vRealize Automation 8.x upgrade failed when iptables.service did not start
search cancel

vRealize Automation 8.x upgrade failed when iptables.service did not start

book

Article ID: 312227

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

To be able to successfully upgrade the vRA cluster.

Symptoms:
  • The upgrade process appeared to complete successfully on two of three nodes.
  • kubelet service did not start on one node after rebooting as part of the upgrade.
  • There were no error messages observed in the vRSLCM and task will not fail.
  • In /var/log/bootstrap/postupdate.log you see messages similar to:
2023-03-18 15:44:46Z /etc/bootstrap/postupdate.d/01-20-iptables starting...
iptables.service is not active, cannot reload.
2023-03-18 15:44:46Z Script /etc/bootstrap/postupdate.d/01-20-iptables failed, error status 1
[INFO][2023-03-18 15:53:31][vra_fqdn] Waiting for VAMI to exit ...
[INFO][2023-03-18 15:54:01][vra_fqdn] Verifying VAMI overall upgrade result ...
[INFO][2023-03-18 15:54:01][vra_fqdn] VAMI upgrade completed with error.
[ERROR][2023-03-18 15:54:01][vra_fqdn] VAMI overall upgrade has failed.
VAMI has exited with an error. Upgrade has failed.


Environment

VMware vRealize Automation 8.x

Cause

This issue occurs due to stopped iptables service.

Resolution

VMware is aware of this issue. There is a workaround..

Workaround:
To work around this issue:
  1. Open SSH session to the affected node and login using root credentials.
  2. Check the status of iptables.service using command:
systemctl status iptables.service
 
Note: Service will be in a stopped or failed state.
  1. Start the iptables.service on all the nodes using below command:
systemctl start iptables.service
  1. Retry the upgrade.


Additional Information

Impact/Risks:
If iptables service does not start on the node, vRA upgrade will fail on that particular node causing the overall failure of the vRA upgrade process.

Powered by Wolken Software