NSX-T Upgrade Failure at FirewallExcludeListPathToUuidMigrationTask
search cancel

NSX-T Upgrade Failure at FirewallExcludeListPathToUuidMigrationTask

book

Article ID: 319090

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

NSX-T Manager upgrade fails at "run_migration_tool " step.  Logs from /var/log/proton/logical-migration.log has the following:

2022-05-27T05:00:17.524Z WARN main UfoCorfuTableMigrator 9690 - [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="manager"] ERROR while running logical migration MappingDetails{modelName='null', migrationType=null, reason='This migration task will run for migrations from GC/HL/3.2.0 to 3.2.1. It will not run for upgrades from 3.2.1 to Next.', customMigratorClassName='com.vmware.nsx.management.migration.impl.FirewallExcludeListPathToUuidMigrationTask', fieldMappings=null, targetProtoName='null', requiresCustomCode='false', owner='null', apiToTest='null'}
java.lang.IllegalArgumentException: Invalid UUID string: <Security group name>  ...
Caused by: java.lang.IllegalArgumentException: Invalid UUID string: <Security group name>
        at java.util.UUID.fromString(UUID.java:194) ~[?:1.8.0_322]

2022-05-27T05:00:17.531Z ERROR main Migration 9690 - [nsx@6876 comp="nsx-manager" errorCode="MP217" level="ERROR" subcomp="manager"] Migration failed


 

 

Environment

VMware NSX-T Data Center

Cause

Customer added Policy created groups into a VM Exclusion list created using Management Plane based APIs. 

Policy and MP exclusion lists are maintained separately within system, and are unified and published to hosts as one entity. Policy side exclusion list is managed via policy UI (policy APIs) and proton side exclusion list is managed via proton UI (proton APIs).

There is a known issue where a proton exclusion list member is inaccurately mapped with its policy path instead of internal ID as UUID. The proton exclusion list is expected to have UUID keys for exclusion list members, and this issue causes upgrade failure.

Resolution

The fix for the upgrade failure will be included in NSX 3.2.2, 4.0.1, and subsequent releases.

In future release, the following workflow will be blocked to prevent this issue:
Adding Policy created groups into a VM Exclusion list created using MP based APIs.


Workaround:

  1. Restore NSX from backup
  2. Add security group to Policy exclusion list and remove from Management Plane exclusion list
  3. Attempt to upgrade again.



Additional Information

Impact/Risks:
Upgrade failure.

Powered by Wolken Software