Upgrade vCSA from 6.5 to 6.7 with CLI Installer

Or is it “automate all the things”?

Here’s a run down of a little bit of both.

CLI vCenter Server Appliance upgrades starts at the same place as with a GUI install. Download the vCSA ISO of your choice from My VMware.

It’s worth checking out the vCenter upgrade path matrix here too. Some upgrade paths aren’t supported and may end with vague errors and/or involuntary hair pulling.

Mount the ISO and browse to the following folder

(Drive letter):\vcsa-cli-installer\templates\upgrade\vcsa6.5

These are the templates used to specify upgrade parameters when running the vcsa-deploy utility. I’m going to be upgrading an embedded 6.5 vCSA that’s hosted on another VC, so will be using the embedded_vCSA_on_VC.json template.

Copy the desired template to the local file system for editing and open it in a test editor that can deal with JSON. It should look something like this

{
    "__version": "2.13.0",
    "__comments": "Sample template to upgrade a vCenter Server Appliance 6.5 with an embedded Platform Services Controller to a vCenter Server Appliance 6.7 with an embedded Platform Services Controller on a vCenter Server instance.",
    "new_vcsa": {
        "vc": {
            "__comments": [
                "'datacenter' must end with a datacenter name, and only with a datacenter name. ",
                "'target' must end with an ESXi hostname, a cluster name, or a resource pool name. ",
                "The item 'Resources' must precede the resource pool name. ",
                "All names are case-sensitive. ",
                "For details and examples, refer to template help, i.e. vcsa-deploy {install|upgrade|migrate} --template-help"
            ],
            "hostname": "<FQDN or IP address of the vCenter Server instance>",
            "username": "<The user name of a user with administrative privileges or the Single Sign-On administrator on vCenter.>",
            "password": "<The password of a user with administrative privileges or the Single Sign-On administrator on vCenter. If left blank, or omitted, you will be prompted to enter it at the command console during template verification.>",
            "deployment_network": "VM Network",
            "datacenter": [
                "Folder 1 (parent of Folder 2)",
                "Folder 2 (parent of Your Datacenter)",
                "Your Datacenter"
            ],
            "datastore": "<A specific datastore accessible to the ESXi host or DRS cluster in the 'target' path.>",
            "target": [
                "Folder A (parent of Folder B)",
                "Folder B (parent of Your ESXi Host, or Cluster)",
                "Your ESXi Host, or Cluster"
            ]
        },
        "appliance": {
            "__comments": [
                "You must provide the 'deployment_option' key with a value, which will affect the VCSA's configuration parameters, such as the VCSA's number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deployment-sizes"
            ],
            "thin_disk_mode": true,
            "deployment_option": "small",
            "name": "Embedded-vCenter-Server-Appliance"
        },
        "os": {
            "ssh_enable": false
        },
        "temporary_network": {
            "ip_family": "<ipv4 or ipv6>",
            "mode": "static",
            "ip": "<Static IP address. Remove this if using dhcp.>",
            "dns_servers": [
                "<DNS Server IP Address. Remove this if using dhcp.>"
            ],
            "prefix": "<Network prefix length. Use only when the mode is 'static'. Remove if the mode is 'dhcp'. This is the number of bits set in the subnet mask; for instance, if the subnet mask is 255.255.255.0, there are 24 bits in the binary version of the subnet mask, so the prefix length is 24. If used, the values must be in the inclusive range of 0 to 32 for IPv4 and 0 to 128 for IPv6.>",
            "gateway": "<Gateway IP address. Remove this if using dhcp.>"
        },
        "user_options": {
            "vcdb_migrateSet": "<Set the data migration option. Available options are 'core', 'all', and 'core_events_tasks'.>"
        }
    },
    "source_vc": {
        "description": {
            "__comments": [
                "This section describes the source appliance which you want to",
                "upgrade and the ESXi host on which the appliance is running. "
            ]
        },
        "managing_esxi_or_vc": {
            "hostname": "<FQDN or IP address of the ESXi or vCenter on which the source vCenter Server Appliance resides.>",
            "username": "<Username of a user with administrative privilege on the ESXi host or vCenter Server. For example 'root' for ESXi and '[email protected]<SSO domain name>' for vCenter >",
            "password": "<Password of the administrative user on the ESXi host or vCenter Server. If left blank, or omitted, you will be prompted to enter it at the command console during template verification.>"
        },
        "vc_vcsa": {
            "hostname": "<FQDN or IP address of the source vCenter Server Appliance>",
            "username": "[email protected]<SSO domain name>",
            "password": "<vCenter Single Sign-On administrator password. If left blank, or omitted, you will be prompted to enter it at the command console during template verification.>",
            "root_password": "<Appliance root password. If left blank, or omitted, you will be prompted to enter it at the command console during template verification.>"
        }
    },
    "ceip": {
        "description": {
            "__comments": [
                "++++VMware Customer Experience Improvement Program (CEIP)++++",
                "VMware's Customer Experience Improvement Program (CEIP) ",
                "provides VMware with information that enables VMware to ",
                "improve its products and services, to fix problems, ",
                "and to advise you on how best to deploy and use our ",
                "products. As part of CEIP, VMware collects technical ",
                "information about your organization's use of VMware ",
                "products and services on a regular basis in association ",
                "with your organization's VMware license key(s). This ",
                "information does not personally identify any individual. ",
                "",
                "Additional information regarding the data collected ",
                "through CEIP and the purposes for which it is used by ",
                "VMware is set forth in the Trust & Assurance Center at ",
                "http://www.vmware.com/trustvmware/ceip.html . If you ",
                "prefer not to participate in VMware's CEIP for this ",
                "product, you should disable CEIP by setting ",
                "'ceip_enabled': false. You may join or leave VMware's ",
                "CEIP for this product at any time. Please confirm your ",
                "acknowledgement by passing in the parameter ",
                "--acknowledge-ceip in the command line.",
                "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
            ]
        },
        "settings": {
            "ceip_enabled": true
        }
    }
}

