Unable to run database backup script after upgrading to version 10.3.3
search cancel

Unable to run database backup script after upgrading to version 10.3.3

book

Article ID: 322121

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • After upgrading to version 10.3 or later, the VAMI backup and/or backup script fails to execute
  • When trying to create a backup from the VAMI, the following error is seen: 
  • When running the /opt/vmware/appliance/bin/create-backup.sh script to generate a backup copy of the database, it fails with the following error:
    • "Failed to take a backup of . Check if exists. /opt/vmware/appliance/bin/create-backup.sh: line 101: [: -ne: unary operator expected"
  • When the create-backup.sh script fails, the HTTP_CERT_FILE, HTTP_KEY_FILE, CONSOLEPROXY_CERT_FILE, and CONSOLEPROXY_KEY_FILE paths are blank



Environment

VMware Cloud Director 10.x

Cause

Version 10.3 of VMware Cloud Director implements a new method of managing certificates.

  • On occasion, the conversion from the old certificate format to the new certificate format fails during the upgrade process.
  • The new certificate format uses a .pem and .key file for the HTTP and ConsoleProxy endpoints, each with a unique path.
  • The create-backup.sh script references these paths, so if the files did not properly convert, the backup script will error out.

Resolution

To resolve this issue, the HTTP and ConsoleProxy certificates must be re-imported into each cell in the VCD environment.

For versions 10.3 and later, this requires a .pem file and a .key file.

  • The .pem file is effectively the certificate, and the .key file is the associated key.

If you have your own private key and CA-signed certificate files, importing them into your VMware Cloud Director environment provides the highest level of trust for SSL communications and helps you secure the connections within your cloud infrastructure.

Prerequisites


Copy your intermediate certificates, root CA certificate, CA-signed HTTPS service, and Console Proxy service private keys and certificates to the appliance.


Procedure

  1. Log in directly or by using an SSH client to the VMware Cloud Director appliance console as root.
  2. Make a note of the existing http and consoleproxy certificate file paths from /opt/vmware/vcloud-director/etc/global.properties using the properties of user.http.pem, user.http.key, user.consoleproxy.pem, and user.consoleproxy.key.
  3. To back up the existing certificate files, use the paths from step 2 to run the following commands.
    cp path_to_the_user.http.pem /opt/vmware/vcloud-director/etc/user.http.pem.original
cp path_to_the_user.http.key /opt/vmware/vcloud-director/etc/user.http.key.original
cp path_to_the_user.consoleproxy.pem /opt/vmware/vcloud-director/etc/user.consoleproxy.pem.original
cp path_to_the_user.consoleproxy.key /opt/vmware/vcloud-director/etc/user.consoleproxy.key.original

     

  4. Copy and replace the key and certificate files that you must import at /opt/vmware/vcloud-director/etc/user.http.pem, /opt/vmware/vcloud-director/etc/user.http.key, /opt/vmware/vcloud-director/etc/user.consoleproxy.pem, and /opt/vmware/vcloud-director/etc/user.consoleproxy.key.
  5. If you have intermediate certificates, to append the root CA-signed certificate and any intermediate certificates to the HTTP and console proxy certificates, run the following command.
    cat intermediate-certificate-file-1.cer intermediate-certificate-file-2.cer root-CA-certificate.cer >> /opt/vmware/vcloud-director/etc/user.http.pem
cat intermediate-certificate-file-1.cer intermediate-certificate-file-2.cer root-CA-certificate.cer >> /opt/vmware/vcloud-director/etc/user.consoleproxy.pem

    Where intermediate-certificate-file-1.cer and intermediate-certificate-file-2.cer are the names of intermediate certificates and root-CA-certificate.cer is the name of the root CA-signed certificate.

  6. Run the command to import the signed certificates into the VMware Cloud Director instance.
    /opt/vmware/vcloud-director/bin/cell-management-tool certificates -j --cert /opt/vmware/vcloud-director/etc/user.http.pem --key /opt/vmware/vcloud-director/etc/user.http.key --key-password imported_key_password
/opt/vmware/vcloud-director/bin/cell-management-tool certificates -p --cert /opt/vmware/vcloud-director/etc/user.consoleproxy.pem --key /opt/vmware/vcloud-director/etc/user.consoleproxy.key --key-password imported_key_password
  7. For the CA-signed certificates to take effect, restart the vmware-vcd service on the VMware Cloud Director appliance.
    1. Run the command to stop the service.
      /opt/vmware/vcloud-director/bin/cell-management-tool cell -i $(service vmware-vcd pid cell) -s
    2. Run the command to start the service.
      systemctl start vmware-vcd

 


Workaround:
To workaround this issue, take a backup of the database using the built-in postgres utilities, as shown below:

  1. su postgres
  2. /opt/vmware/vpostgres/current/bin/pg_dump vcloud > dbdump.out



Powered by Wolken Software