VRA health API via bash with results

Horizon

curl https://localhost/SAAS/API/1.0/REST/system/health -k

[master] cava-n-80-094:/etc/init.d # curl https://localhost/SAAS/API/1.0/REST/system/health  -k
{"AnalyticsUrl":"http://localhost:8080","EhCacheClusterPeers":"","AuditPollInterval":"1000","EncryptionServiceVersion":"unknown","AnalyticsConnectionOk":"true","EncryptionServiceVerified":"Master Keystore verified","FederationBrokerStatus":"ok","ServiceReadOnlyMode":"false","AuditWorkerThreadAlive":"true","BuildVersion":"3.1.0.0 Build 12694081","AuditQueueSize":"0","DatabaseStatus":"connection failure","HostName":"cava-n-80-094.eng.vmware.com","EncryptionStatus":"connected","FederationBrokerOk":"true","EncryptionConnectionOk":"true","EncryptionServiceImpl":"Encryption Service DB","ClusterId":"9b545db2-2c45-4950-b8e3-99e0eb3671d3","EhCacheClusterDiagnostics":"","DatabaseConnectionOk":"false","StatusDate":"2020-02-22 13:38:46 UTC","ClockSyncOk":"true","MaintenanceMode":"false","MessagingConnectionOk":"true","fipsModeEnabled":"false","ServiceVersion":"3.1.0","IpAddress":"10.149.80.94","AuditDisabled":"false","AllOk":"false"}[master] 

Elastic search

curl localhost:9200/_cluster/health?pretty=true

[master] cava-n-80-094:~ # curl localhost:9200/_cluster/health?pretty=true
{
  "cluster_name" : "horizon",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 5,
  "active_shards" : 5,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 5,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0
}

Recovering from expired certificates on vRo (vRealize orchestrator)- cli methord

So the other day the vRo certificates had expired. We tried to change it from the vco-control center, after importing the certificates, vRo UI would simply stay there stating restarting in 2 min but nothing happens.

to replace the certificate’s via CLI

Grab the Keystore password

cat  /var/lib/vco/keystore.password
Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu

Generate CSR using key tool

keytool -certreq -alias dunes -keypass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu" -keystore "/etc/vco/app-server/security/jssecacerts" -file "/crt/new.csr" -storepass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu" -ext SAN=DNS:vip.domain.com,DNS:vro1.domain.com,DNS:vro2.domain.com

Grab the /crt/new.csr and get this signed using the CA, Import the signed cert back into vRo and then import the certificate

keytool -importcert -alias dunes -keypass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu" -file "/crt/casigned.crt" -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu"

Restart Services

service vco-server restart && service vco-configurator restart

Now, copy the signed certificate over to node2 and then run the import command (grab the keystore password from /var/lib/vco/keystore.password)

keytool -importcert -alias dunes -keypass "AzW2gI1QJcNcRNzRX3TyrznhKlYNagKje45fTbSB" -file "/crt/casigned.crt" -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "AzW2gI1QJcNcRNzRX3TyrznhKlYNagKje45fTbSB"

Restart services and you are done!!

service vco-server restart && service vco-configurator restart

vRA Service registration status using bash CLI

log in to terminal of the vRA appliance and run the below script

curl --insecure -f -s -H "Content-Type: application/json" "https:/$HOSTNAME/component-registry/services/status/current?limit=200" | sed "s/}/\n/g" | grep -E -o ".serviceName.*serviceInitializationStatus.[^,]*" | sed "s/\"serviceTypeId.*,//g" | sed -e "s/\"//g" -e "s/:/=/g" -e "s/,/, /" | sed -e "s/serviceName\|serviceInitializationStatus\|=\|,\|null//g" | column -t | sort | cat -n