"Error during pre-patch VCDB.See vcdb_patch.err." when patching vCenter Server
- 🗂️ Article ID : 376724
- 📅 Update On : 2025-03-03
Products
VMware vCenter Server 6.0
VMware vCenter Server 7.0
VMware vCenter Server 8.0
Issue/Introduction
Patching the vCenter via VAMI fails with the below error:
If upgrading vCenter using the CLI, there may be repeated prompts for user postgres password:
Password for user postgres:
Password for user postgres:
Password for user postgres:
Password for user postgres:
Password for user postgres:
Additionally, the following entries may be visible in the vCenter logs. From the /var/log/vmware/applmgmt/PatchRunner.log:
[YYYY-MM-DDTHH:MM:SS] vcIntegrity:CollectRequirements ERROR vcIntegrity Failed to query hosts for precheck using psql.
Error: WARNING: password file "/root/.pgpass" has group or world access; permissions should be u=rw (0600) or less
Password for user postgres:
WARNING: password file "/root/.pgpass" has group or world access; permissions should be u=rw (0600) or less psql.bin: error: fe_sendauth: no password supplied
[YYYY-MM-DDTHH:MM:SS] vcdb:CollectRequirements INFO vcdb Calculating DB disk requirements...
[YYYY-MM-DDTHH:MM:SS] vcdb:CollectRequirements ERROR vcdb.vcdb_db_utils ERROR DROP EXTENSION IF EXISTS pg_addons
[YYYY-MM-DDTHH:MM:SS] vcdb:CollectRequirements ERROR vmware_b2b.patching.executor.hook_executor Patch hook 'vcdb:CollectRequirements' failed.
Traceback (most recent call last):
File "/storage/updatemgr/software-updatetb36bcis/stage/scripts/patches/py/vmware_b2b/patching/executor/hook_executor.py", line 74, in executeHook
executionResult = systemExtension(args)
File "/storage/updatemgr/software-updatetb36bcis/stage/scripts/patches/libs/sdk/extensions.py", line 106, in __call__
result = self.extension(*args)
File "/storage/updatemgr/software-updatetb36bcis/stage/scripts/patches/libs/sdk/extensions.py", line 123, in _func
return func(*args)
File "/storage/updatemgr/software-updatetb36bcis/stage/scripts/patches/payload/components-script/vcdb/__init__.py", line 91, in collectRequirements
ret, storage_set, storage_core = pre_check_db()
File "/storage/updatemgr/software-updatetb36bcis/stage/scripts/patches/payload/components-script/vcdb/vcdb_db_utils.py", line 394, in pre_check_db
remove_pg_addons_extension(FILE_OUT, FILE_ERR)
File "/storage/updatemgr/software-updatetb36bcis/stage/scripts/patches/payload/components-script/vcdb/vcdb_db_utils.py", line 383, in remove_pg_addons_extension
raise PermanentError(cause=error, resolution=sugg_action)
patch_errors.PermanentError: Error during pre-patch VCDB. See vcdb_patch.err.
[YYYY-MM-DDTHH:MM:SS] ERROR vmware_b2b.patching.phases.discoverer Could not execute discovery hook in file: /storage/updatemgr/software-updatetb36bcis/stage/scripts/patches/payload/components-script/vcdb
From the /var/log/vmware/applmgmt/update_microservice.log:
"description": {
"id": "Problem dropping vpg extension",
"translatable": "Error during pre-patch VCDB. See vcdb_patch.err.",
"localized": "Error during pre-patch VCDB. See vcdb_patch.err."
},
From the latest /var/log/vmware/vpostgres/postgresql log:
[YYYY-MM-DDTHH:MM:SS] 668495ad.a5fa 0 VCDB postgres [local] 42490 2 FATAL: password authentication failed for user "postgres"
[YYYY-MM-DDTHH:MM:SS] 668495ad.a5fa 0 VCDB postgres [local] 42490 3 DETAIL: Password does not match for user "postgres".
[YYYY-MM-DDTHH:MM:SS] 668496d9.b0f1 0 VCDB postgres [local] 45297 2 FATAL: password authentication failed for user "postgres"
[YYYY-MM-DDTHH:MM:SS] 668496d9.b0f1 0 VCDB postgres [local] 45297 3 DETAIL: Password does not match for user "postgres".
