If UCP is displaying the following warning banner:
errors encountered while migrating auth system
This means that UCP was upgraded from a version prior to 2.2.0. During the upgrade, UCP attempted to migrate team labels and user roles from the old authorization system to the new, collections-based auth system, but something went wrong.
To see the full list of errors, run the following command on a UCP manager node:
$ docker exec -it ucp-kv etcdctl \ --endpoints https://127.0.0.1:2379 \ --cert-file /etc/docker/ssl/cert.pem \ --key-file /etc/docker/ssl/key.pem \ --ca-file /etc/docker/ssl/ca.pem \ get /orca/v1/authz_migrated
If you'd like to retry the migration, first figure out which node is the Swarm leader:
$ docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS gpfmosdm99lw9xiz6d4xmsdwo * node1 Ready Active Leader gpfmosdm99lw9xiz6d4xmsdwo node2 Ready Active gpfmosdm99lw9xiz6d4xmsdwo node3 Ready Active
Then go to the leader node and run:
$ docker exec -it ucp-kv etcdctl \ --endpoints https://127.0.0.1:2379 \ --cert-file /etc/docker/ssl/cert.pem \ --key-file /etc/docker/ssl/key.pem \ --ca-file /etc/docker/ssl/ca.pem \ rm /orca/v1/authz_migrated
Then restart the controller on that node:
$ docker restart ucp-controller
This will make the controller retry the migration.