Applying vCenter Server 6.7 Update 3r patch on VMware Cloud Foundation for VCF 3.x releases
search cancel

Applying vCenter Server 6.7 Update 3r patch on VMware Cloud Foundation for VCF 3.x releases

book

Article ID: 344809

calendar_today

Updated On:

Products

VMware Cloud Foundation

Issue/Introduction

The purpose of this article is to provide guidance to upgrade just vCenter Server appliance.
VCF affected Versions : All VCF 3.x versions
The information contained in this article applies to both VCF on Dell EMC VxRail environments and vSAN Ready Nodes.


Symptoms:
As documented in VMSA-2022-0018, all versions of the vCenter Server 6.7 appliance that are prior to 6.7 Update 3r are affected by the vulnerabilities listed in the advisory.
Also, all VMware Cloud Foundation(VCF) 3.x versions 3.x versions are similarly impacted by the vulnerabilities listed in the advisory.

Environment

VMware Cloud Foundation 3.11
VMware Cloud Foundation 3.10.1.2
VMware Cloud Foundation 3.10.1.1
VMware Cloud Foundation 3.10.0.0
VMware Cloud Foundation 3.10.2.1
VMware Cloud Foundation 3.10.1.0
VMware Cloud Foundation 3.10.2.2
VMware cloud foundation 3.11.0.1
VMware Cloud Foundation 3.10.2.0

Resolution

All the documented security issues are resolved in VMware vCenter Server 6.7 Update 3r.
 
VMware Cloud Foundation VersionUpgrade Options
Prior to 3.11.xUpgrade to 3.11.x or later and then follow the workaround in the below article
3.11.xApply the steps in the Workaround section of this article.


Workaround:

To workaround the issue, please follow the below mentioned steps:
Step 1: Perform below steps on each VMware vCenter Server VM and each External PSC deployed in your VMware Cloud Foundation environment:

  1. Powered off concurrent snapshots should be taken of all PSC's and VC's in the SSO domain prior to patching.
  2. Apply the VMware vCenter server 6.7 Update 3r patch available at the Product Patch page to all external PSCs and vCenter Servers (Management & VI Domain) in the environment.

Step 2: Perform below steps on each SDDC Manager VM deployed in your Cloud Foundation environment

  1. Login to SDDC manager VM via SSH and sudo to root account
  2. Get PSC/VC ID from VCF inventory:

To get vCenter/PSC details from VCF inventory run following command/Curl/API:

For vCenter Server

$ curl localhost/inventory/vcenters | json_pp
Sample Output:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 353 0 353 0 0 35300 0 --:--:-- --:--:-- --:--:-- 3530
[
{
"hostName" : "vcenter-1.vrack.vsphere.local",
"vmName" : "vcenter-1",
"id" : "<vCenter_Id>",
"version" : "<current version>",
"datastoreForVmDeploymentName" : "sfo01-m01-vsan",
"domainType" : "MANAGEMENT",
"status" : "ACTIVE",
"bundleRepoDatastore" : "lcm-bundle-repo",
"domainId" : "68ae2add-db28-4671-9a92-f2a5b3dcaab1",
"managementIpAddress" : "10.0.0.6"
}
]

For PSC

$ curl localhost/inventory/pscs | json_pp
Sample Output:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 756 0 756 0 0 84000 0 --:--:-- --:--:-- --:--:-- 84000
[
{"domain" : "vsphere.local",
"bundleRepoDatastore" : "lcm-bundle-repo",
"status" : "ACTIVE",
"vmName" : "psc-2",
"hostName" : "psc-2.vrack.vsphere.local",
"id" : "<psc_Id>",
"replica" : true,
"version" : "<current version>",
"datastoreName" : "sfo01-m01-vsan",
"domainId" : "68ae2add-db28-4671-9a92-f2a5b3dcaab1",
"managementIpAddress" : "10.0.0.7",
"subDomain" : "vrack.vsphere.local"
},
{
"managementIpAddress" : "10.0.0.5",
"subDomain" : "vrack.vsphere.local",
"hostName" : "psc-1.vrack.vsphere.local",
"id" : "<psc_Id>",
"bundleRepoDatastore" : "lcm-bundle-repo",
"domain" : "vsphere.local",
"status" : "ACTIVE",
"vmName" : "psc-1",
"datastoreName" : "sfo01-m01-vsan",
"version" : "<current version>",
"replica" : false,
"domainId" : "68ae2add-db28-4671-9a92-f2a5b3dcaab1"
}
]

