The 'About' page and 'System Details' pages show some blanks in place of actual values after upgrading to 8.x
search cancel

The 'About' page and 'System Details' pages show some blanks in place of actual values after upgrading to 8.x

book

Article ID: 312244

calendar_today

Updated On: 12-11-2024

Products

VMware Aria Suite

Issue/Introduction

Symptoms:

- Aria Suite Lifecycle Upgrade from 8.x to 8.x fails with "Failed to fetch auth token for CAP".

- The 'About' page and 'System Details' pages show some blanks in place of actual values. 

The error details as seen Aria Suite Lifecycle log -

2023-09-29 05:38:14.081 ERROR [pool-3-thread-14] c.v.v.l.l.u.LcmCapUtil - – Response status code: 401
2023-09-29 05:38:14.081 ERROR [pool-3-thread-14] c.v.v.l.l.u.LcmCapUtil - – Failed to fetch auth token for CAP.
2023-09-29 05:38:14.081 INFO [pool-3-thread-14] c.v.v.l.p.d.l.u.LcmVaDetailsUtil - – REST call to get system settings unsuccessful: com.vmware.vrealize.lcm.lcops.common.exception.CAPException: Failed to fetch auth token for CAP.

Environment

VMware Aria Suite Lifecycle 8.x

Cause

One of the reasons for this is a wrong 'capuser' password data in Aria Suite Lifecycle. One of the reasons why this happens is because the customer has set a custom password length restriction in their Aria Suite Lifecycle appliance (Not in control of the Aria Suite Lifecycle code), Due to which the Aria lifecycle manager internal user 'CAP user' which has a default password length of 10, becomes unusable.

Resolution

This issue has been mitigated in the 8.14 release of Aria Suite Lifecycle- The default password length is now 16 characters.


Workaround:

How to reset the CAP user password?

Note:  Take snapshots first.

1. Type out the new password in a notepad (This is needed for later steps). It is absolutely essential to have the correct password noted down for the below steps to work.

TIP: you can use the below command to generate a new password
uuidgen

2. Go to appliance SSH, and change the password for 'cap user' to the above password using the command:

passwd capuser
# Supply the above password here.

3. DELETE the current 'cap user' password in the Aria Suite Lifecycle locker using the command:

psql -h localhost --username=postgres -d vrlcm -c "DELETE FROM public.vm_locker_password WHERE alias='capuser';"

4. Add the `capuser` password to the Aria Suite Lifecycle locker. For this first, we need to authenticate to Aria Suite Lifecycle and get the JSESSION-ID: Use this curl command to get the JSESSIONID:

curl -s -I -k --location --request POST 'https://<lcm-ip>/lcm/authzn/api/login' --header 'Accept: application/json' --header 'Content-Type: application/json' --header 'Authorization: Basic <base64encode_value_of_admin@local:password>'

NOTE: The Authorization header above is of the format: Basic<space>Base64(<admin@local>:<password>)
Use a tool like: https://www.base64encode.org to get the base64 encoded format for the above Authorization header for the value: `admin@local:<password>`

5. Note down the JSESSION-ID in the output of the curl command from step 4. Use it to call the API to CREATE the 'cap user' password in the Aria Suite Lifecycle locker:

curl --location 'https://<lcm-ip>/lcm/locker/api/v2/passwords' --header 'Content-Type: application/json' --header 'Cookie: JSESSIONID=<session_id>' --data '{"alias": "capuser","password": "<PASSWORD****>","passwordDescription": "password for capuser","referenced": true,"userName": "capuser"}'

6. It is highly likely that the pam_tally incorrect-login count for the user would be way past the threshold by now (because of repeated loading of the about screen to debug the issue)

So we should reset the failed login count and unlocked the user:

pam_tally2 -r -u capuser

The above steps should update the cap user password in both the appliance and the Aria Suite Lifecycle application.
If the reason for the About and the System Details page showing blank values is the capuser password, the above steps will resolve the issue.

Additional Information

 

Upgrades may fail with the following error in /var/log/vrslcm/vmware_vrlcm.log:

Exception while getting upgrade status for vRLCM. com.vmware.vrealize.lcm.lcops.common.exception.CAPException: REST call to get CAP token unsuccessful.
ERROR [http-nio-8080-exec-3] c.v.v.l.l.c.LcmManagementController -  -- Exception occurred while checking upgrade status.
com.vmware.vrealize.lcm.lcops.common.exception.CAPException: REST call to get CAP token unsuccessful.

To resolve this issue, consider the following:

  • Revert to a Previous Snapshot
  • Apply the Latest PSPack
  • Enable FIPS(if not enabled)
  • Reattempt the Upgrade