Apply an Async Patch to VMware Cloud Foundation in Online Mode
If your
SDDC Manager appliance
has a connection to the internet (either directly or through a proxy server), you can run the Async Patch
Tool
from the SDDC Manager appliance
to download and enable an async patch. Once the patch is successfully enabled, you can use the SDDC Manager
UI
to apply the patch to all workload domains.- Refer to KB 88287 to ensure that the async patch is supported with your version ofVMware Cloud Foundation. Contact VMware Support if you have questions about the available async patches and which versions ofVMware Cloud Foundationsupport them.
- You must have the latest version of theAsync Patch Tool.If an existing or older version of the Async Patch Tool exists in the directory, you will need to remove these files before downloading the latest version of theAsync Patch Tool.rm -r /home/vcf/asyncPatchToolrm -r <outputdirectory>The default directory is/home/vcf/apToolBundlesifoutputDirectorywas not specified when theAsync Patch Toolwas previously run.
- Configure TCP keepalive in your SSH client to prevent socket connection timeouts when using theAsync Patch Toolfor long-running operations.
- TheAsync Patch Toolis supported withVMware Cloud Foundation4.2.1 and later. This release also supports ESXi and VxRail Manager patching of VMware Cloud Foundation on VxRail.
- Download the most recent version of theAsync Patch Toolto a computer that has access to theSDDC Manager appliance.
- Log in to the Broadcom Support Portal and browse to .
- Click your current version ofVMware Cloud Foundation.
- ClickDrivers & Tools.
- Click the download icon for theAsync Patch Tool.
- Copy theAsync Patch Toolto theSDDC Manager applianceand configure it for use.
- SSH in to the SDDC Manager appliance using thevcfuser account.
- Create theasyncPatchTooldirectory.mkdir /home/vcf/asyncPatchTool
- Copy theAsync Patch Toolfile (vcf-async-patch-tool-) that you downloaded in step 1 to the<version>.tar.gz/home/vcf/asyncPatchTooldirectory.
- Navigate to/home/vcf/asyncPatchTooland extract the contents ofvcf-async-patch-tool-.<version>.tar.gztar -xvf vcf-async-patch-tool-<version>.tar.gz
- Set the permissions for theasyncPatchTooldirectory.cd /home/vcf/chmod -R 755 asyncPatchToolchown -R vcf:vcf asyncPatchTool
- Update the properties of the Async Patch Tool to support authenticated access to the VMware Depot.See KB 390122.
- List the available async patches.
- Navigate to/home/vcf/asyncPatchTool/bin.
- Run the following command:
Replace./vcf-async-patch-tool --listAsyncPatch --dubroadcom_support_emailcustomer_connect_emailwith your Broadcom Support portal email address.Optionally, you can use the--skuand--productTypeoptions to filter the list of patches. See VCF Async Patch Tool Options for details.--outputDirectoryis optional and can be used to specify a location for the download. Select a directory that has enough free space for the bundle. If you do not specify a location, the Async Patch Tool displays the default location in its output. For example:/root/apToolBundles.If you connect to the internet through a proxy server, use the--proxyServer, --psoption to specify the FQDN and port of the proxy server. For example,--proxyServer.FQDN:port - EnterYto confirm that you are running the latest version of theAsync Patch Tool.
- EnterYorNto choose whether or not to participate in the Customer Experience Improvement Program (CEIP).
- Enter your Broadcom Support portal password.
TheAsync Patch Toollists all available async patches. - (VxRail async patch only) Copy the VxRail async patch-specific partner bundle metadata file using KB 91830.
- Download the input spec for the async patch you want to apply.See KB 344935.
- Enable an async patch using the input spec.
- Run the following command:VMware Cloud Foundation:./vcf-async-patch-tool -i/path/to/inputspec--dubroadcom_support_email--sddcSSOUserSSOuser--sddcSSHUser vcf --it ONLINEVMware Cloud Foundation on Dell EMC VxRail:./vcf-async-patch-tool -i/path/to/inputspec--dubroadcom_support_email--pdudell_emc_depot_email--sddcSSOUserSSOuser--sddcSSHUser vcf --it ONLINE
- Replace/path/to/inputspecwith the path to the input spec you downloaded.
- Replacebroadcom_support_emailwith your Broadcom Support portal email address.
- Replacedell_emc_depot_emailwith your Dell EMC depot email address. (VxRail only)
- ReplaceSSOuserwith the management domain SSO user account, for example,administrator@vsphere.local.
If you connect to the internet through a proxy server, use the--proxyServer, --psoption to specify the FQDN and port of the proxy server. For example,--proxyServer.FQDN:port - EnterYto confirm that you are running the latest version of theAsync Patch Tool.
- Read the information and enterYto acknowledge the pre-requisites.
- EnterYorNto choose whether or not to participate in the VMware Customer Experience Improvement Program (CEIP).
- Enter the password for the super user (vcf) account.
- Enter the password for the root user account.
- Enter the password for the management domain SSO user account.
- Enter your Broadcom Support portal password.
- If the product type isVX_MANAGER, enter your Dell EMC Depot user name and password. (VxRail only)
TheAsync Patch Tooldownloads the patch and uploads it to the internal LCM repository on theSDDC Manager appliance. - Log in to theSDDC Manager UIand apply the async patch to all workload domains.
- For clusters in workload domains with vSphere Lifecycle Manager baselines, you can upgrade ESXi to the async patch version with a custom ISO from your vendor. See "Upgrade ESXi with Custom ISOs" inVMware Cloud Foundation Lifecycle Management.
- For clusters in workload domains with vSphere Lifecycle Manager images, you can upgrade ESXi to the async patch version by following the procedure "Upgrade ESXi with vSphere Lifecycle Manager Images for VMware Cloud Foundation" inVMware Cloud Foundation Lifecycle Management.
- After the async patch is successfully applied, use theAsync Patch Toolto deactivate the patch.
- SSH in to the SDDC Manager appliance using thevcfuser account.
- Navigate to/home/vcf/asyncPatchTool/bin.
- Run the following command:
Replace./vcf-async-patch-tool --disableAllPatches --sddcSSOUserSSOuser--sddcSSHUser vcfSSOuserwith the management domain SSO user account, for example,administrator@vsphere.local. - EnterYto confirm that you are running the latest version of theAsync Patch Tool.
- EnterYorNto choose whether or not to participate in the Customer Experience Improvement Program (CEIP).
- Enter the password for the super user (vcf) account.
- Enter the password for the root user account.
- Enter the password for the management domain SSO user account.
- (VxRail only) If you applied an async patch toVMware Cloud Foundationon Dell VxRail, reconnectSDDC Managerto the VMware Depot using theSDDC Manager UIorVMware Cloud FoundationAPI.
Starting with
VMware
Cloud Foundation
5.2, if you applied a vCenter
Server
or NSX
Manager
async patch to the management domain, any new workload domains that you deploy will include the patched version of vCenter
Server
and/or NSX
Manager
.
For versions of
VMware
Cloud Foundation
earlier than 5.2, new workload domains will not include async patch versions of vCenter
Server
or NSX
Manager
. Use this procedure to apply the async patch(es) to the new workload domain.After you update the hosts in a workload domain to an async patch version of ESXi, any new hosts that you add to the workload domain must use the async patch version of ESXi and not the version listed in the
VMware
Cloud Foundation
BOM.