Upgrading vIDM

Given the adoption of VMware Identity Manager (vIDM) in vRealize Suite products, I have talked about the vIDM in several blog posts. Recently, I realized my homelab was running an older version of vIDM. I figured I would share my upgrade experience. Read on to learn more!


To upgrade vIDM you need CLI access to the appliance. Remember that vIDM uses the sshuser username for SSH access. When I attempted to SSH it kept failing. Logging into the UI, I noticed a red health icon in the upper right-hand side. Selecting the icon indicated that the sshuser password had expired. I navigated over to the Appliance Settings tab and select the option to Manage Configuration. From there, I went to the Change Password tab and enter password information to enable SSH access again.
With SSH access to the appliance, I could start the upgrade procedure:

$ > ssh sshuser@vidm01
The authenticity of host 'vidm01 (192.168.1.137)' can't be established.
ECDSA key fingerprint is SHA256:dn95tA4q4T6Tz9e6v8SLol710ZGjsk06RcKayBWD0YU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'vidm01,192.168.1.137' (ECDSA) to the list of known hosts.
Welcome to SUSE Linux Enterprise Server 11 SP3 for VMware  (x86_64) - Kernel \r (\l).
sshuser@vidm01's password:
'Last login: Fri Nov 17 16:04:05 2017 from 10.8.0.6
'sshuser@vidm01:~> sudo -s
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.
root's password:
vidm01:/home/sshuser # /usr/local/horizon/update/updatemgr.hzn check
Update installer needs to be updated first.
To update, run this command: updatemgr.hzn updateinstaller
vidm01:/home/sshuser # /usr/local/horizon/update/updatemgr.hzn updateinstaller
Updating update rpm
vidm01:/home/sshuser # /usr/local/horizon/update/updatemgr.hzn check
Checking for updates...
Current version: 2.8.1.0
Update version available: 3.0.0.0
An update is available
vidm01:/home/sshuser # /usr/local/horizon/update/updatemgr.hzn update
Checking for updates...
Current version: 2.8.1.0
Updating all VMs to version: 3.0.0.0
Running preupdate
save /usr/java/jre-vmware/lib/security/cacerts
Saving manifest.xml
Stopping tcServer
Tomcat memory params are -server -Djdk.tls.ephemeralDHKeySize=1024 -XX:+AggressiveOpts -XX:MaxMetaspaceSize=768m -XX:MetaspaceSize=768m -Xss1m -Xmx2434m -Xms2434m -XX:+UseParallelGC -XX:+UseParallelOldGC -XX:NewRatio=3 -XX:SurvivorRatio=12 -XX:+DisableExplicitGC -XX:+UseBiasedLocking -XX:-LoopUnswitching
Instance is running as PID=6326, shutting down...
Instance is running PID=6326, sleeping for up to 30 seconds waiting for shutdown
Instance shut down gracefully
Starting VMware vPostgres
Last login: Fri Nov 17 16:05:13 UTC 2017 on pts/0
waiting for server to start.... done
server started
Last login: Fri Nov 17 16:05:14 UTC 2017 on pts/0
Available disk space under /db : 9.1G
starting db dump
db dump finished
vpostgres                 0:off  1:off  2:off  3:off  4:off  5:off  6:off
iNode usage on /var at 1%
Updating the vm.
Saving manifest.xml
Installing version -  3.0.0.0 Build 6651498
.....................................................................................................................................................................................................................................................................................................................................................................................................Connection to sfcbd lost
Attempting to reconnect: 1
Attempting to reconnect: 2
..Attempting to reconnect: 3
.Attempting to reconnect: 4
Attempting to reconnect: 5
.Attempting to reconnect: 6
Attempting to reconnect: 7
.Attempting to reconnect: 8
Attempting to reconnect: 9
.Attempting to reconnect: 10
..................................................................Waiting on upgrade process to complete:
Vami upgrade process completed.
Restoring default provider-runtime
Running postupdate
restore /usr/java/jre-vmware/lib/security/cacerts
Shutting down syslog services..done
Starting syslog services..done
Resetting RabbitMQ
Stopping node rabbitmq@vidm01 ...
Rebuilding manifest file
Update complete, please reboot the VM.
vidm01:/home/sshuser # /usr/local/horizon/update/updatemgr.hzn check
Checking for updates...
Current version: 3.0.0.0
Update version available: none
No Updates Available
vidm01:/home/sshuser # /opt/vmware/bin/vamicli version --appliance
Version - 3.0.0.0 Build 6651498
Description - To update the appliance
vidm01:/home/sshuser # reboot
Broadcast message from root (pts/0) (Fri Nov 17 16:21:25 2017):
The system is going down for reboot NOW!
vidm01:/home/sshuser # Connection to vidm01 closed by remote host.
Connection to vidm01 closed.

One thing to note is after the reboot it appears the fingerprint of the system changed:

$ > ssh sshuser@vidm01
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:rw6V7wuJfUen9bNnh2sIDHvpIbw5k39ULvwUYFgi8Hg.
Please contact your system administrator.
Add correct host key in /Users/you/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/you/.ssh/known_hosts:171
RSA host key for vidm01 has changed and you have requested strict checking.
Host key verification failed.

As you can see, the process is easy. Now, if only there was a UI to do all this…

© 2018, Steve Flanders. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top