Upgrading From VRealize Automation 6.2.4 Or 6.2.5 To 7.2 V Realize 72
User Manual: Pdf vRealize Automation - 7.2 - Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 User Guide for VMware vRealize Software, Free Instruction Manual
Open the PDF directly: View PDF 
.
Page Count: 68
| Download | |
| Open PDF In Browser | View PDF |
Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 vRealize Automation 7.2 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs. EN-002389-02 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2008–2017 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc. Contents Updated Information 5 1 vRealize Automation 6.2.4 or 6.2.5 Prerequisites, Considerations, and Process 7 Prerequisites for Upgrading from vRealize Automation 6.2.4 or 6.2.5 7 Considerations About Upgrading to This vRealize Automation Version 9 Upgrade and Identity Appliance Specifications 9 Upgrade and Licensing 9 Understanding How Roles Are Upgraded 9 Understanding How Blueprints Are Upgraded 10 Upgrade and vApp Blueprints, vCloud Endpoints, and vCloud Reservations 10 Understanding How Multi-Machine Blueprints Are Upgraded 11 Upgrade and Physical Endpoints, Reservations, and Blueprints 12 Upgrade and Network Profile Settings 12 Upgrade and Entitled Actions 12 Upgrade and Custom Properties 12 Upgrade and Application Services 13 Upgrade and Advanced Service Design 13 Upgrade and Blueprint Cost Information 13 Checklist for Upgrading vRealize Automation 6.2.4 or 6.2.5 13 2 Preparing to Upgrade vRealize Automation 6.2.4 or 6.2.5 17 Backup Prerequisites for Upgrading vRealize Automation 6.2.4 or 6.2.5 17 Back Up Your Existing vRealize Automation 6.2.4 or 6.2.5 Environment 18 Increase vCenter Server Hardware Resources for vRealize Automation 6.2.4 or 6.2.5 19 Power On the Entire System 20 Shut Down vCloud Automation Center Services on Your IaaS Windows Server 21 Downloading vRealize Automation Appliance Updates 22 Download vRealize Automation Appliance Updates from a VMware Repository 22 Download Virtual Appliance Updates for Use with a CD-ROM Drive 23 3 Updating the vRealize Automation 6.2.4 or 6.2.5 Appliance 25 Install the Update on the vRealize Automation 6.2.4 or 6.2.5 Appliance 25 Update Your Single Sign-On Password for VMware Identity Manager 27 Update the License Key 28 Migrate Identity Stores to the VMware Identity Manager 28 Create a Local User Account for Your Tenants 29 Synchronize Users and Groups for an Active Directory Link 30 Migrate Multiple Tenant and IaaS Administrators 31 Install the Update on Additional vRealize Automation 6.2.4 or 6.2.5 Appliances VMware, Inc. 33 3 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 4 Upgrading the IaaS Server Components After Upgrading vRealize Automation 6.x to 7.2 35 Upgrade IaaS Components Using the Upgrade Shell Script After Upgrading vRealize Automation 6.x to 7.2 35 Upgrading IaaS Components Using the IaaS MSI Package After Upgrading vRealize Automation 6.x to 7.2 37 Download the IaaS Installer to Upgrade IaaS Components After Upgrading vRealize Automation 6.x to 7.2 38 Upgrade the IaaS Components After Upgrading vRealize Automation 6.x to 7.2 38 5 Updating vRealize Orchestrator After Upgrading from vRealize Automation 6.x to 7.2 43 Migrating an External vRealize Orchestrator Server to vRealize Automation 7.2 43 Upgrade Stand-Alone vRealize Orchestrator After Upgrading vRealize Automation 6.x to 7.2 43 Upgrade External vRealize Orchestrator Appliance Cluster After Upgrading vRealize Automation 6.x to 7.2 44 6 Add Users or Groups to an Active Directory Connection 47 7 Enable Your Load Balancers 49 8 Post-Upgrade Tasks for Upgrading vRealize Automation 6.2.4 or 6.2.5 51 Port Configuration for High-Availability Deployments 51 Enabling the Connect to Remote Console Action for Consumers 51 Restore External Workflow Timeout Files 51 Verify That vRealize Orchestrator Service Is Available 52 Restore Embedded vRealize Orchestrator Endpoint 52 Restore Changes to Logging in the app.config File 53 9 Troubleshooting the vRealize Automation 6.2.4 or 6.2.5 Upgrade 55 Migration of Identity Store Fails Because the Active Directory is not Synchronized 55 Migration of Identity Store Fails Because of Incorrect Credentials 56 Migration of Identity Store Fails With a Timeout Error Message 57 Installation or Upgrade Fails with a Load Balancer Timeout Error 58 Upgrade Fails for IaaS Website Component 58 Manager Service Fails to Run Due to SSL Validation Errors During Runtime 60 Log In Fails After Upgrade 60 Catalog Items Appear in the Service Catalog But Are Not Available to Request 60 User Migration Batch Files Are Ineffective 61 PostgreSQL External Database Merge Is Unsuccessful 62 Join Cluster Command Appears to Fail After Upgrading a High-Availability Environment 62 Upgrade Is Unsuccessful if Root Partition Does Not Provide Sufficient Free Space 63 Backup Copies of .xml Files Cause the System to Time Out 64 Delete Orphaned Nodes on vRealize Automation 64 Upgrade Fails to Upgrade the Management Agent or Certificate Not Installed on a IaaS Node 64 Unable to Create New Directory in vRealize Automation 65 Index 4 67 VMware, Inc. Updated Information This Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 guide is updated with each release of the product or when necessary. This table provides the update history of the Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 guide . Revision Description EN-002389-02 n n n n n n n n n n n n EN-002389-01 n n n EN-002389-00 VMware, Inc. Revised Preparing to Upgrade vRealize Automation 6.2.4 or 6.2.5. Revised Install the Update on the vRealize Automation 6.2.4 or 6.2.5 Appliance to include reference to topic about installing appliance update without upgrading IaaS components. Revised Update Your SIngle Sign-On Password for VMware Identity Manager. Revised Update the License Key. Revised Install the Update on Additional vRealize Automation 6.2.4 or 6.2.5 Appliances. Revised Upgrade the IaaS Components Using the Upgrade Shell Script and Upgrade the IaaS Components Using the vRealize Automation 7.2 IaaS Installer MSI Package to include guidance about rebooting an IaaS server after the appliance update. Revised Upgrade External vRealize Orchestrator Appliance Cluster for vRealize Automation . Revised Restore External Workflow Timeout Files. Added Exclude Management Agents from Upgrade. Revised Upgrade Fails for Website Component During IaaS Upgrade. Added Updating vRealize Orchestrator for Use with vRealize Automation 7.2 Added Migrating an External vRealize Orchestrator Server to vRealize Automation. Revised “Increase vCenter Server Hardware Resources for vRealize Automation 6.2.4 or 6.2.5,” on page 19. Revised Upgrade the IaaS Components Using the Upgrade Shell Script . Revised “Upgrade Fails to Upgrade the Management Agent or Certificate Not Installed on a IaaS Node,” on page 64. Initial release. 5 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 6 VMware, Inc. vRealize Automation 6.2.4 or 6.2.5 Prerequisites, Considerations, and Process 1 You can perform an in-place upgrade of your current VMware vRealize ™ Automation 6.2.4 or 6.2.5 environment to the latest version. You use several upgrade procedures specific to this version to upgrade your environment. An in-place upgrade is a multi-stage process in which you perform procedures in a particular order on the various components in your current environment. You must upgrade all product components to the same version. New vRealize Automation features introduce several enhancements along with the ability to upgrade or migrate to the new version. For recommendations and guidance before you begin the upgrade process, visit the vRealize Automation Upgrade Assistance Program web page at http://www.vmware.com/products/vrealize-automation/upgrade-center before you begin the upgrade process. Beginning with vRealize Automation 7.2, JFrog Artifactory Pro is no lunger bundled with the vRealize Automation appliance. If you upgrade from an earlier version of vRealize Automation, the upgrade process removes JFrog Artifactory Pro. For more information, see Knowledge Base 2147237. Note If you have customized your current vRealize Automation 6.2.4 or 6.2.5 deployment, contact your CCE support staff for additional information about upgrade considerations. This chapter includes the following topics: n “Prerequisites for Upgrading from vRealize Automation 6.2.4 or 6.2.5,” on page 7 n “Considerations About Upgrading to This vRealize Automation Version,” on page 9 n “Checklist for Upgrading vRealize Automation 6.2.4 or 6.2.5,” on page 13 Prerequisites for Upgrading from vRealize Automation 6.2.4 or 6.2.5 Before you upgrade, review the following prerequisites. System Configuration Requirements Verify the following system requirements are met before you begin an upgrade. n Verify that all appliances and servers that are part of your deployment meet the system requirements for the latest version. See the vRealize Automation Support Matrix at https://www.vmware.com/support/pubs/vcac-pubs.html. n Consult the VMware Product Interoperability Matrix on the VMware Web site for information about compatibility with other VMware products. VMware, Inc. 7 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 n Verify that the vRealize Automation you are upgrading from is in stable working condition. Correct any problems before upgrading. n If you are upgrading from vRealize Automation 6.2.x, record the vCloud Suite license key you used for your current vRealize Automation environment. Upon upgrade, existing license keys are removed from the database. You do not need to record the license if you are upgrading from vRealize Automation 7.x. Hardware Configuration Requirements Verify the following system requirements are met before you begin an upgrade. n You must configure your current hardware before you download the upgrade. See “Increase vCenter Server Hardware Resources for vRealize Automation 6.2.4 or 6.2.5,” on page 19. n You must have at least 18 GB RAM, 4 CPUs, Disk1 = 50 GB, Disk3=25 GB, and Disk4=50 GB before you run the upgrade. If the virtual machine is on vCloud Networking and Security, you might need to allocate more RAM space. ® Although general support for VMware vCloud Networking and Security ™ 5.5.x (vCNS) ended in September 2016, the VCNS custom properties continue to be valid for VMware NSX ™ purposes. See the VMware Knowledge Base article End of Availability and End of General Support for VMware vCloud Networking and Security 5.5.x (2144733) at http://kb.vmware.com/kb/2144733 for more information. n Your primary IaaS Web site, Microsoft SQL database, and Model Manager node must have the Microsoft .NET Framework 4.5.2 version and at least 5 GB of free disk space. n Your primary IaaS Web site, Microsoft SQL database, and Model Manager node must have JAVA SE Runtime Environment 8, 64bits, update 91 or higher installed. After you install Java, you must set the environment variable, JAVA_HOME, to the new version on each server node. n You must have at least 5.3 GB of free disk space on the root partition of each vRealize Automation appliance to download and run the upgrade. n Check the /storage/log subfolder and remove any older archived ZIP files to clean up space. General Prerequisites Verify the following system requirements are met before you begin an upgrade. 8 n You have access to an Active Directory account with a username@domain format and permissions to bind to the directory. n You have access to an account with a SAMaccountName format and sufficient privileges to join the system to the domain by creating a computer object dynamically or to merge into a pre-created object. n You have access to all databases and all load balancers impacted by or participating in the vRealize Automation upgrade. n You make the system unavailable to users while you perform the upgrade. n You disable any applications that query vRealize Automation. n Verify that Microsoft Distributed Transaction Coordinator (MSDTC) is enabled on all vRealize Automation and associated SQL servers. For instructions, see the VMware Knowledge Base article Various tasks fail after upgrading or migrating to VMware vCloud Automation Center (vCAC) 6.1.x (2089503) at http://kb.vmware.com/kb/2089503. n If your site uses an external vRealize Orchestrator appliance, and your deployment uses an external vRealize Orchestrator appliance that is connected to the Identity Appliance, upgrade vRealize Orchestrator before you upgrade vRealize Automation. VMware, Inc. Chapter 1 vRealize Automation 6.2.4 or 6.2.5 Prerequisites, Considerations, and Process n If you are upgrading a distributed environment configured with an embedded PostgreSQL database, examine the files in the pgdata directory on the master host before you upgrade the replica hosts. Navigate to the PostgreSQL data folder on the master host at /var/vmware/vpostgres/current/pgdata/. Close any opened files in the pgdata directory and remove any files with a .swp suffix. Verify that all files in this directory have correct ownership: postgres:users. n If you installed a Common Components Catalog component, you must uninstall it before you upgrade. For information about how to uninstall, install, and upgrade Common Components Catalog components, see the Common Components Catalog Installation Guide. Considerations About Upgrading to This vRealize Automation Version vRealize Automation 7 introduced various functional changes during and after the upgrade process that you must consider before you upgrade your vRealize Automation deployment to the new version. Note New vRealize Automation features introduce several enhancements along with the ability to upgrade or migrate to the new version. For recommendations and guidance before you begin the upgrade process, visit the vRealize Automation Upgrade Assistance Program web page at http://www.vmware.com/products/vrealize-automation/upgrade-center before you begin the upgrade process. Review the considerations in the subtopics before you upgrade. Upgrade and Identity Appliance Specifications You configure identity appliance upgrade information in response to prompts that are generated by the vRealize Automation upgrade executable. The target deployment uses the VMware Identity Manager. Upgrade and Licensing During the upgrade, your existing vRealize Automation 6.x licenses, and any vCloud Suite 6.x licenses that you have, are removed. You must reenter your licenses in the vRealize Automation 7 vRealize Automation appliance. You now use vRealize Automation licensing for virtual appliances and IaaS by entering license key information in the vRealize Automation appliance. Licensing information is no longer available in the IaaS user interface and IaaS no longer performs licensing checks. Endpoints and quotas are enforced through the end-user license agreements (EULAs). Note Write down your vCloud Suite 6.x license key if you used it for vRealize Automation 6.2.x before the upgrade. Upon upgrade, existing license keys are removed from the database. For more information about re-entering your license information during or after upgrade, see “Update the License Key,” on page 28 . Understanding How Roles Are Upgraded When you upgrade vRealize Automation, your organization's existing role assignments are maintained. The upgrade also creates some role assignments to support additional blueprint architect roles. The following architect roles are used to support the blueprint definition in the design canvas: n Application architect. Assembles existing components and blueprints to create composite blueprints. n Infrastructure architect. Creates and manages machine blueprints. n XaaS architect. Creates and manages XaaS blueprints. VMware, Inc. 9 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 n Software architect. Creates and manages Software components. In vRealize Automation 7, tenant administrators and business group managers cannot design blueprints by default. Upgraded