VMware Aria Operations for Logs (formerly vRealize Log Insight).
CVE(s)
CVE-2023-20864, CVE-2023-20865
Synopsis
VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)
Introduction
Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products
Response Matrix
Product
Version
Running On
Fixed Version
Workarounds
Additional Documentation
VMware Aria Operations for Logs (Operations for Logs)
VMware has announced the official renaming of all products in our cloud management family to VMware Aria.
What is VMware Aria?
A unified management solution for cloud native applications and multi-cloud.
VMware Aria, a multi-cloud management portfolio that provides a set of end-to-end solutions for managing the cost, performance, configuration, and delivery of infrastructure and applications. Expressly designed for the operational challenges of cloud-native applications and public cloud environments, VMware Aria truly delivers a wholly new perspective on multi-cloud management.
The VMware Aria Product List
Previous Name
New Name
Automation
vRealize Automation / Cloud
VMware Aria Automation
VMware Cloud Assembly
VMware Aria Automation Assembler
VMware Service Broker
VMware Aria Automation Service Broker
VMware Code Stream
VMware Aria Automation Pipelines
VMware Cloud Templates
VMware Aria Automation Templates
vRealize Orchestrator
VMware Aria Automation Orchestrator
vRealize Automation SaltStack Config
VMware Aria Automation Config
vRealize Automation SaltStack SecOps
VMware Aria Automation for Secure Hosts
CloudHealth Secure State
VMware Aria Automation for Secure Clouds
Operations
vRealize Operations / Cloud
VMware Aria Operations
vRealize Log Insight / Cloud
VMware Aria Operations for Logs
vRealize Network Insight / Cloud
VMware Aria Operations for Networks
Tanzu Observability by Wavefront
VMware Aria Operations for Applications
vRealize True Visibility Suite
VMware Aria Operations for Integrations
Cost
CloudHealth
VMware Aria Cost powered by CloudHealth
Suites
vRealize Cloud Universal
VMware Aria Universal Suite
vRealize Suite
VMware Aria Suite
vCloud Suite
VMware vCloud Suite
CloudHealth by VMware Suite
Discontinued Name
CloudHealth Partner Platform
Discontinued Name – see Aria Cost powered by CloudHealth
Platform & Cross-Cloud Services
Project Ensemble
VMware Aria Hub
New
VMware Aria Graph
vRealize Migration Manager
VMware Aria Migration
vRealize Automation Cloud Guardrails
VMware Aria Guardrails
Project Ensemble Insights
VMware Aria Business Insights
Other
Skyline
VMware Skyline
vRealize Suite Lifecycle Manager
VMware Aria Suite Lifecycle
vRealize Cloud Subscription Manager
VMware Aria Hub Subscription
vRealize AI Cloud
Discontinued Name – functionality now part of Aria Hub
Reference:
Please see the links listed below for further information about VMware Aria and the portfolio products.
In this article, we will demonstrate you how to upgrade VMware Aria Operations for Logs (formerly vRealize Log Insight) version 8.6.2 to 8.10.2 using VMware Aria Suite Lifecycle (formerly vRealize Suite Lifecycle Manager) version 8.10.0.
Prerequisite.
The VMware Aria Suite Lifecycle version must be supported in order to upgrade of VMware Aria Operations for Logs to version 8.10.2.
As suggested by the support pack, you must upgrade pack for VMware Aria Suite Lifecycle to pack 6 (alternatively you may update to the most recent support pack).
Noted: Whenever possible, we recommend upgrading the pack to the newest version.
Noted: In this article, we had upgraded VMware Aria Suite Lifecycle to 8.10.0 Pack7
We can see from the upgrade path that VMware Aria Operations for Logs 8.6.2 requires an update to 8.8.2 and subsequently to version 8.10.2. (8.6.2->8.8.2->8.10.2)
To reduce the upgrading procedure and internet connection from VMware Aria Suite Lifecycle, we downloaded 2 ISO images for VMware Aria Operations for Logs versions 8.8.2 and 8.10.2.
