Replace Usage Meter 4.2 /4.3 certificates

Note: Before making any changes, it is highly recommended that you take the necessary backup/snapshots of the usage meter VM instances.

Usage meter certificate replacement is rather simple. Usage meter 4.2 Runs on Nginx and the Nginx configuration for the webserver is located here

/opt/vmware/cloudusagemetering/conf/nginx.conf

Let’s take a look at the Nginx configuration for certificate and the key used:

root@is-dhcp35-102 [ / ]# cat /opt/vmware/cloudusagemetering/conf/nginx.conf | grep crt
        ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
root@is-dhcp35-102 [ / ]# cat /opt/vmware/cloudusagemetering/conf/nginx.conf | grep key
        ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

In order to replace the certificate, Either rename and replace the above-mentioned files with the new CA-signed certificate, key
OR
create a directory and dump the new, signed certificate, key in there and make necessary corrections to the config file.

Do keep in mind that the permissions will need to be set accordingly. (chown and chgrp)


root@is-dhcp35-102 [ /etc/ssl/certs ]# ls -ltrh nginx-selfsigned.crt
-rw-r--r-- 1 root root 1.3K Jun 25 05:02 nginx-selfsigned.crt

root@is-dhcp35-102 [ /etc/ssl/private ]# ls -ltrh
total 4.0K
-rw------- 1 usagemeter usagemeter 1.7K Jun 25 05:02 nginx-selfsigned.key

Once done, restart the usage meter appliance.

reboot -f

photon 2.0 Network configuration

file: /etc/systemd/network/10-eth0.network


[Match]
Name=eth0

[Network]
Gateway=192.168.1.1
Address=192.168.1.10/17
DNS=12.168.1.99
DNS=192.168.2.99

DHCP=no

[DHCP]
UseDNS=false

if the DNS= is not specified on the file, resolve.conf will be overwritten with DHCP provided values (if the DHCP flag is not present)

Usage meter 4.x root password reset/unlock

At the photon logo, press ‘e’ and you will see the editable grub menu:
Append rw init=/bin/bash on the line that starts with “linux”

Press ctrl + x or f10 to continue

you should see a screen similar to the below:

To unlock the account, type the below command (if you know the password)

/sbin/pam_tally2 -r -u root

to reset the password, run the below

passwd root

Note: Changing the password does not unlock the account. if the account is locked out, you will need to run the previous command to unlock

Restart the guest of and then boot back into normal appliance and then try logging back in.

vRBC -Exporting a database dump/restoring Database dump

Instructions to backup/restore the vRBC database below

Backup DB:

export PGPASSWORD=`grep 'jdbc.password=\K.*' /usr/local/tomcat/itbm-server/conf/itfm.properties -Po` 

   /opt/vmware/vpostgres/current/bin/pg_dump --data-only -U itfm_cloud_admin -d postgres -t vcac_user_consumer_mapping > /root/backup.sql 

Restore DB

   export PGPASSWORD=`grep 'jdbc.password=\K.*' /usr/local/tomcat/itbm-server/conf/itfm.properties -Po` 

   /opt/vmware/vpostgres/current/bin/psql -U itfm_cloud_admin -d postgres -f /root/backup.sql 

Log in/connect to vRBC vPostgres:

/usr/ITFM-Cloud/va-tools/bin/db-client.sh