升级到SLES 15 SP5/SP6后、SAP HANA资源发现失败
适用场景
- 适用于SAP HANA数据库的SnapCenter插件(SCHANA) 5.0和6.0
- SUSE Linux Enterprise Server (SLES) 15 SP5和SP6
问题描述
将SAP HANA主机升级到SLES 15 SP5或SP6后、资源发现失败、并显示以下错误:
SC-Core.log (/opt/SCC/SCC/logs NetApp) SnapCenter:
DEBUG [qtp2129442232-16] 151 com.netapp.plugincreator.common.restclient.RestClientImpl -Generic Exception Raised ERROR [qtp2129442232-16] 195 com.netapp.plugincreator.common.restclient.SMSClientImpl -Error in sending request javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://<SC_Server>:8146/HostService.svc/GetVersion: Certificates do not conform to algorithm constraintsat org.apache.cxf.jaxrs.client.AbstractClient.checkClientException(AbstractClient.java:631)at org.apache.cxf.jaxrs.client.AbstractClient.preProcessResult(AbstractClient.java:605)at org.apache.cxf.jaxrs.client.WebClient.doResponse(WebClient.java:1150)at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1087)at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:932)at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:901)at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:364)at org.apache.cxf.jaxrs.client.WebClient.post(WebClient.java:373)Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://<SC_Server>:8146/HostService.svc/GetVersion: Certificates do not conform to algorithm constraintsat java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)Caused by: javax.net.ssl.SSLHandshakeException: Certificates do not conform to algorithm constraintsat java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:360)Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraintsat java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1663)at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1588)at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1532)at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits: RSA 1024 bit key used with certificate: CN=<SC_Server>at java.base/sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:890)at java.base/sun.security.util.DisabledAlgorithmConstraints$Constraints.permits(DisabledAlgorithmConstraints.java:522)at java.base/sun.security.util.DisabledAlgorithmConstraints.permits(DisabledAlgorithmConstraints.java:257)at java.base/sun.security.util.DisabledAlgorithmConstraints.permits(DisabledAlgorithmConstraints.java:201)at java.base/sun.security.provider.certpath.AlgorithmChecker.check(AlgorithmChecker.java:292)at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1659)DEBUG [qtp2129442232-16] 151 com.netapp.plugincreator.common.restclient.RestClientImpl -Generic Exception Raised ERROR [qtp2129442232-16] 189 com.netapp.plugincreator.common.restclient.RestClientImpl -Maximum Retries exceeded! ERROR [qtp2129442232-16] 195 com.netapp.plugincreator.common.restclient.SMSClientImpl -Error in sending request javax.ws.rs.ProcessingException: java.net.ConnectException: ConnectException invoking https://[<SC_Server>]:8146/HostService.svc/GetVersion: Network is unreachable (connect failed)Caused by: java.net.ConnectException: ConnectException invoking https://[<SC_Server>]:8146/HostService.svc/GetVersion: Network is unreachable (connect failed)Caused by: java.net.ConnectException: Network is unreachable (connect failed)SMCore.log:
ERROR SMCore PID=[xxxx] TID=[xxxx] Exception caught while invoking https://<Hostname>:8145/DiscoverPluginERROR SMCore PID=[xxxx] TID=[xxxx] Exception in method: InvokeXML.System.Net.Http.HttpRequestException: No connection could be made because the target machine actively refused it. (<Hostname>:8145) ---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it. ERROR SMCore PID=[xxxx] TID=[xxxx] ErrorCode (-1), ErrorMessage (Could not find any resources for Host No connection could be made because the target machine actively refused it. (<Hostname>:8145))ERROR SMCore PID=[xxxx] TID=[xxxx] DiscoverPlugin: Exception: No connection could be made because the target machine actively refused it. (<Hostname>); StackTrace: at SnapMgrCoreService.HostManagementService.DiscoverPlugin(SmDiscoverPluginRequest request)SMCore PID=[xxxx] TID=[xxxx] Basic: Certificate Name: [CN=<SC_Server>], Issuer: [CN=<CA_Name>, DC=xxxx, DC=xxxx], Hash: [<Certificate_Hash>], Public friendly name: [], Public key size: [1024], Public key exchange algorithm: [RSA]ERROR SMCore PID=[xxxx] TID=[xxxx] WebException Encountered, Response nullERROR SMCore PID=[xxxx] TID=[xxxx] Exception in method: Invoke.System.Net.WebException: Request to 'https://<SC_Server>:8146/api/2.0/License/License//Validate' failed. Status Code:NotFoundDEBUG SMCore PID=[xxxx] TID=[xxxx] Invoked service successfullyERROR SMCore PID=[xxxx] TID=[xxxx] Exception in method: LicenseTriggerCallback.System.Net.WebException: Request to 'https://<SC_Server>:8146/api/2.0/License/License//Validate' failed. Status Code:NotFound