SSO Domain Repoint fails in 6.7 U2, Authz Data export fails
search cancel

SSO Domain Repoint fails in 6.7 U2, Authz Data export fails

book

Article ID: 316337

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

  • When performing any operation utilizing "cmsso-util domain-repoint", including repointing a VCSA from an existing SSO Domain to another SSO Domain, or to a new SSO Domain, the operation will fail during the Autz data export phase, with a message like: 
Starting License export                                                         ... Done
Starting Authz Data export                                                      ... Failed
Repoint failed. Restore from backup
 
  • In the /var/log/vmware/cloudvm/domain_consolidator.log you see entries similar to below : 
YYYY-MM-DDThh:mm:ss INFO domain_consolidator Starting Authz Data export                                ...
YYYY-MM-DDThh:mm:ss INFO domain_consolidator Starting required services...
YYYY-MM-DDThh:mm:ss INFO domain_consolidator Executing command ['/bin/service-control', '--start', 'vmafdd', 'vmware-rhttpproxy', 'vmware-vpxd-svcs', 'vmware-vpostgres']
YYYY-MM-DDThh:mm:ss INFO domain_consolidator Started required services.
YYYY-MM-DDThh:mm:ss INFO domain_consolidator RC = 1
Stderr = Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M
Exception in thread "main" java.lang.NoClassDefFoundError: org/springframework/context/support/AbstractApplicationContext
        at com.vmware.vim.vmomi.core.types.VmodlContext.initContext(VmodlContext.java:61)
        at com.vmware.vim.vmomi.core.types.VmodlContext.initContext(VmodlContext.java:42)
        at com.vmware.vim.lookup.client.LookupUtil.ensureVmodlContextInit(LookupUtil.java:49)
        at com.vmware.vim.lookup.client.LookupUtil.createVmomiClient(LookupUtil.java:185)
        at com.vmware.vim.lookup.client.LookupUtil.createVmomiClient(LookupUtil.java:156)
        at com.vmware.vim.lookup.client.LookupUtil.createVmomiClient(LookupUtil.java:93)
        at com.vmware.vim.dataservices.ExportImportUtils.getQueryClientFromLS(ExportImportUtils.java:802)
        at com.vmware.vim.dataservices.ExportImportUtils.createClient(ExportImportUtils.java:266)
        at com.vmware.vim.dataservices.ExportAuthzData.main(ExportAuthzData.java:218)
Caused by: java.lang.ClassNotFoundException: org.springframework.context.support.AbstractApplicationContext
        at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
        ... 9 more
 
  • The pre-check mode also fails with the following error on screen.
Starting License pre-check                                                      ... Done
Starting Authz Data export                                                      ... Failed
Conflict data, if any, can be found under /storage/domain-data/Conflict*.json
Pre-checks failed.
 
The mentioned .json file will not exist unless it was previously there.
 
  • The end of the /var/log/vmware/cloudvm/domain_consolidator.log file will show the following error in pre-check mode:

YYYY-MM-DDThh:mm:ss INFO domain_consolidator Failed

YYYY-MM-DDThh:mm:ss INFO domain_consolidator Export of authz failed
YYYY-MM-DDThh:mm:ss INFO domain_consolidator Failed to execute script /usr/lib/repoint/authzservice_component_script.py
YYYY-MM-DDThh:mm:ss INFO domain_consolidator Conflict data, if any, can be found under /storage/domain-data/Conflict*.json
YYYY-MM-DDThh:mm:ss INFO domain_consolidator Failed executing <cis.component_data.DcComponentsPreCheck object at 0x7f7320ea05f8>
YYYY-MM-DDThh:mm:ss ERROR domain_consolidator Failed to run pre-checks for domain consolidation.
YYYY-MM-DDThh:mm:ss INFO domain_consolidator Cleaning up the temp directories
YYYY-MM-DDThh:mm:ss INFO domain_consolidator Successfully cleaned the storage directory
YYYY-MM-DDThh:mm:ss INFO domain_consolidator Pre-checks failed.
 

 



Environment

VMware vCenter Server 6.7 U1,  U2

Cause

This is caused by an update of the spring version in vCenter 6.7 U2 from 4.3.9 to 4.3.20.  The script /usr/lib/repoint/authzservice_component_script.py has hard set references to the 4.3.9 version, which is why we see the java.lang.NoClassDefFoundError as the 4.3.9 files no longer exist in /usr/lib/vmware/common-jars/.

Resolution

This has been resolved in 6.7 Update 3.

Workaround:

Edit the /usr/lib/repoint/authzservice_component_script.py script manually to update the Spring references:

  • Make a copy of the current script

cp /usr/lib/repoint/authzservice_component_script.py /tmp/authzservice_component_script.py.bkp

 

  • Edit the /usr/lib/repoint/authzservice_component_script.py script to replace the 4.3.9 references with 4.3.2 : 

Current references:

common_jars = ['spring-aop-4.3.9.RELEASE.jar',
'spring-beans-4.3.9.RELEASE.jar',
'spring-context-4.3.9.RELEASE.jar',
'spring-expression-4.3.9.RELEASE.jar',
'spring-web-4.3.9.RELEASE.jar',
'spring-webmvc-4.3.9.RELEASE.jar',
'spring-core-4.3.9.RELEASE.jar',
'spring-oxm-4.3.9.RELEASE.jar',
'spring-aop-4.3.9.RELEASE.jar'

Desired references:

common_jars = ['spring-aop-4.3.20.RELEASE.jar',
'spring-beans-4.3.20.RELEASE.jar',
'spring-context-4.3.20.RELEASE.jar',
'spring-expression-4.3.20.RELEASE.jar',
'spring-web-4.3.20.RELEASE.jar',
'spring-webmvc-4.3.20.RELEASE.jar',
'spring-core-4.3.20.RELEASE.jar',
'spring-oxm-4.3.20.RELEASE.jar',
'spring-aop-4.3.20.RELEASE.jar'
 

Command to update the references:
 
sed -i 's/4.3.9/4.3.20/g' /usr/lib/repoint/authzservice_component_script.py



Additional Information

Impact/Risks:
All cmsso-util domain-repoint operations will fail, leaving the node in a failed state which will require a restore to backup or revert to snapshot from before the operation began.

Powered by Wolken Software