Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Bringup is run/retried multiple times.The last run did not populate ESXi service accounts in SDDC Manager. However, the accounts were created on the hosts as part of the first run.
This article provides the steps to recreate the missing ESXi service accounts in SDDC Manager.
The first run of Bringup failed without persisting the ESXi service accounts, that were created on the ESXi hosts.
Scenarios where the ESXi Service Account is missing after bringup is resolved in VCF 4.3.For other scenarios, please review the workaround section for steps to unblock.
To work around this issue:Note: For VCF 5.1, please use the full path /usr/pgsql/13/bin/psql to invoke the psql command.Scenario 1: If the issue is observed after Bringup is completed SSH on SDDC ManagerRun the below command to fetch the esxi-id psql -h localhost -d platform -U postgres -c "select id from host where id not in (select entityid from credential where targettype='ESXI' and serviceid is not null);" On SDDC Manager, create /tmp/in.json with the following content: Note: The list should contain an entry for each missing ESXi service accounts. For example: below list contains details for two accounts. [ { "username":"svc-vcf-<esxi-shortname>", "roleName":"Admin", "resourceType":"ESXI", "resourceId":"<esxi-id>" }, { "username":"svc-vcf-<esxi-shortname>", "roleName":"Admin", "resourceType":"ESXI", "resourceId":"<esxi-id>" }] For each missing ESXi service account in SDDC Manager, remove the local ESXi user: ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@<esxi-FQDN> "esxcli system account remove -i svc-vcf-<esxi-shortname>" Generate API token: curl -X POST -H "Content-Type: application/json" -d '{"username": "<SSO-username>","password": "<SSO-password>"}' --insecure https://<sddc-manager-address>/v1/tokens | json_ppExample:Token Generation API Response: { "accessToken": "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJhZmI2MjNkZS1kZjIwLTQ1NWEtOWQ3NC1mYzgwZmFjNzM5ZGUiLCJpYXQiOjE1ODIxOTcxODcsInN1YiI6InZjZi1zZWN1cmUtdXNlckB2c3BoZXJlLmxvY2FsIiwiaXNzIjoidmNmLWF1dGgiLCJhdWQiOiJzZGRjLXNlcnZpY2VzIiwibmJmIjoxNTgyMTk3MTg3LCJleHAiOjE1ODIyMDA3ODcsInVzZXIiOiJ2Y2Ytc2VjdXJlLXVzZXJAdnNwaGVyZS5sb2NhbCIsIm5hbWUiOiJ2Y2Ytc2VjdXJlLXVzZXJAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIkJBQ0tVUF9DT05GSUdfUkVBRCIsIkNSRURFTlRJQUxfUkVBRCIsIlVTRVJfV1JJVEUiLCJPVEhFUl9XUklURSIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJPVEhFUl9SRUFEIiwiVVNFUl9SRUFEIiwiQ1JFREVOVElBTF9XUklURSJdfQ._92IFJCQsbRbAWd4PQmBDczWXtuVCWPOsL1ZyCdKEMU", "refreshToken": { "id": "3c6b3c30-3bf2-480b-9539-8483699ab928" } }In the above example we would replace the <API-TOKEN> in the following steps with just the following information:eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJhZmI2MjNkZS1kZjIwLTQ1NWEtOWQ3NC1mYzgwZmFjNzM5ZGUiLCJpYXQiOjE1ODIxOTcxODcsInN1YiI6InZjZi1zZWN1cmUtdXNlckB2c3BoZXJlLmxvY2FsIiwiaXNzIjoidmNmLWF1dGgiLCJhdWQiOiJzZGRjLXNlcnZpY2VzIiwibmJmIjoxNTgyMTk3MTg3LCJleHAiOjE1ODIyMDA3ODcsInVzZXIiOiJ2Y2Ytc2VjdXJlLXVzZXJAdnNwaGVyZS5sb2NhbCIsIm5hbWUiOiJ2Y2Ytc2VjdXJlLXVzZXJAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIkJBQ0tVUF9DT05GSUdfUkVBRCIsIkNSRURFTlRJQUxfUkVBRCIsIlVTRVJfV1JJVEUiLCJPVEhFUl9XUklURSIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJPVEhFUl9SRUFEIiwiVVNFUl9SRUFEIiwiQ1JFREVOVElBTF9XUklURSJdfQ._92IFJCQsbRbAWd4PQmBDczWXtuVCWPOsL1ZyCdKEMU Create the ESXi service account/s curl -X POST https://<sddc-manager-address>/v1/service-accounts -d @/tmp/in.json --insecure -H "Content-Type: application/json" -H "Authorization: Bearer <API-TOKEN>"Response:{"id":"<task-id>","name":"Creating Service Accounts","status":"IN_PROGRESS" ...} Wait for the workflow from 4. to complete by tracking its status: curl https://<sddc-manager-address>/v1/tasks/<task-id> --insecure -H "Content-Type: application/json" -H "Authorization: Bearer <API-TOKEN>" Get the {service-id} from the database: psql -h localhost -d platform -U postgres -c "select serviceId from credential where targettype='ESXI';" Update serviceid and servicetype in the database: psql -h localhost -d platform -U postgres -c "update credential SET serviceid='<service-id>', servicetype='SDDC_MANAGER' where username='svc-vcf-<esxi-shortname>';" Scenario 2: If you have noticed that the ESXi hosts have leftover service accounts before starting Bringup Note: You can check on the ESXI hosts esxcli system account list. For each host with a leftover service account, execute step 3.