vRealize Operations Manager 安全补丁修复
背景:记录一次安全同事在检测中发现 vRealize Operations Manager 存在安全漏洞,需要整改修复,于是到VMware官网找到对应版本vRealize Operations Manager的最新安全补丁下载并修复。
参考链接:vRealize Operations 8.4 Security Patch for VMSA-2021-0018 (85383) (vmware.com)
操作过程
升级前准备工作
注意:升级前先给vRealize Operations Manager所在虚拟机创建快照,防止修复失败导致平台不可用。
查看vRealize Operations Manager当前版本(浏览器输入vRealize Operations Manager的ip地址,回车,输入admin账号密码登录)
升级过程工作
1.下载最新安全补丁。
从 https://customerconnect.vmware.com/patch#search 下载vRealize Operations 8.4 Security Patch PAK文件。(需要VMware账号)
2.登录集群主节点vRealize Operations Manager管理员界面(https://master-node-FODN-or-IP-address/admin)。
注意:这里网址需要注意不能直接在浏览器输入vROM的ip就打开,需要ip地址加上admin(https://ip-address/admin)
3.单击左侧面板中的Software Update。
4. 在主面板上单击“安装软件更新”。
5. 按照向导中的步骤定位并安装PAK文件。
6. 安装产品更新PAK文件。等待软件更新完成。期间,管理员界面会将你注销。
根据提示,下一步下一步直到安装就行。安装修复过程约半个小时。
7. 重新登录主节点管理员界面。弹出“Cluster Status”主界面,集群自动上线。状态页面还显示“联机”按钮,但不要单击它。
8. 清除浏览器缓存,如果浏览器页面没有自动刷新,请刷新页面。集群状态变为“在线”。当集群状态变为“在线”时,表示升级完成。(注意:在PAK文件更新的安装过程中,如果集群失败,状态变为离线,那么一些节点将不可用。要解决此问题,您可以访问“管理员”界面,手动使集群脱机,然后单击“完成安装”继续安装过程。)
9. 单击“软件更新”检查更新是否完成。在主窗格中出现一条指示更新成功完成的消息。
安全补丁修复后,vRealize Operations Manager版本号。
官方解决方案
vRealize Operations 8.4 Security Patch for VMSA-2021-0018 (85383)
Important:
- Take snapshots of each of the vRealize Operations nodes before applying the Security Patch. See How to take a Snapshot of vRealize Operationsfor more information.
- Download and run the attached APUAT-18484177.pak to run the Pre-Upgrade Readiness Assessment Tool for this Security Patch. Follow vRealize Operations Pre-Upgrade Readiness Assessment Tools (67311)for the latest instructions.
Resolution
- Download the vRealize Operations 8.4 Security Patch PAK file from the VMware Patch Portal.
Note: Select vRealize Operations Manager as the Product and select 8.4.0 as the version and click Search.
Select the option below.
- Log in to the primary node vRealize Operations Manager Administrator interface of your cluster at https://master-node-FQDN-or-IP-address/admin.
- Click Software Update in the left panel.
- Click Install a Software Update in the main panel.
- Follow the steps in the wizard to locate and install your PAK file.
- Install the product update PAK file.
Wait for the software update to complete. When it does, the Administrator interface logs you out. - Log back into the primary node Administrator interface.
The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it. - Clear the browser caches and if the browser page does not refresh automatically, refresh the page.
The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.Note: If a cluster fails and the status changes to offline during the installation process of a PAK file update then some nodes become unavailable. To fix this, you can access the Administrator interface and manually take the cluster offline and click Finish Installation to continue the installation process.
- Click Software Update to check that the update is done.
A message indicating that the update completed successfully appears in the main pane.
Once the update is complete delete the snapshots you made before the software update.