dougm
commented
6 years ago Open hickeng opened 6 years ago
dougm
commented
6 years ago 
bladeraptor
commented
6 years ago Hi
So in my setup I have the following based on a cumulation of best practice tribal knowledge over the years
4x ‘physical NICs’
6 x VMKernel interfaces – 2x management, 1 x vSAN, 1 x vMotion, 1 x NFS storage traffic and 1 x VXLAN
For the most parts the distributed port groups to which those VMKernel interfaces are linked are spread across all 4 x physical NICs but in some cases 2 of the NICs are active and 2 standby
Not all VMKernel interfaces are enabled for Management traffic
The VCH-Host ‘management’ NIC is on an NSX segment connected to a NSX Edge and has its IP delivered by DHCP. The management stack is on 192.168.110.x and the VCH-Host is on 172.16.10.x the two segments know about each other via dynamic routing advertisement
Best regards
Alex Tanner
Alex Tanner | VCP | Specialist SE – VMware Cloud Provider Program | VMwarehttps://www.vmware.com/files/campaigns/cloud/files/vmware-hybrid-cloud-infographic.pdf
VMware Cloud Provider Programhttp://www.vmware.com/partners/service-provider?src=www_bestmatch_us VMware Cloud Provider Program Overviewhttp://www.vmware.com/files/pdf/partners/vspp/vmw-vcloud-air-network-program-overview.pdf VMware Cloud Provider Program Newshttps://cloudsolutions.vmware.com/ VMware Cloud Provider Program Architecturehttp://www.vmware.com/uk/solutions/cloud-computing/vcat-sp.html VMware Cloud Provider Program Bloghttp://blogs.vmware.com/vcat VMware Cloud Provider Program LinkedINhttps://www.linkedin.com/groups/3148182
VMware Europe, Flow 1 & 2, River Park Avenue, Staines-upon-Thames TW18 3FA m: +44 7917 722 137 |e: atanner@vmware.commailto:atanner@vmware.com | t: +44 1276 414 300 (Switchboard) [Cloud_Provider_Program_blk AT Edit]
From: George Hicken [mailto:notifications@github.com] Sent: 25 September 2017 17:38 To: vmware/vic vic@noreply.github.com Cc: Alex Tanner atanner@vmware.com; Mention mention@noreply.github.com Subject: [vmware/vic] Ensure we use the ESX management IP specifically for http datastore access (#6401)
Issue Error seen while collecting log bundle in #6390https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vmware_vic_issues_6390&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=xxjvi1IABy7DqNNU-fIbAhwsawlnrc_pqiKQonyjXb0&m=rPV13iEwwHBUvDhKISfL7jtby1yU1mNXAHA5_ZR1FVE&s=HeiPlE1XKejh8L57zRzr6dZj5AkjSad-c4S_MkLqL04&e= and may impact docker logs: "ServerFaultCode: A specified parameter was not correct: spec.url" (follow up from #5685 (comment)https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vmware_vic_issues_5685-23issuecomment-2D314539043&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=xxjvi1IABy7DqNNU-fIbAhwsawlnrc_pqiKQonyjXb0&m=rPV13iEwwHBUvDhKISfL7jtby1yU1mNXAHA5_ZR1FVE&s=UCftrKHB0l5-aV-ZUEAg0bMzBCmayh6cCPKR16l4N18&e=)
Details If an ESX has multiple NICs and not all of them are configured for management traffic then we can get the above error when trying to perform http based datastore access. We need to ensure that the IP we chose for a host is configured for management traffic. As @dougmhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_dougm&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=xxjvi1IABy7DqNNU-fIbAhwsawlnrc_pqiKQonyjXb0&m=rPV13iEwwHBUvDhKISfL7jtby1yU1mNXAHA5_ZR1FVE&s=YrWJ_PwpbtAPxKveme-P0vFS8InI7_uwXF36n0PbUf8&e= has noted in the comments we already filter for NICs that are enabled for management traffic, so we may need to investigate in the problem environment. @bladeraptorhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_bladeraptor&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=xxjvi1IABy7DqNNU-fIbAhwsawlnrc_pqiKQonyjXb0&m=rPV13iEwwHBUvDhKISfL7jtby1yU1mNXAHA5_ZR1FVE&s=y895E-dzYhRYP37MqsJQQkb80TEtXodD7JIqmemoT_A&e= has volunteered access to the environment if necessary
Speculation: sanity check it's actually the management role that we need for datastore http access and not another role that defaults to management if not explicit (e.g. provisioning).
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vmware_vic_issues_6401&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=xxjvi1IABy7DqNNU-fIbAhwsawlnrc_pqiKQonyjXb0&m=rPV13iEwwHBUvDhKISfL7jtby1yU1mNXAHA5_ZR1FVE&s=UJ1C-2mAt1pNQk_kxjHaPjkdN8sz7Grk0ZDhowoLM9Q&e=, or mute the threadhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AID5W5Jbbojz5ab2DywXFuqc2DtaetTyks5sl9bOgaJpZM4PfEh3&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=xxjvi1IABy7DqNNU-fIbAhwsawlnrc_pqiKQonyjXb0&m=rPV13iEwwHBUvDhKISfL7jtby1yU1mNXAHA5_ZR1FVE&s=ac-nS0L3vEPneiDUC8MbzYre36oyqLOmQWgH7LLYbXA&e=.
samized
commented
4 years ago Is there a workaround for this issue?
Issue Error seen while collecting log bundle in #6390 and may impact
docker logs: "ServerFaultCode: A specified parameter was not correct: spec.url" (follow up from https://github.com/vmware/vic/issues/5685#issuecomment-314539043)Details If an ESX has multiple NICs and not all of them are configured for management traffic then we can get the above error when trying to perform http based datastore access. We need to ensure that the IP we chose for a host is configured for management traffic. As @dougm has noted in the comments we already filter for NICs that are enabled for management traffic, so we may need to investigate in the problem environment. @bladeraptor has volunteered access to the environment if necessary
Speculation: sanity check it's actually the management role that we need for datastore http access and not another role that defaults to management if not explicit (e.g. provisioning).