HW-153019 - Workaround for Liquibase changesets checksums modified on service restart of VMware Identity Manager
search cancel

HW-153019 - Workaround for Liquibase changesets checksums modified on service restart of VMware Identity Manager

book

Article ID: 367650

calendar_today

Updated On:

Products

VMware Aria Suite VMware

Issue/Introduction

Liquibase changesets checksums are getting modified on service restart of VMware Identity Manager

Affects the following versions of VMware Identity Manager: 

  • 3.3.X

Environment

VMware Identity Manager 3.3.x

Cause

The VMware Identity Manager console will not load as a result of this issue.

Sample logs to identify the issue:

From Horizon logs,

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'liquibase' defined in class path resource [spring/datastore-connection-wireup.xml]: Invocation of init method failed; nested exception is liquibase.exception.ValidationFailedException: Validation Failed:
     11 change sets check sum
          changelog-0002-2012-H1.xml::150_mssql::HS-7272 was: 8:e438ff17c36ea51888af6b929871f421 but is now: 8:05ab405b9ef92a185e98201916d581cc
          changelog-0003-2012-H2.xml::7_mssql::HZN-6296 was: 8:f120073de80cbb695c357836d0c0bb98 but is now: 8:0c1b26ef6efec6c47adb7dba0cef287a
          changelog-0003-2012-H2.xml::1_mssql::HZN-7953 was: 8:f0fba326a4770db25a3e79186a101370 but is now: 8:73515a75a971316884d1e2a232a186ed
          changelog-0003-2012-H2.xml::1_mssql::HS-8499 was: 8:5c03f1b91f56058720b16c88d774b33e but is now: 8:b9886ce9b848039037051144c36a86e2
          changelog-0003-2012-H2.xml::1_mssql::FUJI-662 was: 8:00426721b374236f0d2094fa6304f186 but is now: 8:9fd76b0048b157c7687fddc1bc31d2e2
          changelog-0003-2012-H2.xml::1_mssql::HW-3239 was: 8:f38080eea54e9e7e5771abc5fc84412e but is now: 8:aab382ae2b6b371959cf6567239c3617
          changelog-0005-2013-H2.xml::1_mssql::HW-24659 was: 8:8f5bdd16e2b4ffb2496a5c27c3677d97 but is now: 8:1cb18535f4d5b49c8481975573ea4aaf
          changelog-0009-2016-H1.xml::1_mssql::HW-54870 was: 8:17500547c1cda5b77d7c101377728b37 but is now: 8:5aac2bc991b675c8959cfa4a22ff5756
          changelog-0009-2016-H1.xml::2_mssql::HW-54870 was: 8:a26ea891f8fcc5e0cf37fae57b2330b4 but is now: 8:7711a31ca4455268fed543395a45e53d
          changelog-0012-2018-H1.xml::1_mssql::HW-85616 was: 8:4eed9edbba216f2ed8c7afaca4f2727e but is now: 8:28596e2b2223e6e2cbde9bfa3afdcd94
          changelog-0013-2019-H1.xml::1_mssql::HW-94662 was: 8:7c1192e57ae44aa4edac89884b66c37e but is now: 8:3d35d1e4ca8f8754df1572aa4c64de37

Note: To validate this issue please review the horizon.log from the access appliance node to confirm it is the same issue.

Resolution

1: Take a backup of the node

2: Stop the horizon workspace service

service horizon-workspace stop

3: vi /opt/vmware/horizon/workspace/bin/setenv.sh

Edit the setenv.sh file and add the 3 lines below JVM_OPTS="-server -Djdk.tls.ephemeralDHKeySize=${DH_KEYSIZE} -XX:+AggressiveOpts \

-Dliquibase.should.run=false \
-Dliquibase.shouldRun=false \
-Dliquibase.verify.changesets=false \
 

JVM_OPTS="-server -Djdk.tls.ephemeralDHKeySize=${DH_KEYSIZE} -XX:+AggressiveOpts \
-Dliquibase.should.run=false \
-Dliquibase.shouldRun=false \
-Dliquibase.verify.changesets=false \
-Djavax.net.ssl.trustStore=\"${IDM_CA_KEYSTORE}\" \
-Dset.rmi.server.hostname=true \
-Dvertx.disableFileCPResolving=true \
-XX:MaxMetaspaceSize=768m -XX:MetaspaceSize=768m \
-Xss1m -Xmx2g -Xms768m \
-XX:+UseParallelGC -XX:+UseParallelOldGC \
-XX:NewRatio=3 -XX:SurvivorRatio=12 \
-Dorg.apache.xml.security.ignoreLineBreaks=true \
-XX:+DisableExplicitGC \
-XX:+UseBiasedLocking -XX:-LoopUnswitching"


4: Post applying the changes start the horizon workspace service

service horizon-workspace start

5: Perform the same steps for all the nodes in the cluster

Note: Change the permission of setenv.sh file from root to www using chown horizon:www setenv.sh if there is any difference in the permission.

6: Correct ownership and permission for Setenv.sh:

7: In configurator.log, if the exception below is present, then check the ownership and permission for Cert-Proxy & Conf directory and then update the correct ownership and permission        using chmod and chown,

Caused by: java.io.FileNotFoundException: /opt/vmware/certproxy/conf/cert-proxy.properties (Permission denied)

8: Correct ownership and permission for Cert-Proxy and Conf directory,

9: Post performing the above changes for Cert-Proxy and Conf directory then restart the horizon-workspace service

service horizon-workspace restart
Powered by Wolken Software