Builtin containers root password expires preventing installations for vRealize Automation 8.0 and 8.0.1 or cumulative update patches on existing deployments
Article ID: 314810
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Provide instructions to restore the root account for embedded vPostgres and vRealize Orchestrator containers
Symptoms:
Symptoms:
- Logs include errors similar to:
2020-03-10 16:27:01 +0000 UTC [crond] (postgres) PAM ERROR (Authentication token is no longer valid; new one required)
2020-03-10 16:27:01 +0000 UTC [crond] (postgres) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)
- New installations of vRealize Automation 8.0 and 8.0.1 fail to install.
- Attempted installations of Cumulative Update for vRealize Automation 8.0.1 through vRealize Suite Lifecycle Manager fail
- After snapshot or backup restoration, vRealize Automation 8.0 and 8.0.1 fails or appears to take exceedingly long to start
Environment
VMware vRealize Automation 8.x
Cause
Root account expiry from vRealize Automation 8.0 GA release has been exceeded for builtin container users.
Resolution
- This issue is resolved in vRealize Automation 8.1.
- This issue is resolved in Cumulative Update for vRealize Automation 8.0.1 HF1 and above.
- See the workaround below for versions 8.0 and 8.0.1.
Workaround:
- Ensure that valid snapshots have been taken prior to performing any actions.
- Do not create live snapshots.
- For vRealize Automation 8.0 and 8.0.1, ensure cold powered down snapshots are performed per: vRealize Automation 8.x Preparations for Backing Up
Execute the following commands against one vRealize Automation 8.0 or 8.0.1 cluster member:
- SSH into any node:
- Execute the following:
vracli cluster exec -- bash -c 'echo -e "FROM vco_private:latest\nRUN sed -i s/root:.*/root:x:18135:0:99999:7:::/g /etc/shadow\nRUN sed -i s/vco:.*/vco:x:18135:0:99999:7:::/g /etc/shadow" | docker build - -t vco_private:latest'
vracli cluster exec -- bash -c 'echo -e "FROM db-image_private:latest\nRUN sed -i s/root:.*/root:x:18135:0:99999:7:::/g /etc/shadow\nRUN sed -i s/postgres:.*/postgres:x:18135:0:99999:7:::/g /etc/shadow" | docker build - -t db-image_private:latest'
Note: The "vracli cluster exec" command will ensure all members of the cluster receive the update.
vracli cluster exec -- bash -c 'echo -e "FROM db-image_private:latest\nRUN sed -i s/root:.*/root:x:18135:0:99999:7:::/g /etc/shadow\nRUN sed -i s/postgres:.*/postgres:x:18135:0:99999:7:::/g /etc/shadow" | docker build - -t db-image_private:latest'
Note: The "vracli cluster exec" command will ensure all members of the cluster receive the update.
- Persist the new changes through reboots:
vracli cluster exec -- bash -c '/opt/scripts/backup_docker_images.sh'
- Reboot all nodes so the changes take effect: Starting and stopping vRealize Automation
Additional Information
Feedback
Yes
No
Powered by
