Postgres  service firstboot fails during vCenter upgrade to version 7.0

As per the logs:

YYYY-MM-DDT00:00:Z Could not create group vpgmongrp
YYYY-MM-DDT00:00:Z configure step failed
YYYY-MM-DDT00:00:Z vPostgres firstboot(action=firstboot) failed

/var/log/firstboot/firstbootInfrastructure.log

YYYY-MM-DDT00:00:0Z INFO firstbootInfrastructure [Failed] /usr/lib/vmware-vpostgres/firstboot/vpostgres-firstboot.py is complete
YYYY-MM-DDT00:00:0Z INFO firstbootInfrastructure No localized error detail found in /var/log/firstboot/vpostgres-firstboot.py_11532_stderr.log, assuming internal error
YYYY-MM-DDT00:00:0Z WARNING firstbootInfrastructure Bug component info file does not exist
YYYY-MM-DDT00:00:0Z INFO firstbootInfrastructure Firstboot duration: 27 sec
YYYY-MM-DDT00:00:0Z INFO firstbootInfrastructure First boot is a failure
YYYY-MM-DDT00:00:0Z ERROR firstbootInfrastructure Installation of vCenter server failed with firstboot scripts
YYYY-MM-DDT00:00:0Z WARNING firstbootInfrastructure stopping status aggregation...

VMware vCenter Server 6.x
VMware vCenter Server 8.0.x
VMware vCenter Server 7.0.x

The groupadd command failed because the root password had expired.

As per /commands/journalctl.txt

Month Day 00:00:05 <vc-FQDN> groupadd[12677]: pam_unix(groupadd:account): expired password for user root (password aged)
Month Day 00:00:05 <vc-FQDN> groupadd[12677]: pam_tally2(groupadd:account): option deny=3 allowed in auth phase only
Month Day 00:00:05 <vc-FQDN> groupadd[12677]: pam_tally2(groupadd:account): option even_deny_root allowed in auth phase only
Month Day 00:00:05 <vc-FQDN> groupadd[1267unlock_time=900 allowed in auth phase only
7]: pam_tally2(groupadd:account): option 
Month Day 00:00:05 <vc-FQDN> groupadd[12677]: pam_tally2(groupadd:account): option root_unlock_time=300 allowed in auth phase only
Month Day 00:00:05 <vc-FQDN> groupadd[12677]: Authentication token is no longer valid; new one required

/var/log/vmware/upgrade/upgrade-export.log

YYYY-MM-DDT00:00:03.002Z Command executed successfully.
YYYY-MM-DDT00:00:03.002Z Getting value for install-parameter: appliance.ntp.servers
YYYY-MM-DDT00:00:03.003Z setting time sync to ntp
YYYY-MM-DDT00:00:20.060Z Running command: ['/sbin/service', 'ntpd', 'reload-or-restart']
YYYY-MM-DDT00:00:20.105Z Done running command
YYYY-MM-DDT00:00:27.068Z Running command: ['/opt/vmware/share/vami/vami_ip6_addr', 'eth0']
YYYY-MM-DDT00:00:27.090Z Done running command
YYYY-MM-DDT00:00:27.091Z Running command: ['/opt/vmware/share/vami/vami_ip_addr', 'eth0']
YYYY-MM-DDT00:00:27.100Z Done running command
YYYY-MM-DDT00:00:27.100Z Stdout: <IP_ADDRESS>

The target appliance picked date YYYY-MM-DD(OLD DATE) when it was deployed. Later it changed to YYYY-MM-DD(CURRENT DATE) when it synced with NTP servers, causing the root password expiry error.

1. Delete the target appliance and re-run stage 1 again, in order to deploy a fresh target appliance. After stage 1 completes do not proceed with stage 2 right away. Instead, configure the target to use the same NTP servers and make sure it is synced.

2. After the time on the target is synced, check if the root password is expired and change it if necessary. Refer Changing or Resetting the root password in vCenter Server Appliance

3. Proceed with stage 2 either from the installer UI if it was not closed or from the VAMI UI wizard that can be accessed on https://<target_vcsa_FQDN_or_IP_address>:5480