The field "id" in response, corresponds to vCenter/PSC id.
The "version" field for each of the vCenter/PSC provides the current version of the vCenter/PSC.

  1. Update VCF inventory for vCenter Servers and PSCs

Note: Repeat below commands for all the vCenter Severs with their corresponding vcenter-id that were upgraded.
<SDDC_Manager_FQDN >  =  Fully qualified domain name of SDDC manager.
<vCenter_Id>  = Id of VCENTER for which version is to be updated in VCF inventory
<psc_Id>  = Id of PSC for which version is to be updated in VCF inventory
The build number of VC/PSC 6.7 Update 3r is 19832974 so this is the version that needs to be inserted into the file i.e. 6.7.0-19832974

For vCenter Server

$ curl -X PATCH '<SDDC_Manager_FQDN >/inventory/entities/<vCenter_Id>' -d '{"version":"6.7.0-19832974", "type":"VCENTER"}' -H 'Content-Type:application/json'

For PSCs

$ curl -X PATCH '<SDDC_Manager_FQDN >/inventory/entities/<psc_Id>' -d '{"version":"6.7.0-19832974", "type":"PSC"}' -H 'Content-Type:application/json'

  1. Verify vCenter Server and PSC versions

For vCenter Server

$ curl localhost/inventory/vcenters | json_pp
Sample Output:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 353 0 353 0 0 35300 0 --:--:-- --:--:-- --:--:-- 35300
[
{
"hostName" : "vcenter-1.vrack.vsphere.local",
"vmName" : "vcenter-1",
"id" : "<vCenter_Id>",
"version" : "6.7.0-19832974",
"datastoreForVmDeploymentName" : "sfo01-m01-vsan",
"domainType" : "MANAGEMENT",
"status" : "ACTIVE",
"bundleRepoDatastore" : "lcm-bundle-repo",
"domainId" : "68ae2add-db28-4671-9a92-f2a5b3dcaab1",
"managementIpAddress" : "10.0.0.6"
}
]

For PSC

$ curl localhost/inventory/pscs | json_pp
Sample Output:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 756 0 756 0 0 47250 0 --:--:-- --:--:-- --:--:-- 47250
[
{
"hostName" : "psc-2.vrack.vsphere.local",
"subDomain" : "vrack.vsphere.local",
"domain" : "vsphere.local",
"id" : "<psc_Id>",
"vmName" : "psc-2",
"version" : "6.7.0-19832974",
"datastoreName" : "sfo01-m01-vsan",
"bundleRepoDatastore" : "lcm-bundle-repo",
"domainId" : "68ae2add-db28-4671-9a92-f2a5b3dcaab1",
"status" : "ACTIVE",
"managementIpAddress" : "10.0.0.7",
"replica" : true
},
{
"bundleRepoDatastore" : "lcm-bundle-repo",
"id" : "<psc_Id>",
"hostName" : "psc-1.vrack.vsphere.local",
"subDomain" : "vrack.vsphere.local",
"domain" : "vsphere.local",
"datastoreName" : "sfo01-m01-vsan",
"version" : "6.7.0-19832974",
"vmName" : "psc-1",
"managementIpAddress" : "10.0.0.5",
"replica" : false,
"domainId" : "68ae2add-db28-4671-9a92-f2a5b3dcaab1",
"status" : "ACTIVE"
}
]

  1. Go to SDDCManager UI to verify the VC/PSC version after few mins
Note:
Repeat for all domains in your Cloud Foundation environment.
Every time a new VI workload domain is created, these steps need to be performed.


Powered by Wolken Software