Upgrading vCenter from an earlier 7.0 release to 7.0 Update 3c/3d/3e/3f, or from 8.0 U1 to U3, may fail with the error: “Invalid type: expected string, received NoneType.”
search cancel

Upgrading vCenter from an earlier 7.0 release to 7.0 Update 3c/3d/3e/3f, or from 8.0 U1 to U3, may fail with the error: “Invalid type: expected string, received NoneType.”

book

Article ID: 326224

calendar_today

Updated On:

Products

VMware vCenter Server 7.0 VMware vCenter Server 8.0

Issue/Introduction

Symptoms:

  • Updating vCenter to versions 7.0 Update 3c, 3d, 3e, or 3f fails with the error: Invalid type: expected string, received NoneType.

  • The /var/log/vmware/applmgmt/PatchRunner.log file contains the following error stack:

    YYYY-MM-DDTHH:MM:SSZ content-library:Patch ERROR vmware_b2b.patching.executor.hook_executor Patch hook 'content-library:Patch' failed.
Traceback (most recent call last):
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/executor/hook_executor.py", line 74, in executeHook
  executionResult = systemExtension(args)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/libs/sdk/extensions.py", line 106, in __call__
  result = self.extension(*args)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/libs/sdk/extensions.py", line 123, in _func
  return func(*args)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/__init__.py", line 279, in execute_patch
  register_cls()
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/add_new_cls_privileges.py", line 151, in register_cls
  reg_info.registerAll(solution_user_name, solution_user_id, service_id=service_id)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/cis_register.py", line 387, in registerAll
  self.registerUserAndService(user_name, user_id, service, service_id=service_id)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/cis_register.py", line 422, in registerUserAndService
  create_sso_groups(service_spec)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/cis_register.py", line 623, in create_sso_groups
  authz_patch.assign_groups_to_roles(service_spec['group-role'])
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/cis_register.py", line 591, in assign_groups_to_roles
  self.domain_name, role, group, True)
 File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 706, in set_permission
  self._authz_service)
 File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 685, in create_access_control
  role_ids.append(role_objs_dict[rolename])
KeyError: 'com.vmware.Content.Registry.Admin'
YYYY-MM-DDTHH:MM:SSZ ERROR vmware_b2b.patching.phases.patcher Patch hook Patch got ComponentWrapperError.
Traceback (most recent call last):
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/phases/patcher.py", line 203, in patch
  _patchComponents(ctx, userData, statusAggregator.reportingQueue)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/phases/patcher.py", line 85, in _patchComponents
  executeComponentHook(Hook.Patch, ctx, c, userData, reportingQueue)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/executor/execution_facade.py", line 98, in executeComponentHook
  reportQueue, identifier, expectedResultType)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/executor/execution_facade.py", line 53, in executeHook
  result = executor.executeHook(scriptFile, hook, args, reportQueue, reportIdentifier)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/executor/hook_executor_process.py", line 119, in executeHook
  raise ex
patch_errors.ComponentError
YYYY-MM-DDTHH:MM:SS1Z WARNING root stopping status aggregation...
YYYY-MM-DDTHH:MM:SS2Z ERROR __main__ Patch vCSA failed

Environment

VMware vCenter Server 7.0.3
VMware vCenter Server 8.0.3
 

Cause

This error may occur if one or more default roles in vCenter have been modified, causing their vmwAuthzRoleName property to differ from the expected value. The update installer relies on this property to identify roles when re-registering services during the update, and the process fails if a required role cannot be located.

The issue can also arise if a role is missing its vmwAuthzRoleName property entirely.

Resolution

To resolve this issue, follow these steps:

  1. Restore vCenter backup created prior to the update attempt.

  2. Download the repair_roles.sh script provided in this KB.

  3. Upload the script to the vCenter Server Appliance under the /tmp/ directory.

  4. Connect via SSH to the vCenter Server Appliance and navigate to /tmp/.
Note: Most default roles use fixed role IDs. However, the role com.vmware.Content.Admin may vary. Edit the script and update this role ID for a specific environment.
  1. To determine the role ID, run the following command:
    (If the output is blank, refer to the corrected steps at the bottom of this KB.)
    # /opt/likewise/bin/ldapsearch -b "cn=RoleModel,cn=VmwAuthz,cn=Services,dc=vsphere,dc=local" -s sub -D "cn=Administrator,cn=Users,dc=vsphere,dc=local" -W | grep -A 4 com.vmware.Content.Admin
When prompted, enter the password for the SSO administrator account. The output will display a value for cn: (highlighted in green). This is the role ID.
vmwAuthzRoleName: com.vmware.Content.Admin
vmwAuthzRoleDescription: Administrator user for Content Library
objectClass: top
objectClass: vmwAuthzRole
cn: 1111111111
  1. Edit the repair_roles.sh script and locate the following block: 
    /opt/likewise/bin/ldapmodify -x -h localhost -p 389 -D 'cn=Administrator,cn=Users,dc=vsphere,dc=local' -W << EOF
dn: cn=-1615445737,cn=RoleModel,cn=VmwAuthz,cn=services,dc=vsphere,dc=local
changetype: modify
replace: vmwAuthzRoleName
vmwAuthzRoleName: com.vmware.Content.Admin
EOF
  2. Replace the numeric value of the first cn with the role ID obtained in step 5: 
    /opt/likewise/bin/ldapmodify -x -h localhost -p 389 -D 'cn=Administrator,cn=Users,dc=vsphere,dc=local' -W << EOF
dn: cn=1111111111,cn=RoleModel,cn=VmwAuthz,cn=services,dc=vsphere,dc=local
changetype: modify
replace: vmwAuthzRoleName
vmwAuthzRoleName: com.vmware.Content.Admin
EOF
  3. Save the script and update file permissions to make it executable.: 
    # chmod +x repair_roles.sh
  4. Run the script: 
    # ./repair_roles.sh

Note: During execution, multiple prompts (up to eight) will appear for the LDAP password. The password for [email protected], or the administrator account for the SSO domain, must be entered each time.

    10. Restart vCenter services on the VCSA to apply the changes.
           service-control --stop --all && service-control --start --all 

    11. Retry the update.

 

If the command from Step 5 is blank, use the following steps: 

1. Retrieve the correct ID for the com.vmware.Content.Admin role.

cat /var/log/firstboot/content-library-firstboot.py_YYY_stdout.log | grep -i "com.vmware.Content.Admin, role.id"

(replace YYY with the number from the log file)

2. Run the following command to add the missing com.vmware.Content.Admin role.

/opt/likewise/bin/ldapmodify -x -h localhost -p 389 -D 'cn=Administrator,cn=Users,dc=vsphere,dc=local' -W << EOF
dn: cn=ZZZ,cn=RoleModel,cn=VmwAuthz,cn=services,dc=vsphere,dc=local
changetype: modify
replace: vmwAuthzRoleName
vmwAuthzRoleName: com.vmware.Content.Admin
EOF

Copy and paste the entire command block as a single unit. Be sure to replace ZZZ with the role ID obtained in Step 1.

Attachments

repair_roles get_app
Powered by Wolken Software