Skip to content

vBlog.nl

All about technology

Menu
  • Home
  • VMware Cloud Director
  • vSphere
  • Automation
    • PowerCLI
    • PowerShell
    • Terraform
  • NSX
  • Horizon DaaS
  • About Us
Menu
vCloud Director 9.7 – Issue with adding new roles

vCloud Director 9.7 – Issue with adding a new role

Posted on September 5, 2019

Table of Contents

  • Introduction
  • Troubleshooting
  • HAproxy configuration
  • Adding a new role
      • Tune.bufsize
      • Tune.http.maxhdr

Introduction

This article will help you solve an issue with vCloud Director 9.7 where it’s not possible to add a new role to the Role Based Access Control section of a tenant.

This morning I wanted to add a new role to my tenant in vCloud Director.
Normally the steps are easy: Navigate to vCloud Director > Administration > Access Control > Roles and choose New.
Here you can select all the responsibilities you want to add to your new role and hit Save.

But not today.. This morning the section where you can select responsibilities to add to your new Role was empty.
In the screenshot below you can see that in my Lab environment everything is OK.

vCloud Director 9.7 – Role Based Access Control is empty
vCloud Director 9.7 – Role Based Access Control is empty

Troubleshooting

I want to share what I did to troubleshoot this issue.

  • Open Developer Tools in your browser (F12) and dock it to the right side of the screen
Open Developer Tools in your browser
Open Developer Tools in your browser
  • Navigate to the Roles page under Administration > Access Control and look for errors (displayed in Red)
Bad Gateway 502
Bad Gateway 502

One of the differences between Production and Lab is the presence of a reverse proxy.
To rule it out I’ve set up a VPN to the environment and configured an entry in my host file (Windows) pointing to the internal IP of the primary vCD cell.
This way I’m not using the HAProxy servers.

To my surprise, I can choose responsibilities for the role now!

vCloud Director - Add responsibilities to a role
vCloud Director – Add responsibilities to a role

HAproxy configuration

Let’s dive into the HAproxy’s..
You can choose to dive into the logs first, or tweak and tune with the bufsize and maxhdr settings immediately.

  • SSH to your HAproxy server
  • Check the logs for error 502
tail -f /var/log/messages | grep " 502"
  • If you want to update the bufsize and maxhdr settings:
# Open de HAproxy config
vi /etc/haproxy/haproxy.cfg
# Settings which worked for me are:
# tune.bufsize 65536
# tune.http.maxhdr 150
# Restart HAproxy services
service haproxy restart
HAproxy - Update tune.bufsize and tune.http.maxhdr
HAproxy – Update tune.bufsize and tune.http.maxhdr

Adding a new role

Now, remove the static entry in your host file and try again via the normal route.
If your change is successful, you can see the responsibilities you want to add to a new Role:

vCloud Director 9.7 - Adding a new role works
vCloud Director 9.7 – Adding a new role works

Helpful with solving this issue were this article on stackoverflow and these pieces of documentation below:

Tune.bufsize

Sets the buffer size to this size (in bytes). Lower values allow more sessions to coexist in the same amount of RAM, and higher values allow some applications with very large cookies to work. The default value is 16384 and can be changed at build time.
It is strongly recommended not to change this from the default value, as very low values will break some services such as statistics, and values larger than default size will increase memory usage, possibly causing the system to run out of memory.
At least the global maxconn parameter should be decreased by the same factor as this one is increased.

Inaddition, use of HTTP/2 mandates that this value must be 16384 or more.
If an HTTP request is larger than (tune.bufsize – tune.maxrewrite), haproxy will return HTTP 400 (Bad Request) error. Similarly if an HTTP response is larger
than this size, haproxy will return HTTP 502 (Bad Gateway).

Source: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#3.2-tune.bufsize 

Tune.http.maxhdr

Sets the maximum number of headers in a request. When a request comes with a number of headers greater than this value (including the first line), it is rejected with a “400 Bad Request” status code.

Similarly, too large responses are blocked with “502 Bad Gateway”.
The default value is 101, which is enough for all usages, considering that the widely deployed Apache server uses the same limit.
It can be useful to push this limit further to temporarily allow a buggy application to work.
The accepted range is 1..32767.

