Upgrading vRA or vRO to newer versions may fail if there are certain records in the known_hosts file of the virtual appliance
search cancel

Upgrading vRA or vRO to newer versions may fail if there are certain records in the known_hosts file of the virtual appliance

book

Article ID: 326063

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

  • Upgrade fails with

Error Code: LCMVRACONFIG50008
Check VMware Aria Automation hostname is resolvable and reachable.
  • Generating Log bundle fails with
Error Code: LCMVRAVACONFIG590002
Failed to SSH into VMware Aria Automation.
  • When you try to ssh from Aria Suite Lifecycle to VRA or try to ssh between VRA nodes you hit an error
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING #####!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is SHA256:Ikr<REDACTED>hyk.
Please contact your system administrator.
  • As of vRA and vRO 8.11.2, new SSH config and keys have been introduced.
  • The /<home>/.ssh/known_hosts (/home/root/.ssh/known_hosts) file may contain records with old SSH keys which may interfere with the new keys preventing upgrade utilities from connecting to the cluster nodes during an upgrade to a version above vRA/vRO 8.11.2.
  • The offending records in this file are all the keys starting with the IP address of any node in the cluster.

 




Environment

VMware Aria Automation 8.12.x and above.

Cause

SSH connections to cluster nodes performed by the upgrade utilities fails, if there are offending records in the /<home>/.ssh/known_hosts file, for any of the vRA/vRO cluster nodes, because the SSH connection could not be created. The upgrade fails early within the preparatory steps of the upgrade.

Resolution

VMware is aware of this issue and is being considered for inclusion in a later release.

See the Workaround section below for additional information.

Workaround:

  1. Prior to the upgrade, validate if the following files are present on any node in the cluster.
ls -l ~/.ssh/authorized_keys
ls -l ~/.ssh/known_hosts
  1.  If they are present, remove these files from each node in the cluster before starting the upgrade.
rm ~/.ssh/authorized_keys
rm ~/.ssh/known_hosts