This topic describes how to deactivate and re-activate verifiers for fields in the BOSH Director and other product tiles in VMware Tanzu Operations Manager (Ops Manager).
Ops Manager provides this option for troubleshooting purposes. For example, your deployment may have a unique configuration that the verifier cannot detect. In this case, you can unblock your deployment by disabling the verifier.
Note: VMware recommends contacting Support before you deactivate Ops Manager verifiers.
Caution: VMware recommends recording and routinely revisiting which verifiers you deactivate. The Ops Manager UI does not indicate which verifiers you deactivated. Deactivated verifiers persist through upgrades.
Ops Manager verifiers narrow the feedback loop for operators by checking that fields are configured correctly. Ops Manager verifiers reach out and find objects in the world. For example, given an IP, a verifier can ping the IP to see that it responds.
Verifiers run early in a deployment. With verifiers turned off, deployments may fail much later.
Verifiers run on two occasions:
Verifier Label | Triggers when you... | Blocks deployment? |
---|---|---|
form |
Click Save in a pane. | Does not block deployment. Error message is a warning. |
install_time |
Click Apply Changes. | Blocks you from deploying. Disabling verifiers unblocks deployment. |
You can deactivate verifiers by verifier type. For example, you can deactivate all MySQL verifiers for a tile. To deactivate a verifier type for a tile, you must find and record the type, then use the Ops Manager API.
To record the verifier type:
Log in to Ops Manager and go to Review Pending Changes.
Click Apply Changes and see the verifier error message.
Record the type
in the verifier error message. For example, WildcardDomainVerifier
.
To deactivate verifiers, you must use the Ops Manager API. To get started with the Ops Manager API, follow the procedures in Using the Ops Manager API.
The API endpoint varies by tile. Go to one of the procedures below:
To deactivate a verifier type for the BOSH Director:
Run the following API command:
curl "https://OPS-MAN-FQDN/api/v0/staged/director/verifiers/install_time/VERIFER-TYPE" \
-X PUT \
-H "Authorization: Bearer UAA-ACCESS-TOKEN" \
-H "Content-Type: application/json" \
-d '{ "enabled": false }'
Where:
OPS-MAN-FQDN
is the fully-qualified domain name (FQDN) for your Ops Manager deployment.VERIFIER-TYPE
is the verifier type you recorded in Step 1: Record the Verifier Type.UAA_ACCESS_TOKEN
is your UAA access token. For more information, see Access the API.For more information about this endpoint, see Turning off a verifier for the director in the Ops Manager API documentation.
To confirm your verifier type is deactivate, run the following command:
curl "https://OPS-MAN-FQDN/api/v0/staged/director/verifiers/install_time" \
-X GET \
-H "Authorization: Bearer UAA-ACCESS-TOKEN"
See that the Ops Manager API shows false
for the verifier type you deactivated. In the following example, DirectorConfigurationVerifer
is set to false
:
{
"verifiers": [
{
"type": "AllocatedIpAddressVerifier",
"enabled": true
},
{
"type": "AvailabilityZonesVerifier",
"enabled": true
},
{
"type": "DirectorConfigurationVerifier",
"enabled": false
},
{
"type": "IaasConfigurationVerifier",
"enabled": true
},
{
"type": "NetworksExistenceVerifier",
"enabled": true
},
{
"type": "NetworksPingableVerifier",
"enabled": true
},
{
"type": "PrivilegeVerifier",
"enabled": true
}]}
For more information about this endpoint, see Retrieving a list of install time verifiers for a specific product in the Ops Manager API documentation.
Record the product and the verifier type that you deactivated in a secure location. VMware recommends recording and routinely revisiting which verifiers you deactivate.
To deactivate a verifier type for tiles other than the BOSH Director:
Run the following command and record the guid
corresponding to your product.
curl "https://OPS-MAN-FQDN/api/v0/staged/products" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Where:
OPS-MAN-FQDN
is the fully-qualified domain name (FQDN) for your Ops Manager deployment.UAA_ACCESS_TOKEN
is your UAA access token. For more information, see Access the API.See the following example output:
{[{ "installation_name": "component-type1-installation-name", "guid": "component-type1-guid", "type": "component-type1" }, { "installation_name": "p-bosh-installation-name", "guid": "p-bosh-guid", "type": "p-bosh" }]}
For more information about this endpoint, see Listing all staged products in the Ops Manager API documentation.
To deactivate your verifier by type, run the following command.
curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/verifiers/install_time/VERIFIER-TYPE" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "enabled": false }'
Where:
OPS-MAN-FQDN
is the fully-qualified domain name (FQDN) for your Ops Manager deployment.PRODUCT-GUID
is the GUID you recorded in the previous step.VERIFIER-TYPE
is the verifier type you recorded in Step 1: Record the Verifier Type.For more information about this endpoint, see Turning off a verifier for a specific product in the Ops Manager API documentation.
To confirm your verifier type is deactivated, run the following command.
curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/verifiers/install_time" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
See that the Ops Manager API shows false
for the verifier type you deactivated. In the following example, MysqlDatabaseVerifier
is set to false
:
{ "verifiers":[ { "type":"BlobstoreVerifier", "enabled":true }, { "type":"MysqlDatabaseVerifier", "enabled":false }, { "type":"SsoUrlVerifier", "enabled":true }, { "type":"WildcardDomainVerifier", "enabled":true }]}
For more information about this endpoint, see Retrieving a list of install time verifiers for a specific product in the Ops Manager API documentation.
Record the product and the verifier type that you deactivated in a secure location. VMware recommends recording and routinely revisiting which verifiers you deactivate.
VMware recommends recording and routinely revisiting which verifiers you deactivate. The Ops Manager UI does not indicate which verifiers you deactivate. Deactivated verifiers persist through upgrades.
To re-enable verifiers, follow the steps detailed in Use the Ops Manager API above. Instead of setting enabled
to false
, set it to true
.
If you do not know what verifiers are deactivated, curl
the verifiers
endpoint for each installed product. For more information, see Retrieving a list of install time verifiers for a specific product in the Ops Manager API documentation.