Step-by-Step instruction how to upgrade VMware Aria Operations for Logs
1.After downloading VMware Aria Operations for Logs iso images for versions 8.8.2 and 8.10.2. We transferred the image to the /data/temp directory of the VMware Aria Suite Lifecycle appliance. Note: VMware recommends SCP protocol to transfer the file to the appliance. Tools such as winscp can also be used to transfer the file to the appliance.
2.Login to VMware Aria Suite Lifecycle, click “Environment” and then pick “vRealize Log Insight” to verify the version.
3.Choose “Setting” then “Binary Mapping” to confirm the product appear in the Binary Mapping list.
4.Click “ADD BINARIES“.
5.Choose “Local” as the location type. Enter “/data/temp” in the base location and press “DISCOVER“.
6.The list of product binaries will show below. Tick the box next to “VMware-vRealize-Log-Insight-8.8.2-20056468.pak” and type “upgrade” and then click “ADD“.
7.You can see the status of product mapping request by “Click here“.
8.Step 4 should be repeated to include “VMware-vRealize-Log-Insight-8.10.2-21145187.pak” and enter “upgrade”.
9.There will be 2 files in binary mapping upgrade for VMware Aria Operations for Log.
10.Log in to VMware Aria Operations for Log to check the version and the status of the cluster (3 nodes’ statuses must be displayed as connected.).
11.Back to VMware Aria Suite Lifecycle and, after choosing “Environment,” click “VIEW DETAILS” in vRealize Log Insight.
12.Choose “Trigger Inventory Sync” by clicking the 3 dots.
13.Wait until the sync is complete.
14.Back to VMware Aria Suite Lifecycle and, after choosing “Environment,” click “VIEW DETAILS” in vRealize Log Insight.
15.Select “UPGRADE“.
16.Click “PROCEED“.
17.Choose version 8.8.2 from the drop down menu.
18. Click the box to take a snapshot and then click “NEXT“.
19.Click “RUN PRECHECK“.
20.Read the “PRECHECK” report to check if there are any warnings or errors (you may download the report).
21.Read the upgrade summary and then click “SUBMIT“.
22.Upgrade in progress and wait from stage 1 to stage 10.
23.Login to VMware Aria Operations for Logs to view status and version.
24.Following the completion of the upgrade from 8.6.2 to 8.8.2, the next stage will be to upgrade from 8.8.2 to 8.10.2.
25.Repeat the step 15 and proceed to choose version 8.10.2.
26.Login to VMware Aria Operations for Logs to view status and version.
Guidance and Technical Recommendations.
vRealize Log Insight provides intelligent log management for infrastructure and applications in any environment. This highly scalable log management solution delivers intuitive, actionable dashboards, sophisticated analytics, and broad third-party extensibility across physical, virtual, and cloud environments. Update to the newest version to take advantage of new features, improve security, and get support for a new product.
VMware issued a security alert for VMware vRealize Operations (vROps) due to the VMSA-2022-0034 severity. According to the advisory, VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities (CVE-2022-31707, CVE-2022-31708).
Solution
To remediate CVE-2022-31707 apply the fixes listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
4.Choose the product and version, then press the “Search” button.
Product: vRealize Operations Manager Version: 8.6
5.The “vROps-8.6-HF8” will be shown. Verify and validate the KB90232 patch file, then click “DOWNLOAD NOW.”.
6.Once the file download and snapshot have been completed, Log in to the vRealize Operations Manager administration interface
https://master-node-name-or-ip-address/admin.
7.Click “Software Update“.
8.Click “Install a Software Update“.
9.Go through the pack file you already downloaded.
10.Click “UPLOAD” after you’ve browsed the pack file.
11.The pack file had been uploaded. Click “NEXT”.
12.To accept the EULA, tick the box, then click “NEXT“.
13.After reading the release notes, click “NEXT”.
14.To install software, Click “INSTALL”.
15.The Administrator interface logs you out. Return to the primary node Administrator interface. In the left side, click Software Update. The update patch status will be shown.
16.Waiting for the pack to be installed.
17.Refresh the page. The cluster status is changed to Online.
18.Once the upgrade is finished, delete the snapshots you took prior to the software update.
Guidance and Technical Recommendations.