tenant administrators and business group managers are given the infrastructure architect role. All users with the ability to reconfigure a machine in the vRealize Automation 6.2 source version are authorized to change machine ownership after upgrading to this vRealize Automation version. The following role assignments are made during the upgrade. Roles that are not listed in the table are upgraded to the same role name in the target deployment. Table 1‑1. Roles Assigned During Upgrade Role in Source Deployment Role in Target Deployment Tenant administrator Tenant administrator and Infrastructure architect Business group manager Business group manager and Infrastructure architect Service architect XaaS architect Application architect Software architect For more information about tenant roles, see Foundations and Concepts. Understanding How Blueprints Are Upgraded As a rule, published blueprints are upgraded as published blueprints. However, there are exceptions to that rule. Multi-machine blueprints are upgraded as composite blueprints that contain blueprint components. Multi-machine blueprints that contain unsupported settings are upgraded as unpublished. For related information see “Upgrade and vApp Blueprints, vCloud Endpoints, and vCloud Reservations,” on page 10 and “Understanding How Multi-Machine Blueprints Are Upgraded,” on page 11. Upgrade and vApp Blueprints, vCloud Endpoints, and vCloud Reservations You cannot upgrade a deployment that contains vApp (vCloud) endpoints. The presence of endpoints of type vApp (vCloud) prevent upgrade to vRealize Automation 7.2. When upgrade encounters a vApp (vCloud) endpoint in the source deployment, upgrade fails on the master virtual appliance and reports a message in the user interface and log. You can determine if your source deployment contains vApp (vCloud) endpoint by logging in to vRealize Automation with Iaas Administrator privileges, selecting Infrastructure > Endponts and noting the platform type value in the Endpoints list. If the list contains endpoints of platform type vApp (vCloud), upgrade to 7.2 is not supported. Managed vApps for vCloud Air or vCloud Director resources are not supported in the target vRealize Automation deployment. Note A known issue exists where the following deprecated approval policy types appear in the list of available approval policy types after upgrade is finished. These policy types are unusable. n Service Catalog - Catalog Item Request - vApp n Service Catalog - Catalog Item Request - vApp Component You can create vCloud Air and vCloud Director endpoints and reservations in the target deployment. You can also create blueprints that contain vCloud Air or vCloud Director machine components. 10 VMware, Inc. Chapter 1 vRealize Automation 6.2.4 or 6.2.5 Prerequisites, Considerations, and Process Understanding How Multi-Machine Blueprints Are Upgraded You can upgrade managed service, multi-machine blueprints from a supported vRealize Automation 6.2.x version deployment. When you upgrade a multi-machine blueprint, component blueprints are upgraded as separate singlemachine blueprints. The multi-machine blueprint is upgraded as a composite blueprint in which its previous children blueprints are nested as separate blueprint components. The upgrade creates a single composite blueprint in the target deployment that contains one machine component for each component blueprint in the source multi-machine blueprint. If the multi-machine blueprint contains a setting that is not supported in the target vRealize Automation deployment, the blueprint is upgraded but its status is changed to draft in the target deployment. For example, if the multimachine blueprint contains a private network profile, the private network profile setting is ignored during upgrade and the blueprint is upgraded in a draft state. You can edit the draft blueprint to specify different network profile information and publish it. Note If a published blueprint in the source deployment is upgraded to a draft status blueprint, the blueprint is no longer part of a service or entitlement. After you update and publish the blueprint in vRealize Automation 7.2, you must recreate its needed approval policies and entitlements. Some multi-machine blueprint settings are not supported in the target vRealize Automation deployment, including private network profiles and routed network profiles with associated PLR edge settings. Note that if you have used a custom property to specify PLR edge settings (VCNS.LoadBalancerEdgePool.Names ), the custom property is upgraded. If the multi-machine blueprint uses vSphere endpoints and NSX network and security settings, the upgraded composite blueprint also contains NSX network and security components in the design canvas. Note Routed gateway specifications for multi-machine blueprints, as defined in reservations, are upgraded. However, the target vRealize Automation deployment does not support reservations for routed profiles that contain associated PLR edge settings. If the source reservation contains a routed gateway value for a PLR edge, the reservation is upgraded but the routed gateway setting is ignored. As a result, the upgrade generates an error message in the log file and the reservation is disabled. During upgrade, spaces and special characters are removed from referenced network and security component names. Depending on the setting type, the network and security information is captured as several settings in the new blueprint. n Settings for the overall blueprint on its properties page. This information includes app isolation, transport zone, and routed gateway or NSX edge reservation policy information. n Available settings for vSphere machine components in NSX network and security components in the design canvas. n Settings in the network and security tabs of individual vSphere machine components in the design canvas. VMware, Inc. 11 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 Upgrade and Physical Endpoints, Reservations, and Blueprints You cannot upgrade a deployment that contains physical endpoints. The presence of endpoints of type physical prevents the vRealize Automation upgrade process from completing. When upgrade encounters a physical endpoint in the source deployment, upgrade fails on the master virtual appliance and reports a message in the user interface and log. You can determine if your source deployment contains physical endpoints by logging in to vRealize Automation with Iaas Administrator privileges, selecting Infrastructure > Endponts and noting the platform type value in the endpoints list. If the list contains endpoints of Platform Type Physical, upgrade is not supported. Physical endpoints, reservations, and machine components in blueprints are not supported in the target vRealize Automation deployment. Upgrade and Network Profile Settings Private network profiles are not supported in the target deployment and are ignored during the upgrade. Routed network profiles with associated PLR edge settings are also not supported in the target deployment and are also ignored during the upgrade. The private network profile type is not supported in the target vRealize Automation deployment. When the vRealize Automation upgrade executable encounters a private network profile in the source deployment, it ignores the network profile. Load balancers that reference those private networks are also ignored during upgrade. The same upgrade conditions are true for a routed network profile with associated PLR edge settings. Neither network profile configuration is upgraded. If a reservation contains a private network profile, the private network profile setting is ignored during upgrade and the reservation is upgraded as disabled in the target deployment. If a reservation contains a routed network profile with associated PLR edge settings, the routed network profile specification is ignored during upgrade and the reservation is upgraded as disabled in the target deployment. For information about upgrading a multi-machine blueprint that contains network settings, see “Understanding How Multi-Machine Blueprints Are Upgraded,” on page 11. Upgrade and Entitled Actions You cannot upgrade machine actions. The actions that you are entitled to perform on provisioned machines, based on blueprint specifications, are not upgraded. To recreate allowed machine actions, customize the entitlements for blueprints to enable only certain actions. For related information, see Configuring vRealize Automation. Upgrade and Custom Properties All the custom properties that vRealize Automation supplies are available in the upgraded deployment. Custom properties and property groups are upgraded. Terminology and Related Changes All the build profiles that you created in the source deployment are upgraded as property groups. The term build profile has been retired. The term property set has been retired and CSV property set files are no longer available. 12 VMware, Inc. Chapter 1 vRealize Automation 6.2.4 or 6.2.5 Prerequisites, Considerations, and Process Case-sensitivity in Custom Property Names Prior to vRealize Automation 7.0, custom property names were case-insensitive. In vRealize Automation 7.0 and later, custom property names are case-sensitive. During upgrade, custom property names must be an exact match, including their case, to ensure that property values do not override one another and that they correctly match property dictionary definitions. For example, a custom property expressed as hostname and another custom property expressed as HOSTNAME are considered different custom properties by vRealize Automation 7.0 and later and do not override one another during upgrade. Reserved Property Names Several keywords are now reserved and some upgraded properties might be impacted. Some keywords are used by the blueprint code that can be imported, for example by using vRealize CloudClient blueprint import functions. These keywords are considered reserved and are not available for properties that are being upgraded. The keywords include but are not limited to cpu, storage, and memory. Upgrade and Application Services Application Services upgrade is not currently supported in the target vRealize Automation deployment. Upgrade and Advanced Service Design When you upgrade to the target vRealize Automation deployment, your Advanced Service Design items are upgraded to XaaS elements. XaaS components are available for use in the design canvas. Upgrade and Blueprint Cost Information As of 7.0, vRealize Automation cost profiles are no longer supported and are not migrated into the target deployment during upgrade. However, you can leverage the enhanced integration with vRealize Business to manage your vRealize Automation resource costs. vRealize Business is now tightly integrated with vRealize Automation and supports the following enhanced costing features. n Unified location in vRealize Business to define flexible pricing policies for: n Infrastructure resource, machine, and application blueprints n All types of endpoints in vRealize Automation n Any operational cost, one time cost, and cost on custom properties n Role-based showback reports in vRealize Business n Fully leverage new features in vRealize Business Before you upgrade, you can export your existing cost reports from your source vRealize Automation instance for reference. After you complete your upgrade, you can install and configure vRealize Business to handle costing. Checklist for Upgrading vRealize Automation 6.2.4 or 6.2.5 When you perform an upgrade, you update all vRealize Automation components in a specific order. The order of upgrade varies depending on whether you are upgrading a minimal environment or a distributed environment with multiple vRealize Automation appliances. VMware, Inc. 13 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 Use the checklists to track your work as you complete the upgrade. Complete the tasks in the order they are given. You must upgrade components in the prescribed order and upgrade all components. Using a different order can result in unexpected behavior after the upgrade or failure of the upgrade to complete. Table 1‑2. Checklist for Upgrade of a Minimal vRealize Automation Environment Task Backup your current installation. This is a critical step. Shut down vRealize Automation Windows services on your Iaas server. If the Common Components Catalog is installed, you must uninstall it before you upgrade. Review the considerations for upgrade so that you understand what can be upgraded, what cannot be upgraded, and how upgraded items might behave differently in the target deployment than in the source. Not all items, including blueprints, reservations, and endpoints can be upgraded. The presence of some unsupported configurations blocks upgrade. Configure your hardware resources. Download updates to the vRealize Automation appliance. Install the update on the vRealize Automation appliance. Update the Single-Sign On utility to the VMware Identity Manager utility. Update the license key. Migrate the Identity Store to the VMware Identity Manager. For more information on how to back up and restore your system, see “Back Up Your Existing vRealize Automation 6.2.4 or 6.2.5 Environment,” on page 18. For general information, see Configuring Backup and Restore by Using Symantec Netbackup at http://www.vmware.com/pdf/vrealize-backup-and-restorenetbackup.pdf See “Shut Down vCloud Automation Center Services on Your IaaS Windows Server,” on page 21. For information about how to uninstall, install, and upgrade the Common Components Catalog, see the Common Components Catalog documentation. See “Considerations About Upgrading to This vRealize Automation Version,” on page 9. See “Increase vCenter Server Hardware Resources for vRealize Automation 6.2.4 or 6.2.5,” on page 19. See “Downloading vRealize Automation Appliance Updates,” on page 22. See “Install the Update on the vRealize Automation 6.2.4 or 6.2.5 Appliance,” on page 25. See “Update Your Single Sign-On Password for VMware Identity Manager,” on page 27. See “Update the License Key,” on page 28. “Migrate Identity Stores to the VMware Identity Manager,” on page 28 Upgrade IaaS components. See Chapter 4, “Upgrading the IaaS Server Components After Upgrading vRealize Automation6.x to 7.2,” on page 35. Upgrade the external vRealize Orchestrator. See Chapter 5, “Updating vRealize Orchestrator After Upgrading from vRealize Automation 6.x to 7.2,” on page 43. Add users or groups to an Active Directory connection. 