vSphere Integrated Containers upgrade from version 1.2.1 to 1.3 fails
Article ID: 342413
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
To troubleshoot failed VIC upgrade
Symptoms:
Upgrade of vSphere Integrated Containers (VIC) from version 1.2.1 to version 1.3 fails.
In the /var/log/vmware/upgrade.log contains the following:
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Symptoms:
Upgrade of vSphere Integrated Containers (VIC) from version 1.2.1 to version 1.3 fails.
In the /var/log/vmware/upgrade.log contains the following:
Feb 05 19:09:14 vic.vmware.com bash[1820]: Getting CA Private Key
Feb 05 19:09:14 vic.vmware.com bash[1820]: CA certificate and CA private key do not match
Feb 05 19:09:14 vic.vmware.com bash[1820]: 140737354090136:error:06067099:digital envelope routines:EVP_PKEY_copy_parameters:different parameters:p_lib.c:137
:
Feb 05 19:09:14 vic.vmware.com bash[1820]: 140737354090136:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:340
:
Feb 05 19:09:14 vic.vmware.com systemd[1]: admiral_startup.service: Main process exited, code=exited, status=1/FAILURE
Feb 05 19:09:14 vic.vmware.com systemd[1]: Failed to start Admiral Startup Configuration.
Feb 05 19:09:14 vic.vmware.com bash[1820]: CA certificate and CA private key do not match
Feb 05 19:09:14 vic.vmware.com bash[1820]: 140737354090136:error:06067099:digital envelope routines:EVP_PKEY_copy_parameters:different parameters:p_lib.c:137
:
Feb 05 19:09:14 vic.vmware.com bash[1820]: 140737354090136:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:340
:
Feb 05 19:09:14 vic.vmware.com systemd[1]: admiral_startup.service: Main process exited, code=exited, status=1/FAILURE
Feb 05 19:09:14 vic.vmware.com systemd[1]: Failed to start Admiral Startup Configuration.
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Environment
VMware vSphere Integrated Containers 1.0.x
VMware vSphere Integrated Containers 1.x
VMware vSphere Integrated Containers 1.x
Cause
The failure to upgrade is caused by the certificate mismatch in the vApp options between the old (ver 1.2.1) and new (ver 1.3) version of VIC Appliance.
Resolution
To resolve the issue, please follow the steps below:
From the VMWare Integrated Containers 1.2.x VM
Once this has been completed, re-run the upgrade script by executing ./upgrade.sh script on the VIC 1.3 appliance
From the VMWare Integrated Containers 1.2.x VM
- If vSphere Integrated Containers 1.2.1 Appliance is not powered off, in In the vSphere Web Client, right click on it, select Power >> Shut down guest OS
- Once the VM is fully powered off right click on the VM and select "Edit Settings" and go to "vApp Options" tab
- Copy the values from all of the following fields: “SSL Cert”, “SSL Cert Key”, “CA Cert” and paste them in a text editor such as Notepad.
- Close the VM settings window by clicking “Cancel” button
- If vSphere Integrated Containers 1.3 Appliance is not powered off, in In the vSphere Web Client, right click on it, select Power >> Shut down guest OS
- Once the VM is fully powered off right click on the VM and select "Edit Settings" and go to "vApp Options" tab
- Paste the values from your text editor in the respective fields “(SSL Cert”, “SSL Cert Key”, “CA Cert”) and click OK to save the settings.
- Power on vSphere Integrated Containers 1.3 Appliance VM by right clicking on it and selecting Power >> Power On option
Once this has been completed, re-run the upgrade script by executing ./upgrade.sh script on the VIC 1.3 appliance
Feedback
Yes
No
Powered by