Keep in mind that each new header consumes 32-bits of memory foreach session, so don’t push this limit too high.

Source: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#3.2-tune.http.maxhdr

 

PS. Check our other vCloud Director related articles here.

 3,056 total views,  7 views today

Share on Social Media
twitter facebook linkedin reddit emailwhatsapptelegram

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent articles

  • VMware Cloud on AWS with FSx for NetApp ONTAP December 28, 2022
  • Workspace ONE Access – Change certificate December 22, 2022
  • UI themes for VMware Cloud Director 10.4.1 and later December 16, 2022
  • VMware Tanzu Kubernetes Grid December 15, 2022
  • Workspace One Access – Not logged in to server FQDN. Please invoke Save before Sync December 12, 2022
  • NSX Edge configuration has failed. 1G hugepage support required. December 7, 2022
  • Horizon DaaS – Unable to connect to Desktop November 24, 2022
  • How to: Request and Install a Lets Encrypt Wildcard SSL on VMware Cloud Director 10.4 October 17, 2022
  • New and improved vSAN 8 explained September 24, 2022
  • How to update a stand alone ESXi host September 13, 2022

Tags

Automation bootstrapping Container Service Extension Credential Manager Desktone.log ESXi EUC EXi GPU Horizon DaaS Instant-Clone Logging NSX nsx-t PowerCLI PowerShell Putty Raspberry PI SSL Tanzu Terraform update vcd-cli vCenter vCloud vCloud Availability vCloud Director VDI vGPU VMware VMworld vSAN vSphere vVols workspace one Zerto

VMware Cloud Provider Blog

  • NSX ALB Licensing with VMware Cloud Director
    by Jaikishan Tayal on March 27, 2023 at 10:33 am

    History of NSX ALB and VCD Licensing: From version 10.2, VMware Cloud Director began supporting NSX-T Advanced Load Balancer (AVI Load Balancer). This integration has become crucial for Cloud Services Providers, allowing them to provide their customers with a range of Load Balancing services (LBaaS) for Virtual Data Center workloads and Tanzu containers. Before the … Continued The post NSX ALB Licensing with VMware Cloud Director appeared first on VMware Cloud Provider Blog.

  • VMware vSAN 8 Update 1 for Cloud Services Providers
    by Christopher Wong on March 24, 2023 at 3:00 pm

    Recently, VMware announced the upcoming release of vSAN 8 Update 1. This latest update enhances vSAN’s capabilities and functionality with additional improvements for performance, data durability, and integration. Cloud Services Providers who are leveraging the capabilities of vSAN 8 can expect to see additional benefits in these areas as they deploy this upcoming release into … Continued The post VMware vSAN 8 Update 1 for Cloud Services Providers appeared first on VMware Cloud Provider Blog.

  • Terraform VMware Cloud Director Provider 3.9.0 – Beta early access build
    by Guy Bartram on March 24, 2023 at 11:06 am

    The release time for version 3.9.0 of Terraform VMware Cloud Director Provider is approaching,and for the first time, we’re releasing a beta, so users can try the new features and give helpful feedback that will improve the final release. What is a “beta” build? A beta build is a preliminary release of an intended new … Continued The post Terraform VMware Cloud Director Provider 3.9.0 – Beta early access build appeared first on VMware Cloud Provider Blog.

  • VMware Cloud Director Object Storage Extension 2.2.1
    by Astha Sharma on March 16, 2023 at 5:45 pm

    Object Storage Extension 2.1.1 The post VMware Cloud Director Object Storage Extension 2.2.1 appeared first on VMware Cloud Provider Blog.

  • Architecting VMware Cloud Director Availability Solution in a Multi-Cloud Environment
    by Nikolay Patrikov on March 15, 2023 at 1:09 pm

    Building a cloud based on VMware Cloud Director or Cloud Director service requires a considerable amount of deployment decisions for Cloud Providers concerning the infrastructure behind their services. They can operate fully on-premises within their data centers or combine them with any of the hyperscalers in a hybrid way. These design decisions affect the DRaaS … Continued The post Architecting VMware Cloud Director Availability Solution in a Multi-Cloud Environment appeared first on VMware Cloud Provider Blog.

©2023 vBlog.nl | Design: Newspaperly WordPress Theme