Pivotal Knowledge Base

Follow

PCF upgrade Issue with UAA from 1.5.x or 1.6.x to 1.6.15

Environment

Product Version
Pivotal Cloud Foundry® (PCF) 1.5.x, 1.6.x

Symptom

During the upgrade of PCF from 1.5.x to 1.6.15 or 1.6.x to 1.6.15, the UAA fails to start up and returns 500 errors for all HTTP requests.

Root Cause

The UAA used to store LDAP Yaml configuration "as is", directly from the uaa.yml into the database without going through JSON transformation through an object.
The property ldapdebug in uaa.yml is inserted into the LDAP provider configuration.

https://github.com/cloudfoundry/uaa-release/blob/49e90d98d6aaffc15365114c63b1c8df558294d8/jobs/uaa/templates/uaa.yml.erb#L206
 
UAA 2.7.x is reading/writing the Java class LdapIdentityProviderDefinition as JSON to and from the database. This class does not have the property ldapdebug as it is not a functional property. The class does not ignore unknown JSON properties and is not backwards compatible.
 
Resolution

  • If you have already started to upgrade and are getting the 500 errors please follow below instructions.
  1. Manually delete the LDAP provider from the DB issuing the following query DELETE FROM identity_provider WHERE type='ldap'
  2. Continue the upgrade.
  • If you have not started the upgrade yet, upgrade to 1.6.16 instead; as in the version 1.6.16, this issue has been resolved.

Notes:
Ensure that an old UAA is not restarted, as the bootstrap process for the old UAA will again insert the invalid configuration into the DB.

Comments

Powered by Zendesk