Postgres  service firstboot fails during vCenter upgrade to version 7.0

As per the logs:

YYYY-MM-DDT00:00:05.578Z Could not create group vpgmongrp
YYYY-MM-DDT00:00:05.578Z configure step failed
YYYY-MM-DDT00:00:05.578Z vPostgres firstboot(action=firstboot) failed

/var/log/firstboot/firstbootInfrastructure.log

YYYY-MM-DDT00:00:05.600Z INFO firstbootInfrastructure [Failed] /usr/lib/vmware-vpostgres/firstboot/vpostgres-firstboot.py is complete
YYYY-MM-DDT00:00:05.602Z INFO firstbootInfrastructure No localized error detail found in /var/log/firstboot/vpostgres-firstboot.py_11532_stderr.log, assuming internal error
YYYY-MM-DDT00:00:05.603Z WARNING firstbootInfrastructure Bug component info file does not exist
YYYY-MM-DDT00:00:05.603Z INFO firstbootInfrastructure Firstboot duration: 27 sec
YYYY-MM-DDT00:00:05.603Z INFO firstbootInfrastructure First boot is a failure
YYYY-MM-DDT00:00:05.604Z ERROR firstbootInfrastructure Installation of vCenter server failed with firstboot scripts
YYYY-MM-DDT00:00:05.604Z WARNING firstbootInfrastructure stopping status aggregation...

VMware vCenter Server 6.x
VMware vCenter Server 8.0.x
VMware vCenter Server 7.0.x

The groupadd command failed because the root password had expired.

As per /commands/journalctl.txt

Month Day 00:00:05 <vc-FQDN> groupadd[12677]: pam_unix(groupadd:account): expired password for user root (password aged)
Month Day 00:00:05 <vc-FQDN> groupadd[12677]: pam_tally2(groupadd:account): option deny=3 allowed in auth phase only
Month Day 00:00:05 <vc-FQDN> groupadd[12677]: pam_tally2(groupadd:account): option even_deny_root allowed in auth phase only
Month Day 00:00:05 <vc-FQDN> groupadd[1267unlock_time=900 allowed in auth phase only
7]: pam_tally2(groupadd:account): option 
Month Day 00:00:05 <vc-FQDN> groupadd[12677]: pam_tally2(groupadd:account): option root_unlock_time=300 allowed in auth phase only
Month Day 00:00:05 <vc-FQDN> groupadd[12677]: Authentication token is no longer valid; new one required

/var/log/vmware/upgrade/upgrade-export.log

YYYY-MM-DDT00:00:03.002Z Command executed successfully.
YYYY-MM-DDT00:00:03.002Z Getting value for install-parameter: appliance.ntp.servers
YYYY-MM-DDT00:00:03.003Z setting time sync to ntp
YYYY-MM-DDT00:00:20.060Z Running command: ['/sbin/service', 'ntpd', 'reload-or-restart']
YYYY-MM-DDT00:00:20.105Z Done running command
YYYY-MM-DDT00:00:27.068Z Running command: ['/opt/vmware/share/vami/vami_ip6_addr', 'eth0']
YYYY-MM-DDT00:00:27.090Z Done running command
YYYY-MM-DDT00:00:27.091Z Running command: ['/opt/vmware/share/vami/vami_ip_addr', 'eth0']
YYYY-MM-DDT00:00:27.100Z Done running command
YYYY-MM-DDT00:00:27.100Z Stdout: 192.168.X.X

The target appliance picked date YYYY-MM-DD(OLD DATE) when it was deployed. Later changed to YYYY-MM-DD(CURRENT DATE) when it synced with NTP servers, causing the root password expiry error.

1. Delete the target appliance and re-run stage 1 again, in order to deploy a fresh target appliance. After stage 1 completes do not proceed with stage 2 right away. Instead, configure the target to use the same NTP servers and make sure it is synced.
2. After the time on the target is synced, check if the root password is expired and change it if necessary. Refer https://knowledge.broadcom.com/external/article?legacyId=2147144
3. Proceed with stage 2 either from the installer UI if it was not closed or from the VAMI UI wizard that can be accessed on https://<target_vcsa_address>:5480