14 Instructions See Chapter 6, “Add Users or Groups to an Active Directory Connection,” on page 47. VMware, Inc. Chapter 1 vRealize Automation 6.2.4 or 6.2.5 Prerequisites, Considerations, and Process Table 1‑3. Checklist for Upgrade of a vRealize Automation Distributed Environment Task step. Backup your current installation. This is a critical Shut down vRealize Automation services on your Iaas Windows servers. If the Common Components Catalog is installed, you must uninstall it before you upgrade. Configure your hardware resources for the upgrade. Download updates to the vRealize Automation appliance. Install the update on the first vRealize Automation appliance in your installation. If you have designated an appliance as a master, upgrade this appliance first. Update the Single-Sign On utility to the VMware Identity Manager utility. Update the license key. Migrate the Identity Store to the VMware Identity Manager utility. Install the update on the rest of your vRealize Automation appliances. For more information on how to back up and restore your system, see “Back Up Your Existing vRealize Automation 6.2.4 or 6.2.5 Environment,” on page 18. For detailed information, see Configuring Backup and Restore by Using Symantec Netbackup at http://www.vmware.com/pdf/vrealize-backup-and-restorenetbackup.pdf See “Shut Down vCloud Automation Center Services on Your IaaS Windows Server,” on page 21. For information about how to uninstall, install, and upgrade the Common Components Catalog, see the Common Components Catalog documentation. See “Increase vCenter Server Hardware Resources for vRealize Automation 6.2.4 or 6.2.5,” on page 19. See “Downloading vRealize Automation Appliance Updates,” on page 22. See “Install the Update on the vRealize Automation 6.2.4 or 6.2.5 Appliance,” on page 25. See “Update Your Single Sign-On Password for VMware Identity Manager,” on page 27. See “Update the License Key,” on page 28. “Migrate Identity Stores to the VMware Identity Manager,” on page 28 “Install the Update on Additional vRealize Automation 6.2.4 or 6.2.5 Appliances,” on page 33 Upgrade IaaS components. See Chapter 4, “Upgrading the IaaS Server Components After Upgrading vRealize Automation6.x to 7.2,” on page 35. Upgrade the external vRealize Orchestrator. See Chapter 5, “Updating vRealize Orchestrator After Upgrading from vRealize Automation 6.x to 7.2,” on page 43 . Enable your load balancers. VMware, Inc. Instructions Chapter 7, “Enable Your Load Balancers,” on page 49 15 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 16 VMware, Inc. Preparing to Upgrade vRealize Automation 6.2.4 or 6.2.5 2 You must perform various tasks and procedures before you upgrade vRealize Automation. Perform the tasks in the order they appear in the checklist. See “Checklist for Upgrading vRealize Automation 6.2.4 or 6.2.5,” on page 13. This chapter includes the following topics: n “Backup Prerequisites for Upgrading vRealize Automation 6.2.4 or 6.2.5,” on page 17 n “Shut Down vCloud Automation Center Services on Your IaaS Windows Server,” on page 21 n “Downloading vRealize Automation Appliance Updates,” on page 22 Backup Prerequisites for Upgrading vRealize Automation 6.2.4 or 6.2.5 Complete the backup prerequisites before you begin your upgrade. Prerequisites n Verify that your source installation is fully installed and configured. n Log in to your vSphere Client and for each appliance in your source environment, backup all the vRealize Automation appliance configuration files in the following directories . n n /etc/vcac/ n /etc/vco/ n /etc/apache2/ n /etc/rabbitmq/ Backup the vRealize Automation external workflow configuration (xmldb) files on your system. Store the backup files in a temporary directory. These files are located at \VMware\vCA\Server\ExternalWorkflows\xmldb\. You restore the xmldb files on your new system after migration. See “Restore External Workflow Timeout Files,” on page 51. For a related issue, see “Backup Copies of .xml Files Cause the System to Time Out,” on page 64. n VMware, Inc. Backup the vRealize Automation PostgreSQL database on the master vRealize Automation appliance. a Log in to the master vRealize Automation appliance management console. b Select vRA Settings > Database. c Note the vRealize Automation PostgreSQL database settings. d Back up the PostgreSQL database. For information about PostgreSQL database backup, see https://www.postgresql.org/. 17 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 n Create a snapshot of your tenant configuration and the users assigned. n Backup any files you have customized, such as DataCenterLocations.xml. n Create a snapshot of each virtual appliance and IaaS server. Adhere to regular guidelines for backing up the entire system in case vRealize Automation upgrade is unsuccessful. See Backup and Recovery for vRealize Automation Installations. Back Up Your Existing vRealize Automation 6.2.4 or 6.2.5 Environment Before you upgrade, shut down and take a snapshot of your vRealize Automation 6.2.4 or 6.2.5 environment components. Before you upgrade, take a snapshot of these components while your system is shut down. n vRealize Automation IaaS servers (Windows nodes) n vRealize Automation appliances (Linux nodes) n vRealize Automation (SSO) Identity node If the upgrade fails, you can use the snapshot to return to the last known good configuration and attempt another upgrade. Prerequisites n Verify that the embedded PostgreSQL database is in high-availability mode. If it is, locate the current Master node. See the knowledge base article http://kb.vmware.com/kb/2105809. n If your environment has an external PostgreSQL database, create a database backup file. n If the vRealize Automation Microsoft SQL database is not hosted on the IaaS server, create a database backup file. n Verify that you have completed the backup prerequisites for upgrading. n Verify that you have taken a snapshot of your system while it is shut down. This is the preferred method of taking a snapshot. See your vSphere 6.0 Documentation. If you cannot shut down your system, take an in-memory snapshot of all the nodes. This is the nonpreferred method and should only be used if you cannot take a snapshot while the system is shut down. n If you modified the app.config file, make a backup of that file. See “Restore Changes to Logging in the app.config File,” on page 53. n Make a backup of the external workflow configuration (xmldb) files. See “Restore External Workflow Timeout Files,” on page 51. n Verify that you have a location outside your current folder where you can store your backup file. See “Backup Copies of .xml Files Cause the System to Time Out,” on page 64. Procedure 1 Log in to your vCenter Server. 2 Locate these vRealize Automation 6.2.4 or 6.2.5 components. 3 n vRealize Automation IaaS servers (Windows nodes) n vRealize Automation appliances (Linux nodes) n vRealize Automation (SSO) Identity node Select a machine and click Shutdown guest in the following order. a 18 IaaS proxy agent virtual machines VMware, Inc. Chapter 2 Preparing to Upgrade vRealize Automation 6.2.4 or 6.2.5 b DEM Worker virtual machines c DEM Orchestrator virtual machine d Manager Service virtual machine e WEB Service virtual machines f Secondary vRealize Automation virtual appliances g Primary vRealize Automation virtual appliance h Manager machines (if any) i Identity Appliance 4 Take a snapshot of all vRealize Automation 6.2.4 or 6.2.5 machines. 5 Clone the vRealize Automation appliance nodes and perform the upgrade on the cloned machines. Keep the original, in case system restore is required later on. What to do next “Increase vCenter Server Hardware Resources for vRealize Automation 6.2.4 or 6.2.5,” on page 19 Increase vCenter Server Hardware Resources for vRealize Automation 6.2.4 or 6.2.5 Before you upgrade from vRealize Automation 6.2.4 or 6.2.5, you must increase hardware resources for each VMware vRealize ™ Automation appliance. If you have taken a snapshot of each vRealize Automation appliance, you must clone each appliance and increase the hardware resources on each clone. Ensure that you have at least 60 GB of free space on each appliance in your VMware vCenter Server ™. After you clone your appliances, power off the original appliances before you perform this procedure on each appliance clone. These steps are based on the Windows client. Procedure 1 Log in to vCenter Server. 2 Right-click a cloned vRealize Automation appliance icon and select Edit Settings. 3 Select Memory and set the value to 18 GB. 4 Select CPU and set the Number of virtual sockets value to 4. 5 Extend the size of virtual Disk 1 to 50 GB. 6 VMware, Inc. a Select Disk 1. b Change the size to 50 GB. c Click OK. If you do not have Disk 3, complete these steps to add a Disk 3 with a disk size of 25 GB. a Click Add above the Resources table to add a virtual disk. b Select Hard Disk for the Device Type, and click Next. c Select Create a new virtual disk, and click Next. d Set disk size value to 25 GB. e Select Store with the virtual machine and click Next. 19 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 f Verify that the Independent option is deselected for Mode and SCSI (0:2) is selected for Virtual Device Mode, and click Next. If prompted to accept recommended settings, accept the recommended settings. 7 8 g Click Finish. h Click OK. If there is an existing virtual Disk 4 from a previous vRealize Automation release, complete these steps. a Power on the virtual machine. b Open a new command prompt and navigate to /etc/fstab. c Open the fstab file, and remove lines starting with /dev/sdd that contain the Wal_Archive write ahead logs. d Save the file. e Power off the virtual machine. f Right-click the cloned vRealize Automation appliance icon and select Edit Settings. g Delete Disk 4 on the cloned virtual machine and complete the next step to create a new Disk 4 with a disk size of 50 GB. Complete these steps to add a Disk 4 with a disk size of 50 GB. a Click Add above the Resources table to add a virtual disk. b Select Hard Disk for the Device Type, and click Next. c Select Create a new virtual disk, and click Next. d Set disk size value to 50 GB. e Select Store with the virtual machine and click Next. f Verify that the Independent option is deselected for Mode and SCSI (0:3) is selected for Virtual Device Mode, and click Next. If prompted to accept recommended settings, accept the recommended settings. 9 g Click Finish. h Click OK. Create a snapshot of the virtual machine. What to do next “Power On the Entire System,” on page 20. Power On the Entire System After you increase the vCenter hardware resources for upgrade, you power on the system before you perform the upgrade. Prerequisites 20 n “Back Up Your Existing vRealize Automation 6.2.4 or 6.2.5 Environment,” on page 18 n “Increase vCenter Server Hardware Resources for vRealize Automation 6.2.4 or 6.2.5,” on page 19 VMware, Inc. Chapter 2 Preparing to Upgrade vRealize Automation 6.2.4 or 6.2.5 Procedure 1 Power on the entire system. For instructions, see the vRealize Automation 6.2 version of the Start Up vRealize Automation topic. Note If you have a high availability environment, use this procedure to power on your virtual appliances. 2 a Power on the virtual appliance that you powered off last. b Wait one minute. c Power on the remaining virtual appliances. Verify that the system is fully functional. What to do next “Shut Down vCloud Automation Center Services on Your IaaS Windows Server,” on page 21 Shut Down vCloud Automation Center Services on Your IaaS Windows Server When necessary, you can use the following procedure to shut down services on your IaaS Windows server. Before you begin the upgrade, shut down vCloud Automation Center services on your IaaS Windows servers. Shut down vCloud Automation Center services in the recommended order for all servers that are running IaaS services. Note Except for a passive backup instance of the Manager Service, the startup type for all services must be set to Automatic during the upgrade process. The upgrade process fails if you set services to Manual. Procedure 1 Log in to your IaaS Windows server. 2 Select Start > Administrative Tools > Services. 3 Shut down services in the following order. Be sure not to shut down the actual machine. Each virtual machine has a Management agent, which must be stopped with each set of services. 4 a All VMware vCloud Automation Center agents b All VMware DEM workers c VMware DEM orchestrator d VMware vCloud Automation Center Service For distributed installation deployments with load balancers, disable all of the secondary nodes and remove the vRealize Automation health monitors for the following items. a vRealize Automation appliance b IaaS Website c IaaS Manager Service Verify that load balancer traffic is directed only to the primary nodes and that the vRealize Automation health monitors are removed, otherwise the upgrade fails. VMware, Inc. 21 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 5 Verify that the IaaS service hosted in Microsoft Internet Information Services (IIS) is running by performing the following steps. a In your browser, go to the URL https://webhostname/Repository/Data/MetaModel.svc to verify that the Web Repository is running. If successful, no errors are returned and you see a list of models in XML format. b Check the status recorded in the Repository.log file on the Web node of the Iaas virtual machine to see that status reports OK. The file is located in the VCAC home folder at /Server/Model Manager Web/Logs/Repository.log. For a distributed IaaS Website, log in to the secondary website, without MMD, and stop Microsoft IIS temporarily. Check the MetaModel.svc connectivity, and start the Microsoft IIS to ensure that the load balancer traffic is going only through the primary Web node. What to do next “Downloading vRealize Automation Appliance Updates,” on page 22 . Downloading vRealize Automation Appliance Updates You can check for updates on the management console for your appliance, and download the updates using one of the following methods. For best upgrade performance, use the ISO file method. n Download vRealize Automation Appliance Updates from a VMware Repository on page 22 You can download the update for your vRealize Automation appliance from a public repository on the vmware.com Web site. n Download Virtual Appliance Updates for Use with a CD-ROM Drive on page 23 You can update your virtual appliance from an ISO file that the appliance reads from the virtual CDROM drive. This is the preferred method. Download vRealize Automation Appliance Updates from a VMware Repository You can download the update for your vRealize Automation appliance from a public repository on the vmware.com Web site. Prerequisites Back up your existing vRealize Automation environment . Ensure that your virtual appliance is powered on. Procedure 1 Go to the management console for your virtual appliance by using its fully qualified domain name, https://va-hostname.domain.name:5480. 2 Log in with the user name root and the password you specified when the appliance was deployed. 3 Click the Update tab. 4 Click Settings. 5 (Optional) Set how often to check for updates in the Automatic Updates panel. 6 Select Use Default Repository in the Update Repository panel. The default repository is set to the correct VMware.com URL. 7 22 Click Save Settings. VMware, Inc. Chapter 2 Preparing to Upgrade vRealize Automation 6.2.4 or 6.2.5 Download Virtual Appliance Updates for Use with a CD-ROM Drive You can update your virtual appliance from an ISO file that the appliance reads from the virtual CD-ROM drive. This is the preferred method. You download the ISO file and set up the primary appliance to use this file to upgrade your appliance. Prerequisites n Back up your existing vRealize Automation environment. n All CD-ROM drives you use in your upgrade must be enabled before you update a vRealize Automation appliance. See the vSphere documentation center for information about adding a CD-ROM drive to a virtual machine in the vSphere client. Procedure 1 To download the update repository ISO file, go to the vRealize Automation product page at www.vmware.com. Click vRealize Automation Download Resources to go to the VMware download page. 2 Locate the downloaded file on your system to verify that the file size is the same as the file on the VMware download page. Use the checksums provided on the download page to validate the integrity of your downloaded file. For more information, see the links at the bottom of the VMware download page. 3 Verify that your primary virtual appliance is powered on. 4 Connect the CD-ROM drive for the primary virtual appliance to the ISO file you downloaded. 5 Go to the management console for your virtual appliance by using its fully qualified domain name, https://va-hostname.domain.name:5480. 6 Log in with the user name root and the password you specified when the appliance was deployed. 7 Click the Update tab. 8 Click Settings. 9 Under Update Repository, select Use CDROM Updates. 