I know VSAN 6.2 is out now and may not have this issue but for the rest…
Recently, I was deploying a VSAN 6.1 cluster in my lab. When I went to configure the Health Service Plugin, the “Edit settings…” button wasn’t there! Hovering above the area where the button is supposed to be, did change the mouse pointer to a clickable link but clicking it, didn’t do anything.
That was quite baffling. Everything else and operation of VSAN appeared to be normal. I tried restarting the entire setup just to be sure but the problem remained.
Searching the various forums, I found this article. The author had the same issue and noticed that permissions on rui.* and vcsoluser.* files in /etc/vmware-vpx/ssl was different to what they would be on a vanilla install and were therefore, not allowing the “vsan-health” user to log in, who’s part of the “cis” group. I looked at my environment again and confirmed that it was indeed the same on my environment.
Here are the commands that I ran to change the required permissions so that people not familiar with *nix can also carry them out:
cd /etc/vmware-vpx/ssl
cp vcsoluser.key vcsoluser.key.bak
cp vcsoluser.crt vcsoluser.crt.bak
cp rui.key rui.key.bak
cp rui.crt rui.crt.bak
chgrp cis rui.key rui.crt vcsoluser.key vcsoluser.crt
chmod g+r rui.key rui.crt vcsoluser.key vcsoluser.crt
service vsphere-client restart
I know… I did these operations much more efficiently but just wanted to show each step separately, including taking a backup of those files – just a habit!
Once done, the files and listed permissions should look like this:
Restarted the web-client just in case. I don’t think it was actually needed. Note presence of the “cis” group (which was somehow set to “root” previously).
Implementing this, caused the missing “Edit settings…” button to appear and I was able to successfully configure the VSAN Health Service Plugin:
As the author of the article I mentioned above suspects, this might have been caused by the scripts I ran to fix the vCenter Server Certificate Validation Error, as that was the last major operation I had run on the appliance, before running into this issue. However, there is no way for me now to confirm my suspicion.
That said, I suspect this permission issue could cause failure with other services too so I would recommend you go and proactively check your installation as well, especially if you’ve implemented the fix in this article.
Hope this helps!
Leave A Comment