You can deactivate and reactivate verifiers for fields in the BOSH Director and other VMware Tanzu Operations Manager product tiles.
Tanzu Operations Manager provides this option for troubleshooting purposes. For example, your deployment may have a unique configuration that the verifier cannot detect. In this case, you can unblock your deployment by disabling the verifier.
VMware recommends contacting Support before you deactivate Tanzu Operations Manager verifiers.
VMware recommends recording and routinely revisiting which verifiers you deactivate. The Tanzu Operations Manager UI does not indicate which verifiers you deactivated. Deactivated verifiers persist through upgrades.
Tanzu Operations Manager verifiers narrow the feedback loop for operators by checking that fields are configured correctly. Tanzu Operations Manager verifiers reach out and find objects in the world. For example, given an IP, a verifier can ping the IP to see that it responds.
Verifiers run early in a deployment. With verifiers turned off, deployments might fail much later.
Verifiers run on two occasions:
Verifier label | Triggers when you... | Blocks deployment? |
---|---|---|
form |
Click Save in a pane | Does not block deployment. Error message is a warning. |
install_time |
Click Apply Changes | Blocks you from deploying. Disabling verifiers unblocks deployment. |
You can deactivate verifiers by verifier type. For example, you can deactivate all MySQL verifiers for a tile. To deactivate a verifier type for a tile, you must find and record the type, then use the Tanzu Operations Manager API to complete the change.
To record the verifier type:
Log in to Tanzu Operations Manager and go to Review Pending Changes.
Click Apply Changes and see the verifier error message.
Record the type
in the verifier error message. For example, WildcardDomainVerifier
.
To deactivate verifiers, you must use the Tanzu Operations Manager API. To get started with the Tanzu Operations Manager API, follow the procedures in Using the Tanzu Operations Manager API.
The API endpoint varies by tile. Go to one of the following procedures:
To deactivate a verifier type for the BOSH Director:
Run the following API command:
curl "https://OPS-MAN-FQDN/api/v0/staged/director/verifiers/install_time/VERIFER-TYPE" \
-X PUT \
-H "Authorization: Bearer UAA-ACCESS-TOKEN" \
-H "Content-Type: application/json" \
-d '{ "enabled": false }'
Where:
OPS-MAN-FQDN
is the fully-qualified domain name (FQDN) for your Tanzu Operations Manager deployment.VERIFIER-TYPE
is the verifier type you recorded in Step 1: Record the Verifier Type.UAA_ACCESS_TOKEN
is your UAA access token. For more information, see Access the API.For more information about this endpoint, see Endpoints in the Tanzu Operations Manager API documentation.
To confirm that your verifier type is deactivated, run the following command:
curl "https://OPS-MAN-FQDN/api/v0/staged/director/verifiers/install_time" \
-X GET \
-H "Authorization: Bearer UAA-ACCESS-TOKEN"
Confirm that the Tanzu Operations Manager API shows false
for the verifier type you deactivated. In the following example, DirectorConfigurationVerifer
is set to false
:
{
"verifiers": [
{
"type": "AllocatedIpAddressVerifier",
"enabled": true
},
{
"type": "AvailabilityZonesVerifier",
"enabled": true
},
{
"type": "DirectorConfigurationVerifier",
"enabled": false
},
{
"type": "IaasConfigurationVerifier",
"enabled": true
},
{
"type": "NetworksExistenceVerifier",
"enabled": true
},
{
"type": "NetworksPingableVerifier",
"enabled": true
},
{
"type": "PrivilegeVerifier",
"enabled": true
}]}
For more information about this endpoint, see Retrieving a list of install time verifiers for a specific product in the Tanzu Operations Manager API documentation.
Record the product and the verifier type that you deactivated in a secure location. VMware recommends recording and routinely revisiting which verifiers you deactivate.
To deactivate a verifier type for tiles other than the BOSH Director:
Run the following command and record the guid
corresponding to your product.
curl "https://OPS-MAN-FQDN/api/v0/staged/products" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Where:
OPS-MAN-FQDN
is the fully-qualified domain name (FQDN) for your Tanzu Operations Manager deployment.UAA_ACCESS_TOKEN
is your UAA access token. For more information, see Access the API.See the following example output:
{[{ "installation_name": "component-type1-installation-name", "guid": "component-type1-guid", "type": "component-type1" }, { "installation_name": "p-bosh-installation-name", "guid": "p-bosh-guid", "type": "p-bosh" }]}
To deactivate your verifier by type, run the following command.
curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/verifiers/install_time/VERIFIER-TYPE" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "enabled": false }'
Where:
OPS-MAN-FQDN
is the fully-qualified domain name (FQDN) for your Tanzu Operations Manager deployment.PRODUCT-GUID
is the GUID you recorded in the previous step.VERIFIER-TYPE
is the verifier type you recorded in Step 1: Record the Verifier type.To confirm that your verifier type is deactivated, run the following command:
curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/verifiers/install_time" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Confirm that the Tanzu Operations Manager API shows false
for the verifier type you deactivated. In the following example, MysqlDatabaseVerifier
is set to false
:
{ "verifiers":[ { "type":"BlobstoreVerifier", "enabled":true }, { "type":"MysqlDatabaseVerifier", "enabled":false }, { "type":"SsoUrlVerifier", "enabled":true }, { "type":"WildcardDomainVerifier", "enabled":true }]}
Record the product and the verifier type that you deactivated in a secure location. VMware recommends recording and routinely revisiting which verifiers you deactivate.
VMware recommends recording and routinely revisiting which verifiers you deactivate. The Tanzu Operations Manager UI does not indicate which verifiers you deactivate, and deactivated verifiers persist through upgrades.
To enable verifiers again, follow the steps detailed in Use the Tanzu Operations Manager API, and rather than setting enabled
to false
, set it to true
.
If you do not know what verifiers are deactivated, curl
the verifiers
endpoint for each installed product.