Upvotes 5 Share PDF

Auth system migration errors

If UCP is displaying the following warning banner:

errors encountered while migrating auth system

This means that UCP was upgraded from a version prior to 2.2.0. During the upgrade, UCP attempted to migrate team labels and user roles from the old authorization system to the new, collections-based auth system, but something went wrong.

To see the full list of errors, run the following command on a UCP manager node:

$ docker exec -it ucp-kv etcdctl \
    --endpoints https://127.0.0.1:2379 \
    --cert-file /etc/docker/ssl/cert.pem \
    --key-file /etc/docker/ssl/key.pem \
    --ca-file /etc/docker/ssl/ca.pem \
    get /orca/v1/authz_migrated

If you'd like to retry the migration, first figure out which node is the Swarm leader:

$ docker node ls
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS
gpfmosdm99lw9xiz6d4xmsdwo *   node1               Ready               Active              Leader
gpfmosdm99lw9xiz6d4xmsdwo     node2               Ready               Active
gpfmosdm99lw9xiz6d4xmsdwo     node3               Ready               Active

Then go to the leader node and run:

$ docker exec -it ucp-kv etcdctl \
    --endpoints https://127.0.0.1:2379 \
    --cert-file /etc/docker/ssl/cert.pem \
    --key-file /etc/docker/ssl/key.pem \
    --ca-file /etc/docker/ssl/ca.pem \
    rm /orca/v1/authz_migrated

Then restart the controller on that node:

$ docker restart ucp-controller

This will make the controller retry the migration.