Follow one of the sets of steps below depending on the current cluster status.
- Upgrade in progress - Follow these steps if the issue was discovered during the upgrade process.
- Upgrade not started - Follow these steps if you have not yet started the upgrade, or you have restored the cluster to a pre-upgrade status.
Upgrade in progress
- Log into the Primary node as root via SSH or Console.
- Run the following command to remove the allowAllResources attribute from all entries in the kv_auth table:
su - postgres -c "/opt/vmware/vpostgres/current/bin/psql -d vcopsdb -p 5433 -c \"UPDATE kv_auth SET col__kv_strvalue = (col__kv_strvalue::jsonb) #- '{UserWrapper,allowAllResources}' WHERE objecttype ='User-' AND (col__kv_strvalue::jsonb)->'UserWrapper' ? 'allowAllResources';\""
The upgrade will continue on it's own. Return to the Admin UI and wait for the upgrade to complete.
Upgrade not started
- Download the attached auth_UserWrapper_allowAllResources_cassandra.py script from the Attachments section on the right of this knowledge article.
- Using an SCP utility, copy the auth_UserWrapper_allowAllResources_cassandra.py script to the /tmp directory on the vRealize Operations Primary node.
- Log into the Primary node as root via SSH or Console.
- Run the following command to move to the /tmp directory:
cd /tmp
- Run the following command to grant to read permission to the auth_UserWrapper_allowAllResources_cassandra.py script:
chmod 744 auth_UserWrapper_allowAllResources_cassandra.py
- Run the following command to dump the existing Cassandra auth table to a CSV file:
$VMWARE_PYTHON_BIN /usr/lib/vmware-vcops/cassandra/current/bin/cqlsh.py --ssl --cqlshrc /usr/lib/vmware-vcops/user/conf/cassandra/cqlshrc -e "COPY globalpersistence.auth TO '/tmp/cassandra_auth.csv' WITH NULL='<##NULL##>' AND HEADER=TRUE;"
- Execute the auth_UserWrapper_allowAllResources_cassandra.py script to create before/after delta files with/without the allowAllResources attribute:
$VMWARE_PYTHON_BIN /tmp/auth_UserWrapper_allowAllResources_cassandra.py
- Compare the /tmp/cassandra_auth.AffectedRowsBefore.csv and /tmp/cassandra_auth.AffectedRowsAfter.csv delta files to ensure only the UserWrapper|allowAllResources entries were removed.
- Run the following command to update the auth table using the /tmp/cassandra_auth.AffectedRowsAfter.csv file:
$VMWARE_PYTHON_BIN /usr/lib/vmware-vcops/cassandra/current/bin/cqlsh.py --ssl --cqlshrc /usr/lib/vmware-vcops/user/conf/cassandra/cqlshrc -e "COPY globalpersistence.auth FROM '/tmp/cassandra_auth.AffectedRowsAfter.csv' WITH NULL='<##NULL##>' AND HEADER=TRUE;"
You can now start the vRealize Operations 8.10.x upgrade as normal.