10 Click Save Settings. VMware, Inc. 23 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 24 VMware, Inc. Updating the vRealize Automation 6.2.4 or 6.2.5 Appliance 3 After you complete the upgrade prerequisites and download the virtual appliance update, you install updates and reconfigure some settings for the primary vRealize Automation appliance node. After you upgrade the primary vRealize Automation appliance node, you upgrade the other nodes in your environment in the following order: 1 Each secondary vRealize Automation appliance 2 The IaaS Website 3 IaaS Manager Service 4 IaaS DEM 5 IaaS Agent 6 Upgrade or migrate each external vRealize Orchestrator instance This chapter includes the following topics: n “Install the Update on the vRealize Automation 6.2.4 or 6.2.5 Appliance,” on page 25 n “Update Your Single Sign-On Password for VMware Identity Manager,” on page 27 n “Update the License Key,” on page 28 n “Migrate Identity Stores to the VMware Identity Manager,” on page 28 n “Install the Update on Additional vRealize Automation 6.2.4 or 6.2.5 Appliances,” on page 33 Install the Update on the vRealize Automation 6.2.4 or 6.2.5 Appliance You install the VMware vRealize ™ Automation 7.2 update on the vRealize Automation 6.2.4 or 6.2.5 appliance and configure appliance settings. Support for a PostgreSQL external database is discontinued beginning with vRealize Automation 7.1. The upgrade process merges the data from an existing PostgreSQL external database with the PostgreSQL internal database that is part of the vRealize Automation appliance. Details regarding the data collected through CEIP and the purposes for which it is used by VMware are set forth at the Trust & Assurance Center at http://www.vmware.com/trustvmware/ceip.html. Do not close the management console while you install the update. If you encounter any problems during the upgrade process, see Chapter 9, “Troubleshooting the vRealize Automation 6.2.4 or 6.2.5 Upgrade,” on page 55. VMware, Inc. 25 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 Prerequisites n Verify you selected a download method and downloaded the update. See “Downloading vRealize Automation Appliance Updates,” on page 22. n For all high-availability deployments, see “Back Up Your Existing vRealize Automation 6.2.4 or 6.2.5 Environment,” on page 18. n For deployments with load balancers, verify that the traffic is directed only to the primary node and that the health monitors are disabled. n If you have a Common Components Catalog component installed in your environment, uninstall the component before you upgrade. For information, see the Common Components Catalog Installation Guide. n Verify that the jdbc:postgresql database connection points to the external IP address of the master PostgreSQL node. a On each vRealize Automation appliance, open a new command prompt. b Navigate to /etc/vcac/server.xml, and back up server.xml. c Open server.xml. d If necessary, edit the server.xml file entry jdbc:posgresql that points to the Postgres database and point it to the external IP address of the master PostgreSQL node for external PostgreSQL or master virtual appliance for embedded PostgreSQL. For example, jdbc:postgresql://198.15.100.60:5432/vcac n Verify that all saved and in-progress requests have finished successfully before you upgrade. Procedure 1 Open the vRealize Automation appliance management console. a Go to the management console for your virtual appliance by using its fully qualified domain name, https://va-hostname.domain.name:5480. b Log in with the user name root and the password you specified when the appliance was deployed. 2 Click the Services tab and verify that each service, except iaas-service, is listed as REGISTERED. 3 Select Update > Settings. 4 Select one of the following: n Use Default Repository n Use CDROM Updates. 5 Click Save Settings. 6 Select Status. 7 Click Check Updates to verify that an update is accessible. 8 (Optional) For instances of vRealize Automation appliance, click Details in the Appliance Version area to see information about the location of release notes. 9 Click Install Updates. 10 Click OK. A message stating that the update is in progress appears. 26 VMware, Inc. Chapter 3 Updating the vRealize Automation 6.2.4 or 6.2.5 Appliance 11 (Optional) If you have not resized Disk 1 to 50 GB manually, perform the following steps. a When the system prompts you to reboot the virtual appliance, click the System tab and click Reboot. During the reboot, the system adjusts the space required for the update. 12 b After the system reboots, log in again to the vRealize Automation appliance management console, verify that each service, except iaas-service, is listed as REGISTERED and select Update > Status. c Click Check Updates and Install Updates. To view the upgrade progress, open the following log files. n /opt/vmware/var/log/vami/updatecli.log n /opt/vmware/var/log/vami/vami.log n /var/log/vmware/horizon/horizon.log n /var/log/bootstrap/*.log If you log out during the upgrade process and log in again before the upgrade is finished, you can continue to follow the progress of the update in the log file. The updatecli.log file might display information about the version of vRealize Automation that you are upgrading from. This displayed version changes to the proper version later in the upgrade process. The time required for the update to finish varies according to your environment. 13 Read the note about participation in the Customer Experience Improvement Program and select to join or not join the program. For information about the program, click the Telemetry tab in the product management console. For more information about setting parameters for data collection and joining or leaving the Customer Experience Improvement Program, see Managing vRealize Automation. What to do next “Update Your Single Sign-On Password for VMware Identity Manager,” on page 27 Update Your Single Sign-On Password for VMware Identity Manager After you install the updates, you must update the Single Sign-On password for VMware Identity Manager. VMware Identity Manager replaces the Identity Appliance and vSphere SSO components. Procedure 1 Log out of the vRealize Automation appliance management console, close the browser, open the browser again, and log back in. 2 Select vRA Settings > SSO. 3 Enter a new VMware Identity Manager password and click Save Settings. Do not use simple passwords. You can safely ignore the error message SSO server is not connected. It can require several minutes to restart the services. The password is accepted. For a high-availability deployment, the password is applied to the first vRealize Automation appliance node and propagated to all secondary vRealize Automation appliance nodes. VMware, Inc. 27 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 4 5 Reboot the virtual appliance. a Click the System tab. b Click Reboot and confirm your selection. Verify that all services are running. a Log in to the vRealize Automation appliance management console. b Click the Services tab on the console. c Click the Refresh tab to monitor the progress of service startup. You should see a minimum of 30 services. 6 Verify that all services are registered except iaas-service. The release-management service does not start without a vRealize Code Stream license key. What to do next “Update the License Key,” on page 28. Update the License Key You must upgrade your license key to use the latest version of the vRealize Automation appliance. Procedure 1 Go to the management console for your virtual appliance by using its fully qualified domain name, https://va-hostname.domain.name:5480. 2 Log in with the user name root and the password you entered when the appliance was deployed. 3 Select vRA Settings > Licensing. If the Licensing tab is not available, perform the following steps and repeat the procedure. 4 a Log out of the management console. b Clear your browser cache. Enter your new license key in the New License Key text box. Endpoints and quotas are flagged according to your end-user license agreement (EULA). 5 Click Submit Key. What to do next “Migrate Identity Stores to the VMware Identity Manager,” on page 28 Migrate Identity Stores to the VMware Identity Manager When you upgrade from 6.2.4 or 6.2.5 to the current version of vRealize Automation, you must migrate the identity stores. As required in the following procedures, refer to the snapshot of your 6.2.4 or 6.2.5 tenant configuration information. Note After you migrate the identity stores, users of vRealize Code Stream must manually reassign vRealize Code Stream roles. 28 VMware, Inc. Chapter 3 Updating the vRealize Automation 6.2.4 or 6.2.5 Appliance Procedure 1 Create a Local User Account for Your Tenants on page 29 As part of upgrading identity stores, you must set up a tenant with a local user account and assign tenant administrator privileges to the local user account. 2 Synchronize Users and Groups for an Active Directory Link on page 30 To import your users and groups into vRealize Automation using the Directories Management capability, you must connect to your Active Directory link. 3 Migrate Multiple Tenant and IaaS Administrators on page 31 If you have multiple vRealize Automation 6.2.x tenants and IaaS administrators, use the Identity Stores Migration Tool to migrate your tenant administrators to your newly synchronized vsphere.local tenant. Alternatively, you can add them manually to the respective tenants. Create a Local User Account for Your Tenants As part of upgrading identity stores, you must set up a tenant with a local user account and assign tenant administrator privileges to the local user account. Prerequisites Verify that you have set a new VMware Identity Manager password. See “Update Your Single Sign-On Password for VMware Identity Manager,” on page 27. Procedure 1 Log in to the vRealize Automation console with the default system administrator username administrator and password. The console location is https://vra-appliance/vcac/. 2 Click your tenant. For example, for the default tenant, click vsphere.local 3 Select the Local Users tab. 4 Click New. 5 Create a local user account to assign to the tenant administrator role. The local user name should be unique to the vsphere.local active directory. 6 Click OK. 7 Click the Administrators tab. 8 Enter the local user name in the Tenant administrators search box and press Enter. 9 Click Finish. 10 Repeat these steps for each of your tenants. 11 Log out of the console. What to do next “Synchronize Users and Groups for an Active Directory Link,” on page 30 VMware, Inc. 29 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 Synchronize Users and Groups for an Active Directory Link To import your users and groups into vRealize Automation using the Directories Management capability, you must connect to your Active Directory link. Perform this procedure for each of your tenants. Prerequisites Verify that you have access privileges to the Active Directory. Procedure 1 Log in to the vRealize Automation console at: https://vra-appliance/vcac/org/tenant_name 2 Select Administration > Directories Management > Directories. 3 Click Add Directory. 4 Enter your specific Active Directory account settings. u Non-Native Active Directories Option Sample Input Directory Name Enter a unique directory name. Select Active Directory over LDAP when using non-Native Active Directory. This Directory Supports DNS Services Deselect this option. Base DN Enter the Distinguished Name (DN) of the starting point for directory server searches. For example, cn=users,dc=rainpole,dc=local. Bind DN Enter the full distinguished name (DN), including common name (CN), of an Active Directory user account that has privileges to search for users. For example, cn=config_admin infra,cn=users,dc=rainpole,dc=local. Bind DN Password Enter the Active Directory password for the account that can search for users. u Native Active Directories Option Sample Input Directory Name Enter a unique directory name. Select Active Directory (Integrated Windows Authentication) when using Native Active Directory. Domain Name Enter the name of the domain to join. Domain Admin Username Enter the username for the domain admin Domain Admin Password Enter the password for the domain admin account. Bind User UPN Use the email address format to enter the name of the user who can authenticate the domain. Bind DN Password Enter the Active Directory bind account password for the account that can search for users. 5 Click Test Connection to test the connection to the configured directory. 6 Click Save & Next. The Select the Domains page appears, and displays the list of domains. 7 30 Accept the default domain setting and click Next. VMware, Inc. Chapter 3 Updating the vRealize Automation 6.2.4 or 6.2.5 Appliance 8 Verify that the attribute names are mapped to the correct Active Directory attributes, and click Next. 9 Select the groups and users to synchronize. a Click the New icon. b Enter the user domain and click Find Groups. For example, enter dc=vcac,dc=local. 10 c To select the groups to synchronize, click Select and click Next. d On the Select Users page, select the users to synchronize and click Next. Review the users and groups are syncing to the directory, and click Sync Directory. The directory synchronization takes some time and runs in the background. 11 Select Administration > Directories Management > Identity Providers, and click your new identity provider. For example, WorkspaceIDP__1. 12 Scroll to the bottom of the page, and update the value for the IdP Hostname property to point to the FQDN for the vRealize Automation load balancer. 13 Click Save. 14 Repeat steps 11–13 for each tenant and identity provider. 15 After you upgrade all vRealize Automation nodes, log in to each tenant and select Administration > Directories Management > Identity Providers. Each identity provider has all vRealize Automation connectors added to it. For example, if your deployment has two vRealize Automation appliances, the identity provider has two associated connectors. Migrate Multiple Tenant and IaaS Administrators If you have multiple vRealize Automation 6.2.x tenants and IaaS administrators, use the Identity Stores Migration Tool to migrate your tenant administrators to your newly synchronized vsphere.local tenant. Alternatively, you can add them manually to the respective tenants. In a Linux environment, run the Identity Stores Migration Tool as administrator. In a Windows environment, you must have administrative rights on the machine where you run the Identity Stores Migration Tool. Prerequisites Log in to the management console of the master vRealize Automation appliance that you upgraded. Procedure 1 Go to the management console for your virtual appliance by using its fully qualified domain name, https://va-hostname.domain.name:5480. 2 Log in with the user name root and the password you specified when the appliance was deployed. 3 Select vRA Settings > SSO. 4 Perform the following steps according to your operating system. Linux a VMware, Inc. Right-click Identity Stores Migration Tool and select Copy Link Address. 31 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 b Open a secure shell connection as root user to your vRealize Automation 6.2.x SSO virtual appliance. c At the command prompt, run the following command to download the vra-sso-migration.zip file using the link you copied in step 4a. wget --no-check-certificate URL_link_address For example, wget --no-check-certificate https://va_hostname.vcac.local: 5480/service/cafe/download/vra-sso-migration.zip. d Run the following command to unzip the migration file. unzip vra-sso-migration.zip e In the directory where you extracted vra-sso-migration.zip, change directories to bin. cd bin f Edit the migration.properties file in the bin directory to change the value of property vra.system.admin.username from administrator to administrator@vsphere.local. g Run the following command to migrate your tenants and IaaS administrators to your newly synchronized vsphere.local tenant. ./reassign-tenant-administrators Because you are logged in as root user, do not use sudo to run this script. Even if you see your tenant users assigned in your tenant before running this command, you must run this command to register your users in Horizon to obtain full tenant administrator privileges. WIndows a Double-click Identity Stores Migration Tool to download the tool to your Downloads directory. b Log in to the Windows machine where SSO is running. c Copy the vra-sso-migration.zip file from your Downloads directory to a local directory of your choice. d Right-click vra-sso-migration.zip and select Extract all. e Open the extracted vra-sso-migration folder and open the bin folder. f Edit the migration.properties file in the bin directory to change the value of property vra.system.admin.username from administrator to administrator@vsphere.local with the full address including the tenant extension. g Right-click reassign-tenant-administrators.bat and select Run as administrator. Even if you see your tenant users assigned in your tenant before running this command, you must run this command to register your users in Horizon to obtain full tenant administrator privileges. 