• Arun Nukula

Important thing to keep in mind before upgrading to vRA 8.4.2


Few days back I did blog on the issue i encountered during my lab upgrade where identity-service-app does not initialize due to vRA Migration Assistant service role assigned to AD users.


Click on the link for the blog : https://www.nukescloud.com/post/identity-service-app-initialization-failure-after-upgrading-to-vrealize-automation-8-4-2



Important points to note

  1. Remove the standalone vRA Migration Assistant service role before you upgrade for all AD groups mapped

  2. Read the release notes : https://docs.vmware.com/en/vRealize-Automation/8.4.2/rn/vRealize-Automation-842-releasenotes.html



If you are stuck with this issue then instead of reverting perform these steps.

Your connecting to


1. ssh root@FQDN
2. vracli dev psql
3. \c identity-db
4. copy and paste the following:

DO $$
    BEGIN
        IF NOT EXISTS (SELECT def.id from identity_service_role AS role INNER JOIN identity_service_definition AS def ON role.service_definition_id = def.id  WHERE role.name = 'migration:admin' AND def.name = 'Cloud Assembly') THEN
            INSERT INTO identity_service_role (id, is_default, created_millis, hidden, display_name, name, service_definition_id)
            VALUES ((SELECT uuid_in(md5(random()::text || clock_timestamp()::text)::cstring)), TRUE, (SELECT round(date_part('epoch', now() ) * 1000 )), FALSE, 'Migration Assistant Administrator', 'migration:admin', (SELECT id from identity_service_definition where name = 'Cloud Assembly'));
            
            INSERT INTO identity_service_role (id, is_default, created_millis, hidden, display_name, name, service_definition_id)
            VALUES ((SELECT uuid_in(md5(random()::text || clock_timestamp()::text)::cstring)), FALSE, (SELECT round(date_part('epoch', now() ) * 1000 )), FALSE, 'Migration Assistant Viewer', 'migration:viewer', (SELECT id from identity_service_definition where name = 'Cloud Assembly'));
        END IF;
        UPDATE identity_group_service_role
        SET role_id = (SELECT id FROM identity_service_role WHERE service_definition_id = (SELECT id FROM identity_service_definition WHERE name = 'Cloud Assembly') AND name = 'migration:viewer')
        WHERE role_id = (SELECT id FROM identity_service_role WHERE service_definition_id = (SELECT id FROM identity_service_definition WHERE name = 'Migration') AND name = 'migration:viewer');
    
        UPDATE identity_group_service_role
        SET role_id = (SELECT id FROM identity_service_role WHERE service_definition_id = (SELECT id FROM identity_service_definition WHERE name = 'Cloud Assembly') AND name = 'migration:admin')
        WHERE role_id = (SELECT id FROM identity_service_role WHERE service_definition_id = (SELECT id FROM identity_service_definition WHERE name = 'Migration') AND name = 'migration:admin');
    END $$ LANGUAGE plpgsql;



Then exit database by executing \q


Post that restart the services manually and then wait for services to initialize and complete


/opt/scripts/deploy.sh 


Post this perform inventory sync on vRSLCM for this vRA environment




To make it simple




Then after upgrade choose Cloud Assembly based Migration Role




103 views0 comments

Recent Posts

See All