Applying vCenter Server 6.7 Update 3o patch on VMware Cloud Foundation on 3.X
search cancel

Applying vCenter Server 6.7 Update 3o patch on VMware Cloud Foundation on 3.X

book

Article ID: 315476

calendar_today

Updated On:

Products

VMware Cloud Foundation

Issue/Introduction


The recommendation to customers on these prior VCF  3.x versions, is to upgrade to the latest VCF 3.10.2.2 release.
If customers are unable to do so, the purpose of this article is to provide guidance for such customers to upgrade just vCenter Server appliance

Affected Versions :3.9.0, 3.9.1, 3.10.0, 3.10.1, 3.10.1.1, 3.10.1.2, 3.10.2, 3.10.2.1

The information contained in this article also applies to VCF on VXRail environments, and also to vSAN Ready Nodes
 


Symptoms:


As documented in VMSA-2021-0020 , all versions of the vCenter Server 6.7 appliance are prior to 6.7U3o are affected by the vulnerabilities listed in the advisory
Since the VMware Cloud Foundation(VCF) 3.x versions, prior to VCF 3.10.2.2, bundle impacted releases of  vCenter Server, the VCF versions 3.9.0, 3.9.1, 3.10.0, 3.10.1, 3.10.1.1, 3.10.1.2, 3.10.2, 3.10.2.1 are similarly impacted by the vulnerabilities listed in the advisory


Environment

VMware Cloud Foundation 3.x

Resolution


All of the documented security issues are resolved in VMware vCenter Server 6.7U3o.

 

VMware Cloud Foundation VersionUpgrade Options If Upgrading to 3.10.2.2 Is Not Possible
3.9.0 or earlierUpgrade to 3.9.0 or later and follow the respective recommended approach below
3.9.xApply the steps in the Workaround section of this article
3.10.0Apply the steps in the Workaround section of this article
3.10.1.xApply the steps in the Workaround section of this article
3.10.2Upgrade to 3.10.2.2 as documented in the Release Notes
3.10.2.1Upgrade to 3.10.2.2 as documented in the Release Notes


 


Workaround:


Step 1: Perform below steps on each VMware vCenter Server VM and each External PSC deployed in your VMware Cloud Foundation environment 

1) Powered off snapshots should be taken of all PSC's and VC's in the SSO domain prior to patching.

2) Apply the VMware vCenter server 6.7 Update 3o patch available at the Product Patch page to all external PSCs and vCenter Servers (Management & VI Domain) in the environment.


STEP 2: Perform below steps on each SDDC Manager VM deployed in your Cloud Foundation environment


1) Login to SDDC manager VM via SSH and sudo to root account

2)  Get PSC/VC ID from VCF inventory:
      To get vCenter/PSC details from VCF inventory run following command/Curl/API:

For vCenter Server

$ curl localhost/inventory/vcenters | json_pp

 Sample Output:
  % Total % Received % Xferd Average Speed Time Time Time Current
  Dload Upload Total Spent Left Speed
  100 353 0 353 0 0 35300 0 --:--:-- --:--:-- --:--:-- 3530
  [
 {
 "hostName" : "vcenter-1.vrack.vsphere.local",
 "vmName" : "vcenter-1",
 "id" : "<vCenter_Id>",
 "version" : "<current version>",
"datastoreForVmDeploymentName" : "sfo01-m01-vsan",
"domainType" : "MANAGEMENT",
"status" : "ACTIVE",
"bundleRepoDatastore" : "lcm-bundle-repo",
"domainId" : "68ae2add-db28-4671-9a92-f2a5b3dcaab1",
"managementIpAddress" : "10.0.0.6"
}
]

For PSC

$ curl localhost/inventory/pscs | json_pp

Sample Output:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 756 0 756 0 0 84000 0 --:--:-- --:--:-- --:--:-- 84000
[
{"domain" : "vsphere.local",
"bundleRepoDatastore" : "lcm-bundle-repo",
"status" : "ACTIVE",
"vmName" : "psc-2",
"hostName" : "psc-2.vrack.vsphere.local",
"id" : "<psc_Id>",
"replica" : true,
"version" : "<current version>",
"datastoreName" : "sfo01-m01-vsan",
"domainId" : "68ae2add-db28-4671-9a92-f2a5b3dcaab1",
"managementIpAddress" : "10.0.0.7",
"subDomain" : "vrack.vsphere.local"
},
{
"managementIpAddress" : "10.0.0.5",
"subDomain" : "vrack.vsphere.local",
"hostName" : "psc-1.vrack.vsphere.local",
"id" : "<psc_Id>",
"bundleRepoDatastore" : "lcm-bundle-repo",
"domain" : "vsphere.local",
"status" : "ACTIVE",
"vmName" : "psc-1",
"datastoreName" : "sfo01-m01-vsan",
"version" : "<current version>",
"replica" : false,
"domainId" : "68ae2add-db28-4671-9a92-f2a5b3dcaab1"
}
]


The field "id" in response, corresponds to vCenter/PSC id.
The "version" field for each of the vCenter/PSC provides the current version of the vCenter/PSC.
 

