The Unseal status shows 2/3 keys provided.Īfter 3 out of 5 unseal keys are entered, Vault is unsealed and is readyĬopy the root_token and enter its value in the Token field. The Unseal status shows 1/3 keys provided. The unseal process requires these keys and the access requires the root token.Ĭopy one of the keys (not keys_base64) and enter it in the Save the generated unseal keys file to your computer. When the unseal keys are presented, scroll down to the bottom and selectĭownload key.
Select Create a new Raft cluster and click Next.Įnter 5 in the Key shares and 3 in the Key threshold text fields. Storage backend requires starting a cluster or joining a cluster. Nutanix Cluster Check (NCC) should be run: (Select all that apply) After installing a cluster. False, enabling encryption does not result in a performance penalty. Enabling encryption is not recommended because of the penalty to cluster performance. The Vault server is uninitialized and sealed. Disable SSLv2 and SSLv3 in any browser used for access and enable TLS. Launch a web browser, and enter in the address. => Vault server configuration: Api Address: Cgo: disabled Cluster Address: Go Version: go1.14.7 Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled") Log Level: info Mlock: supported: false, enabled: false Recovery Mode: false Storage: raft (HA available) Version: Vault v1.5.3 Version Sha: 9fcd81405feb320390b9d71e15a691c3bc1daeef => Vault server started! Log data will stream in below: T19:55:29.519-0700 proxy environment: http_proxy= https_proxy= no_proxy= If you are running Vault in a Docker container, provide the IPC_LOCK cap to the container. For better security, only run Vault on systems where this call is supported.
The port used for Nutanix hardware health monitoring.Ĭommunication between polling engines and the Nutanix AOS API.WARNING! mlock is not supported on this system! An mlockall(2)-like syscall to prevent memory from being swapped to disk is not supported on this system. If Intelligent Platform Management (IPMI) interfaces are connected, they should be on the same subnet as CVMs and hypervisor hosts. A hypervisor can be multi-homed as long as one interface is on the same subnet as the CVM. SSH port for Nutanix Hardware Health polling: 22Īll CVMs and hypervisor hosts must be on the same subnet. The Orion Platform uses a combination of AOS API v1 and v2.ĭid you know that SAM now includes an API Poller feature? Click here for details. The Orion Platform main polling engine or Additional Polling Engine (APE) - whichever polls the node - must have access to the Nutanix AOS API (© 2019, Nutanix, available at, obtained on September 10, 2019). vCenter Server 6.7 and Updates 1, 2, and 3įor Hyper-V and AHV, polling occurs via the Nutanix Command Line Interface (CLI).įor ESXi, polling occurs via the Common Information Model (CIM).Ĭollect Nutanix credentials for AHV nodes, as well as Hyper-V and VMware hosts.Ĭontroller VM (CVM) credentials require privileges to connect via SSH to hosts and execute Nutanix Cluster Check (NCC) commands.SAM 2019.4 and later or VMAN 2019.4 and later This Orion Platform topic applies only to the following products: