NSX Federation LM GM sync disconnect post upgrade
Article ID: 369386
Updated On:
Products
Issue/Introduction
Post upgrade of NSX federation environment LM GM sync status becomes disconnected.
Cause
we are running into this issue because the /etc/vmware/nsx-appl-proxy/appl-proxy.xml file is not getting upgraded to the intended install version.
From nsx-keeper (4.1) onwards, we read the sslEnabled value for external_ar from the appl-proxy.xml file, and if not present default value is sslEnabled=false, we are running into this issue.
Resolution
1. Take a backup for /etc/vmware/nsx-appl-proxy.xml
2. Copy the corresponding release version as /etc/vmware/nsx-appl-proxy.xml_4.1.2.3
https://engweb.eng.vmware.com/bugs/files/0/3/3/9/1/6/4/0/appl-proxy.xml_4.1.2.3
3. Open /etc/vmware/nsx-appl-proxy.xml
4. Remove the current content of /etc/vmware/nsx-appl-proxy.xml and copy the contents of /etc/vmware/nsx-appl-proxy.xml_4.1.2.3
5. Save this content and close it.
If you follow the above steps, the permission of /etc/vmware/nsx-appl-proxy.xml doesn't change before or after copying the release version.
If you are replacing the file, then the permission needs to be the same as what was before. Normally it is,
root@manager1:~# ls -lrt /etc/vmware/nsx-appl-proxy/appl-proxy.xml
-rw-r--r-- 1 appl-proxy appl-proxy 2160 Dec 15 2019 /etc/vmware/nsx-appl-proxy/appl-proxy.xml
So the same groups and permission need to be there.
6. Restart the service using this command:
/etc/init.d/nsx-appl-proxy stop
/etc/init.d/nsx-appl-proxy start
7. After service restart LM GM should be connected.
Additional Information
To avoid the LM GM disconnect post-upgrade, the below steps have to be followed in the current version environment.
1. Take a backup for /etc/vmware/nsx-appl-proxy.xml
2. Copy the corresponding release version as /etc/vmware/nsx-appl-proxy.xml_3.2.3
https://engweb.eng.vmware.com/bugs/files/0/3/3/9/1/6/4/0/appl-proxy.xml_323
3. Open /etc/vmware/nsx-appl-proxy.xml
4. Remove the current content of /etc/vmware/nsx-appl-proxy.xml and copy the contents of /etc/vmware/nsx-appl-proxy.xml_3.2.3
5. Save this content and close it.
If you follow the above steps, the permission of /etc/vmware/nsx-appl-proxy.xml doesn't change before or after copying the release version.
If you are replacing the file, then the permission needs to be the same as what was before. Normally it is,
root@manager1:~# ls -lrt /etc/vmware/nsx-appl-proxy/appl-proxy.xml
-rw-r--r-- 1 appl-proxy appl-proxy 2160 Dec 15 2019 /etc/vmware/nsx-appl-proxy/appl-proxy.xml
So the same groups and permission need to be there.
6. Restart the service using this command:
/etc/init.d/nsx-appl-proxy stop
/etc/init.d/nsx-appl-proxy start
7. After service restart LM GM should be connected.
8. Then proceed to upgrade.
Feedback
