Time to update my lab so I thought, like always, I would share how I do it. I hope it helps someone out there to make it easier for them.
- Get the release notes – vCenter – https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u2-release-notes.html , ESXi – https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-67u2-release-notes.html
- Check the interoperability matrix to make sure my other VMware apps will work with it – https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#interop&23=&2=
- Get the bits – just in case – vC bits, ESXi bits. We are not going to use them, but I believe we should always have onsite the bits for what we are using in production.
So now we carefully go through the release notes and compatibility matrix. It turns out when I was preparing that my version of View – 7.8 – was not supported by Update 2. But yesterday things were updated and it is now. As well, when Veeam Backup & Replication 9.5 Update 4a was released they said they would likely be compatible with Update 2. I confirmed that with a friend that backups worked good after the Update 2 update. So it looks like no compatibility issues.
Overview of Process
The normal process is to make sure that components like Veeam, or View are already updated to work with the new vSphere versions, and they are. Next, we update vCenter first, followed by the hosts. Last we do VMware Tools and potentially virtual hardware.
Test Time – first
We do a quick test of things before we start to make sure things are healthy before we start. So for me that means:
- Can I log in with the vSphere Client and see healthy hosts and VMs? Yes, looks healthy.
- Can I connect using View and it works? Yes, it worked.
- Can I do a backup? I suggested doing a backup of the vC as the test. Yes, it worked good.
Time To Work – vCenter
Ok, now we are ready to do the upgrade.
- Do we have a backup? We could use the built in backup that the VCSA offers but I like using just one backup tool in my lab.
- My current version is 6.7 Update 1 build 11727113. Which includes some patches past U1.
- I log in on the VAMI UI which is https://vC_fqdn:5480.
- I like seeing on the Summary screen that health is all green.
- We change to the Update page now.
- I did not have to use the Check Updates as when I changed to this page it automatically checked and then showed the update.
- So now I need only use the Stage and Install blue button.
- Before I do that, I like to click on the greater than sign by the blue button. When that is expanded you can see a little more info.
- But when you do the Stage and Install button you get a prompt to approve the EULA.
- Then you see some pre-upgrade checks go.
- Next you need to confirm you did a backup.
- Now we see progress.
- We see staging, then we see the install stuff.
- Before you know it, it is done.
- The new version and build is 6.7 Update 2 build 13010631.
Test Time – vCenter
- Now we need to confirm things.
- Can we log into the vSphere Client and see healthy environment? It took a few minutes to be able to log in and once we did, it seemed to take a few minutes to display things. But then it took longer. So I closed the browser and opened it. I have an odd blue turning circle after I have successfully authenticated. I will log into the VAMI to see if any services are not running. Maybe do a restart. Before the restart I did the two tests below with no issues. Looks like only the vSphere Client is the issue. I do a restart, and wait maybe 10 minutes and I get the login screen. Which lets me in and still the blue turning circle. Maybe I need to wait more. But I did not want to. I cleared my Chrome browsers cache and logged in again and it worked. So finally success. Everything looks good now.
- Can we connect via Horizon View? Yes, no problem.
- Can we do a backup? Yes, no problem.
- Do we see the proper vCenter version and build? Yes, 6.7 and build 13007421.
So the vCenter upgrade was a success. A little irritating in that I had to clear my browser cache to access the vSphere client but all good in the end. BTW, it took about 60 minutes for all the testing and upgrade to finish.
Time to Work – hosts
Now we upgrade the hosts.
- We know things are good due to the tests we did at the end of the VCSA upgrade.
- The host build currently is 6.7.0 build 13004448. I see in the release notes that the new build will be 13006603.
- At the cluster level I change to the Updates tab.
- Next I select the baselines and select Remediate.
- We see a summary screen.
- I select Remediate. And in Recent Tasks I see it start.
- I see some virtual machines vMotioned and a host in maintenance mode. So things are moving along.
- Maybe 10 minutes later both of my hosts are showing the new build of 13006603 so they have been upgraded successfully.
Test Time – hosts
I do the tests again. Likely not really necessary now, but just to be safe.
- Horizon View connects OK? Yes, no problem.
- vSphere Client displays healthy hosts? Yes.
- Backup works. Yes, no problem.
Work Time – VMware Tools and Compatibility
There is a number of ways to update VMware Tools. You can wait a bit and do it manually by clicking the link in the vSphere Client. You can set VMs to do automatic updates the next time they reboot. You can use VUM to do it too.
I am going to click on the link on the VM Summary screen for each VM I want to update.
This gives me a little more flexibility to know what is being impacted. It is not really scalable though.
I should not normally need to update tools in appliances. Those are self-managed so we should not see the prompt for them. They may sneak into VUM upgrade and you should watch out for that.
After we update the Tools, we should use the VM view at the cluster level to see what VMs need compatibility updates. There is likely a mix of 6.5 and 6.7 but also some appliances or Linux you may have may be older. I will right click on the ones I think need to be updated and schedule an update (Compatibility and Schedule). VUM can be used to do this as well using the VM Hardware option.
Don’t forget your templates, VMware Tools and VM hardware should be upgraded in them next time you work on your templates. I do that roughly monthly to update patches in the OS, and updates of tools in the templates.
There may be VMFS upgrades – not in my lab as I am NFS but if there is you should upgrade. But check out the docs as sometimes the method will vary. There doesn’t seem to be a dVS upgrade in this update which sort of makes sense.
- VMware – whats new in U2 – https://blogs.vmware.com/vsphere/2019/04/vcenter-server-6-7-update-2-whats-new.html
- VMware – VMware tools in U2 – https://blogs.vmware.com/vsphere/2019/04/vsphere-6-7-u2-vmware-tools-compatibility.html
- VMware – VUM in U2 – https://blogs.vmware.com/vsphere/2019/04/vmware-vsphere-update-manager-enhancements-in-vsphere-6-7-update-2.html
- virtuallyGhetto – Enhanced events and logging in U2 – https://www.virtuallyghetto.com/2019/04/enhanced-vcenter-server-audit-event-logging-in-vsphere-6-7-update-2.html
- 4/19/19 – I heard from a reader that he likes to leave the VMFS, dVS, VMware Tools, and VM hardware upgrades a week or two. This allows him to easily roll back to the previous version. If you did all of that at the same time as the upgrade it would be very difficult to roll back.
- 4/18/19 – updated another vCenter and hosts. I had to clear cache on it to be able to log in. After that I was able to log in on both servers. On the first vCenter I upgraded, after an hour or so I got a health message about Concurrent – Context attach vector. My lab is too small for me to fix that and still be able to do what I need to do. More info on this security issue can be found here. Everything was similar to the first update.
- 4/18/19 – first published.
So we now have a vCenter and hosts running a new version of their OS, and have even upgraded VMware Tools as well. So pretty nice. Let me know if you have questions or comments. With my second vCenter and hosts updated, that means I have gone through this all twice. Clear cache was a consistent issue.
=== END ===