1) Unable to upgrade the database: java.sql.SQLException: ORA-28001: the password has expired:
/opt/vmware/vcloud-director/bin/upgrade2) Once #1 is solved, we the upgrade script is working off the old password stored in the keystore:
Welcome to the vCloud Director upgrade utility
This utility will apply several updates to the database. Please
ensure you have created a backup of your database prior to continuing.
Do you wish to upgrade the product now? [Y/N] y
Examining database at URL: jdbc:oracle:thin:@localhost:1521/XE
Unable to upgrade the database: java.sql.SQLException: ORA-28001: the password has expired
Unable to upgrade the database: java.sql.SQLException: ORA-01017: invalid username/password; logon denied
So we need to update the keystore according to @recklessop's post
Solution for issue #1 (reset the oracle password):
su - oracle
-bash-3.2$ sqlplus "/ as sysdba"
SQL*Plus: Release 11.2.0.2.0 Production on Sun Mar 25 10:43:32 2012
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-12162: TNS:net service name is incorrectly specified
This means we forgot to set the ORACLE_HOME and ORACLE_SID - those must be set in the /etc/init.d/oracle* startup script:
ORACLE_HOME=/u01/app/oracle/product/11.2.0/xe
ORACLE_SID=XE
export ORACLE_HOME
export ORACLE_SID
Now, we are in - just follow @BasRaayman's post:
-bash-3.2$ sqlplus "/ as sysdba"
SQL*Plus: Release 11.2.0.2.0 Production on Sun Mar 25 10:48:33 2012
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Beta
SQL> select username,ACCOUNT_STATUS,EXPIRY_DATE from dba_users;
USERNAME ACCOUNT_STATUS EXPIRY_DA
------------------------------ -------------------------------- ---------
VCLOUD EXPIRED 13-MAR-12
SQL> alter user VCLOUD identified by newpass;
SQL> alter user VCLOUD account unlock;
Solution for issue #2 (reset keystore pass):
cp /opt/vmware/cloud-director/jre/bin/certificates.ks /opt/vmware/cloud-director/jre/bin/certificates.ks.old
/opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass newpass -genkey -keyalg RSA -alias http -dname "cn=vcloud, ou=vmware, o=vmware, c=US" -keypass newpassthen overwrite the old keystore:
/opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass newpass -genkey -keyalg RSA -alias consoleproxy -dname "cn=vcloud, ou=vmware, o=vmware, c=US" -keypass newpass
cp certificates.ks /opt/vmware/cloud-director/jre/bin/certificates.ks
and run configure to sync things up:
/opt/vmware/vcloud-director/bin/configure
then finally we can run the upgrade:
/opt/vmware/vcloud-director/bin/upgradeDone!
Welcome to the vCloud Director upgrade utility
This utility will apply several updates to the database. Please
ensure you have created a backup of your database prior to continuing.
Do you wish to upgrade the product now? [Y/N] y
Examining database at URL: jdbc:oracle:thin:@localhost:1521/XE
Applying 1 upgrade batches
Executing upgrade batch: 1.5 to 1.5.1
Executing SQL statements from file: Upgrade_Data_15_151.sql [17 statements]
.................[17]
Executing SQL statements from file: Upgrade_15_151.sql [7 statements]
.......[7]
Successfully applied upgrade batch: 1.5 to 1.5.1
Running 0 upgrade tasks
Applying 0 upgrade batches
Database upgrade complete
Would you like to start the vCloud Director service now? If you choose not
to start it now, you can manually start it at any time using this command:
service vmware-vcd start
Start it now? [y/n] y
1 comment:
The certificates file is completely independent of the vCD database credentials, so updating it should not be necessary.
Also, be aware that the certificates you've generated are invalid, even as self-signed certificates. The CN should be the FQDN or IP address of the vCD HTTP or console proxy service. When a client's browser attempts to connect to your service it will attempt to match the hostname/IP to the CN in the certificate.
Post a Comment