In NSX Autonomous Edge in High Availability mode, attempting to promote a secondary node to primary for API server when the original primary is unrecoverable may fail.

When running the POST https://<secondary-node-ip>/api/v1/high-availability?action=dissolve_and_make_primary API call against the secondary node, the following error is returned: "This operation is not supported on secondary API node, please use the primary API node."

NSX 4.1.x, 4.2.x, 9.0.x

In LUA, the string.match() call can use a regex-like syntax to match strings. The '-' character is a special character relating to a non-greedy match for the next character. Since the '-' is part of the URI and is not escaped, the string.match() call fails to match the URI and the API call is rejected.

For impacted versions, follow this workaround to promote the node manually. This change does not impact the dataplane and does not require a maintenance window.

1. Access the root command line of the secondary Autonomous Edge node.

2. Create a backup of the LUA script:
   cp -rva /opt/vmware/nsx-edge/reverse-proxy/authorize.lua /opt/vmware/nsx-edge/reverse-proxy/authorize.lua.bak

3. Run the following command to escape the hyphen in the authorization script: sed -i 's/high-availability/high%-availability/' /opt/vmware/nsx-edge/reverse-proxy/authorize.lua

4. Restart the reverse-proxy service to load the configuration change: systemctl restart nsx-edge-reverse-proxy

5. Perform the API call to promote the node:

   • Method: POST

   • URL: https://<secondary-node-ip>/api/v1/high-availability?action=dissolve_and_make_primary

6. After the node is promoted to primary, you may proceed with deploying a new secondary node to restore the high-availability cluster.

API to call when the primary API node edge is lost, crashed or dead.