VMware security advisory with critical security severity for VMware vRealize Operations was released. A major vulnerability was discovered in VMware vRealize Operations. Using administrator rights in the vROps application, a malicious actor can get root access to the underlying operating system. We advise applying the patch or upgrading to the patched version to preventing a malicious attacker from accessing critical information in the vROps.
In this article, we are planning to upgrade vCenter Server appliance version 7.0.2.00500 build number 18455184 (vCenter Server 7.0 Update 2d) to vCenter Server 7.0 Update 3g (7.0.3.00800) build number 20150588 or higher.
Before upgrading vCenter Server, we must first check its health status by logging onto https://vCenter-Server-FQDN:5480
User: root Password: xxxxx
After login to vCenter Server appliance, go to summary and check on the “Health Status”.
We discovered that “Overall Health” displays a yellow alert warning on “Storage“.
Expand “Storage“, we found alert show “File system /storage/log is low on storage space increase the size of disk /storage/log“
Go to “Monitor“, then “Disks“, and see which hard disks have alerts.
Hard drive 5 (log) has a utilization rate of more than 80%.
Run “df-h” command to display file system disk space statistics in “human-readable” format.
Return to the vCenter Server web client. There was no snapshot on the vCenter Server appliance.
Right-click vCenter Server and choose “Edit Settings“.
Select Hard disks and expand Hard disk 5.
We will increase the size of hard disk 5 from 25 GB to 30 GB and then click OK.
Log in to the vCenter Server Appliance through SSH.
When we use the vSphere Web Client to connect to vCenter Server appliance 7.x. We are unable to access with the message “HTTP Status 500 – Internal Server Error.“
Steps to resolving these issues.
1.SSH into the vCenter Server appliance.
2.To see the status certificate expiration date, use the command below. for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done
3.You will see an output similar to:
4.As you can see, the Machine SSL certificate expires on September 1 06:40:37 2022 GMT.
5.The Name, Hostname and VMCA values should match the PNID of the Node where you are replacing the Certificates. PNID should always match the Hostname. In order to obtain the PNID please run these commands: /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost
6.Run command below to replace “Machine SSL certificate”. /usr/lib/vmware-vmca/bin/certificate-manager
7.You will have the option to replace or reset the certificate with in output.
Please keep in mind that this command may be used with both vCenter Server appliances 6.x and 7.x.
8.To replace Machine SSL certificate with VMCA Certificate, we choose option 3.
9.Provide credential
10.Enter these values as prompted by the VMCA (See Step 5 to confirm the Name/Hostname/VMCA):
11.To proceed, answer Yes (Y) to the confirmation request.
12.Wait till the status is 100% completed.
13.Re-run command to check Machine SSL certificate for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done
14.Machine SSL certificate has been updated to August 31 12:14:11 2024 GMT.
We intend to upgrade VMware Cloud Foundation (VCF) from 4.2.1 to 4.4.1. Before upgrading VCF, we must do a pre-check on all VCF components.
The pre-check begins with the SDDC manager.
We noticed the warning “Checks whether the SDDC Manager VM system directory has enough disk space” during the SDDC manager pre-check.
Description
Checks whether the SDDC Manager VM system directory has enough disk space
Start Time
xx/xx/xx
End Time
xx/xx/xx
Health Status
YELLOW
Impact
Medium: May perform upgrades without addressing the issues
Remediation
Minimal disk space is available in SDDC Manager directory Available disk space is 3.0 GB. Recommended disk space is 6.0 GB or more. Clean up unused files from the directory /
COMMON_SERVICES
MULTI_SITE_SERVICE
SDDC_MANAGER_UI
Steps to resolving these issues
The steps following do not require a reboot or restart of any SDDC Manager services.
1.SSH into the SDDC Manager as the VCF user.
2.To display space, we navigate to /var/log and use the “df -h” command. We discovered a path. Use 90% Avail 2.7G for /dev/sda4.
3.We used the command “ls -lt” to list in long format and sort by time and date. The file size of “auth.log” was 9.5GB.
5.We must verify the file size in the audit log path.
6.Log in as the root user.
7.Verify the file size of the audit log file. The file size of “audit.log” was 9.5GB.
