CSP-97577: Patch instructions to upgrade platform components in VMware Identity Manager 3.3.7
Article ID: 404054
Updated On:
Products
Issue/Introduction
Patch Superseded
This patch has been superseded by a newer cumulative update. Please install the latest VMware Identity Manager patch, CSP-102092, by following the instructions in KB 412021.
Component Upgrades (in Superseded Patch 3)
This article outlines the steps that were required to install VMware Aria Suite Lifecycle 8.18 Patch 3, which included upgrades for the following End-of-Life (EOL) components:
| EOL Component | New Version |
|---|---|
Photon 3 |
4 |
Java 8 |
11.0.27 |
Tomcat 8.5 |
9.0.106 |
Postgres 9.6 |
14.15 |
OpenSearch 1.3.5 |
2.8.0 |
Angular XLTS 1.9.1 |
1.9.7 |
RabbitMQ 3.10.7 / 3.12.4 |
3.13.3 |
Pre-Patch Instructions (for Superseded Patch 3)
The following steps were required before proceeding with the Patch 3 installation:
- Take Snapshots
Create non-memory snapshots of both VMware Identity Manager and VMware Aria Suite Lifecycle appliances from vCenter while they are in a healthy state. - Patch VMware Identity Manager First
You must patch VMware Identity Manager before patching VMware Aria Suite Lifecycle.- Validate Patch Readiness
Proceed only after theprepare-vidm-patch.shscript returns the following success message:"Done! You can now proceed with installing the vidm-patch."
- Validate Patch Readiness
- Patch VMware Aria Suite Lifecycle
Once VMware Identity Manager is successfully patched, proceed with patching VMware Aria Suite Lifecycle. - Do Not Delete Snapshots Early
Retain the snapshots taken in Step 1 until both patching processes are fully completed and the environments are verified as healthy.
Environment
Resolution
Prerequisites
Note: The total downtime is approximately 1 hour to apply the VMware Identity Manager patch.
- Version Support: It is recommended to upgrade any unsupported product versions to a supported version before applying this patch. This procedure is only validated for the versions specified.
- Please refer to the VMware Product Lifecycle Matrix for a list of supported versions.
- Snapshots/Backups: It is required to take a snapshot or backup of the appliance(s) and the database server before proceeding.
- Disk Space: Ensure at least 15 GB of free space is available on the partition where you will be placing the patch files.
- GRUB Version Check: This patch requires
grub2.- Use the following commands to check for the presence of the grub configuration file:
ls -ltr /boot/grub # OR ls -ltr /boot/grub2 - The output must show a
grub.cfgfile. If it is missing, or if your grub version is below 2.0, you must update it before applying the patch. You can check the version with this command:grub-install --version - If an update to
grub2is required, follow the instructions in KB 378767. Contact the support team for further assistance if needed.
- Use the following commands to check for the presence of the grub configuration file:
- Cluster Preparation (for clustered deployments only):
Note: If you are running a single node VMware Identity Manager, SKIP this step.
For a cluster, execute theprepare-vidm-patch.shscript (attached to the KB article) on the primary node only.chmod +x prepare-vidm-patch.sh ./prepare-vidm-patch.shNote: Proceed only if the script displays the message: "Done! You can now proceed with installing the vidm-patch." Do not continue if this message does not appear or if the cluster is not healthy.
Procedure: Patch Deployment
Note: This is a cumulative patch. If they are not already installed, it will also install the fixes from patches CSP-99024, CSP-97727, CSP-96928, and others.
- Log in to the VMware Identity Manager appliance via SSH as
sshuser. - Switch to the root user by running
sudo su -. - Download and transfer the CSP-97577-Appliance-3.3.7.zip file to the virtual appliance.
- Create a temporary directory for the upgrade files (e.g.,
/db/vidm-upgrade). - WARNING: Do not place the patch zip file in the
/db/datadirectory or run the patch from that location.
- Create a temporary directory for the upgrade files (e.g.,
- Unzip the file using the command:
unzip CSP-97577-Appliance-3.3.7.zip - (Optional) Remove the zip file to save space:
rm -f CSP-97577-Appliance-3.3.7.zip - Navigate into the unzipped folder:
cd CSP-97577-Appliance-3.3.7 - Run the patch script:
yes | ./CSP-97577-applyPatch.sh -f identity-manager-3.3.7.0-24863103-updaterepo.zip -r - Monitor the
/opt/vmware/var/log/update.logfile to validate that the patch was successful. - Repeat all the above steps for each of the remaining appliance nodes in the cluster.
Mandatory Next Step: Patch Aria Suite Lifecycle
IMPORTANT: VMware Identity Manager services are NOT expected to function correctly until Aria Suite Lifecycle is also patched.
Note: The total downtime is approximately 1 hour to apply the Aria Suite Lifecycle patch.
- To install VMware Aria Suite Lifecycle 8.18 Patch 3, follow the instructions from the Installation Runbook.
- For clustered deployments, perform the "Patch Postgres Cluster" Day 2 action from the Aria Suite Lifecycle UI under Global Environment > View Details.
- Once the "Patch Postgres Cluster" task is complete, SSH into all vIDM nodes and start the OpenSearch service:
/etc/init.d/opensearch start
Patch Deployment Validation
After all patching is complete, perform the following checks:
- Log in as an Administrator to the VMware Identity Manager console and verify the System Diagnostics page is green.
- Confirm that the patch flag file has been created:
ls -l /usr/local/horizon/conf/flags/CSP-97577-3.3.7.0-hotfix.applied - Perform a directory sync and validate that users and groups are synced correctly.
- Verify that all UI tabs and pages load correctly, including the configuration page at
https://<vidm-hostname>:8443. - Check that the Admin Portal and Connectors page shows the version as
3.3.7.0 Build 24863103.
Clean Up
- After the patch is successful and all post-validation is complete, you can remove the temporary folder.
rm -rf /path/to/CSP-97577-Appliance-3.3.7
Additional Information
Attachments
Feedback
