In the previous blog we had enabled vCenter HA and tested failover process. In this write up, we will patch a live version of vCenter vCHA configuration.
You cannot patch a vCenter Server appliance in a vCenter HA cluster in vCenter 7.0 following the official patching guide.
According to VMware, you can patch your vCenter HA setup by downloading the VCSA patch ISO and following their Official vCHA Patching Guide but this process doesn’t work.
Resolution: You must remove the vCenter HA configuration, apply patches to vCenter Server appliance and then reconfigure your vCenter HA deployment.
Prerequisites for Patching vCHA enabled vCenter 7.0
At a high level, the process to patch a vCHA enabled vCenter is that we remove the vCenter Server HA cluster configuration, patch the single vCenter Server Appliance and then redo the vCHA configuration.
- Single Sign-On administrator password
- vCHA cluster mode must be enabled and healthy.
- Ensure you backup your vCenter appliance.
- Snapshot your vCenter.
- Export of your vDS switch config
- Make a note of the esx host running the vCenter.
- Verify if the vCPU/vMEM is enough for the vCenter, if not increase it.
- Network latency between vCHA and vCenter management should be under 10 ms.
- Disk latency between vCHA and vCenter management should be under 10 ms.
Patching
It’s always a good idea to do your research before upgrading or patching your vCenter . Along with reading the release notes, verifying the VMware compatibility Matrix of esxi, vDS switches, vCenter, and NSX-T/V are essential just to rule out if the current topology has some existing incompatibility issues.
Here are the relevant web links
- vCenter and ESXi Compatibility Matrix
- NSX and vCenter Server Compatibility Matrix
- VMware Patch Download Center
- Official vCHA Patching Guide
- Tips for Patching
- Build numbers of vCenter and ESX
The write up below covers the process to patch a vCenter deployed as VCHA Basic Deployment in vCenter 7.0.X.
Download latest vCenter patch
To download the patch from our vCenter, browse to the VMware Patch Download Center and search for our version of vCenter
You can find the current version of vCenter by checking the build number straight from the UI or via the appliance mode as shown below
Login to the vCenter appliance mode as https://sfo-m01-vc02.ash.local:5480/#/ui/summary to show the version of vCenter if you prefer.
Next step we need to go VMware Patch Download Center to download our latest vCenter patch
Upload the ISO file to a location on your datastore
Disable vCenter HA
In the past you would have put the HA cluster into maintenance mode but in vCenter 7.0 we can just disable the HA as per the below process.
Verify if the current state of vCenter HA is enabled and healthy
The vCenter HA status is now reported as Enabled. Click on Remove vCenter HA button.
Tick the option to delete the Passive and Witness Node VM
This will now just delete the Passive and Witness node and we will then be left with one vCenter
Our vCenter vCHA configuration no longer exists and we re now left with one vCenter to patch
Patching the vCenter node
Select our active vCenter and mount the patch .ISO file
Select the patch .ISO file from the correct datastore then click OK
Click OK to save the configuration and then ssh to our vCenter appliance as root
ssh root@vCSA_node_IP_address
Use the software-packages utility to stage the patch on the Active node. From the appliance shell run the command:To stage the ISO:
software-packages stage --iso
To see the staged content:software-packages list --staged
Use the software-packages utility to install the patch on the Active node. From the appliance shell run the command:
software-packages install –iso –acceptEulas
The vCenter update will require around 30 mins and during this time vCenter UI will not be available
Finally, reboot the appliance
shutdown reboot -r
Once your vCenter is upgraded, you can then proceed to deploy your VCHA cluster again.
Summary
In this exercise, we have shown you how to patch the vCenter enabled with vCHA .The official Official vCHA Patching Guide still has the vCHA 6.X update procedure documented and it does not work anymore.