[YYYY-MM-DDTHH:MM:SS] 66849805.bb9c 0 VCDB postgres [local] 48028 2 FATAL: password authentication failed for user "postgres"
[YYYY-MM-DDTHH:MM:SS] 66849805.bb9c 0 VCDB postgres [local] 48028 3 DETAIL: Password does not match for user "postgres".
[YYYY-MM-DDTHH:MM:SS] 66849931.c6bb 0 VCDB postgres [local] 50875 2 FATAL: password authentication failed for user "postgres"
From the /var/log/vmware/upgrade/vcdb_patch.err log file:
WARNING: password file "/root/.pgpass" has group or world access; permissions should be u=rw (0600) or less
Password for user postgres:
WARNING: password file "/root/.pgpass" has group or world access; permissions should be u=rw (0600) or less
psql.bin: error: fe_sendauth: no password suppliedEnvironment
- vCenter Server
Cause
The issue here is the permission of /root/.pgpass is less strict than requirement. Techincally on Unix systems, the permissions of postgresql password file (/root/.pgpass) must disallow any access to world or group. If the permissions are less strict than this, the file will be ignored and may generate an error like 'no password supplied.'
Resolution
NOTE: Before proceeding, take a snapshot on the vCenter (and offline snapshots of all vCenters if the vCenters are in Enhanced Link Mode ELM).
1) There should be a .pgpass file residing tn the root directory of the appliance. The .pgpass file should have read and write permissions only for the owner and not for group and others. Run the below command from the root directory to verify if only the owner /user has only Read and Write permissions which is followed by its output:
root@vcsa01 [ ~ ]# ls -lrtha
total 24K
-rw-r--r-- 1 root root 178 Dec 29 2023 .bash_logout
drwx------ 2 root root 4.0K Dec 29 2023 .ssh
drwxr-xr-x 3 root root 4.0K Dec 29 2023 .ansible
-rw------- 1 root root 418 Sep 9 10:37 .pgpass
note the "-rw-------" permissions on the .pgpass file above
2) View the contents of the file with the following:
root@vcsa01 [ ~ ]# cat .pgpass
3) If the content is empty in the .pgpass file, edit the file and paste the following content mentioned as follows subtituting "password-1" and "password-2" (described below) for the passwords:
localhost:5432:replication:replicator:password-1
127.0.0.1:5432:replication:replicator:password-1
/var/run/vpostgres:5432:replication:replicator:password-2
localhost:5432:postgres:postgres:password-2
127.0.0.1:5432:postgres:postgres:password-2
localhost:5432:VCDB:postgres:password-2
127.0.0.1:5432:VCDB:postgres:password-2
/var/run/vpostgres:5432:*:postgres:password-2
Note : Here password-1 and password-2 can be any two unique string that contains 16 random characters. The passwords can be manually generated with a mix of lower- and upper- case letters, alphanumeric and special characters.
4) If the .pgpass file does not exist, create a .pgpassfile and paste the above content and save the file.
5) If a file is created or pasted the above content, ensure the following command is run to ensure it has only the required permissions:
root@vcsa01 [ ~ ]# chmod 600 .pgpass
6) Reboot the vCenter and re-run the upgrade on the vCenter.
Additional Information
Copy PGUSER_PASSWORD from the /etc/vmware-vpx/embedded_db.cfg file.. and use it in place of 'password-2'
For example:
root@vcsa01 [ ~ ]# cat /etc/vmware-vpx/embedded_db.cfg | grep PGUSER_PASSWORD
PGUSER_PASSWORD='PG-PASSWORD'
Reference Broadcom KB -
https://knowledge.broadcom.com/external/article/316582
'VMware Ⅱ (Archive) > VMwareKB (Eng)' 카테고리의 다른 글
| Error: Invalid username/password (KB323617) (0) | 2025.03.04 |
|---|---|
| Reset ESXi root password with AD domain account (KB312390) (0) | 2025.03.03 |
| Resetting root password in vCenter Server Appliance 7.x / 8.x (KB322247) (0) | 2025.03.02 |
| Upgrade from NSX-T 3.1.3.x fails due to invalid NSService UUID (KB322566) (0) | 2025.03.01 |
| Unmount datastore option greyed out (KB387381) (0) | 2025.02.28 |