5 Log in to the vRealize Automation appliance default tenant as tenant administrator. For each tenant, verify that under the Administrators tab you can see the list of migrated tenant administrators. What to do next Upgrade the secondary appliances. See “Install the Update on Additional vRealize Automation 6.2.4 or 6.2.5 Appliances,” on page 33. 32 VMware, Inc. Chapter 3 Updating the vRealize Automation 6.2.4 or 6.2.5 Appliance Install the Update on Additional vRealize Automation 6.2.4 or 6.2.5 Appliances For a high availability environment, the master virtual appliance is the node that runs embedded PostgreSQL in the Master mode. The other nodes in the environment run the embedded PostgreSQL database in Replica mode. During upgrade, the replica virtual appliance does not require database changes. Do not close the management console while you install the update. Prerequisites n Verify that you have downloaded the virtual appliance updates. See “Downloading vRealize Automation Appliance Updates,” on page 22. n Verify that the jdbc:postgresql database connection points to the external IP address of the master PostgreSQL node. a On the vRealize Automation appliance, open a new command prompt. b Navigate to /etc/vcac/server.xml, and back up server.xml. c Open server.xml. d If necessary, edit the server.xml file entry jdbc:posgresql that points to the Postgres database and point it to the external IP address of the master PostgreSQL node for external PostgreSQL or master virtual appliance for embedded PostgreSQL. For example, jdbc:postgresql://198.15.100.60:5432/vcac Procedure 1 Open the vRealize Automation appliance management console for the upgrade. a Go to the management console for your virtual appliance by using its fully qualified domain name, https://va-hostname.domain.name:5480. b Log in with the user name root and the password you specified when the appliance was deployed. c Click the Update tab. 2 Click Settings. 3 Select to download the updates from a VMware repository or CDROM in the Update Repository section. 4 Click Status. 5 Click Check Updates to verify that an update is accessible. 6 Click Install Updates. 7 Click OK. A message stating that the update is in progress appears. 8 (Optional) If you have not resized Disk 1 to 50 GB manually, perform the following steps. a When the system prompts you to reboot the virtual appliance, click the System tab and click Reboot. During the reboot, the system adjusts the space required for the update. VMware, Inc. b After the system reboots, log in again to the vRealize Automation appliance management console and select Update > Status. c Click Check Updates and Install Updates. 33 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 9 Open the log files to verify that upgrade is progressing successfully. n /opt/vmware/var/log/vami/vami.log n /opt/vmware/var/log/vami/updatecli.log n /var/log/vmware/horizon/horizon.log n /var/log/bootstrap/*.log If you log out during the upgrade process and log in, you can continue to follow the progress of the update in the log file /opt/vmware/var/log/vami/updatecli.log. The time it takes for the update to finish depends on your site environment. 10 When the update is finished, log out of the vRealize Automation appliance, clear the cache of your Web browser, and log in to the vRealize Automation appliance management console. 11 Reboot the virtual appliance. a Click System. b Click Reboot and confirm your selection. 12 Log in to the vRealize Automation replica appliance management console. 13 Select vRA Settings > Cluster. 14 Specify the master virtual appliance user name and password. 15 Click Join Cluster. 16 Click Services and verify that each service, except iaas-service, is listed as REGISTERED. What to do next “Download the IaaS Installer to Upgrade IaaS Components After Upgrading vRealize Automation 6.x to 7.2,” on page 38 34 VMware, Inc. Upgrading the IaaS Server Components After Upgrading vRealize Automation 6.x to 7.2 4 After you upgrade VMware vRealize ™ Automation, a system administrator upgrades the IaaS server components, including the Microsoft SQL Server database. You have two options for upgrading the IaaS server components. n Use the automated IaaS upgrade shell script. n Use the vRealize Automation 7.2 IaaS installer msi package. If you have a Common Components Catalog component installed, you must uninstall the component before you upgrade. After you finish the upgrade, you can reinstall the component with the appropriate version. For more information, see the Common Components Catalog Installation Guide. This chapter includes the following topics: n “Upgrade IaaS Components Using the Upgrade Shell Script After Upgrading vRealize Automation 6.x to 7.2,” on page 35 n “Upgrading IaaS Components Using the IaaS MSI Package After Upgrading vRealize Automation 6.x to 7.2,” on page 37 Upgrade IaaS Components Using the Upgrade Shell Script After Upgrading vRealize Automation 6.x to 7.2 Use the upgrade shell script to upgrade the IaaS Components after you update each VMware vRealize ™ Automation appliance. The updated primary or master vRealize Automation appliance contains a shell script that you use to upgrade each IaaS node and component. You can run the upgrade script by using the vSphere console for the virtual machine or by using an SSH console session. If you use the vSphere console, you avoid intermittent network connectivity issues that can break the execution of the script. If you stop the script while it is upgrading a component, the script stops when it completes upgrading the component. If other components on the node still need to be upgraded, you must run the script again. When the upgrade finishes, you can review the upgrade result by opening the upgrade log file at /usr/lib/vcac/tools/upgrade/upgrade.log. Prerequisites n Verify the successful update of all vRealize Automation appliances. n If you reboot an IaaS server after you update all the vRealize Automation appliances but before you upgrade the IaaS components , stop all of the IaaS windows services, except for the Management Agent service, on the server. VMware, Inc. 35 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 n Before you run the upgrade shell script on the primary or master vRealize Automation appliance node, verify that the status of each service, except for iaas-service, on the Services tab in the vRealize Automation appliance management console is listed as REGISTERED. n On each IaaS node, manually install the IaaS Management Agent shipped as separate package on the vRealize Automation 7.2 download page. For information, see Knowledge Base Article 2147926. Do not attempt to use the Management Agent installer that is included in the vRealize Automation virtual appliance. Log in to each vRealize Automation IaaS machine and upgrade the Management Agent with the downloaded package. Then restart the Management Agent Windows service. n Verify that your primary IaaS Website and Model Manager node has JAVA SE Runtime Environment 8, 64bits, update 91 or later installed. After you install Java, you must set the environment variable, JAVA_HOME , to the new version on each server node. n Log in to each IaaS Website node and verify that the creation date is earlier than the modified date in the web.config file. If the creation date for the web.config file is the same as or later than the modified date, perform the procedure in “Upgrade Fails for IaaS Website Component,” on page 58. n Perform these steps on each IaaS node to verify that each IaaS node has an upgraded IaaS Management Agent: a Log in to the vRealize Automation appliance management console. b Select vRA Settings > Cluster. c Expand the list of all installed components on each IaaS node, and locate the IaaS Management Agent. d Verify that the Management Agent version is current. n Verify that the IaaS Microsoft SQL Server database backup is accessible in case you need to roll back. n Delete all orphaned IaaS nodes. See “Delete Orphaned Nodes on vRealize Automation,” on page 64. n Verify that snapshots of the IaaS servers in your deployment are available. If the upgrade is unsuccessful, return to the snapshot and database backup and attempt another upgrade. Procedure 1 Open a new console session on the primary or master vRealize Automation appliance node and log in with the root account. If you plan to run the upgrade script by means of SSH, open an SSH console session. 2 Change directories to /usr/lib/vcac/tools/upgrade/. 3 Run this command at the command prompt to create the upgrade.properties file. ./generate_properties 4 Open the upgrade.properties file and enter all the required values. This table shows the required values, which vary depending on the environment. For example, on a node that contains a DEM worker or orchestrator, DEM credentials are required. 36 VMware, Inc. Chapter 4 Upgrading the IaaS Server Components After Upgrading vRealize Automation 6.x to 7.2 Required Value Description Credential Format web_userna me User name for the primary Web node. Required only once. Domain\User web_passw ord Password for the primary Web node. Required only once. Password dem_userna me User name for the DEM worker or DEM orchestrator. Required for each node where a DEM component is installed. Domain\User dem_passw ord Password for the DEM worker or DEM orchestrator. Required for each node where a DEM component is installed. Password agent_usern ame User name for an agent such as a vSphere agent. Required for each node where an agent component is installed. Domain\User agent_pass word Password for an agent such as a vSphere agent. Required for each node where an agent component is installed. Password vidm_admi n_password The VIDM administrator password. Required only when you upgrade from vRealize Automation 6.2.4 or 6.2.5. vIDM_password For security reasons, the upgrade.properties file is removed when you run the upgrade shell script. The properties in the file are defined using the information for each IaaS component that comes through the IaaS Management Agents. It is important that all IaaS Management Agents are upgraded and healthy prior to running the ./generate_properies or ./upgrade shell scripts. If any IaaS Management Agent has a problem when you run the upgrade shell script, see “Upgrade Fails to Upgrade the Management Agent or Certificate Not Installed on a IaaS Node,” on page 64. To recreate the upgrade.properties file, repeat steps 2 and 3. 5 Run the upgrade script. a At the command prompt, enter ./upgrade. b Press Enter. The script displays each IaaS node and all the components installed on it. The script validates each component before installing the upgrade. If there are incorrect values in the upgrade.properties file, the script fails. If the Upgrade Shell Script is unsuccessful, review the upgrade.log file. You can run the upgrade script again after you fix a problem. Before you run the upgrade script again, recreate the upgrade.properties file, open it, and enter all the required values. What to do next Chapter 6, “Add Users or Groups to an Active Directory Connection,” on page 47 Upgrading IaaS Components Using the IaaS MSI Package After Upgrading vRealize Automation 6.x to 7.2 You can use this alternative method to upgrade IaaS components. VMware, Inc. 37 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 Download the IaaS Installer to Upgrade IaaS Components After Upgrading vRealize Automation 6.x to 7.2 Download the IaaS installer to the machine where the IaaS components to be upgraded are installed. If you see certificate warnings during this procedure, you can ignore them. Note Except for a passive backup instance of the Manager Service, the startup type for all services must be set to Automatic during the upgrade process. The upgrade process fails if you set services to Manual. Prerequisites n Verify that Microsoft .NET Framework 4.5.2 or later is installed on the IaaS installation machine. You can download the .NET installer from the vRealize Automation installer Web page. If you update .NET to 4.5.2 after you shut down the services and the machine restarted as part of the installation, you must manually stop all IaaS services except the Management agent. n If you are using Internet Explorer for the download, verify that Enhanced Security Configuration is not enabled. Enter res://iesetup.dll/SoftAdmin.htm in the search bar and press Enter. n Log in as a local administrator to the Windows server where one or more of the IaaS components you want to upgrade are installed. Procedure 1 Open a Web browser. 2 Enter the URL for the Windows installer download page. For example, https://vcac-va-hostname.domain.name:5480/installer, where vcac-vahostname.domain.name is the name of the primary (master) vRealize Automation appliance node. 3 Click the IaaS installer link. 4 When prompted, save the installer file, setup__vcac-va-hostname.domain.name@5480.exe, to the desktop. Do not change the file name. It is used to connect the installation to the vRealize Automation appliance. What to do next “Upgrade the IaaS Components After Upgrading vRealize Automation 6.x to 7.2,” on page 38 Upgrade the IaaS Components After Upgrading vRealize Automation 6.x to 7.2 You must upgrade the SQL database and configure all systems that have IaaS components installed. You can use these steps for minimal and distributed installations. Note The IaaS installer must be on the machine that contains the IaaS components you want to upgrade. You cannot run the installer from an external location, except for the Microsoft SQL database which also can be upgraded remotely from the Web node. Verify that snapshots of the IaaS servers in your deployment are available. If the upgrade fails, you can return to the snapshot and attempt another upgrade. Perform the upgrade so that services are upgraded in the following order: 1 IaaS Web sites If you are using a load balancer, disable traffic to all non-primary nodes. Finish the upgrade on one server before upgrading the next server that is running a Website service. Start with the one that has the Model Manager Data component installed. 38 VMware, Inc. Chapter 4 Upgrading the IaaS Server Components After Upgrading vRealize Automation 6.x to 7.2 If you are performing a manual external Microsoft SQL database upgrade, you must upgrade the external SQL before you upgrade the Web node. You can upgrade the external SQL remotely from the Web node. 2 Manager Services Upgrade the active Manager Service before you upgrade the passive Manager Service. If you do not have SSL encryption enabled in your SQL instance, uncheck the SSL encryption checkbox in the Iaas Upgrade configuration dialog box next to the SQL definition. 3 DEM orchestrator and workers Upgrade all DEM orchestrators and workers. Finish the upgrade on one server before you upgrade the next server. 4 Agents Finish the upgrade on one server before you upgrade the next server that is running an agent. 