After upgrading Aria Automation Orchestrator to 8.18.1 "vracli vro authentication" does not retrieve current authentication provider configuration
Article ID: 382004
Updated On:
Products
VMware Aria Suite
Issue/Introduction
- After upgrading Aria Automation Orchestrator to 8.18.1, it does not retrieve current authentication provider configuration that was configured previously.
- As the Control Center is removed in this version the only way to check this is via the command line using
"vracli vro authentication". It will return "No authentication provider configured."
Environment
VMware Aria Automation Orchestrator 8.18.1 (Standalone)
Cause
- This is a known issue.
- If the authentication provider was set in the Control Center previously, then the command will not return any result.
- This is due to the Control Center being deprecated in 8.18.1.
Resolution
Workaround
Unregister and re-register the authentication provider.
- SSH into the Orchestrator appliance. (In a stand-alone cluster, the commands should be run on one node only)
- Unregister the current Authentication
vracli vro authentication unregister - Re-register by setting Authentication again:
The authentication wizard can be run to set authentication, which will prompt you to enter for the appropriate details:vracli vro authentication wizard
Or you can use command line similar to this example (this example configures vSphere SSO for Authentication):vracli vro authentication set -p vsphere -hn https://my-vsphere.local -u [email protected] --tenant vsphere.local --admin-group Administrators --admin-group-domain vsphere.local
Note: See Syntax details and Parameter requirements for commands here: Configuring the Automation Orchestrator Appliance authentication provider with the command line interface
Important:vracli vro authenticationcommands are applicable only for the external orchestrators. The Embedded instance is managed by the appliance scripts. If you have run the commands to set authentication on an embedded instance, you will need to revert the settings (See Additional Information in this article).
Additional Information
Previous authentication provider details can be found in the following files on the Aria Automation Orchestrator node:
- /data/vco/usr/lib/vco/app-server/conf/vmo.properties
- /data/vco/usr/lib/vco/app-server/conf/csp.properties
- /data/vco/usr/lib/vco/app-server/conf/sso.properties
Note: vracli vro authentication commands are applicable only for the external orchestrators. The embedded instance is managed by the appliance scripts.
If you have run the vracli vro authentication commands to set authentication on an embedded instance, resetting the settings done by the authentication commands can be done with the following steps:
- Reset all authentication properties:
vracli vro authentication set -hn $(hostname) -p vra
Are you sure you want to reset its state? -> Yes
Do you wish to accept the certificate? -> No - Delete com.vmware.o11n.force-database-configuration from /data/vco/usr/lib/vco/app-server/conf/vmo.properties on all nodes. This can be done with the following command on one of the nodes:
vracli cluster exec -- sed -i '/com.vmware.o11n.force-database-configuration/d' /data/vco/usr/lib/vco/app-server/conf/vmo.properties - Restart all vco-app pods one by one to avoid downtime (kubectl -n prelude delete pod vco-app-###) or restart all of them if downtime is ok:
kubectl -n prelude delete pods -lapp=vco-app - Communication can be validated by checking the healthstatus of the Orchestrator on the following url:
https://<Automattion_FQDN>/vco/api/healthstatus?showDetails=true - If all health checks are in an OK state, then communication is working.
Feedback
Yes
No
Powered by
