Save to My DOJO
As of this writing, vCenter 6.5.0d has been released which gives me the opportunity to update my lab’s vCSA (vCenter Server Appliance) to this latest release and write about it as well. The update process has been greatly simplified thanks to the Appliance Management tool which is also used to manage the appliance’s configuration or parts of it. In today’s post, I’ll take you through the three methods you can use to update vCSA using the Appliance Management tool.
Before trying out any of these methods, make sure to snapshot and/or take a backup of the appliance just in case the update fails. While writing this post, I successfully reverted back to snapshot a number of times not because any of the update methods failed but because I had to make sure that each of the methods covered here worked flawlessly. So, do yourself a favor and snapshot your appliance more so if it’s being used for production.
If you have an Internet facing vCSA
This method works only if the appliance has Internet connectivity (ports 80,443) which it needs to connect to VMware’s online repositories.
To start with, point your browser to https://<vCSA IP Address or hostname>:5480 and log in as root. Remember that we’re accessing the appliance itself and not the vCenter Server component so user accounts like [email protected]l will not work.
After you log in, click on Update and hit the Settings button as shown in Fig. 3.
From the Update Settings dialog, you can either use the default VMware repository URL or specify one yourself. The default repository is automatically points to the latest appliance update as shown in Fig. 4. You can also schedule the time at which the vCSA polls for updates. This, however, does not imply that updates are automatically downloaded.
If the Check for updates automatically option is ticked off, click on Check Updates and select Check Repository. This will poll the VMware repository for the latest available update and display the link as such. Expanding More Details, will reveal more information on the update being installed along with a link to the KB article describing it. When required, use this link to correlate the current version with that being updated.
Updating the appliance, is a simple matter of clicking on Install Updates and selecting Install All Updates as per Fig. 6.
The upgrade process may take a while and at times you may think it’s actually stuck. Just remember that the process needs to download 1.5GB worth of file which can take time depending on the environment, available bandwidth and what not. In my case – nested environment on a heavily used ESXi host – , 40 minutes into the update and the installer was still stuck at 40%.
To verify that the vCSA was actually doing something, I logged on the vCenter Server hosting it using the vSphere Web Client. I then checked the vCSA VM’s network performance graph for any signs of activity. As shown in Fig. 7, the VM was pretty busy on the networking front with activity spiking immediately as soon as the update kicked in.
At one point, the installer lost connectivity to the appliance – probably because it timed out – so I wasn’t quite sure if the update completed successfully. If this happens, SSH to the vCSA and check the contents of a log file called software-packages.log which you’ll find under /storage/log/vmware/applmgmt. Run the following command:
cat /storage/log/vmware/applmgmt/software-packages.log | grep 'Packages upgraded successfully'
If the update completed successfully, you should see a line containing Packages upgraded successfully, reboot is required. If that’s the case, proceed with rebooting the appliance so the changes can take root. If not, scour the log file for hints as to what went wrong and revert back to snapshot. This is all shown in the video below. The appliance’s version will read to the latest even though the appliance needs to be rebooted. You can verify this from the Appliance Management tool and the vCSA’s console.
For Non-Internet facing vCSAs
If Internet access is denied to the appliance, which is pretty normal in production environments, you’ll need to download the update manually and use one of the two methods described next.
The ISO Method
You first need to download the vCSA update – as an ISO file – from https://my.vmware.com/group/vmware/patch#search. To download the update, you need to sign up for a VMware account unless you already have. Once you do that, select VC followed by the latest version from the drop-down menus as shown in Fig.9, marked 1 and 2. Then, select the latest available update by ticking the box next to it (3) and click on Download (4).
As shown in Fig. 10, I’ve uploaded the ISO file to a datastore on the ESXi host where the vCSA VM resides. I then mounted it as a CD/DVD drive from the vCSA VM’s settings. The same update process is repeated using the Appliance Management tool.
Select the Check CDROM update option to verify the ISO image, the details for which are displayed on the Update screen. If all’s well and good, select Install CDROM Updates (4) to run the update process.
Updating from ISO, reduces the time taken to update the appliance mainly because there are no update files to download.
This time round, there were no time-outs and the appliance update took only 5 minutes to successfully complete. The appliance is then rebooted by clicking OK – which brings up another dialog box prompting for a reboot – or via the Reboot button on the Summary page.
The Web Server Method
If complicating matters is your thing, here’s an alternative method you can try. This time, you need to download the vCSA update bundle which is a zipped archive. This, pretty much, contains the same RPM packages comprising the ISO file save for a couple of manifest files. The zip file is downloadable from my.vmware.com from the VMware vCenter Server 6.5.0d downloads section.
The bundle is then extracted to the root folder of a web server. For this example, I’ve used IIS. I extracted the archive’s contents to c:\inetpub as shown in Fig. 14 and modified the Default Web Site to point directly to it. Directory Browsing must be enabled for Default Website unless the setting is inherited.
Lastly, you need to create MIME types for the .sign and .json files which the vCSA reads from the files present under the two folders – package-pool and manifest – extracted to c:\inetpub.
To add new MIME types, just click on the MIME Types icon and add them via the Add link at the top-right corner or by right-clicking on the MIME Types page in IIS. Add the 2 new mime types as shown in Figure 17.
Note: This was tested on IIS 8 running on Windows Server 2012. Additional MIME types, perhaps for the RPM packages, may need to be created.
That’s all there is to it as far as IIS configuration is concerned. For authentication, I used anonymous which is enabled by default. You may wish to use other forms of authentication if security is a concern.
To update vCSA from the IIS repository, click on Updates, Settings and type in the IP address of the IIS server as shown below. Optionally, add a username and password if you set up any other form of authentication other than anonymous.
The appliance will upgrade identically to the previous methods used. On completion, you are once again asked to reboot.
You may come across a Download Failed error message when testing this method for the first time. This generally occurs due to 401 or 404 errors on the Web Server’s side. While testing this method, I took hints from the software-packages.log on the vCSA to iron out any problems I ran into. For instance, 404 errors told me that I needed to create mime types for the .sign and .json files since IIS, by default, doesn’t know about them which leads to a file not found error.
Below is an example of what you’ll see in the log file. The entries point to something wrong with how authentication is set up on IIS; I intentionally disabled anonymous authentication to reproduce the error.
2017-04-27T07:05:57.117 DEBUG:vmware.vherd.base.software_update:Extracting installed package information 2017-04-27T07:05:57.117 DEBUG:vmware.vherd.base.software_update:/storage/core/software-packages directory created successfully 2017-04-27T07:05:57.117 DEBUG:vmware.vherd.base.software_update:WGET: http://192.168.16.71/manifest/manifest-latest.xml 2017-04-27T07:05:57.117 DEBUG:vmware.vherd.base.software_update:Failure: out= error=--2017-04-27 07:05:57-- http://192.168.16.71/manifest/manifest-latest.xml Connecting to 192.168.16.71:80... connected. HTTP request sent, awaiting response... 401 Unauthorized Username/Password Authentication Failed.
As we’ve seen, updating vCenter Server Appliance is pretty easy, something you can do using any of the three methods outlined in this post. Regardless of the method used, it is always important to take a backup of the vCSA, and any other critical component for that matter, before updating or upgrading. There’s no guarantee that an update will succeed, so at the risk of repeating myself, being able to recover from a failed update or upgrade is paramount to business continuity and your sanity!
[the_ad id=”4738″][the_ad id=”4796″]
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!