Loading...
Loading...
NAPP Deployment fails at 70% (NAPP Registration Step)Local Admin user has been renamed during initial deployment of NSX Manager from "admin" to some other name.You can see the below error in /var/log/proton/napps.log on the NSX Manager 2023-04-06 16:12:24 ERROR api_request:29 [MainThread] - Request failed with error msg: POST /nsxapi/api/v1/trust-management/principal-identities/with-certificate returned status: 400, body: b'{\n "httpStatus" : "BAD_REQUEST",\n "error_code" : 2602,\n "module_name" : "internal-framework",\n "error_message" : "Cannot allow Operation that requires a role that exceeds the caller Principal Id\'s role."\n}'2023-04-06 16:12:24 ERROR __main__:378 [MainThread] - Exit unexpectedlyTraceback (most recent call last): File "/config/vmware/napps/charts/nsxi-platform-advanced/files/registration/registration.py", line 376, in <module> main(args) File "/config/vmware/napps/charts/nsxi-platform-advanced/files/registration/registration.py", line 327, in main _register_cloudnative_platform_certs(fqdn) File "/config/vmware/napps/charts/nsxi-platform-advanced/files/registration/registration.py", line 224, in _register_cloudnative_platform_certs assert_request_success( File "/config/vmware/napps/charts/nsxi-platform-advanced/files/registration/api_request.py", line 30, in assert_request_success raise RuntimeError("Request failed with error msg: %s" % error_msg)RuntimeError: Request failed with error msg: POST /nsxapi/api/v1/trust-management/principal-identities/with-certificate returned status: 400, body: b'{\n "httpStatus" : "BAD_REQUEST",\n "error_code" : 2602,\n "module_name" : "internal-framework",\n "error_message" : "Cannot allow Operation that requires a role that exceeds the caller Principal Id\'s role."\n}'
NAPP registration uses hard-coded X-Nsx-Username value of "admin". If the NSX Manager local admin username is changed to any other name during the initial deployment it will cause a NAPP deployment failure.
This is a known issue, currently there is no resolution.
If you have Standard NAPP deployment:On the 3 NSX Managers, edit the below files/config/vmware/napps/charts/nsxi-platform-standard/files/registration/api_request.py/config/vmware/napps/charts/nsxi-platform-standard/files/registration/registration.pyEdit all X-NSX-Username references in the above files from being assigned the value of "admin" to your new local admin name Example:Beforeroot@nsx-manager01# grep "X-NSX-Username" /config/vmware/napps/charts/nsxi-platform-standard/files/registration/*api_request.py: if "X-NSX-Username" not in headers:api_request.py: headers["X-NSX-Username"] = "admin"api_request.py: if "X-NSX-Username" not in headers:api_request.py: headers["X-NSX-Username"] = "admin"grep: __pycache__: Is a directoryregistration.py: header = {'X-NSX-Username': "admin"}registration.py: header = {'X-NSX-Username': "admin", 'X-Allow-Overwrite': True}registration.py: headers = {'X-NSX-Username': "admin"}registration.py: headers = {'X-NSX-Username': "admin", 'X-Allow-Overwrite': True}After (assuming that you have renamed it "localadmin")root@nsx-manager01# grep "X-NSX-Username" /config/vmware/napps/charts/nsxi-platform-standard/files/registration/*api_request.py: if "X-NSX-Username" not in headers:api_request.py: headers["X-NSX-Username"] = "localadmin"api_request.py: if "X-NSX-Username" not in headers:api_request.py: headers["X-NSX-Username"] = "localadmin"grep: __pycache__: Is a directoryregistration.py: header = {'X-NSX-Username': "localadmin"}registration.py: header = {'X-NSX-Username': "localadmin", 'X-Allow-Overwrite': True}registration.py: headers = {'X-NSX-Username': "localadmin"}registration.py: headers = {'X-NSX-Username': "localadmin", 'X-Allow-Overwrite': True}Click "Retry" on NAPP installation UI screen, after which the installation should complete successfully.If you have Advanced NAPP deployment:On the 3 NSX Managers, edit the below files/config/vmware/napps/charts/nsxi-platform-advanced/files/registration/api_request.py/config/vmware/napps/charts/nsxi-platform-advanced/files/registration/registration.pyEdit all X-NSX-Username references in the above file from being assigned the value of "admin" to your new local admin nameExample:Beforeroot@nsx-manager01# grep "X-NSX-Username" /config/vmware/napps/charts/nsxi-platform-advanced/files/registration/*api_request.py: if "X-NSX-Username" not in headers:api_request.py: headers["X-NSX-Username"] = "admin"api_request.py: if "X-NSX-Username" not in headers:api_request.py: headers["X-NSX-Username"] = "admin"grep: __pycache__: Is a directoryregistration.py: header = {'X-NSX-Username': "admin"}registration.py: header = {'X-NSX-Username': "admin", 'X-Allow-Overwrite': True}registration.py: headers = {'X-NSX-Username': "admin"}registration.py: headers = {'X-NSX-Username': "admin", 'X-Allow-Overwrite': True}After (assuming that you have renamed it "localadmin")root@nsx-manager01# grep "X-NSX-Username" /config/vmware/napps/charts/nsxi-platform-advanced/files/registration/*api_request.py: if "X-NSX-Username" not in headers:api_request.py: headers["X-NSX-Username"] = "localadmin"api_request.py: if "X-NSX-Username" not in headers:api_request.py: headers["X-NSX-Username"] = "localadmin"grep: __pycache__: Is a directoryregistration.py: header = {'X-NSX-Username': "localadmin"}registration.py: header = {'X-NSX-Username': "localadmin", 'X-Allow-Overwrite': True}registration.py: headers = {'X-NSX-Username': "localadmin"}registration.py: headers = {'X-NSX-Username': "localadmin", 'X-Allow-Overwrite': True}Click "Retry" on NAPP installation UI screen, after which the installation should complete successfully.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.