit (e.g. provisioning).

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vmware_vic_issues_6401&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=xxjvi1IABy7DqNNU-fIbAhwsawlnrc_pqiKQonyjXb0&m=rPV13iEwwHBUvDhKISfL7jtby1yU1mNXAHA5_ZR1FVE&s=UJ1C-2mAt1pNQk_kxjHaPjkdN8sz7Grk0ZDhowoLM9Q&e=, or mute the threadhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AID5W5Jbbojz5ab2DywXFuqc2DtaetTyks5sl9bOgaJpZM4PfEh3&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=xxjvi1IABy7DqNNU-fIbAhwsawlnrc_pqiKQonyjXb0&m=rPV13iEwwHBUvDhKISfL7jtby1yU1mNXAHA5_ZR1FVE&s=ac-nS0L3vEPneiDUC8MbzYre36oyqLOmQWgH7LLYbXA&e=.

[samized]

Is there a workaround for this issue?