vCloud Usage Meter 4.7 UI cannot be accessed after upgrade from vCloud Usage Meter 4.4 and a change in the FIPS mode
Article ID: 322749
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
When an upgrade from vCloud Usage Meter 4.4 to vCloud Usage Meter 4.7 is made, and the FIPS mode is changed, then vCloud Usage Meter 4.7 web application cannot be accessed.
Here is an example of the error seen in the vCloud Usage Meter logs:
When an upgrade from vCloud Usage Meter 4.4 to vCloud Usage Meter 4.7 is made, and the FIPS mode is changed, then vCloud Usage Meter 4.7 web application cannot be accessed.
Here is an example of the error seen in the vCloud Usage Meter logs:
2023-10-18 12:51:52.676 INFO --- [nginx-clojure-worker-2] c.vmware.um.agentutils.FipsSettingUtil : updating FIPS mode settings to : off 2023-10-18 12:52:12.991 INFO --- [FIPS] fips-util.sh : Rebooting appliance because of fips being disabled. 2023-10-18 12:52:17.052 ERROR --- [nginx-clojure-worker-2] c.vmware.um.agentutils.FipsSettingUtil : Error returned by ::143 for command line options bash -l /opt/vmware/cloudusagemetering/scripts/fips-util.sh -fr off with message External process `bash` terminated with unexpected exit status 143 after 24374ms:
Environment
VMware vCloud Usage Meter 4.x
Cause
The reason vCloud Usage Meter 4.7 web application cannot be accessed is because after the upgrade the permissions related to the appliance certificate, keystore, and keys have been changed.
Resolution
This is a known issue and it will be fixed in a future vCloud Usage Meter release.
Workaround:
To access the vCloud Usage Meter 4.7 web application, you need to change the permissions of the appliance certificate, keystore, and keys to the correct ones as root. After changing the permissions, restart the appliance.
Procedure
Workaround:
To access the vCloud Usage Meter 4.7 web application, you need to change the permissions of the appliance certificate, keystore, and keys to the correct ones as root. After changing the permissions, restart the appliance.
Procedure
- Log in to vCloud Usage Meter 4.7 as root.
- Navigate to the directory where the Usage Meter certificate, keystore, and private key are located.
cd /opt/vmware/cloudusagemetering/platform/security
- Apply Read and Write permissions to the owner and group for the following files:
chmod 664 cacerts
chmod 664 keystore
chmod 664 sign-keystore
- Reboot the appliance.
reboot
- Check if the set permissions are applied.
ls -al
The user permissions of cacerts, keystore, and sign-keystore must have been changed to -rw-rw-r--.
Additional Information
If you haven't changed the FIPS mode after you have upgraded to vCloud Usage Meter 4.7, do the following to prevent the user permission issue:
- Log in to vCloud Usage Meter 4.7 as root.
- Navigate to the following directory:
cd /etc/
- Execute the following command to remove the unmask.sh file from /etc/profile. The unmask.sh file will remain in the /etc/profile.d directory.
awk -i inplace '!/unmask/' /etc/profile
- Reboot the appliance.
reboot
Feedback
Yes
No
Powered by