3)  Update VCF inventory for vCenter Servers and PSCs


Note: Repeat below commands for all the vCenter Severs with their corresponding vcenter-id that were upgraded.

<SDDC_Manager_FQDN >  =  Fully qualified domain name of SDDC manager.
<vCenter_Id>  = Id of VCENTER for which version is to be updated in VCF inventory
<psc_Id>  = Id of PSC for which version is to be updated in VCF inventory
            
The build number of 6.7U3o is 18485166 so this is the version that needs to be inserted into the file i.e. 6.7.0-18485166

For vCenter Server
 

$ curl -X PATCH '<SDDC_Manager_FQDN >/inventory/entities/<vCenter_Id>' -d '{"version":"6.7.0-18485166", "type":"VCENTER"}' -H 'Content-Type:application/json'


For PSCs
 

$ curl -X PATCH '<SDDC_Manager_FQDN >/inventory/entities/<psc_Id>' -d '{"version":"6.7.0-18485166", "type":"PSC"}' -H 'Content-Type:application/json'

 

4) Verify vCenter Server and PSC versions

$ curl localhost/inventory/vcenters | json_pp

Sample Output:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 353 0 353 0 0 35300 0 --:--:-- --:--:-- --:--:-- 35300
[
{
"hostName" : "vcenter-1.vrack.vsphere.local",
"vmName" : "vcenter-1",
"id" : "<vCenter_Id>",
"version" : "6.7.0-18485166",
"datastoreForVmDeploymentName" : "sfo01-m01-vsan",
"domainType" : "MANAGEMENT",
"status" : "ACTIVE",
"bundleRepoDatastore" : "lcm-bundle-repo",
"domainId" : "68ae2add-db28-4671-9a92-f2a5b3dcaab1",
"managementIpAddress" : "10.0.0.6"
}
]

 

$ curl localhost/inventory/pscs | json_pp

Sample Output: % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 756 0 756 0 0 47250 0 --:--:-- --:--:-- --:--:-- 47250
[
{
"hostName" : "psc-2.vrack.vsphere.local",
"subDomain" : "vrack.vsphere.local",
"domain" : "vsphere.local",
"id" : "<psc_Id>",
"vmName" : "psc-2",
"version" : "6.7.0-18485166",
"datastoreName" : "sfo01-m01-vsan",
"bundleRepoDatastore" : "lcm-bundle-repo",
"domainId" : "68ae2add-db28-4671-9a92-f2a5b3dcaab1",
"status" : "ACTIVE",
"managementIpAddress" : "10.0.0.7",
"replica" : true
},
{
"bundleRepoDatastore" : "lcm-bundle-repo",
"id" : "<psc_Id>",
"hostName" : "psc-1.vrack.vsphere.local",
"subDomain" : "vrack.vsphere.local",
"domain" : "vsphere.local",
"datastoreName" : "sfo01-m01-vsan",
"version" : "6.7.0-18485166",
"vmName" : "psc-1",
"managementIpAddress" : "10.0.0.5",
"replica" : false,
"domainId" : "68ae2add-db28-4671-9a92-f2a5b3dcaab1",
"status" : "ACTIVE"
}
]

  5)  Go to SDDCManager UI to verify the VC/PSC version after few mins


Note:

Repeat STEP 1, and STEP 2 for all workload domain vCenters in your Cloud Foundation environment. 
Every time a new VI workload domain is created, these steps need to be performed. 


Additional Information

Impact/Risks:

If the procedure documented below in the "Workaround" section is followed, the supported forward upgrade is VCF 3.10.2.2 using Skip level upgrade tool.
Ensure you use latest skip level upgrade tool for VCF 3.x.
For VCF on VXrail you may encounter a known issue during upgrade to VCF 3.10.2.2.
Please refer to KB 85860 for further details

For information on the Skip level tool, please see 
VCF 3.10.2.2 SKIP level Upgrade tool 
VCF on VxRail 3.10.2.2 SKIP level Upgrade tool 

Powered by Wolken Software