5 Management Agent Is updated automatically as part of the upgrade process. If you are using different services on one server, the upgrade updates the services in the proper order. For example, if your site has Web site and manager services on the same server, select both for update. The upgrade installer applies the updates in the proper order. You must complete the upgrade on one server before you begin an upgrade on another. Note If your deployment uses a load balancer, the first appliance you plan to upgrade must be connected to the load balancer. All other instances of vRealize Automation appliance appliances must be disabled for load balancer traffic before you apply the upgrade to avoid caching errors. Prerequisites n Back up your existing vRealize Automation 6.2.4 or 6.2.5 environment. n If you reboot an IaaS server after you update all the vRealize Automation appliances but before you upgrade the IaaS components , stop all of the IaaS windows services, except for the Management Agent service, on the server. n “Download the IaaS Installer to Upgrade IaaS Components After Upgrading vRealize Automation 6.x to 7.2,” on page 38. n Verify that your primary IaaS Website, Microsoft SQL database, and Model Manager node has JAVA SE Runtime Environment 8, 64bits, update 91 or later installed. After you install Java, you must set the environment variable, JAVA_HOME , to the new version on each server node. n Verify that the creation date is earlier than the modified date in the web.config file. If the creation date for the web.config file is the same as or later than the modified date, perform the procedure in “Upgrade Fails for IaaS Website Component,” on page 58. n If you are upgrading from vRealize Automation 6.2.x and have an external Microsoft SQL database, ensure that the Management Agent on the external database is version 7.0 or later before you run the IaaS Web site upgrade. You can check the Management Agent version in the Control Panel of your external SQL machine. If the Management Agent is not version 7.0 or later, complete the following steps to perform a manual upgrade of the Management Agent. VMware, Inc. a Open a browser and navigate to the VMware vRealize Automation IaaS Installation page on the vRealize Automation appliance at https://virtual_appliance_host:5480/installer. b Download and run the Management Agent Installer. 39 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 n If you have a Common Components Catalog component installed, you must uninstall the component before you upgrade. For more information, see the Common Components Catalog Installation Guide or follow the steps provided in Checklist for Upgrading from vRealize Automation 6.2.4 or 6.2.5. Procedure 1 If you are using a load balancer, prepare your environment. a Verify the IaaS Website node that contains the Model Manager data is enabled for load balancer traffic. You can identify this node by the presence of the vCAC Folder\Server\ConfigTool folder. b Disable all other IaaS Websites and non-primary Manager Services for load balancer traffic. 2 Right-click the setup__vrealize-automation-appliance-FQDN@5480.exe setup file and select Run as administrator. 3 Click Next. 4 Accept the license agreement and click Next. 5 Type the administrator credentials for your current deployment on the Log In page. The user name is root and the password is the password that you specified when you deployed the appliance. 6 Select Accept Certificate. 7 On the Installation Type page, verify that Upgrade is selected. If Upgrade is not selected, the components on this system are already upgraded to this version. 40 8 Click Next. 9 Configure the upgrade settings. Option Action If you are upgrading the Model Manager Data Select the Model Manager Data check box in the vCAC Server section. The check box is selected by default. Upgrade the Model Manager data only once. If you are running the setup file on multiple machines to upgrade a distributed installation, the Web servers stop functioning while there is a version mismatch between the Web servers and the Model Manager data. When you have upgraded the Model Manager data and all of the Web servers, all of the Web servers should function. If you are not upgrading the Model Manager Data Unselect the Model Manager Data check box in the vCAC Server section. To preserve customized workflows as the latest version in your Model Manager Data If you are upgrading the Model Manager Data, select the Preserve my latest workflow versions check box in the Extensibility Workflows section. The check box is selected by default. Customized workflows are always preserved. The checkbox determines version order only. If you used vRealize Automation Designer to customize workflows in the Model Manager, select this option to maintain the most recent version of each customized workflow before upgrade as the most recent version after upgrade. If you do not select this option, the version of each workflow provided with vRealize Automation Designer becomes the most recent after upgrade, and the most recent version before upgrade becomes the second most recent. For information about vRealize Automation Designer, see Life Cycle Extensibility. If you are upgrading a Distributed Execution Manager or a proxy agent Enter the credentials for the administrator account in the Service Account section. All of the services that you upgrade run under this account. VMware, Inc. Chapter 4 Upgrading the IaaS Server Components After Upgrading vRealize Automation 6.x to 7.2 Option Action To specify your Microsoft SQL Server database If you are upgrading the Model Manager Data, enter the names of the database server and database instance in the Server text box in the Microsoft SQL Server Database Installation Information section. Enter a fully qualified domain name (FQDN) for the database server name in the Database name text box. If the database instance is on a non-default SQL port, include the port number in the server instance specification. The Microsoft SQL default port number is 1433. When upgrading the manager nodes, the MSSQL SSL option is selected by default. If your database does not use SSL, uncheck Use SSL for database connection. 10 Click Next. 11 Confirm that all services to upgrade appear on the Ready to Upgrade page, and click Upgrade. The Upgrading page and a progress indicator appear. When the upgrade process finishes, the Next button is enabled. 12 Click Next. 13 Click Finish. 14 Verify that all services restarted. 15 Repeat these steps for each IaaS server in your deployment in the recommended order. 16 After all components are upgraded, log in to the management console for the appliance and verify that all services, including IaaS, are now registered. All of the selected components are upgraded to the new release. What to do next If your deployment uses a load balancer, upgrade each load balancer node to use vRealize Automation health checks, and re-enable load balancer traffic for any unconnected nodes. If your previous deployment used a load balanced embedded PostgreSQL database, disable all nodes in the PostgreSQL pool because they are not needed. Delete the pool at a convenient time. VMware, Inc. 41 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 42 VMware, Inc. Updating vRealize Orchestrator After Upgrading from vRealize Automation 6.x to 7.2 5 You must update your VMware vRealize ™ Orchestrator ™ instance when you upgrade from VMware vRealize ™ Automation 6.x to vRealize Automation 7.2. With the release of vRealize Orchestrator 7.2, you have two options for updating vRealize Orchestrator when you upgrade to vRealize Automation 7.2. n You can migrate your existing external vRealize Orchestrator server to the embedded vRealize Orchestrator included in vRealize Automation 7.2. n You can upgrade your existing standalone or clustered vRealize Orchestrator server to work with vRealize Automation 7.2. This chapter includes the following topics: n “Migrating an External vRealize Orchestrator Server to vRealize Automation 7.2,” on page 43 n “Upgrade Stand-Alone vRealize Orchestrator After Upgrading vRealize Automation 6.x to 7.2,” on page 43 n “Upgrade External vRealize Orchestrator Appliance Cluster After Upgrading vRealize Automation 6.x to 7.2,” on page 44 Migrating an External vRealize Orchestrator Server to vRealize Automation 7.2 You can migrate your existing external VMware vRealize ™ Orchestrator ™ server to a instance embedded in VMware vRealize ™ Automation 7.2. For information about migrating your existing external vRealize Orchestrator server, see the vRealize Orchestrator documentation topic Migrating an External Orchestrator Server to vRealize Automation 7.2. Upgrade Stand-Alone vRealize Orchestrator After Upgrading vRealize Automation 6.x to 7.2 If you maintain a stand-alone, external instance of vRealize Orchestrator for use with vRealize Automation, you must upgrade vRealize Orchestrator when you upgrade vRealize Automation. Embedded instances of vRealize Orchestrator are upgraded as part of the vRealize Automation appliance upgrade. No additional action is required. Prerequisites n VMware, Inc. Install the update on the primary vRealize Automation appliance. 43 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 n Upgrade IaaS components. See Chapter 4, “Upgrading the IaaS Server Components After Upgrading vRealize Automation6.x to 7.2,” on page 35. n Choose your vRealize Orchestrator upgrade method. See Upgrade Orchestrator Appliance 5.5.x and Later to 7.x. Procedure 1 Shut down the vRealize Orchestrator node. 2 Take a snapshot. 3 Increase the RAM to 6 GB. 4 Power on the vRealize Orchestrator node. 5 Log in to the vRealize Orchestrator appliance configuration portal at https://orchestrator_server:5480. 6 Select the Update tab in your configuration portal and click Settings. 7 Select your upgrade method and click Save Settings. 8 Click Status. 9 Click Check Updates. 10 Click Install Updates. 11 Accept the VMware End User License Agreement. 12 When the update completes, restart the vRealize Orchestrator appliance. 13 From the Control Center, upgrade the vRealize Automation default plugins, which include vCAC Cafe, vCAC IaaS, and NSX. 14 Restart the vRealize Orchestrator service. Upgrade External vRealize Orchestrator Appliance Cluster After Upgrading vRealize Automation 6.x to 7.2 If you use clustered external instances of vRealize Orchestrator with vRealize Automation, you must upgrade each vRealize Orchestrator node individually when you upgrade vRealize Automation. Prerequisites n Install the update on the primary vRealize Automation appliance. n Upgrade IaaS components. See Chapter 4, “Upgrading the IaaS Server Components After Upgrading vRealize Automation6.x to 7.2,” on page 35 . n Choose your vRealize Orchestrator upgrade method. See Upgrade Orchestrator Appliance 5.5.x and Later to 7.x. Procedure 1 Shut down each vRealize Orchestrator node. 2 Select one of the vRealize Orchestrator nodes in the cluster to be the primary vRealize Orchestrator node. Record the identifying information for this node to use later. 44 3 Take a snapshot of each vRealize Orchestrator node and the vRealize Orchestrator database. 4 On the vRealize Orchestrator node you selected for the primary node, increase the RAM to 6 GB. VMware, Inc. Chapter 5 Updating vRealize Orchestrator After Upgrading from vRealize Automation 6.x to 7.2 5 Upgrade the primary vRealize Orchestrator node. a Power on the node you selected to be the vRealize Orchestrator primary node. b Log in as root to the vRealize Orchestrator Appliance management console at https://orchestrator_server:5480. c Select Update > Settings. d Choose your download method and click Save Settings. e Click Status. f Click Check Updates. g Click Install Updates. h Accept the VMware End User License Agreement. i When the update finishes, restart the vRealize Orchestrator appliance. 6 Verify that the vco service appears as registered in the vRealize Orchestrator Appliance management console. 7 On the vRealize Orchestrator Control Center, click the Validate Configuration icon and verify that the configuration is valid. 8 On the vRealize Orchestrator Control Center, upgrade the vRealize Automation default plugins, which include the NSX plugin. 9 Log in as root to the vRealize Orchestrator Control Center on the primary vRealize Orchestrator node at https://your_orchestrator_server_IP_or_DNS_name:8283/vcocontrolcenter. 10 Click the Manage Plugins icon. 11 Select Browse > plug-in name > Install. 12 Deploy a new vRealize Orchestrator appliance for a new secondary vRealize Orchestrator node in this cluster. 13 Set up the network configuration of the new secondary vRealize Orchestrator node to match the secondary vRealize Orchestrator node in the old cluster. 14 Join the new secondary vRealize Orchestrator node to the primary vRealize Orchestrator node. 15 VMware, Inc. a Log in as root to the vRealize Orchestrator Control Center on the secondary vRealize Orchestrator node at https://your_orchestrator_server_IP_or_DNS_name:8283/vcocontrolcenter. b Click the Orchestrator Cluster Management icon. c Ensure that both vRealize Orchestrator servers are running. d Click Join Node To Cluster and enter the primary vRealize Orchestrator node details. e Click Join and wait for the new secondary vRealize Orchestrator node to complete the join cluster operation. f Verify that the new secondary vRealize Orchestrator node pending configuration fingerprint is the same as the primary vRealize Orchestrator node. g Restart the new secondary vRealize Orchestrator server service from Startup Options in the Control Center. h Verify that the new secondary vRealize Orchestrator node Applied Configuration Fingerprint is the same as the primary vRealize Orchestrator node. Repeat steps 13-15 for each secondary vRealize Orchestrator node in the old cluster. 45 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 46 VMware, Inc. Add Users or Groups to an Active Directory Connection 6 You can add users or groups to an existing Active Directory connection. The Directories Management user authentication system imports data from Active Directory when adding groups and users, and the speed of the system is limited by Active Directory capabilities. As a result, import operations may require a significant amount of time depending on the number of groups and users being added. To minimize the potential for delays or problems, limit the number of groups and users to only those required for vRealize Automation operation. If performance degrades or if errors occur, close any unneeded applications and ensure that your deployment has appropriate memory allocated to Active Directory. If problems persist, increase the Active Directory memory allocation as needed. For deployments with large numbers of users and groups, you may need to increase the Active Directory memory allocation to as much as 24 GB. When running a synchronize operation for a vRealize Automation deployment with a many users and groups, there may be a delay after the Sync is in progress message disappears before the Sync Log details are displayed. Also, the time stamp on the log file may differ from the time that the user interface indicates that the synchronize operation completed. Note You cannot cancel a synchronize operation after it has been initiated. Prerequisites n Connector installed and the activation code activated. Select the required default attributes and add additional attributes on the User Attributes page. n List of the Active Directory groups and users to sync from Active Directory. n For Active Directory over LDAP, information required includes the Base DN, Bind DN, and Bind DN password. n For Active Directory Integrated Windows Authentication, the information required includes the domain's Bind user UPN address and password. n If Active Directory is accessed over SSL, a copy of the SSL certificate is required. n For Active Directory Integrated Windows Authentication, when you have multi-forest Active Directory configured and the Domain Local group contains members from domains in different forests, make sure that the Bind user is added to the Administrators group of the domain in which the Domain Local group resides. If this is not done, these members are missing from the Domain Local group. n Log in to the vRealize Automation console as a tenant administrator. Procedure 1 Select Administration > Directories Management > Directories. 