Migration Assessment of a single vRealize Automation 7.x installation into multiple vRealize Automation 8.2 organizations requires manual certificate acceptance
search cancel

Migration Assessment of a single vRealize Automation 7.x installation into multiple vRealize Automation 8.2 organizations requires manual certificate acceptance

book

Article ID: 325878

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • You intend to perform a Migration of a single vRealize Automation 7.x environment into multiple 8.2 organizations
  • The source vRealize Automation 7.x installation has configured an insecure SSL certificate


Environment

VMware vRealize Automation 8.x

Resolution

VMware is aware of this issue.  A fix is to be provided in a later release.  Continue to monitor this article for further information.

See the workaround below for further information.

Workaround:
Download a copy of the attached zip file titled copy_cert.sql.zip located under the Attachment(s) section of this article for a copy of the below instructions:
  • Connecting to the vRealize Automation 8.x migration-db container PSQL database and enabling extended display mode:
  1. ssh root@hostnameFQDN
  2. vracli dev psql
  3. \c migration-db
  4. \x
  • Isolate the sources that are configured to utilize the same vRealize Automation 7.x source system
  1. select id from source where hostname = 'hostname-of-vra-system-added-to-source';
Note:  One of the sources has the certificate information already associated, the other does not.
  • To determine which is the "old" source and which is the "new", query the certificate table.  The ID that returns a count of zero, (0), is the "new" source.
  1. select count(*) from certificate where source_id = 'id-from-above-query';
  • Copy the source ID values into the DECLARE block below, then copy-paste the entire block from the "DO $$" down to the final "SELECT * FROM _cert;" into the psql session.  Press the enter key to execute. When the query has completed, the "new" source should correctly allow an Assessment and Migration.
  1. DO $$
        DECLARE
            -- ID of the source from the organization that already has an accepted certificate.
            old_source_id uuid := 'value-from-id-field-of-existing-source';

            -- ID of the source from the organization to copy the certificates into.
            new_source_id uuid := 'value-from-id-field-of-new-source';
        BEGIN
            CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
            INSERT INTO certificate (id,
                                     org_id,
                                     accepted,
                                     common_name,expiration,
                                     issued_by,
                                     thumbprint,
                                     source_id)
            SELECT
                uuid_generate_v1mc(),
                (SELECT org_id FROM source where id = new_source_id),
                c.accepted,
                c.common_name,
                c.expiration,
                c.issued_by,
                c.thumbprint,
                new_source_id
            FROM certificate AS c
            WHERE c.source_id = old_source_id;
            CREATE TEMPORARY TABLE _cert AS SELECT * FROM certificate WHERE source_id = new_source_id;
        END $$ LANGUAGE plpgsql;
    SELECT * FROM _cert;


Additional Information

Impact/Risks:
These instructions includes edits to the underlying database, ensure there are valid available backups.

Attachments

copy_cert.sql get_app
Powered by Wolken Software