Install VMware Identity Manager (VIDM) Patch CSP-97727
You probably guessed it… this post is about installing VMware Identity Manager (VIDM) Patch CSP-97727. Although the official guidance in Broadcom Article [380348] is good, I’d like to share my experience and add some additional information.
Note that if you started all the way back with VIDM version 3.3.5 and went through all the upgrades you may run into an issue applying this patch (if you haven’t applied an earlier patch). The important article to mention here is [378767] – “vIDM node failed to boot after applying patch CSP-95247” which describes the VIDM VM no longer boots and is stuck with “Error 15: File not found”
My current (single node) VIDM deployment started with version 3.3.7, So I don’t have any history related issues. I did check the grub version as mentioned in the KB:
root@vidm [ ~ ]# ls -ltr /boot/grub
lrwxrwxrwx 1 root root 5 Jan 24 2023 /boot/grub -> grub2
root@vidm [ ~ ]# ls -ltr /boot/grub2
total 18
drwxr-xr-x 2 root root 1024 Jan 24 2023 locale
-rw-r--r-- 1 root root 1024 Jan 24 2023 grubenv
drwxr-xr-x 3 root root 1024 Jan 24 2023 themes
drwxr-xr-x 2 root root 9216 Jan 24 2023 i386-pc
-rw------- 1 root root 717 Jan 24 2023 grub.cfg
-rw-r--r-- 1 root root 4999 Jan 24 2023 ascii.pf2
root@vidm [ ~ ]#Another advantage I have, is that the disk layout for VIDM 3.3.7 is different compared to if you started with 3.3.5 which (should) prevent disk usage issues. If you come from an older version you may want to resize the disks as described in an earlier [blogpost]
You can check which hotfixes are applied by checking the directory /usr/local/horizon/conf/flags or by searching for filenames ending on .applied
root@vidm [ ~ ]# find / -name '*.applied'
/usr/local/horizon/conf/flags/CSP-95247-3.3.7.0-hotfix.applied
/usr/local/horizon/conf/flags/CSP-93316-3.3.7.0-hotfix.applied
/usr/local/horizon/conf/flags/HW-189454-3.3.7.0-hotfix.applied
/usr/local/horizon/conf/flags/HW-170932-3.3.7.0-hotfix.applied
/usr/local/horizon/conf/flags/CSP-90495-3.3.7.0-hotfix.applied
/usr/local/horizon/conf/flags/CSP-91401-3.3.7.0-hotfix.appliedAs you can see, in my case CSP-95247 was the latest patch applied (which means I’m already one patch behind 🙁 ).
Download the CSP-97727 patchfile “CSP-97727-Appliance-3.3.7.zip” and SCP copy the file to the VIDM appliance.
=> Some important notes before you start the patch installation:
- Be sure to create a snapshot before proceeding with the installation.
- VIDM patches are cumulative. If previous patches were not installed, they will be installed one after another, including horizon service restarts.
- the VIDM appliance will automatically reboot after applying the patch.
After the patch file is copied to the appliance, unzip the patch file:
root@vidm [ ~ ]# ls -lha
total 1.1G
drwx------ 4 root root 4.0K Jan 8 14:52 .
drwxr-xr-x 18 root root 4.0K Jan 8 12:37 ..
-rw------- 1 root root 2.4K Jan 8 14:52 .bash_history
-rwxr-x--- 1 root root 178 Jan 24 2023 .bash_logout
-rw------- 1 root root 1.1G Jan 8 14:52 CSP-97727-Appliance-3.3.7.zip
lrwxrwxrwx 1 root root 32 Jan 8 12:37 .erlang.cookie -> /var/lib/rabbitmq/.erlang.cookie
drwx------ 2 root root 4.0K Jan 19 2024 .ssh
root@vidm [ ~ ]# unzip CSP-97727-Appliance-3.3.7.zip
Archive: CSP-97727-Appliance-3.3.7.zip
extracting: CSP-96928-Appliance-3.3.7.zip
inflating: CSP-97727-applyPatch.sh
inflating: README.txt
inflating: bash-4.4.18-4.ph3.x86_64.rpm
inflating: bindutils-9.18.27-1.ph3.x86_64.rpm
inflating: c-ares-1.19.1-2.ph3.x86_64.rpm
inflating: curl-8.1.2-8.ph3.x86_64.rpm
inflating: curl-libs-8.1.2-8.ph3.x86_64.rpm
inflating: expat-2.2.9-12.ph3.x86_64.rpm
inflating: expat-libs-2.2.9-12.ph3.x86_64.rpm
inflating: glib-2.58.3-1.ph3.x86_64.rpm
inflating: glibc-2.28-28.ph3.x86_64.rpm
inflating: krb5-1.17-7.ph3.x86_64.rpm
inflating: libssh2-1.11.0-1.ph3.x86_64.rpm
inflating: libxml2-2.9.11-13.ph3.x86_64.rpm
inflating: linux-4.19.321-1.ph3.x86_64.rpm
inflating: nghttp2-1.57.0-2.ph3.x86_64.rpm
inflating: nss-3.44-15.ph3.x86_64.rpm