2 Click the desired directory name. VMware, Inc. 47 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 3 Click Sync Settings to open a dialog with synchronization options. 4 Click the appropriate icon depending on whether you want to change the user or group configuration. To edit the group configuration: n To add groups, click the + icon to add a new line for group DN definitions and enter the appropriate group DN. n If you want to delete a group DN definition, click the x icon for the desired group DN. To edit the user configuration: u To add users, click the + icon to add a new line for user DN definition and enter the appropriate user DN. If you want to delete a user DN definition, click the x icon for the desired user DN. 5 48 Click Save to save your changes without synchronizing to make your updates immediately, or click Save & Sync to save your changes and synchronize to implement your updates immediately. VMware, Inc. Enable Your Load Balancers 7 If your deployment uses load balancers, re-enable secondary nodes and health checks. The health checks for vRealize Automation vary according to version. For information, see vRealize Automation Load Balancing Configuration Guide in the VMware vRealize ™ Automation Information Center . VMware, Inc. 49 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 50 VMware, Inc. Post-Upgrade Tasks for Upgrading vRealize Automation 6.2.4 or 6.2.5 8 After you upgrade vRealize Automation 6.2.4 or 6.2.5, perform any required post-upgrade tasks. This chapter includes the following topics: n “Port Configuration for High-Availability Deployments,” on page 51 n “Enabling the Connect to Remote Console Action for Consumers,” on page 51 n “Restore External Workflow Timeout Files,” on page 51 n “Verify That vRealize Orchestrator Service Is Available,” on page 52 n “Restore Embedded vRealize Orchestrator Endpoint,” on page 52 n “Restore Changes to Logging in the app.config File,” on page 53 Port Configuration for High-Availability Deployments After finishing an upgrade in a high-availability deployment, you must configure the load balancer to pass traffic on port 8444 to the vRealize Automation appliance to support remote console features. For more information, see the vRealize Automation Load Balancing Configuration Guide in the vRealize Automation information center. Enabling the Connect to Remote Console Action for Consumers The remote console action for consumers is supported for appliances provisioned by vSphere in vRealize Automation. Edit the blueprint after you have upgraded the release and select the Connect to Remote Console action on the Action tab. For more information, see Knowledge Base article 2109706. Restore External Workflow Timeout Files You must reconfigure the vRealize Automation external workflow timeout files because the upgrade process overwrites xmldb files. Procedure 1 Open the external workflow configuration (xmldb) files on your system from the following directory. \VMware\vCAC\Server\ExternalWorkflows\xmldb\. 2 VMware, Inc. Replace the xmldb files with the files that you backed up before migration. If you do not have backup files, reconfigure the external workflow timeout settings. 51 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 3 Save your settings. Verify That vRealize Orchestrator Service Is Available After you upgrade to the latest version of VMware vRealize ™ Automation, you must verify the connection between vRealize Automation and VMware vRealize ™ Orchestrator ™. Sometimes after upgrade you must restore the connection. Prerequisites Log in to the vRealize Orchestrator configuration interface. Procedure 1 Click Validate Configuration. 2 If the Authentication section has a green check, go to step 5. 3 If the Authentication section does not have a green check, perform the following steps to restore the connection to vRealize Orchestrator . a Click Home. b Click Configure Authentication Provider. c In the Admin group text box, select Change, and choose a new Admin group that can be properly resolved. The vcoadmins group is available only at the default vsphere.local tenant. If you are using another tenant for the vRealize Orchestrator, then you must select another group. d Click Save Changes, and if prompted, restart the vRealize Orchestrator server. e Click Home. 4 Repeat step 1 to confirm that the Authentication section still has a green check. 5 Click Home, and close the vRealize Orchestrator Control Center. Restore Embedded vRealize Orchestrator Endpoint If you add an embedded vRealize Orchestrator endpoint to a vRealize Automation 6.x deployment and upgrade to the latest version of vRealize Automation, you must make changes to the vRealize Orchestrator endpoint URL to restore the connection. In vRealize Automation 6.x, the URL for the embedded vRealize Orchestrator is https://hostname:8281/vco. In vRealize Automation 7.0 and later, the URL for an embedded vRealize Orchestrator changes to https://hostname/vco. Because the 6.x URL does not change automatically when you upgrade to the latest version, the system cannot find vRealize Orchestrator. Perform the following steps to fix this problem. Prerequisites n Log in to the vRealize Automation console as an IaaS administrator. Procedure 52 1 Select Infrastructure > Endpoints > Endpoints. 2 On the Endpoints page, point to the vRealize Orchestrator endpoint, and select Edit from the context menu. 3 In the Address text box, edit the vRealize Orchestrator endpoint URL to remove :8281. 4 Click OK. 5 Manually start data collection on the vRealize Orchestrator, and verify that the collection is successful. VMware, Inc. Chapter 8 Post-Upgrade Tasks for Upgrading vRealize Automation 6.2.4 or 6.2.5 Restore Changes to Logging in the app.config File The upgrade process overwrites changes you make to logging in the configuration files. After you finish an upgrade, you must restore any changes you made before the upgrade to the app.config file . VMware, Inc. 53 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 54 VMware, Inc. Troubleshooting the vRealize Automation 6.2.4 or 6.2.5 Upgrade 9 The upgrade troubleshooting topics provide solutions to problems that you might encounter when upgrading vRealize Automation 6.2.4 or 6.2.5. This chapter includes the following topics: n “Migration of Identity Store Fails Because the Active Directory is not Synchronized,” on page 55 n “Migration of Identity Store Fails Because of Incorrect Credentials,” on page 56 n “Migration of Identity Store Fails With a Timeout Error Message,” on page 57 n “Installation or Upgrade Fails with a Load Balancer Timeout Error,” on page 58 n “Upgrade Fails for IaaS Website Component,” on page 58 n “Manager Service Fails to Run Due to SSL Validation Errors During Runtime,” on page 60 n “Log In Fails After Upgrade,” on page 60 n “Catalog Items Appear in the Service Catalog But Are Not Available to Request,” on page 60 n “User Migration Batch Files Are Ineffective,” on page 61 n “PostgreSQL External Database Merge Is Unsuccessful,” on page 62 n “Join Cluster Command Appears to Fail After Upgrading a High-Availability Environment,” on page 62 n “Upgrade Is Unsuccessful if Root Partition Does Not Provide Sufficient Free Space,” on page 63 n “Backup Copies of .xml Files Cause the System to Time Out,” on page 64 n “Delete Orphaned Nodes on vRealize Automation,” on page 64 n “Upgrade Fails to Upgrade the Management Agent or Certificate Not Installed on a IaaS Node,” on page 64 n “Unable to Create New Directory in vRealize Automation,” on page 65 Migration of Identity Store Fails Because the Active Directory is not Synchronized The migration of identity store fails because a thousand plus groups in the Active Directory have not been synchronized to the VMware Identity Manager utility directory. Problem The migration of identity store to the VMware Identity Manager utility fails. VMware, Inc. 55 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 Cause The problem occurs because more than thousand groups in the group base search domain name that have not been synchronized to the VMware Identity Manager utility directory. Solution 1 Log in the vRealize Automation appliance as a system administrator. 2 Create a local user for the default tenant. 3 Assign the local user the Tenant Administrator privileges. 4 Log out of the vRealize Automation appliance. 5 Log in the tenant with the local user credentials. 6 Select Administration > Directories Management > Directories. 7 Open the failed Active Directory domain. 8 Click Sync Settings to open a dialog with synchronization options. 9 Click the + icon to add a new line for group DN definitions and enter the appropriate group DN that need to be synchronized. 10 Click Save & Sync to save your changes and synchronize to implement your updates immediately. The VMware Identity Manager utility directory is synchronized to the thousand plus groups in the Active Directory. What to do next Start the migration process. Migration of Identity Store Fails Because of Incorrect Credentials he migration of identity store fails because of incorrect Active Directory domain credentials or lack or user permission. Problem The migration of identity store to the VMware Identity Manager utility fails. Cause The credentials of the Active Directory domain are incorrect. The problem also occurs when the user does not have the permission to join the VMware Identity Manager utility to the Active Directory Domain. Solution 1 Log in the vRealize Automation appliance as a system administrator. 2 Create a local user for the vsphere.local tenant. 3 Assign the local user the Tenant Administrator privileges. 4 Log out of the vRealize Automation appliance. 5 Log in the tenant with the local user credentials. 6 Select Administration > Directories Management > Connectors. 7 Click Join Domain to join the connector to a specific Active Directory domain. The connector syncs user and group data between Active Directory and the Directories Management service 8 56 Enter the domain, domain username, and password for the active directory domain. VMware, Inc. Chapter 9 Troubleshooting the vRealize Automation 6.2.4 or 6.2.5 Upgrade 9 Click Save. The Join Domain page is refreshed and displays a message that you are currently joined to the domain. What to do next Start the migration process. Migration of Identity Store Fails With a Timeout Error Message The timeout configuration does not adequately accommodate the migration process. Problem The migration of identity store fails with the following timeout error message. vra-cafe:~/bin # ./migrate-identity-stores Error: A JNI error has occurred, please check your installation and try again Exception in thread "main" java.lang.NoClassDefFoundError: com/vmware/identity/idm/InvalidArgumentException at java.lang.Class.getDeclaredMethods0(Native Method) at java.lang.Class.privateGetDeclaredMethods(Class.java:2701) at java.lang.Class.privateGetMethodRecursive(Class.java:3048) at java.lang.Class.getMethod0(Class.java:3018) at java.lang.Class.getMethod(Class.java:1784) at sun.launcher.LauncherHelper.validateMainClass(LauncherHelper.java:544) at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:526) Caused by: java.lang.ClassNotFoundException: com.vmware.identity.idm.InvalidArgumentException at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ... 7 more Cause The configuration timed out before the migration process could successfully complete. Solution 1 Open a command-line prompt. 2 Open the executable migrate-identity-stores script. 3 Scroll to the bottom of the script and locate the execution of a java command. For example, exec "$JAVACMD" $JAVA_OPTS -Xms256m -Xmx512m -Dverbose=false Dlog4j.configurationFile=log4j2.xml 4 Increase the system property value for the client socket timeout to one hour. -Dclient.system.socket.timeout=3600000. 5 Run the migrate-identity-stores script on the Single-sign on 2.0 server. What to do next Start the migration process. VMware, Inc. 57 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 Installation or Upgrade Fails with a Load Balancer Timeout Error A vRealize Automation installation or upgrade for a distributed deployment with a load balancer fails with a 503 service unavailable error. Problem The installation or upgrade fails because the load balancer timeout setting does not allow enough time for the task to complete. Cause An insufficient load balancer timeout setting might cause failure. You can correct the problem by increasing the load balancer timeout setting to 100 seconds or greater and rerunning the task. Solution 1 Increase your load balancer timeout value to at least 100 seconds. For example, and depending on the load balancer you are using, edit the load balancer timeout setting in your ssl.conf, httpd.conf or other Web configuration file. 2 Rerun the installation or upgrade. Upgrade Fails for IaaS Website Component The IaaS upgrade fails and you cannot continue the upgrade. Problem The Iaas upgrade fails for the website component. The following error messages appear in the installer log file. n System.Data.Services.Client.DataServiceQueryException: An error occurred while processing this request. ---> System.Data.Services.Client.DataServiceClientException: n Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. n Warning: Non-zero return code. Command failed. n Done Building Project "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DeployRepository.xml" (InstallRepoModel target(s)) -- FAILED. The following error messages appear in the repository log file. n [Error]: [sub-thread-Id="20" context="" token=""] Failed to start repository service. Reason: System.InvalidOperationException: Configuration section encryptionKey is not protected at 58 VMware, Inc. Chapter 9 Troubleshooting the vRealize Automation 6.2.4 or 6.2.5 Upgrade DynamicOps.Common.Utils.EncryptionHelpers.ReadKeyFromConfiguration(Configuration config) at DynamicOps.Common.Utils.EncryptionHelpers.Decrypt(String value) at DynamicOps.Repository.Runtime.CoreModel.GlobalPropertyItem.Decrypt(Func`2 decryptFunc) at DynamicOps.Common.Entity.ContextHelpers.OnObjectMaterializedCallbackEncryptable(Object sender, ObjectMaterializedEventArgs e) at System.Data.Common.Internal.Materialization.Shaper.RaiseMaterializedEvents() at System.Data.Common.Internal.Materialization.Shaper`1.SimpleEnumerator.MoveNext() at System.Linq.Enumerable.FirstOrDefault[TSource](IEnumerable`1 source) at System.Linq.Queryable.FirstOrDefault[TSource](IQueryable`1 source) at DynamicOps.Repository.Runtime.Common.GlobalPropertyHelper.GetGlobalPropertyItemValue(Core ModelEntities coreModelContext, String propertyName, Boolean throwIfPropertyNotFound) at DynamicOps.Repository.Runtime.CafeClientAbstractFactory.LoadSolutionUserCertificate() at DynamicOps.Repository.Runtime.CafeClientAbstractFactory.InitializeFromDb(String coreModelConnectionString) at DynamicOps.Repository.Runtime.Common.RepositoryRuntime.Initialize(). Cause Iaas upgrade fails when the creation date for the web.config file is the same as or later than the modified date. Solution 1 Log in to the IaaS website component server as administrator. 2 Change directories to the vRealize Automation installation folder ...\VMware\vCAC\ . 3 Start your preferred text editor with the Run as Administrator option. 