Before you upgrade the VMware Identity Manager 19.03 virtual appliance online, perform the prerequisite tasks.
- To use ThinApp packaged applications, use the VMware Identity Manager connector (Linux) version 2018.8.1.0.
- To use other Virtual Apps, such Horizon desktops and applications or Citrix published resources, use the VMware Identity Manager connector (Windows) version 19.03.
Perform the following prerequisite tasks.
- Verify that at least 4 GB of disk space is available on the primary root partition of the virtual appliance.
- Back up the virtual appliance by taking a snapshot. For information about how to take snapshots, see the vSphere documentation.
- To ensure that Elasticsearch data is not deleted, prepare Elasticsearch for the upgrade.
- Determine if multiple instances of Elasticsearch have ever run on any of the VMware Identity Manager service nodes and, if so, consolidate the data directories of the multiple instances.
- View the contents of the /db/elasticsearch/horizon/nodes directory.
The goal is for one subdirectory named 0 to exist. If only the 0 subdirectory exists, you do not need to consolidate directories.
If a second copy of Elasticsearch has run at any time, a second directory named 1 also exists. Continue with the steps to consolidate directories.
- If multiple Elasticsearch instances exist, stop Elasticsearch and verify all processes are stopped.
For example, to stop Elasticsearch, run the following command.
service elasticsearch stop
For example, to verify all Elasticsearch processes are stopped, run the following command.
ps -ef | grep elasticsearch
If the grep command shows that additional Elasticsearch processes are running, kill those processes.
- To determine which directory within each node contains the data, search for the data in the indices directory of each node, such as the following directory: /db/elasticsearch/horizon/nodes/1/indices/.
- Remove the directory that does not contain the data and, if necessary, rename the remaining directory.
If the 0 directory contains the data, remove the 1 directory.
If the 1 directory contains the data, remove the 0 directory and rename the 1 directory 0.
- Restart Elasticsearch.
service elasticsearch start
- Search the /opt/vmware/elasticsearch/logs/horizon.log for a message like the following:
recovered xx indices into cluster_state
The message indicates that the system can read the renamed data directory, where xx represents the number of directories, or indices, in the /db/elasticsearch/horizon/nodes/0/indices/ directory.
- View the contents of the /db/elasticsearch/horizon/nodes directory.
- Remove sysconfig.cloneprep and sysconfig.iamaclone files from all cloned service nodes.
For example, log into each service node and run the following commands as root.
rm -f /usr/local/horizon/conf/flags/sysconfig.cloneprep rm -f /usr/local/horizon/conf/flags/sysconfig.iamaclone
- Determine if multiple instances of Elasticsearch have ever run on any of the VMware Identity Manager service nodes and, if so, consolidate the data directories of the multiple instances.
- If you revoked the db_owner role on the Microsoft SQL database, as described in https://docs.vmware.com/en/VMware-Identity-Manager/19.03/vidm-install/GUID-5B533EE2-8F6C-4716-A94A-8B7AA3F5BC75.html, you must add it back before performing the upgrade, otherwise the upgrade fails.
Add the db_owner role to the same user that was used during installation:
- Log in to the Microsoft SQL Server Management Studio as a user with sysadmin privileges.
- Connect to the database instance for VMware Identity Manager 19.03.
- Enter the following commands.
If you are using Windows Authentication mode, use the following commands:
USE <saasdb>; ALTER ROLE db_owner ADD MEMBER <domain\username>; GO
Make sure that you replace <saasdb> with your database name and <domain\username> with the relevant domain and user name.
If you are using SQL Server Authentication mode, use the following commands:USE <saasdb>; ALTER ROLE db_owner ADD MEMBER <loginusername>; GO
Make sure that you replace <saasdb> with your database name and <loginusername> with the relevant username.
- Take a snapshot or backup of the external database.
- Verify that VMware Identity Manager is properly configured.
- Verify that the virtual appliance can resolve and reach vapp-updates.vmware.com on ports 80 and 443 over HTTP.
- If an HTTP proxy server is required for outbound HTTP access, configure the proxy server settings for the virtual appliance. See Configure Proxy Server Settings for the VMware Identity Manager 19.03 Appliance.
- Confirm that a Workspace ONE Access upgrade exists. Run the appropriate command to check for upgrades. See Check for the Availability of a Workspace ONE Access Upgrade Online.