Remediate a Trusted Cluster

You can use
the
ServicesAppliedConfig
interface from the
com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms
,
com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation
, and
com.vmware.vcenter.trusted_infrastructure.trusted_clusters
packages
to remediate
vSphere Trust Authority
component configurations in a Trusted Cluster or remove the configurations.
  • Verify that you have access to a working
    vSphere Trust Authority
    environment.
  • Verify that you have Trusted Infrastructure administrative privileges.
You can update the applied Key Provider Service or Attestation Service configurations in a Trusted Cluster to become consistent with the desired state or you can remove the applied Key Provider Service or Attestation Service configurations. You can also update all applied
vSphere Trust Authority
component configurations in a Trusted Cluster or remove the configurations. By removing the configurations, you can move hosts from a Trusted Cluster to another cluster.
  1. Remediate all Key Provider Service instances configured for use in a Trusted Cluster
    by calling the
    update_Task(java.lang.String cluster)
    method of the
    ServicesAppliedConfig
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms
    package
    .
    If the operation is successful, the Key Provider Service configuration of every host in the cluster is consistent with the desired state.
  2. Remove all Key Provider Service configurations from a Trusted Cluster
    by calling the
    delete_Task(java.lang.String cluster)
    method of the
    ServicesAppliedConfig
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms
    package
    .
    If the operation is successful, the applied Key Provider Service configurations are removed from the configuration of every host in the cluster without affecting the desired state.
  3. Remediate all Attestation Service instances configured for use in a Trusted Cluster
    by calling the
    update_Task(java.lang.String cluster)
    method of the
    ServicesAppliedConfig
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation
    package
    .
    If the operation is successful, the Attestation Service configuration of every host in the cluster is consistent with the desired state.
  4. Remove all Attestation Service configurations from a Trusted Cluster
    by calling the
    delete_Task(java.lang.String cluster)
    method of the
    ServicesAppliedConfig
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation
    package
    .
    If the operation is successful, the applied Attestation Service configurations are removed from the configuration of every host in the cluster without affecting the desired state.
  5. Remediate all
    vSphere Trust Authority
    components configured for use in a Trusted Cluster
    by calling the
    update_Task(java.lang.String cluster)
    method of the
    ServicesAppliedConfig
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters
    package
    .
    If the operation is successful, the
    vSphere Trust Authority
    component configuration of every host in the cluster is consistent with the desired state.
  6. Remove all
    vSphere Trust Authority
    component configurations from a Trusted Cluster
    by calling the
    delete_Task(java.lang.String cluster)
    method of the
    ServicesAppliedConfig
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters
    package
    .
    If the operation is successful, the applied
    vSphere Trust Authority
    component configurations are removed from the configuration of every host in the cluster without affecting the desired state.
You can recheck the Trusted Cluster health after the remediation. See Check Trusted Cluster Health.