In this short blog, we will attempt to apply a workaround to fix the Apache Log4j vulnerability. As of today, there is no perm fix but there is a workaround available as per VMware so we are going to apply that and see what happens. The script will take around 10 mins so be patient.
Prerequisites
At a high level, the process to apply the fix is as below
- Remove vCHA
- Environments with external PSCs need to have the script executed on both vCenter and PSC appliances.
- Run Python script to automate the workaround
- Wait for services to come back online
- Reboot the vCenter
- Add vCHA back if needed
Python script to automate the workaround steps of VMSA-2021-0028. All Services will be restarted by the script to mitigate the VMSA
- Download the python script from VMware portal and copy it to /tmp path on the vCenter Appliance.
- Execute the script using the command “python /tmp/vmsa-2021-0028-kb87081.py” as shown. The script will reboot all vCenter services and apply the workaround
Workflow of service restarts
After 10 mins, the script will have finished its job and we can see the workaround is thus applied.
Appliance/Services View
Services view shows vpxd taking longer than usual
vmware-vpxd service not starting (83113)
References
VMSA-2021-0028.3 Impacted Products
(Visited 86 times, 1 visits today)