8.To identify and sort the large 5 files, use the command “find -type f -exec du -Sh {} + | sort -rh | head -n 5“.
9. To clear the size of the auth.log file, use the command “> auth.log.“.
10.Verify the file size. Using the command “ls -lt,” we confirmed that the size of auth.log had been reduced.
11.Navigate to the audit path “cd audit“.
12.Verify the file size in the audit path “ls -lt“.
13.To clear the size of the audit.log file, use the command “> audit.log.“
14.Verify the file size. Using the command “ls -lt,” we confirmed that the size of audit.log had been reduced.
15.Return to SDDC Manager and execute the pre-check once again.
16.SDDC Manager’s components had all succeeded.
Conclusion
The SDDC Manager UI provides a single point of control for managing and monitoring your VMware Cloud Foundation instance and for provisioning workload domains. Before upgrading VCF, we recommend that you do a pre-check, and if you find any errors or warnings, please resolve them before proceeding with the update.
This article will walk you through the process of upgrading VMware vRealize Log Insight (vRLI) from 8.4.0 to 8.6.2 using VMware vRealize Suite Lifecycle Manager (vRSLCM) version 8.6.2.
The current version of VMware vRealize Login Insight is 8.4.0-17828109.
3 vRealize Login Insights clusters have been configured in the environment.
STEP – How to upgrade VMware vRealize Log Insight (vRLI) to 8.6.2 by vRSLCM 8.6.2
Check and ADD Product version
1.Login to vRealize Suite Lifecycle Manager (vRSLCM) 8.6.2.
2.Navigate to “Binary Mapping” to upgrade the file for VMware vRealize Log Insight 8.6.2.
3.Click “ADD BINARIES” to get the most recent product version that supports vRSLCM 8.6.2.
4.Select “My VMware” and then click “DISCOVER“.
5.vRSLCM will find vRealize suite products supported by vRSLCM 8.6.2 by utilizing My VMware as configured.
6.Search for VMware vRealize Log Insight product upgrade and tick the box, then click “ADD“.
7. Click to check request status
8.Waiting for the status to change to “Completed“.
Upgrade VMware vRealize Log Insight to 8.6.2
1.Navigate to the environment you wish to upgrade, click “VIEW DETAILS“.
2.The details of vRealize Log Insight will be shown in the image below.
3.Before upgrading, we must sync the vRLI system with the vRSLCM. To do so, click the 3 dots (…) and then select “Trigger Inventory Sync“.
4.Click the “SUBMIT” button.
5.You will monitor the inventory sync progress at each stage and wait until the sync is complete.
6.After the inventory sync is complete, browse to the environment where vRealize Log Insight is deployed and select “UPGRADE“.
7.If the product’s inventory is already synced, we can proceed to upgrade; otherwise, we recommend clicking trigger inventory sync before proceeding.
8.The target product version 8.6.2 will be shown; click “NEXT“.
9.Check the box to take a snapshot, then click “NEXT”.
10.Pre-check for data validations prior to execution.
11.The status of vRealize Log Insight data validations is indicated below (if status show warning, we recommend to solve the issues before proceed to upgrade). We could collect the pre-check report.
12.Before proceeding with the update, review the information below and click “SUBMIT.”
13.You will notice each stage of vRLI upgrade and wait till it is completed.
14.Upgrade completed successfully.
vRealize Log Insight version 8.6.2-19092412
Check the vRLI version in vRSLCM.
Conclusion
VMware vRealize Suite Lifecycle Manager (vRSLCM) simplifies the deployment, patching, and upgrade process by performing automatic pre-checks and validation on vRealize Suite components. Upgrading VMware vRealize Log Insight (vRLI) to the current version can assist you in resolving known issues, fixing bugs, and providing security in your environment.
8. ถ้ามีการ download 21.08.0.0 hotfix ก่อน 1630 PDT, 7th April 2022, and deployed it, อาจจะเกิดปัญหากับ Database connection monitoring/status. Please download the updated hotfix for this version (HW-154129-Appliance-21.08.0.0-updated-Apr-07-2022.zip ) which addresses this problem ถ้าทำการ deployed the problematic hotfix and need to replace it with the latest update, please run the following command to before deploying the latest hotfix:
