Applying NSX-V 6.4.14 patch on VMware Cloud Foundation 3.x
search cancel

Applying NSX-V 6.4.14 patch on VMware Cloud Foundation 3.x

book

Article ID: 318259

calendar_today

Updated On:

Products

VMware Cloud Foundation

Issue/Introduction

To provide guidance to upgrade NSX-V 6.4.14 appliances on VMware Cloud Foundation 3.x.
Affected Versions : All VCF versions on VMware Cloud Foundation 3.x.
The information contained in this article applies to both VCF on Dell EMC VxRail environments and vSAN Ready Nodes.

Symptoms:

As documented in VMSA-2022-0027 , all versions for VMware NSX Data Center for vSphere (NSX-V)  prior to NSX-V 6.4.14 appliances are affected by the vulnerabilities listed in the advisory.
All the VMware Cloud Foundation(VCF) 3.x versions are similarly impacted by the vulnerabilities listed in the advisory.


Environment

VMware Cloud Foundation 3.11

Cause

As documented in VMSA-2022-0027 all the VMware Cloud Foundation 3.x versions  are affected by the vulnerabilities listed in the advisory.

Resolution

VMware Cloud Foundation Versions

Upgrade Options

Prior to VCF 3.9.1

Upgrade to 3.11.0.1 or later and apply the steps in the workaround section of this article.

VCF 3.9.1 and above

Apply the steps in the Workaround section of this article.



Workaround:

To workaround the issue, please follow the below mentioned steps:

Step 1: Perform below steps on each VMware NSX-V instance deployed in your VMware Cloud Foundation environment

  1. Apply the NSX-v 6.4.14 patch available at the Product Patch page to all NSX-V instances (Management & VI Domain) in the environment.


Step 2: Perform below steps on each SDDC Manager VM deployed in your Cloud Foundation environment

  1. Login to SDDC manager Virtual Machine via SSH and sudo to root account

  2. Verify the NSX-V version on the inventory

root@sddc-manager [ /home/vcf ]# curl localhost/inventory/nsxmanagers | json_pp
"id" : "<<NSX-v ID>>",
"version" : "<<Current NSX-v Version>>",
"status" : "ACTIVE",
"hostName" : "nsxManager.vrack.vsphere.local",
"domainId" : "dc5318d3-0f98-430a-9f49-2b33bbe97630",
"managementIpAddress" : "10.0.0.9",
"vmName" : "nsxManager",
"vcenterId" : "995a88d4-d6b9-4b97-b6dc-ed72cce23976"

Please note the following details
The field "id" in response, corresponds to <<NSX-V ID>>.
The "version" field for each of the NSX-v provides the<<Current NSX-v Version>>.

  1. API to update NSX-v hot patch version: 6.4.14-20609341

root@sddc-manager [ /home/vcf ]# curl -X PATCH 'localhost/inventory/entities/<<NSX-v ID>>' -d '{"version":"6.4.14-20609341", "type":"NSXMANAGER"}' -H 'Content-Type:application/json'

  1. Verify the NSX-V Version

root@sddc-manager [ /home/vcf ]# curl localhost/inventory/nsxmanagers | json_pp
[
{
"managementIpAddress" : "10.0.0.9",
"id" : "82cd67f9-77d5-4ff6-a3b3-fa4415492160",
"opaqueBlob" : "...",
"status" : "ACTIVE",
"vmName" : "nsxManager",
"hostName" : "nsxManager.vrack.vsphere.local",
"version" : "6.4.14-20609341",
"vcenterId" : "995a88d4-d6b9-4b97-b6dc-ed72cce23976"
}
]

Note: Every time a new VI workload domain is created, these steps need to be performed.


Additional Information

Impact/Risks:
If the procedure documented below in the "Workaround" section is followed, the supported forward upgrade is VCF 3.11.0.1 release. Ensure to use latest skip level upgrade tool for VCF 3.x.

Powered by Wolken Software