RSS
 

This topic describes how to deactivate and re-activate verifiers for fields in the BOSH Director and other product tiles in VMware Tanzu Operations Manager (Ops Manager).

Ops Manager provides this option for troubleshooting purposes. For example, your deployment may have a unique configuration that the verifier cannot detect. In this case, you can unblock your deployment by disabling the verifier.

Note: VMware recommends contacting Support before you deactivate Ops Manager verifiers.

Caution: VMware recommends recording and routinely revisiting which verifiers you deactivate. The Ops Manager UI does not indicate which verifiers you deactivated. Deactivated verifiers persist through upgrades.

About Verifiers

Ops Manager verifiers narrow the feedback loop for operators by checking that fields are configured correctly. Ops Manager verifiers reach out and find objects in the world. For example, given an IP, a verifier can ping the IP to see that it responds.

Verifiers run early in a deployment. With verifiers turned off, deployments may fail much later.

Verifiers run on two occasions:

Verifier Label Triggers when you... Blocks deployment?
form Click Save in a pane. Does not block deployment. Error message is a warning.
install_time Click Apply Changes. Blocks you from deploying. Disabling verifiers unblocks deployment.

Deactivate Verifiers by type

You can deactivate verifiers by verifier type. For example, you can deactivate all MySQL verifiers for a tile. To deactivate a verifier type for a tile, you must find and record the type, then use the Ops Manager API.

Step 1: Record the Verifier Type

To record the verifier type:

  1. Log in to Ops Manager and go to Review Pending Changes.

  2. Click Apply Changes and see the verifier error message.

  3. Record the type in the verifier error message. For example, WildcardDomainVerifier.

alt-text=""

Step 2: Use the Ops Manager API

To deactivate verifiers, you must use the Ops Manager API. To get started with the Ops Manager API, follow the procedures in Using the Ops Manager API.

The API endpoint varies by tile. Go to one of the procedures below:

Deactivate Verifiers for the BOSH Director Tile

To deactivate a verifier type for the BOSH Director:

  1. Run the following API command:

    curl "https://OPS-MAN-FQDN/api/v0/staged/director/verifiers/install_time/VERIFER-TYPE" \
 -X PUT \
 -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
 -H "Content-Type: application/json" \
 -d '{ "enabled": false }'

    Where:

    • OPS-MAN-FQDN is the fully-qualified domain name (FQDN) for your Ops Manager deployment.
    • VERIFIER-TYPE is the verifier type you recorded in Step 1: Record the Verifier Type.
    • UAA_ACCESS_TOKEN is your UAA access token. For more information, see Access the API.

    For more information about this endpoint, see Turning off a verifier for the director in the Ops Manager API documentation.

  2. To confirm your verifier type is deactivate, run the following command:

    curl "https://OPS-MAN-FQDN/api/v0/staged/director/verifiers/install_time" \
 -X GET \
 -H "Authorization: Bearer UAA-ACCESS-TOKEN"

    See that the Ops Manager API shows false for the verifier type you deactivated. In the following example, DirectorConfigurationVerifer is set to false:

    {
  "verifiers": [
    {
      "type": "AllocatedIpAddressVerifier",
      "enabled": true
    },
    {
      "type": "AvailabilityZonesVerifier",
      "enabled": true
    },
    {
      "type": "DirectorConfigurationVerifier",
      "enabled": false
    },
    {
      "type": "IaasConfigurationVerifier",
      "enabled": true
    },
    {
      "type": "NetworksExistenceVerifier",
      "enabled": true
    },
    {
      "type": "NetworksPingableVerifier",
      "enabled": true
    },
    {
      "type": "PrivilegeVerifier",
      "enabled": true
    }]}

    For more information about this endpoint, see Retrieving a list of install time verifiers for a specific product in the Ops Manager API documentation.

  3. Record the product and the verifier type that you deactivated in a secure location. VMware recommends recording and routinely revisiting which verifiers you deactivate.

Deactivate Verifiers for other tiles

To deactivate a verifier type for tiles other than the BOSH Director:

  1. Run the following command and record the guid corresponding to your product.

    curl "https://OPS-MAN-FQDN/api/v0/staged/products" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"

    Where:

    • OPS-MAN-FQDN is the fully-qualified domain name (FQDN) for your Ops Manager deployment.
    • UAA_ACCESS_TOKEN is your UAA access token. For more information, see Access the API.

    See the following example output:

    {[{
  "installation_name": "component-type1-installation-name",
  "guid": "component-type1-guid",
  "type": "component-type1"
},
{
  "installation_name": "p-bosh-installation-name",
  "guid": "p-bosh-guid",
  "type": "p-bosh"
}]}

    For more information about this endpoint, see Listing all staged products in the Ops Manager API documentation.

  2. To deactivate your verifier by type, run the following command.

    curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/verifiers/install_time/VERIFIER-TYPE" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "enabled": false }'

    Where:

    • OPS-MAN-FQDN is the fully-qualified domain name (FQDN) for your Ops Manager deployment.
    • PRODUCT-GUID is the GUID you recorded in the previous step.
    • VERIFIER-TYPE is the verifier type you recorded in Step 1: Record the Verifier Type.

    For more information about this endpoint, see Turning off a verifier for a specific product in the Ops Manager API documentation.

  3. To confirm your verifier type is deactivated, run the following command.

    curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/verifiers/install_time" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"

    See that the Ops Manager API shows false for the verifier type you deactivated. In the following example, MysqlDatabaseVerifier is set to false:

    {
  "verifiers":[
  {
  "type":"BlobstoreVerifier",
  "enabled":true
},
{
  "type":"MysqlDatabaseVerifier",
  "enabled":false
},
{
  "type":"SsoUrlVerifier",
  "enabled":true
},
{
  "type":"WildcardDomainVerifier",
  "enabled":true
}]}

    For more information about this endpoint, see Retrieving a list of install time verifiers for a specific product in the Ops Manager API documentation.

  4. Record the product and the verifier type that you deactivated in a secure location. VMware recommends recording and routinely revisiting which verifiers you deactivate.

Re-enable Verifiers by Type

VMware recommends recording and routinely revisiting which verifiers you deactivate. The Ops Manager UI does not indicate which verifiers you deactivate. Deactivated verifiers persist through upgrades.

To re-enable verifiers, follow the steps detailed in Use the Ops Manager API above. Instead of setting enabled to false, set it to true.

If you do not know what verifiers are deactivated, curl the verifiers endpoint for each installed product. For more information, see Retrieving a list of install time verifiers for a specific product in the Ops Manager API documentation.

check-circle-line exclamation-circle-line close-line
Scroll to top icon