CSP-97577: Patch instructions to upgrade platform components in VMware Identity Manager 3.3.7
search cancel

CSP-97577: Patch instructions to upgrade platform components in VMware Identity Manager 3.3.7

book

Article ID: 404054

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

This article outlines the steps to upgrade the following EOL components.

EOL Component
Version
Photon 3
 4
Java 8
11.0.27
Tomcat - 8.5
9.0.106
Postgres 9.6
14.15
OpenSearch 1.3.5
2.8.0
Angular XLTS 1.9.1
1.9.7
RabbitMQ - 3.10.7/3.12.4
3.13.3


This article outlines the complete set of steps required for customers to successfully install VMware Aria Suite Lifecycle 8.18 Patch 3.

IMPORTANT Pre-Patch Instructions

Before proceeding with any patching activity, please follow the steps below carefully to avoid service disruption:

1. Take Snapshots

Create non-memory snapshots of both VMware Identity Manager and VMware Aria Suite Lifecycle from vCenter while they are in a healthy state.

2. Patch VMware Identity Manager as a First Step:

You must patch VMware Identity Manager before VMware Aria Suite Lifecycle. Follow the instructions in the VMware Identity Manager patch article:

vIDM Patch - Knowledge Base Article 404054

     2.1. Validate Patch Readiness

     Only proceed with the VMware Identity Manager patch if the prepare-vidm-patch.sh script (available in the article above) returns the following message:
 
     "Done! You can now proceed with installing the vidm-patch."

      

3. Patch VMware Aria Suite Lifecycle

Once VMware Identity Manager is successfully patched, proceed with patching VMware Aria Suite Lifecycle as described in:

vRSLCM Patch - Knowledge Base Article 406032

4. Do Not Delete Snapshots Early

Retain the working state snapshots taken in Step 1 until both VMware Identity Manager and VMware Aria Suite Lifecycle patching processes are fully completed and verified.

Environment

VMware Identity Manager 3.3.7

Resolution

Prerequisites

      Note: The total downtime is approximately 1 hour to apply the vIDM patch.
  • It is recommended to upgrade instances of unsupported versions to newer, supported versions first before applying the patch.
  • It is required to take a snapshot or backup of the Appliance(s) and the database server before applying the procedure.
  • Please make sure at least 15GB of free space is available in the installation file path.
  • The patch is compatible with the grub2 file. Use the following command to search for the grub file. 
    ls -ltr /boot/grub
OR
ls -ltr /boot/grub2
  • Note: grub.cfg should be present in the output

  • If the grub.cfg file is missing or if grub is running below version 2.0, please update grub to version 2.0 before applying the patch.
  • You can check the version of the grub with the grub-install --version command 
  •               

If the Photon Linux OS does not have  grub2, it can be updated using the instructions in the KB document https://knowledge.broadcom.com/external/article/378767

The document has the attachment with  grub2 bundle and instructions on how to install and update it.

  • If you need furthere help on how to add or update the grub file, please contact the support team for assistance.
Note: If you are running a single node vIDM, SKIP the step below
  • For the cluster deployment, execute the script attached in the KB (prepare-vidm-patch.sh) ONLY on the primary node.
    chmod +x prepare-vidm-patch.sh
    ./prepare-vidm-patch.sh

    Note: proceed only if the script displays the following message: "Done! You can now proceed with installing the vidm-patch." Do not continue with the patching process if this message does not appear, or if the vIDM cluster is not in a healthy state.

Procedure: CSP-97577 Patch Deployment

Note: This is a cumulative patch that will perform an installation of other patches, including CSP-99024, CSP-97727, CSP-96928, CSP-96928, CSP-95247, CSP-93316, CSP-91401, CSP-90495, HW-189454, and HW-170932 if not installed previously.

