Important thing to keep in mind before upgrading to vRA 8.4.2

Updated: Apr 24


Few days back I did blog on the issue i encountered during my lab upgrade where identity-service-app does not initialize due to vRA Migration Assistant service role assigned to AD users.


Click on the link for the blog : https://www.nukescloud.com/post/identity-service-app-initialization-failure-after-upgrading-to-vrealize-automation-8-4-2



Important points to note

  1. Remove the standalone vRA Migration Assistant service role before you upgrade for all AD groups mapped

  2. Read the release notes : https://docs.vmware.com/en/vRealize-Automation/8.4.2/rn/vRealize-Automation-842-releasenotes.html



If you are stuck with this issue then instead of reverting perform these steps.

Your connecting to


1. ssh root@FQDN
2. vracli dev psql
3. \c identity-db
4. copy and paste the following:

DO $$
    BEGIN
        IF NOT EXISTS (SELECT def.id from identity_service_role AS role INNER JOIN identity_service_definition AS def ON role.service_definition_id = def.id  WHERE role.name = 'migration:admin' AND def.name = 'Cloud Assembly') THEN
            INSERT INTO identity_service_role (id, is_default, created_millis, hidden, display_name, name, service_definition_id)
            VALUES ((SELECT uuid_in(md5(random()::text || clock_timestamp()::text)::cstring)), TRUE, (SELECT round(date_part('epoch', now() ) * 1000 )), FALSE, 'Migration Assistant Administrator', 'migration:admin', (SELECT id from identity_service_definition where name = 'Cloud Assembly'));
            
            INSERT INTO identity_service_role (id, is_default, created_millis, hidden, display_name, name, service_definition_id)
            VALUES ((SELECT uuid_in(md5(random()::text || clock_timestamp()::text)::cstring)), FALSE, (SELECT round(date_part('epoch', now() ) * 1000 )), FALSE, 'Migration Assistant Viewer', 'migration:viewer', (SELECT id from identity_service_definition where name = 'Cloud Assembly'));
        END IF;
        UPDATE identity_group_service_role
        SET role_id = (SELECT id FROM identity_service_role WHERE service_definition_id = (SELECT id FROM identity_service_definition WHERE name = 'Cloud Assembly') AND name = 'migration:viewer')
        WHERE role_id = (SELECT id FROM identity_service_role WHERE service_definition_id = (SELECT id FROM identity_service_definition WHERE name = 'Migration') AND name = 'migration:viewer');
    
        UPDATE identity_group_service_role
        SET role_id = (SELECT id FROM identity_service_role WHERE service_definition_id = (SELECT id FROM identity_service_definition WHERE name = 'Cloud Assembly') AND name = 'migration:admin')
        WHERE role_id = (SELECT id FROM identity_service_role WHERE service_definition_id = (SELECT id FROM identity_service_definition WHERE name = 'Migration') AND name = 'migration:admin');
    END $$ LANGUAGE plpgsql;



Then exit database by executing \q


Post that restart the services manually and then wait for services to initialize and complete


/opt/scripts/deploy.sh 



If you've done this directly through vRA without completing the upgrade workflow through LCM, you have to clean the upgrade in vRA state manually with this command by running it on one of the nodes


vracli cluster exec -- bash -c 'rm -rf /data/restorepoint /var/vmware/prelude/upgrade /var/log/vmware/prelude/upgrade-report-latest*; crontab -u root -l | grep -v -F "/opt/scripts/upgrade/upg-mon.sh" | crontab -u root -'


Post this perform inventory sync on vRSLCM for this vRA environment


To make it simple




Then after upgrade choose Cloud Assembly based Migration Role




526 views1 comment