You can deactivate and reactivate verifiers for fields in the BOSH Director and other VMware Tanzu Operations Manager product tiles.

Tanzu Operations Manager provides this option for troubleshooting purposes. For example, your deployment may have a unique configuration that the verifier cannot detect. In this case, you can unblock your deployment by disabling the verifier.

VMware recommends contacting Support before you deactivate Tanzu Operations Manager verifiers.

Caution VMware recommends recording and routinely revisiting which verifiers you deactivate. The Tanzu Operations Manager UI does not indicate which verifiers you deactivated. Deactivated verifiers persist through upgrades.

About verifiers

Tanzu Operations Manager verifiers narrow the feedback loop for operators by checking that fields are configured correctly. Tanzu Operations Manager verifiers reach out and find objects in the world. For example, given an IP, a verifier can ping the IP to see that it responds.

Verifiers run early in a deployment. With verifiers turned off, deployments might fail much later.

Verifiers run on two occasions:

Verifier Label Triggers when you... Blocks deployment?
form Click Save in a pane. Does not block deployment. Error message is a warning.
install_time Click Apply Changes. Blocks you from deploying. Disabling verifiers unblocks deployment.

Deactivate verifiers by type

You can deactivate verifiers by verifier type. For example, you can deactivate all MySQL verifiers for a tile. To deactivate a verifier type for a tile, you must find and record the type, then use the Tanzu Operations Manager API.

Step 1: Record the verifier type

To record the verifier type:

  1. Log in to Tanzu Operations Manager and go to Review Pending Changes.

  2. Click Apply Changes and see the verifier error message.

  3. Record the type in the verifier error message. For example, WildcardDomainVerifier.

Step 2: Use the Tanzu Operations Manager API

To deactivate verifiers, you must use the Tanzu Operations Manager API. To get started with the Tanzu Operations Manager API, follow the procedures in Using the Tanzu Operations Manager API.

The API endpoint varies by tile. Go to one of the following procedures:

Deactivate verifiers for the BOSH Director tile

To deactivate a verifier type for the BOSH Director:

  1. Run the following API command:

    curl "https://OPS-MAN-FQDN/api/v0/staged/director/verifiers/install_time/VERIFER-TYPE" \
     -X PUT \
     -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
     -H "Content-Type: application/json" \
     -d '{ "enabled": false }'
    

    Where:

    • OPS-MAN-FQDN is the fully-qualified domain name (FQDN) for your Tanzu Operations Manager deployment.
    • VERIFIER-TYPE is the verifier type you recorded in Step 1: Record the Verifier Type.
    • UAA_ACCESS_TOKEN is your UAA access token. For more information, see Access the API.

    For more information about this endpoint, see Endpoints in the Tanzu Operations Manager API documentation.

  2. To confirm your verifier type is deactivated, run the following command:

    curl "https://OPS-MAN-FQDN/api/v0/staged/director/verifiers/install_time" \
     -X GET \
     -H "Authorization: Bearer UAA-ACCESS-TOKEN"
    

    See that the Tanzu Operations Manager API shows false for the verifier type you deactivated. In the following example, DirectorConfigurationVerifer is set to false:

    {
      "verifiers": [
        {
          "type": "AllocatedIpAddressVerifier",
          "enabled": true
        },
        {
          "type": "AvailabilityZonesVerifier",
          "enabled": true
        },
        {
          "type": "DirectorConfigurationVerifier",
          "enabled": false
        },
        {
          "type": "IaasConfigurationVerifier",
          "enabled": true
        },
        {
          "type": "NetworksExistenceVerifier",
          "enabled": true
        },
        {
          "type": "NetworksPingableVerifier",
          "enabled": true
        },
        {
          "type": "PrivilegeVerifier",
          "enabled": true
        }]}
    

    For more information about this endpoint, see Retrieving a list of install time verifiers for a specific product in the Tanzu Operations Manager API documentation.

  3. Record the product and the verifier type that you deactivated in a secure location. VMware recommends recording and routinely revisiting which verifiers you deactivate.

Deactivate verifiers for other tiles

To deactivate a verifier type for tiles other than the BOSH Director:

  1. Run the following command and record the guid corresponding to your product.

    curl "https://OPS-MAN-FQDN/api/v0/staged/products" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
    

    Where:

    • OPS-MAN-FQDN is the fully-qualified domain name (FQDN) for your Tanzu Operations Manager deployment.
    • UAA_ACCESS_TOKEN is your UAA access token. For more information, see Access the API.

    See the following example output:

    {[{
      "installation_name": "component-type1-installation-name",
      "guid": "component-type1-guid",
      "type": "component-type1"
    },
    {
      "installation_name": "p-bosh-installation-name",
      "guid": "p-bosh-guid",
      "type": "p-bosh"
    }]}
    
  2. To deactivate your verifier by type, run the following command.

    curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/verifiers/install_time/VERIFIER-TYPE" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{ "enabled": false }'
    

    Where:

    • OPS-MAN-FQDN is the fully-qualified domain name (FQDN) for your Tanzu Operations Manager deployment.
    • PRODUCT-GUID is the GUID you recorded in the previous step.
    • VERIFIER-TYPE is the verifier type you recorded in Step 1: Record the Verifier type.
  3. To confirm your verifier type is deactivated, run the following command.

    curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/verifiers/install_time" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
    

    See that the Tanzu Operations Manager API shows false for the verifier type you deactivated. In the following example, MysqlDatabaseVerifier is set to false:

    {
      "verifiers":[
      {
      "type":"BlobstoreVerifier",
      "enabled":true
    },
    {
      "type":"MysqlDatabaseVerifier",
      "enabled":false
    },
    {
      "type":"SsoUrlVerifier",
      "enabled":true
    },
    {
      "type":"WildcardDomainVerifier",
      "enabled":true
    }]}
    
  4. Record the product and the verifier type that you deactivated in a secure location. VMware recommends recording and routinely revisiting which verifiers you deactivate.

Re-enable verifiers by type

VMware recommends recording and routinely revisiting which verifiers you deactivate. The Tanzu Operations Manager UI does not indicate which verifiers you deactivate. Deactivated verifiers persist through upgrades.

To enable verifiers again, follow the steps detailed in Use the Tanzu Operations Manager API. Instead of setting enabled to false, set it to true.

If you do not know what verifiers are deactivated, curl the verifiers endpoint for each installed product.

check-circle-line exclamation-circle-line close-line
Scroll to top icon