inflating: nss-libs-3.44-15.ph3.x86_64.rpm
inflating: open-vm-tools-12.2.0-5.ph3.x86_64.rpm
inflating: openldap-2.4.57-4.ph3.x86_64.rpm
inflating: openssh-7.8p1-18.ph3.x86_64.rpm
inflating: openssh-clients-7.8p1-18.ph3.x86_64.rpm
inflating: openssh-server-7.8p1-18.ph3.x86_64.rpm
inflating: perl-5.28.0-8.ph3.x86_64.rpm
inflating: python2-2.7.17-7.ph3.x86_64.rpm
inflating: python2-libs-2.7.17-7.ph3.x86_64.rpm
inflating: python3-3.7.5-34.ph3.x86_64.rpm
inflating: python3-libs-3.7.5-34.ph3.x86_64.rpm
inflating: sqlite-libs-3.35.5-3.ph3.x86_64.rpm
inflating: sudo-1.9.15p5-1.ph3.x86_64.rpm
inflating: wget-1.21.3-2.ph3.x86_64.rpm
root@vidm [ ~ ]#Start the upgrade by executing the shell script:
root@vidm [ ~ ]# ./CSP-97727-applyPatch.sh
CSP-96928 patch was not applied , Applying now..
Checking if the CSP-96928 patch is being applied on a correct version
Please make sure you take the necessary snapshots before you proceed.
Continue? [y/N] y
Applying CSP-96928 Patch on 3.3.7.0
Stopping horizon-workspace service
Updating libevent
Preparing... ################################# [100%]
Updating / installing...
1:libevent-2.1.12-1.ph3 ################################# [100%]
error: package libevent-2.1.8-1.ph3.x86_64 is not installed
Updating tomcat-template
Preparing... ################################# [100%]
Updating / installing...
1:tomcat-template-9.0.91.0-1.vmw.24################################# [100%]
error: package tomcat-template-8.5.85.0-1.vmw.21152333.x86_64 is not installed
./CSP-96928-applyPatch.sh: line 72: rabbitmqctl: command not found
Starting horizon-workspace service
Patch Applied Successfully for CSP-96928
As you can see from the output above patch CSP-96928 was not installed previously and is now installed before the installation of CSP-97727. Also note the Horizon service restart. If you are behind multiple patches you have to confirm each patch installation and go through Horizon service restarts.
Checking if the CSP-97727 patch is being applied on a correct version
Please make sure you take the necessary snapshots before you proceed.
Continue? [y/N] y
Applying CSP-97727 Patch on 3.3.7.0
Stopping horizon-workspace service
Updating linux
Preparing... ################################# [100%]
Updating / installing...
1:linux-4.19.321-1.ph3 ################################# [100%]
initrd generation of kernel 4.19.321-1.ph3 will be triggered later
(re)generate initramfs for 4.19.321-1.ph3, transfilertriggerin 2.0-7.ph3
Creating /boot/initrd.img-4.19.321-1.ph3
initrd of kernel 4.19.315-1.ph3 removed
Updating c-ares
Preparing... ################################# [100%]
…
<removed some output here for readability>
…
Updating bindutils
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:bindutils-9.18.27-1.ph3 ################################# [ 50%]
Cleaning up / removing...
2:bindutils-9.16.33-2.ph3 ################################# [100%]
Starting horizon-workspace service
Rebooting...Note the automatic reboot of the system after the (main) patch is installed.
If the installation was successful login again and check if the patch was applied
root@vidm [ ~ ]# find / -name '*.applied'
/usr/local/horizon/conf/flags/CSP-95247-3.3.7.0-hotfix.applied
/usr/local/horizon/conf/flags/CSP-93316-3.3.7.0-hotfix.applied
/usr/local/horizon/conf/flags/HW-189454-3.3.7.0-hotfix.applied
/usr/local/horizon/conf/flags/CSP-97727-3.3.7.0-hotfix.applied
/usr/local/horizon/conf/flags/HW-170932-3.3.7.0-hotfix.applied
/usr/local/horizon/conf/flags/CSP-96928-3.3.7.0-hotfix.applied
/usr/local/horizon/conf/flags/CSP-90495-3.3.7.0-hotfix.applied
/usr/local/horizon/conf/flags/CSP-91401-3.3.7.0-hotfix.applied
find: ‘/proc/3698’: No such file or directoryAs you can now see patches CSP-96928 and CSP-97727 are both applied.
Buildnumbers in the UI… can be deceiving.
This is what I see in the VIDM interface: VMware Identity Manager 3.3.7.0 Build 23103647
This is what I see in the VIDM Admin interface: VMware Identity Manager 3.3.7.0 Build 22439689
