After you upgrade to VMware Identity Manager 3.3, you might need to configure certain settings.
Log4j Configuration Files
If any log4j configuration files in a VMware Identity Manager instance were edited, new versions of the files are not automatically installed during the upgrade. However, after the upgrade, the logs controlled by those files do not work.
To resolve this issue:
- Log in to the virtual appliance.
- Search for log4j files with the .rpmnew suffix.
find / -name "*log4j.properties.rpmnew"
- For each file found, copy the new file to the corresponding old log4j file without the .rpmnew suffix.
Cluster ID in Secondary Data Center
Beginning with VMware Identity Manager 3.3, cluster IDs are used to identify the nodes in a cluster.
If your VMware Identity Manager deployment includes a secondary data center, you must change the cluster ID of the secondary data center after upgrade. Before changing the cluster ID, verify that each node has the Elasticsearch discovery-idm plugin installed.
- Verify that each node has the Elasticsearch discovery-idm plugin.
- Log in to the virtual appliance.
- Use the following command to check if the plugin is installed.
/opt/vmware/elasticsearch/bin/plugin list
- If the plugin does not exist, use the following command to add it.
/opt/vmware/elasticsearch/bin/plugin install file:///opt/vmware/elasticsearch/jars/discovery-idm-1.0.jar
- Log in to the VMware Identity Manager console.
- Select the tab.
- In the top panel, locate the cluster information for the secondary data center cluster.
- Update the cluster ID of all the nodes in the secondary data center to a different number than the one used in the first data center.
For example, set all the nodes in the secondary data center to 3, if the first data center is not using 3.
- Verify that the clusters in both the primary and secondary data centers are formed correctly.
Follow these steps for each node in the primary and secondary data centers.
- Log in to the virtual appliance.
- Run the following command:
curl 'http://localhost:9200/_cluster/health?pretty'
If the cluster is configured correctly, the command returns a result similar to the following example:
{ "cluster_name" : "horizon", "status" : "green", "timed_out" : false, "number_of_nodes" : 3, "number_of_data_nodes" : 3, "active_primary_shards" : 20, "active_shards" : 40, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0 }
Cache Service Setting in Secondary Data Center Appliances
If you set up a secondary data center, VMware Identity Manager instances in the secondary data center are configured for read-only access with the "read.only.service=true" entry in the /usr/local/horizon/conf/runtime-config.properties file. After you upgrade such an appliance, the service fails to start.
sva1.example.com |
sva2.example.com |
sva3.example.com |
- Log in to a virtual appliance in the secondary data center as the root user.
For this example, log in to sva1.example.com.
- Edit the /usr/local/horizon/conf/runtime-config.properties file as indicated in the substeps that follow.
You might be able to edit an existing entry, or you can add a new entry. If applicable, uncomment entries that are commented out.
- Set the value of the
cache.service.type
entry toehcache
.cache.service.type=ehcache
- Set the value of the
ehcache.replication.rmi.servers
entry to the fully qualified domain names (FQDN) of the other nodes in the secondary data center. Use a colon:
as the separator.
For this example, configure the entry as follows.
ehcache.replication.rmi.servers=sva2.example.com:sva3.example.com
- Set the value of the
- Restart the service.
service horizon-workspace restart
- Repeat the preceding steps on the remaining nodes in the secondary data center.
For this example, the remaining nodes to configure are sva2.example.com and sva3.example.com.
Citrix Integration
For Citrix integration in VMware Identity Manager 3.3, all external connectors must be version 2018.8.1.0 (the connector version in the 3.3 release) or later.
You must also use Integration Broker 3.3. Upgrade is not available for Integration Broker. Uninstall the old version, then install the new version.