So basiclally, here are the high level update steps that I've determined for the best success:
- Update the External Platform Services Controller first via web portal
- Update the vCenter Witness node via CLI, with the ISO
- Update the vCenter Passive (peer) node via CLI, with the ISO
- Manually initiate vCenter HA failover
- Update the (now) Passive vCenter node via CLI, with the ISO
Here are the more granular steps:
1) Put vCenter HA into Maintenance Mode.
2) Web into the External Platform Services Controller
- Click on the Update button
- Click the Check Updates button -> Check Repository
- Click the Install Update button -> Install All Updates
- Accept the EULA and click the Install button
3) SSH to the active vCenter node public IP
- type: Shell
- change to Appliance shell "appliancesh": /chsh -s /bin/appliancesh root
- verify you are in the Appliance shell: echo $SHELL
4) From the active vCenter server:
- SSH to the witness node
- type: ssh root@<Witness node HA IP>
- you may get a notification that the authenticity can't be established. I believe this is because the node you are trying to access (passive) is not yet updated and doesn't match the ECDSA key the node you are coming from (active). Go ahead and continue.
- once connected and you've entered your password, you should be at a Command> prompt.
- type: ssh root@<Witness node HA IP>
- type: software-packages stage --iso --acceptEulas
- the ISO will mount and check how many packages exist
- the ISO will unmount
- type: software-packages install --staged --acceptEulas
- the ISO will mount and the copy process will begin
- ISO will unmount
- pre-install script will run
- VMware services will stop
- package upgrade will begin
- reboot when prompted the upgrade is complete
- type: shutdown reboot -r <reason>
- SSH connection to witness node will close as the server reboots
5) From the active vCenter node:
- SSH to the passive node
- type: ssh root@<Passive node HA IP>
- once connected and you've entered your password, you should be at a Command> prompt.
- type: ssh root@<Passive node HA IP>
- type: software-packages stage --iso --acceptEulas
- the ISO will mount and check how many packages exist
- the ISO will unmount
- type: software-packages install --staged --acceptEulas
- the ISO will mount and the copy process will begin
- ISO will unmount
- pre-install script will run
- VMware services will stop
- package upgrade will begin
- reboot when prompted the upgrade is complete
- type: shutdown reboot -r <reason>
- SSH connection to passive node will close as the server reboots
6) In the vSphere web client, manually initiate a failover
- Side note: I noticed after the failover (to the vCenter node with the updated version) that in the vSphere Web Client, when the vCenter top-level name at the top-left is clicked, the center pane would be blank with a blue background. This was the case in both Firefox and Chrome. This was due to me having an older plug-in for the vCenter Operations Manager enabled in vCenter administration. I went to Home > Administration > Solutions / Client Plug-ins > and disabled the VCOps Client Plugin.
7) When the failover is complete, SSH to the (now) active vCenter node public IP, then:
- SSH to the passive node
- type: ssh root@<Passive node HA IP>
- once connected and you've entered your password, you should be at a Command> prompt.
- type: ssh root@<Passive node HA IP>
- type: software-packages stage --iso --acceptEulas
- the ISO will mount and check how many packages exist
- the ISO will unmount
- type: software-packages install --stages --acceptEulas
- the ISO will mount and the copy process will begin
- ISO will unmount
- pre-install script will run
- VMware services will stop
- package upgrade will begin
- reboot when prompted the upgrade is complete
- type: shutdown reboot -r <reason>
- SSH connection to passive node will close as the server reboots
exit from the active vCenter SSH session.
Tags: vCenter