- How to use VMware vSAN ReadyNode Configurator - Fri, Dec 17 2021
- VMware Tanzu Kubernetes Toolkit version 1.3 new features - Fri, Dec 10 2021
- Disaster recovery strategies for vCenter Server appliance VM - Fri, Nov 26 2021
VMware vCenter Server Appliance (VCSA) is a vCenter Server application running on a Linux machine. VCSA is based on Photon OS, which is VMware's own maintained and secured Linux distro.
Previously VMware VCSA was based on SUSE Linux Enterprise Server (SLES), but the patching and security updates were dependent on SUSE. For VMware to own the whole infrastructure stack, it is now faster, more secure, and easier to update the VCSA.
Today we'll have a look at three different ways to patch and update VMware VCSA.
Offline update of VMware VCSA
The offline update is useful in situations where VMware VCSA does not have a direct connection to the internet. It can be in secure environments where direct internet access just isn't recommended due to security risks. But we may even need to patch these environments.
You can download the latest patch from the VMware product patches page. On the web page, select the drop-down menu VC > Select 6.7, click the checkbox, and download the latest file.
Download the latest VCSA patch
Note: You only need the latest patch because the updates are cumulative. It is a large ISO file, which contains all the patches.
First connect to your vSphere infrastructure and upload this ISO to a data store visible by the ESXi host where the VCSA runs. Then select the VCSA VM and connect the ISO to the VM.
Connect the update ISO to the VCSA virtual machine
Next, use your web browser and connect to https://<vCSA IP Address or hostname>:5480 and log in as root. We're accessing the appliance itself and not the vCenter Server. Note the port number (5480), which is a specific port destined for management of the vCenter Server application.
We are connecting to what's called a VAMI user interface. VAMI means vCenter Server Appliance Management Interface for VCSA.
VAMI performs basic administrative tasks such as monitoring the VCSA, changing the host name and the network configuration, or applying patches and updates. The VAMI was included in the early versions of VCSA, but VMware removed it in vSphere 6.0 and then again brought it back in vSphere 6.0 U1.
Now the VAMI uses HTML 5 and has a new look and feel.
Connect to the VCSA appliance
Go to the update menu and click Check Updates > Check CD‑ROM. Several patches may show up, and depending on your version, you might need (or not) to apply them in a special order. If not specified otherwise, always apply the latest patch, which is cumulative.
Check updates via CD ROM
You can click Run Pre-update checks, which gives you an estimate of a downtime, but if you don't need vCenter for several hours, you can simply go and click the stage and install link.
The assistant will walk you through the update process.
Update via internet
This option is the "mainstream" option. Most of today's environments are connected to the internet. So the most convenient option is to patch VCSA online.
To do this, there are just few simple steps. First, log in to the VCSA and go to Update, where you'll select the CD-ROM + URL link, which will check the internet location of updates at VMware first.
Select CD ROM + URL
Once you have selected the latest update, clicked the stage and install link, follow the assistant, which will guide you through the patch process.
First, you must accept the end-user license agreement, then you might want to join the CEIP (customer experience improvement program).
And then you only have the third screen where you must check a box saying "I have backed up vCenter and its associated databases."
Backup your vCenter Server first
After doing this, the installation process will start. Now you can do something else because the process takes time to complete.
At first, all the patches are staged (downloaded) to the appliance itself, and then the process will start.
Update and patch the VCSA via CLI (command line)
This method is still possible; however, we don't use it much nowadays. This is because everybody is using either the direct internet-patching option or the offline option.
Over the years, VMware improved the patching process greatly. Now even on slow internet connections, you can stage the patches prior to the update to reduce downtime.
And also, not every VMware patch requires a reboot, and you can see this in the notes of each patch whether a reboot is required or not.
Using the pre-update checks gives you quite a precise estimate of how long the patching process will take and thus how long you'll be without vCenter server.
Now let's get back and see the last, the CLI method for patching. Attach the VMware-vCenter-Server-Appliance-6.7.0.xxxxx-xxxxxxxx-patch-FP.iso file to a vCenter Server Appliance CD or DVD drive.
Use your favorite SSH client (PuTTY for example) and SSH to the appliance as root and run the the commands below:
First:
software-packages stage --iso
Second:
software-packages list --staged
Third:
software-packages install --staged
These commands are quite self-explanatory. The first command stages (downloads) all patches to the appliance.
The second command will show you all the patches staged, while the third command will proceed with the install.
Final words
VMware VCSA nearly hits perfection—a nice HTML 5 web-based interface that does not require any plug-ins to install. It is fast and easy to use and has a nice design. It's all you need to manage, monitor, and patch the vCenter server product successfully on a Linux VM.
The vCenter Server on Windows is slowly phasing out, and the next major release of VMware vSphere will no longer have the possibility to install vCenter server on Windows server.
Subscribe to 4sysops newsletter!
By improving the Photon OS Linux distribution and especially the management of VCSA through VAMI, VMware is pushing to adopt the VCSA, and it seems that it works with a great success.
Thank you for this. Would you mind discussing the best process to upgrade a vCSA that is in vCenter HA mode?
Yeah sure,
There are several methods but it seems that for me, the following procedure is much safer and makes less work:
– Destroy HA configuration in the GUI
– Make a snapshot of the remaining VCSA node
– Update VCSA
– Check if everything is okay
– Delete snapshot
– Reconfigure HA again
Done.
Thank you. That's the method I have been using.
I have run into an error re-deploying vCenter HA after the upgrade. After selecting the Basic deployment there's an error complaining about a missing management NIC on the vCSA. VMware support walked me through renaming the tmp directory on the vCSA to clear old configs, then restart the management services. This resolved the error and allowed me to deploy HA.
For a CLI install, the software-packages command wasn’t that easy to find. It needs the BASH shell enabled, and then change directory to /usr/lib/applmgmt/support/scripts. When running the script, the arguments require a double dash, not a single dash as shown above, e.g.
software-packages stage –iso
software-packages list –staged
software-packages install –staged
True, it's because WordPress "cuts" sometimes the double dash and make it a "simple" dash only. Originally there was a double dash. Thanks for pointing this out.
If doing it by the GUI, it kicks you out – how do you know when it’s completed, or do you just check back in 2 hours or so ?
Yeah, basically just go and get a coffee. Then came back to check.
Nice article, thank you!
However the commands at the bottom have a typo
software-packages stage –iso (with two dashes)
same for the otehr commands.
Hello,
Does the vCenter upgrade impact production?
Thanks
Yes and no. Yes if you want to use vCenter during the upgrade (provisionning new VMs, cloning, vMotioning). No because your VMs continue to run. HA and DRS continue to function without vCenter.