4 Locate and select the web.config file and save the file to change its file modification date. 5 Examine the web.config file properties to confirm that the file modification date is later than the creation date. 6 Upgrade IaaS. VMware, Inc. 59 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 Manager Service Fails to Run Due to SSL Validation Errors During Runtime The manager service fails to run due to SSL validation errors. Problem The manager service fails with the following error message in the log: [Info]: Thread-Id="6" - context="" token="" Failed to connect to the core database, will retry in 00:00:05, error details: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) Cause During runtime, the manager service fails to run due to SSL validation errors. Solution 1 Open the ManagerService.config configuration file. 2 Update Encrypt=False on the following line:. Log In Fails After Upgrade You must exit the browser and log in again after an upgrade for sessions that use unsynchronized user accounts. Problem After you upgrade vRealize Automation, the system denies access to unsynchronized user accounts at login. Solution Exit the browser and relaunch vRealize Automation. Catalog Items Appear in the Service Catalog But Are Not Available to Request Catalog items that use certain property definitions from prior versions appear in the service catalog but are not available to request after upgrading to the latest version of vRealize Automation. Problem If you upgraded from a 6.2.x or earlier version and you had property definitions with the following control types or attributes, the attributes are missing from the property definitions and any catalog items that use the definitions do not function the way that they did before you performed the upgrade. 60 n Control types. Check box or link. n Attributes. Relationship, regular expressions, or property layouts. VMware, Inc. Chapter 9 Troubleshooting the vRealize Automation 6.2.4 or 6.2.5 Upgrade Cause In vRealize Automation 7.0 and later, the property definitions no longer use the attributes. You must recreate the property definition or configure the property definition to use a vRealize Orchestrator script action rather than the embedded control types or attributes. Migrate the control type or attributes to vRealize Automation 7.0 using a script action. Solution 1 In vRealize Orchestrator, create a script action that returns the property values. The action must return a simple type. For example, return strings, integers, or other supported types. The action can take the other properties on which it depends as an input parameter. 2 In vRealize Automation console, configure the product definition. a Select Administration > Property Dictionary > Property Definitions. b Select the property definition and click Edit. c From the Display advice drop-down menu, select Dropdown. d From the Values drop-down menu, select External Values. e Select the script action. f Click OK. g Configure the Input Parameters that are included in the script action. To preserve the existing relationship, bind the parameter to the other property. h Click OK. User Migration Batch Files Are Ineffective After upgrading VMware vRealize ™ Automation from 6.2.x to 7.x, the administrator is unable to migrate users with the provided utilities. Problem The migrate-identity-stores.bat or reassign-tenant-administrators.bat files do not migrate users after upgrade. Cause This can happen when you install vRealize Automation in a non-default location. Solution 1 2 Open a command prompt on the machine where you installed VMware vCenter Single Sign-On. Change directories to the migration tool root\bin subfolder that is created when you open vra_sso_migration.zip. 3 Open setenv.bat and change the drive letter in the VC_INSTALL_HOME variable to the drive letter where you installed vRealize Automation: SET VC_INSTALL_HOME=Non-Default Drive Letter:\Program Files\VMware. 4 Save your changes and close setenv.bat. The batch files work as expected. VMware, Inc. 61 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 PostgreSQL External Database Merge Is Unsuccessful The external PostgreSQL database merge with the embedded PostgreSQL database does not succeed. Problem If the external PostgreSQL database version is newer than the embedded PostgreSQL database version, the merge does not succeed. Solution 1 Log in to the host for the PostgreSQL external database. 2 Run the psql --version command. Note the PostgreSQL version for the external database. 3 Log in to the host for the PostgreSQL embedded database. 4 Run the psql --version command. Note the PostgreSQL version for the embedded database. If the external PostgreSQL version is newer than the embedded PostgreSQL version, contact support for assistance to merge your external PostgreSQL database. Join Cluster Command Appears to Fail After Upgrading a HighAvailability Environment After you click Join Cluster in the management console on a secondary cluster node, the progress indicator disappears. Problem When you use the vRealize Automation appliance management console after upgrade to join a secondary cluster node to the primary node, the progress indicator disappears and no error or success message appears. This behavior is an intermittent problem. Cause The progress indicator disappears because some browsers stop waiting for a response from the server. This behavior does not stop the join cluster process. You can confirm that the join cluster process is successful by viewing the log file at /var/log/vmware/vcac/vcac-config.log. 62 VMware, Inc. Chapter 9 Troubleshooting the vRealize Automation 6.2.4 or 6.2.5 Upgrade Upgrade Is Unsuccessful if Root Partition Does Not Provide Sufficient Free Space If sufficient free space is unavailable on the root partition of the vRealize Automation appliance host, upgrade cannot proceed. Solution This procedure increases the free space on the Disk 1 root partition of the vRealize Automation appliance host. In a distributed deployment, perform this procedure to increase the free space on each replica node sequentially, and then increase the free space on the master node. Note When you perform this procedure, you might see these warning messages: n WARNING: Re-reading the partition table failed with error 16: Device or resource busy. The kernel still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8) Syncing disks. n Error: Partition(s) 1 on /dev/sda have been written, but we have been unable to inform the kernel of the change, probably because it/they are in use. As a result, the old partition(s) will remain in use. You should reboot now before making further changes. Ignore the message You should reboot now before making further changes. If you reboot your system before step 10, you corrupt the upgrade process. Procedure 1 Power on the VMware vRealize ™ Automation appliance host virtual machine and log in as with a secure shell connection as the root user. 2 Run the following commands to stop services. 3 a service vcac-server stop b service vco-server stop c service vpostgres stop Run the following command to unmount the swap partition. swapoff -a 4 Run the following command to delete the existing Disk 1 partitions and create a 44-GB root partition and a 6-GB swap partition. (echo d; echo 2; echo d; echo 1; echo n; echo p; echo ; echo ; echo '+44G'; echo n; echo p; echo ; echo ; echo ; echo w; echo p; echo q) | fdisk /dev/sda 5 Run the following command to change the swap partition type. (echo t; echo 2; echo 82; echo w; echo p; echo q) | fdisk /dev/sda 6 Run the following command to set the Disk 1 bootable flag. (echo a; echo 1; echo w; echo p; echo q) | fdisk /dev/sda 7 Run the following command to register the partition changes with the Linux kernel. partprobe If you see a message prompting you to reboot before you make further changes, ignore the message. Rebooting the system before step 10 corrupts the upgrade process. VMware, Inc. 63 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 8 Run the following command to format the new swap partition. mkswap /dev/sda2 9 Run the following command to mount the swap partition. swapon -a 10 Reboot the vRealize Automation appliance. 11 After the appliance reboots, run the following command to resize the Disk 1 partition table. resize2fs /dev/sda1 12 To verify that the disk expansion is successful, run df -h and check that the available disk space on /dev/sda1 is greater than 30 GB. Backup Copies of .xml Files Cause the System to Time Out vRealize Automation registers any file with an .xml extension in the \VMware\vCAC\Server\ExternalWorkflows\xmldb\ directory. If this directory contains backup files with an .xml extension, the system runs duplicate workflows that cause the system to time out. Solution Workaround: When you back up files in this directory, move the backups to another directory, or change the extension of the backup file name to something other than .xml. Delete Orphaned Nodes on vRealize Automation An orphaned node is a duplicate node that is reported on the host but does not exist on the host. Problem When you verify that each IaaS and virtual appliance node is in a healthy state, you might discover that a host has one or more orphaned nodes. You must delete all orphaned nodes. Solution 1 Go to the management console for your virtual appliance by using its fully qualified domain name, https://va-hostname.domain.name:5480. 2 Log in with the user name root and the password you entered when the appliance was deployed. 3 Select vRA settings > Cluster. 4 For each orphaned node in the table, click Delete. Upgrade Fails to Upgrade the Management Agent or Certificate Not Installed on a IaaS Node Management Agent or Certificate is not upgraded on a IaaS node and error message appears in the management console. Problem If the upgrade fails to upgrade on a IaaS node and error messages about the Management Agent or Certificate appear in the management console, use these suggestions to troubleshoot the problem. 64 n Check the Management Agent log on the affected node for errors. n Check if the Management Agent was auto-upgraded by examining the version number in Programs and Features. VMware, Inc. Chapter 9 Troubleshooting the vRealize Automation 6.2.4 or 6.2.5 Upgrade n If the Management Agent is upgraded, ensure that its service is running. n If the Management Agent is upgraded and running, restart upgrade on the virtual appliance. n If the Management Agent is not upgraded, perform a manual upgrade of the Management Agent. Open a browser and navigate to the VMware vRealize Automation IaaS Installation page on the vRealize Automation appliance at https://virtual_appliance_host:5480/installer. Download and run the Management Agent Installer. Restart upgrade on the virtual appliance. n If you plan to upgrade the IaaS components with the automatic upgrade shell script, make sure to download the Management Agent installer shipped as a separate package on the vRealize Automation 7.2 download page. For information, see Knowledge Base Article 2147926. Do not attempt to use Management Agent installer that is included in the vRealize Automation virtual appliance. Unable to Create New Directory in vRealize Automation Trying to add new directory with the first sync connector fails. Problem This issue occurs due to a bad config-state.json file located in usr/local/horizon/conf/states/VSPHERE.LOCAL/3001/. For information about fixing this issue, see Knowledge Base Article 2145438. VMware, Inc. 65 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 66 VMware, Inc. Index A L active directory, add users 47 add users, active directory 47 license, update license key 28 load balancer times out before completion, changing the load balancer timeout setting 58 load balancers, enable 49 local user account, creating 29 log file, restore customization 53 B blueprints upgrade and roles 9 upgrading physical blueprints 12 upgrading vApp and vApp component blueprints 10 C CD-ROM drive updates 23 CEIP program 25 configuring active directory credentials 56 directories management 55 migration identity store 55 timeout setting 57 connecting, Native Active Directory 30 E endpoints upgrading physical endpoints 12 upgrading vCloud endpoints 10 entitlements, upgrading 12 environment backing up 17 saving 17 external workflow timeout files, restore 51 I IaaS database, upgrading 35 IaaS installer, downloading 38 IaaS server obtaining updates 38 shutting down services 21 updating 38 upgrading 35 identity appliance, upgrading to VMware Identity Manager appliance 9 Identity Appliance, obtaining updates 22 identity stores, migrating 28 identity management 55 install updates, update license key 28 VMware, Inc. M manager service fails 60 migrating identity stores 28 MSSQL database, upgrading 35 N Native Active Directory store, migrating 28 network and security, understanding multimachine blueprint upgrade 11 network profiles, upgrading 12 P password, updating 27 post-upgrade, tasks for vRealize Automation 6.2.4 or 6.2.5 51 Postgres database, installing updates 33 R Relaunch browser, post-upgrade 60 Remote console support, port configuration 51 replica mode, installing updates 33 reservations upgrading physical reservations 12 upgrading vCloud reservations 10 roles, manually reassigning 28 S Service catalog items, not available to request 60 services, shutting down services 21 SSL validation errors 60 SSO password, migrating 27 T tenant and IaaS administrators, migrating 31 troubleshooting delete orphaned nodes on vRealize Automation 7.0.1 64 IaaS upgrade fails 58 increase free space on the root partition 63 67 Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 join cluster command appears to fail 62 system time out 64 unable to create new directory 65 ungrade fails to upgrade management agent 64 unsuccessful PostgreSQL merge 62 Troubleshooting, migrate-identity-stores.bat 61 Troubleshooting, reassign-tenantadministrators.bat 61 Troubleshooting, unable to migrate users 61 Troubleshooting, migration batch files 61 U updated information 5 Updates, installing for vRealize Automation appliance 25 upgrade considerations about source and target items 9 increasing 6.2.4 or 6.2.5 hardware resources 19 power on the entire system 20 shutting down 6.2.x machines 18 troubleshooting 55 upgrade IaaS components, upgrade shell script 35 upgrade IaaS component, IaaS installer msi package 37 upgrading Advanced Service Design 13 Application Services 13 blueprint cost specifications 13 blueprints 10 checklist for upgrading vRealize Automation 13 custom properties and groups 12 identity appliance 9 licensing 9 machine action entitlements 12 multi-machine blueprints 11 NSX network and security settings 11 physical blueprints 12 preparing for upgrade from 6.2.4 or 6.2.5 17 private network profiles 11, 12 roles 9 routed network profiles 12 vApp blueprints 10 vRealize Automation 6.2.4 or 6.2.5 7 vRealize Orchestrator 43 vRealize Orchestrator endpoints 52 vRealize Orchestrator external cluster 44 Upgrading, 6.2.x prerequisites 7 68 V vCloud Automation Center Appliance installing updates 25 obtaining updates 22 virtual appliances obtaining updates 22 updating from a VMware repository 22 updating with ISO files 23 VMware Identity Manager, migrating 27, 28, 31 vRealize Orchestrator, updating for vRealize Automation 7.2 43 vRealize Automation appliance, installing 7.2 updates 25 vRealize Orchestrator migration, to vRealize Automation 7.2 43 vRealize Orchestrator service, verifying 52 vSphere remote console support, modifying blueprints 51 W Website upgrade fails 58 VMware, Inc.
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.5 Linearized : No Author : VMware, Inc. Create Date : 2017:05:10 08:23:29-08:00 Modify Date : 2017:05:10 08:23:29-08:00 Creator : AH XSL Formatter V6.3 MR1 for Windows (x64) : 6.3.2.23978 (2016/03/18 11:26JST) Producer : Antenna House PDF Output Library 6.3.762 (Windows (x64)) Title : Upgrading from vRealize Automation 6.2.4 or 6.2.5 to 7.2 - vRealize Automation 7.2 Trapped : False Page Count : 68 Page Mode : UseOutlines Page Layout : SinglePage Language : ENEXIF Metadata provided by EXIF.tools