  1. Login as sshuser
  2. Run sudo root.
  3. Download and transfer CSP-97577-Appliance-3.3.7.zip to the virtual appliance (e.g, create a folder like - /db/vidm-upgrade on a partition like /db). This zip file can be saved anywhere on the file system (not the folder /db/data) where sufficient space is available approx (15 GB). VMware recommends SCP protocol to transfer the file to the appliance. Tools such as winscp can also be used to transfer the file to the appliance.
    Note: Do not place the patch<CSP-97577-Appliance-3.3.7.zip> file in /db/data directory and avoid applying the patch from that location.
    Example:
  4. Unzip the file using the command below. 
    unzip CSP-97577-Appliance-3.3.7.zip
  5. Remove the zip to cleanup. 
    rm -f CSP-97577-Appliance-3.3.7.zip
  6. Navigate to the files within the unzipped folder using the command below. 
    cd CSP-97577-Appliance-3.3.7
  7. Run the patch script using the command below: 
    yes | ./CSP-97577-applyPatch.sh -f identity-manager-3.3.7.0-24863103-updaterepo.zip -r
  8. Validate the patch was successful by monitoring the /opt/vmware/var/log/update.log file, a successful application message looks similar to:

    IMPORTANT: VMware Identity Manager services are NOT expected to function until Aria Suite Lifecycle Patch 3 is applied.
  9. Repeat the above steps for each appliance node in the cluster.

IMPORTANT: VMware Identity Manager services are NOT expected to function until Aria Suite Lifecycle Patch 3 is applied.

Mandatory: Install Patch 3 for Aria Suite Lifecycle after vIDM is patched successfully

Note: The total downtime is approximately 1 hour to apply the Aria Suite Lifecycle Manager patch.
  1. To install VMware Aria Suite Lifecycle 8.18 Patch 3, follow instructions from VMware Aria Suite Lifecycle 8.18 Patch 3 Installation Runbook.
  2. If you are running a clustered deployment, perform the next steps. If you are running a single node vIDM SKIP step 3 and 4.
  3. Perform day-2-action Patch Postgres Cluster on the Global Environment in Aria Suite Lifecycle.
    1. Login into vRSLCM > Life Cycle Operations > Environments > Global Environment > view details > Patch Postgres Cluster
      Note:       If the above option is not visible in LCM, it is likely due to a browser cache issue. Open the page in a private/incognito window in your browser.
  4. Once the Patch Postgres Cluster task is completed in LCM, SSH into all the vIDM nodes and start the OpenSearch Service.
    /etc/init.d/opensearch start

Patch Deployment Validations

After the patch deployment, perform the below steps to confirm patch is applied successfully

  1. Login as an Administrator to the VIDM Console and verify the System Diagnostics page is green.
  2. If the patch is applied successfully, you can find a flag file created as CSP-97577-3.3.7.0-hotfix.applied in the /usr/local/horizon/conf/flags directory. 
    ls -l /usr/local/horizon/conf/flags
  3. Login as a local administrator to the Service and navigate to the Legacy Connector page. Click on the Worker link and check whether the auth adapters load under the Auth Adapters tab. Click on any enabled auth adapter and check if the page opens correctly.
  4. Perform Directory Sync to validate that users/groups are synced.
  5. Check in the UI portal if all tabs open properly, including the cfg page: "https://vidm-hostname:8443"
  6. Check the Admin Portal and the Connectors page shows the version as "3.3.7.0 Build 24863103"

Known Issues Post VIDM CSP-97577 Patch Installation

  • Please follow the steps mentioned in the Broadcom KB article 406308 to address the known issues observed after applying the VIDM CSP-97577 patch.

Clean Up:

  • Remove the folder below after the patch is successful and post-validation is done. 
    rm -rf CSP-97577-Appliance-3.3.7

Additional Information

To revert this patch, you can revert to the appliance(s) snapshot and the database backup taken before applying these steps.

Attachments

prepare-vidm-patch.sh get_app
Powered by Wolken Software