When you run the domain repoint command in pre-check mode, data from the Platform Services Controller is exported, examined, and conflicts are written to a file.

The following data is exported to the /storage/domain-data/ or ProgramData/VMWare/vCenterServerdata/domain-data folder:

  • All_Privileges.json
  • All_Roles.json
  • All_TagCategories.json
  • All_Tags.json

These files contain the all the data (Authorization and Tagging) from the vCenter Server on which this command was run.

If a secondary vCenter Server is provided using the -dvf or --dest-vc-fqdn option, any conflicts are also exported to the same folder:

  • Conflicts_Roles.json
  • Conflicts_TagCategories.json
  • Conflicts_Tags.json

The following is a sample conflicts file:

<---- Sample Conflict file code block --->
	 {
  "global" : {
    "resolution" : "MERGE|SKIP|COPY",
    "description" : "Default resolution option used to resolve Role Conflicts is COPY. The 
conflicts list describes the differences between Role entities on source and target PSC. If 
the source information represents an empty JSON array, it simply means that all the entity 
attributes from source and target are identical. If the source lists few entries, it means 
that only these entity attributes are missing from the target. If the target lists few entries, 
it means that only these entity attributes are missing from the source. Though a global resolution 
can be set, it can also be overridden at each conflict level by providing individual resolution 
mode."
  },
  "conflicts-count" : 1,
  "conflicts-list" : {
    "NoCryptoAdmin" : {
      "source" : {
        "privileges" : "[]"
      },
      "target" : {
        "privileges" : "[Group-1.SamplePriv-1, Group-1.SamplePriv-4, Group-2.SamplePriv-10, 
Group-2.SamplePriv-3, Group-2.SamplePriv-7, Group-3.SamplePriv-2, Group-3.SamplePriv-9]"
      },
      "resolution" : ""
    }
}
<----- End of code block --->

The parts of the sample conflict files are:

  • description. Provides the details on how the respective conflicts file is read and understood.
  • source and target. JSON objects that list only the differences between the source and target Platform Services Controller objects.
  • resolution. User supplies one valid resolution. Valid resolutions are MERGE, COPY, and SKIP.

To specify the resolution for handling conflicts, you can provide a default resolution option all conflicts in the "global": "resolution" = "MERGE|SKIP|COPY" section. If you do not provide a valid global resolution type for resolution or leave it unedited, the system uses COPY as the default resolution option.

You can also provide a valid resolution option for each of the conflicts by editing the resolution property at each conflict level which overrides the global resolution option.

The types of conflicts listed in Table 1.

Table 1. Conflict Types
Conflict Properties used to compare Category Objects Conflict Types Conflicting Properties Conflict Resolution Options
Role conflict
  • name: Name of the category.
  • privilegeId: List of privileges for the role.

RoleName conflict occurs while importing roles and a role with the same name exists in the target Platform Services Controller but with different privileges.

Properties that can be conflicting for RoleName conflict type can be Privileges.
  • COPY. A copy of the conflicting role is created in the target Platform Services Controller, with –-copy appended to the role name. The new role is created with a new role ID with the same set of privilege IDs. The new role ID is updated in the VPX_ACCESS table. The new role ID is applicable for both role name conflict and role ID conflict.
    Note:
    The default resolution option to resolve Role conflicts is COPY.
  • MERGE.The MERGE option is resolved in the following sequence:
    1. If the source Platform Services Controller has a role with the same name and privilege list as a role in the target Platform Services Controller, but the role IDs are different, the role ID from the target Platform Services Controller is used and updated in the VPX_ACCESS table.
    2. If the source Platform Services Controller has a role with the same name as a role in the target Platform Services Controller, but with a different privilege list, then the privilege lists for both roles are merged.
  • SKIP. Do nothing. The specific role is skipped.

Tag Category conflict: A category name must be unique in a Platform Services Controller.
  • name: Name of the category.
  • cardinality: Cardinality of Category, either Single or Multiple.
  • associableEntityType: List of vCenter Server object that can be associated with a tag from this category. A value of All indicates all vCenter Server objects.
Only one type of conflict can be seen while importing Tag Categories, CategoryName conflict. This conflict indicates that a category with the same name exists in the target Platform Services Controller but with different properties (cardinality or associableEntityType). Properties that can be conflicting for conflict type CategoryName can be at least one of two types: Cardinality or AssociableTypes.
  • COPY. A copy of the conflicting category is created in the target Platform Services Controller, with –-copy appended to the category name. The new category is created with the same property name as in the source Platform Services Controller. All the tags that were present under this category is imported under the newly created CategoryCopy.
    Note:
    The default resolution option to resolve CategoryName conflicts is COPY.
  • MERGE. Conflicting properties are merged with the category that is already present in the SSO. Properties are merged as follows:
    1. Description. The description that is already present is used.
    2. Cardinality. Cardinality cannot shrink. If there is a cardinality conflict, the cardinality is set to multiple. It cannot be reduced to single.
    3. AssociableTypes.If either the associableEntityType values are null, it is set to null. Otherwise, Objects types are merged.
  • SKIP. Do nothing. All tags are imported under the category that exists.

Tags Conflict: A tag object always belongs to a category Object. A tag Name must be unique only inside a category.
  • name
  • description
Only one type of conflict can be seen while importing tags: TagName conflict. This conflict indicates that a Tag with the same name exists under the same category and in the target Platform Services Controller but with different properties. Properties that can be conflicting for a conflict of type: TagName can be Description.
  • COPY. A copy of the conflicting tag is created in the target Platform Services Controller, with –-copy appended to the tag name. Take the MoRef(Internal tag ID) of the newly created tag and update the tag association if necessary.
    Note:
    The default resolution option to resolve CategoryName conflicts is COPY.
  • MERGE.Keep the existing description. Take the MoRef(Internal Tag ID) and update one or more Tag Associations if necessary.

  • SKIP. Do nothing. Do not create this tag. Clean up any Tag Associations.