Most of this should be self explanatory, but there are a few gotchas. When specifying a resource pool as a target, the format should be “ClusterName”, “Resources”, “ResourcePoolName”. Resources should be entered as a literal string. The second issue I had was that datastore clusters cannot be entered as a target. If anyone finds a way around this, I’d love to know about it. It’s worth noting that the vCSA to be upgraded needs to be able to correctly resolve the target host or VC DNS name. Yes, I had issues. Yes, it was DNS. Finally, the upgrade process creates a new vCSA and migrates the existing configuration, leaving the original vCSA in inventory. Because of this, a unique VM name must be specified under the appliance: “name” section.

I chose to leave passwords blank in my configuration file, which translates to a not-quite-so-automated installation; but I’m not here to tell you about your security requirements.

You should end up with a configuration file that looks something like this

{
    "__version": "2.13.0",
    "__comments": "Sample template to upgrade a vCenter Server Appliance 6.5 with an embedded Platform Services Controller to a vCenter Server Appliance 6.7 with an embedded Platform Services Controller on a vCenter Server instance.",
    "new_vcsa": {
        "vc": {
            "__comments": [
                "'datacenter' must end with a datacenter name, and only with a datacenter name. ",
                "'target' must end with an ESXi hostname, a cluster name, or a resource pool name. ",
                "The item 'Resources' must precede the resource pool name. ",
                "All names are case-sensitive. ",
                "For details and examples, refer to template help, i.e. vcsa-deploy {install|upgrade|migrate} --template-help"
            ],
            "hostname": "vcsa01.contoso.lab",
            "username": "[email protected]",
            "password": "",
            "deployment_network": "vxw-dvs-287-virtualwire-22-sid-5001-LS02-Nested-Lab",
            "datacenter": [
                "DC01"
            ],
            "datastore": "LUN02_D10_R10",
            "target": [
                "PROD01",
                "Resources",
                "Nested_Lab"
            ]
        },
        "appliance": {
            "__comments": [
                "You must provide the 'deployment_option' key with a value, which will affect the VCSA's configuration parameters, such as the VCSA's number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deployment-sizes"
            ],
            "thin_disk_mode": true,
            "deployment_option": "small",
            "name": "nest-vc03_new"
        },
        "os": {
            "ssh_enable": false
        },
        "temporary_network": {
            "ip_family": "ipv4",
            "mode": "static",
            "ip": "10.0.61.5",
            "dns_servers": [
                "10.0.61.1"
            ],
            "prefix": "24",
            "gateway": "10.0.61.254"
        },
        "user_options": {
            "vcdb_migrateSet": "all"
        }
    },
    "source_vc": {
        "description": {
            "__comments": [
                "This section describes the source appliance which you want to",
                "upgrade and the ESXi host on which the appliance is running. "
            ]
        },
        "managing_esxi_or_vc": {
            "hostname": "vcsa01.contoso.lab",
            "username": "[email protected]",
            "password": ""
        },
        "vc_vcsa": {
            "hostname": "10.0.61.4",
            "username": "[email protected]",
            "password": "",
            "root_password": ""
        }
    },
    "ceip": {
        "description": {
            "__comments": [
                "++++VMware Customer Experience Improvement Program (CEIP)++++",
                "VMware's Customer Experience Improvement Program (CEIP) ",
                "provides VMware with information that enables VMware to ",
                "improve its products and services, to fix problems, ",
                "and to advise you on how best to deploy and use our ",
                "products. As part of CEIP, VMware collects technical ",
                "information about your organization's use of VMware ",
                "products and services on a regular basis in association ",
                "with your organization's VMware license key(s). This ",
                "information does not personally identify any individual. ",
                "",
                "Additional information regarding the data collected ",
                "through CEIP and the purposes for which it is used by ",
                "VMware is set forth in the Trust & Assurance Center at ",
                "http://www.vmware.com/trustvmware/ceip.html . If you ",
                "prefer not to participate in VMware's CEIP for this ",
                "product, you should disable CEIP by setting ",
                "'ceip_enabled': false. You may join or leave VMware's ",
                "CEIP for this product at any time. Please confirm your ",
                "acknowledgement by passing in the parameter ",
                "--acknowledge-ceip in the command line.",
                "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
            ]
        },
        "settings": {
            "ceip_enabled": true
        }
    }
}

I’m setting the –no-ssl-certificate-verification flag as I’m deploying to a target with a self signed SSL cert. Your mileage may vary.

We can verify our template is valid without installing like so

d:\vcsa-cli-installer\win32\vcsa-deploy.exe upgrade --accept-eula --no-ssl-certificate-verification --verify-template-only c:\vcsa-cli-installer\templates\upgrade\vcsa6.5\embedded_vCSA_on_VC.json

Next up we need to run the installer which looks as follows

d:\vcsa-cli-installer\win32\vcsa-deploy.exe upgrade --accept-eula --no-ssl-certificate-verification c:\vcsa-cli-installer\templates\upgrade\vcsa6.5\embedded_vCSA_on_VC.json

If you didn’t add passwords to the configuration.json file above, you’ll be prompted to enter them now

If you run into problems you may also get help like so

d:\vcsa-cli-installer\win32\vcsa-deploy.exe upgrade --template-help

The command prompt will be updated as installation progresses. Once completed, the original vCSA will be shut down and a new, 6.7 appliance will take its place.

Leave a Reply

Your email address will not be published. Required fields are marked *