vSphere Integrated Containers upgrade from version 1.2.1 to 1.3 fails
search cancel

vSphere Integrated Containers upgrade from version 1.2.1 to 1.3 fails

book

Article ID: 342413

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

To troubleshoot failed VIC upgrade

Symptoms:
Upgrade of vSphere Integrated Containers (VIC) from version 1.2.1 to version 1.3 fails. 

In the
/var/log/vmware/upgrade.log contains the following:
Feb 05 19:09:14 vic.vmware.com bash[1820]: Getting CA Private Key
Feb 05 19:09:14 vic.vmware.com bash[1820]: CA certificate and CA private key do not match
Feb 05 19:09:14 vic.vmware.com bash[1820]: 140737354090136:error:06067099:digital envelope routines:EVP_PKEY_copy_parameters:different parameters:p_lib.c:137
:
Feb 05 19:09:14 vic.vmware.com bash[1820]: 140737354090136:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:340
:
Feb 05 19:09:14 vic.vmware.com systemd[1]: admiral_startup.service: Main process exited, code=exited, status=1/FAILURE
Feb 05 19:09:14 vic.vmware.com systemd[1]: Failed to start Admiral Startup Configuration.

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.


Environment

VMware vSphere Integrated Containers 1.0.x
VMware vSphere Integrated Containers 1.x

Cause

The failure to upgrade is caused by the certificate mismatch in the vApp options between the old (ver 1.2.1) and new (ver 1.3) version of VIC Appliance. 

Resolution

To resolve the issue, please follow the steps below:
 
 From the VMWare Integrated Containers 1.2.x VM
  1. If vSphere Integrated Containers 1.2.1 Appliance  is not powered off, in In the vSphere Web Client, right click on it, select Power >> Shut down guest OS
  2. Once the VM is fully powered off right click on the VM and select "Edit Settings" and go to "vApp Options" tab
  3. Copy the values from all of the following fields: “SSL Cert”, “SSL Cert Key”, “CA Cert” and paste them in a text editor such as Notepad.
  4. Close the VM settings window by clicking “Cancel” button
 To the VMWare Integrated Containers 1.3 VM
  1. If vSphere Integrated Containers 1.3 Appliance  is not powered off, in In the vSphere Web Client, right click on it, select Power >> Shut down guest OS
  2. Once the VM is fully powered off right click on the VM and select "Edit Settings" and go to  "vApp Options" tab
  3. Paste the values from your text editor in the respective fields “(SSL Cert”, “SSL Cert Key”, “CA Cert”)  and click OK to save the settings.
  4. Power on vSphere Integrated Containers 1.3 Appliance  VM by right clicking on it and selecting Power >> Power On option

Once this has been completed, re-run the upgrade script by executing ./upgrade.sh script on the VIC 1.3 appliance