Sunday, March 25, 2012

vCloud ORA-28001: password expired

Finally got around to upgrading our vCloud Director to the latest 1.5.1 today and ran into a couple issues that took some research:

1) Unable to upgrade the database: java.sql.SQLException: ORA-28001: the password has expired:

/opt/vmware/vcloud-director/bin/upgrade
Welcome to the vCloud Director upgrade utility

This utility will apply several updates to the database. Please
ensure you have created a backup of your database prior to continuing.


Do you wish to upgrade the product now? [Y/N] y
Examining database at URL: jdbc:oracle:thin:@localhost:1521/XE
Unable to upgrade the database: java.sql.SQLException: ORA-28001: the password has expired
2) Once #1 is solved, we the upgrade script is working off the old password stored in the keystore:

Unable to upgrade the database: java.sql.SQLException: ORA-01017: invalid username/password; logon denied

So we need to update the keystore according to @recklessop's post


Solution for issue #1 (reset the oracle password):

su - oracle
-bash-3.2$ sqlplus "/ as sysdba"
SQL*Plus: Release 11.2.0.2.0 Production on Sun Mar 25 10:43:32 2012
Copyright (c) 1982, 2010, Oracle.  All rights reserved.
ERROR:
ORA-12162: TNS:net service name is incorrectly specified

This means we forgot to set the ORACLE_HOME and ORACLE_SID - those must be set in the /etc/init.d/oracle* startup script:
ORACLE_HOME=/u01/app/oracle/product/11.2.0/xe
ORACLE_SID=XE

export ORACLE_HOME
export ORACLE_SID

Now, we are in - just follow @BasRaayman's post:

-bash-3.2$ sqlplus "/ as sysdba"
SQL*Plus: Release 11.2.0.2.0 Production on Sun Mar 25 10:48:33 2012
Copyright (c) 1982, 2010, Oracle.  All rights reserved.
Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Beta
SQL> select username,ACCOUNT_STATUS,EXPIRY_DATE from dba_users;
USERNAME               ACCOUNT_STATUS            EXPIRY_DA
------------------------------ -------------------------------- ---------
VCLOUD                   EXPIRED                13-MAR-12


SQL> alter user VCLOUD identified by newpass;
SQL> alter user VCLOUD account unlock;

Solution for issue #2 (reset keystore pass):

cp /opt/vmware/cloud-director/jre/bin/certificates.ks /opt/vmware/cloud-director/jre/bin/certificates.ks.old
/opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass newpass -genkey -keyalg RSA -alias http -dname "cn=vcloud,  ou=vmware, o=vmware, c=US" -keypass newpass

/opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass newpass -genkey -keyalg RSA -alias consoleproxy -dname "cn=vcloud,  ou=vmware, o=vmware, c=US" -keypass newpass
then overwrite the old keystore:

cp certificates.ks /opt/vmware/cloud-director/jre/bin/certificates.ks
and run configure to sync things up:

/opt/vmware/vcloud-director/bin/configure 

then finally we can run the upgrade:

/opt/vmware/vcloud-director/bin/upgrade
Welcome to the vCloud Director upgrade utility

This utility will apply several updates to the database. Please
ensure you have created a backup of your database prior to continuing.


Do you wish to upgrade the product now? [Y/N] y
Examining database at URL: jdbc:oracle:thin:@localhost:1521/XE
Applying 1 upgrade batches
Executing upgrade batch: 1.5 to 1.5.1
Executing SQL statements from file: Upgrade_Data_15_151.sql [17 statements]
.................[17]
Executing SQL statements from file: Upgrade_15_151.sql [7 statements]
.......[7]

Successfully applied upgrade batch: 1.5 to 1.5.1
Running 0 upgrade tasks
Applying 0 upgrade batches
Database upgrade complete

Would you like to start the vCloud Director service now? If you choose not
to start it now, you can manually start it at any time using this command:
service vmware-vcd start

Start it now? [y/n] y
Done!

name NAS-HAdatastore already exists

I ran into this error when attempting to make the names of my HA datastores consistent.

"The name NAS-HAdatastore already exists"

But wait, it does not exist on this host.
As it turns out, the error message is quite misleading - it should say something like - "This datastore is mounted with a different server:/vol/path/ options on the other nodes in this HA cluster - make sure they match"

Sure enough, the other nodes had the datastore mounted with a trailing slash (server:/vol/path/) and I was attempting to add this mount without the trailing slash.
Making the mounts consistent resolved the issue and gave me the 2 datastores I needed for functional cluster HA!

Thursday, March 15, 2012

vSphere 5 Update 1 Released

If you were holding off for the last 6 months for the first update - wait no longer!
Update 1 is here! And it fixes one of my least favorite bugs where vmware tools upgrades fail.
Also exciting is support for the newest Intel chipsets - we are looking forward to this in the 12th generation Dell 620/720's.

Thanks VMware!

Tuesday, March 13, 2012

PowerCLI GuestFileManager Methods

With the latest version of vSphere 5 and the vmware-tools, we have access to a whole new suite of guest methods including GuestFileManager methods including: ChangeFileAttributesInGuest, CreateTemporaryDirectoryInGuest, CreateTemporaryFileInGuest, DeleteDirectoryInGuest, DeleteFileInGuest, InitiateFileTransferFromGuest, InitiateFileTransferToGuest, ListFilesInGuest, MakeDirectoryInGuest, MoveDirectoryInGuest, MoveFileInGuest

I was having issues upgrading the vmware-tools in some linux VMs due to the missing /tmp/vmware-root dir in the guest OS. So with the following powerCLI code it is possible to call the MakeDirectoryInGuest method remotely, fixing the vmware-tools upgrade issue. (credit to the powerCLI guru's LucD and Neilse for their help):

$vmname = "vm-01"
$command = "mkdir /tmp/vmware-root"
$GuestCred = "root"
$GuestPass = "rootpass"
Invoke-VMScript -VM $vmname -ScriptText $command -GuestUser $GuestCred -GuestPassword $GuestPass -ScriptType Bash

And if you wanted to iterate over all *nix VMs:

$linuxGuests = "rhel6Guest","rhel6_64Guest","centosGuest",
"centos64Guest"

Get-VM | where {$linuxGuests -contains
$_.ExtensionData.Summary.Guest.GuestId} | %{

Invoke-VMScript -VM $_.name -ScriptText $command -GuestUser
$GuestCred -GuestPassword $GuestPass -ScriptType Bash

}
Note: This assumes your GuestOS root passwords are all set consistently.