Important Update - On Mar 20 2018, VMware VMSA-2018-0004.3 announced that CVE-2017-5715 (Spectre-2) mitigation is now included in the latest patch that you should be using instead of the older patch featured in the original article below. You'll find the newer article here:
- How to easily update your VMware vCenter Server Appliance from 6.5.x to 6.5 Update 1g (VCSA 6.5 U1g) with Spectre mitigation
Article below as it originally appeared.
If you're using VCSA 6.0, Update 1 introduced the new Appliance Management Interface. Think re-incarnated Virtual Appliance Management Interface (VAMI), from those 5.5 days of yore, that Web UI you get when you access your VCSA via port 5480. Yep, it has an Update button. That upgrade method didn't work for me though, when I tried it last time around, trying to get to 6.0U1b. It says it downloaded the code, but didn't actually apply it. I didn't dwell on it though. I just nuked VCSA and redeployed it.
Why did I give up on VAMI so easily? Back in January, I was really just wanting to find and test a repeatable procedure that'd work for everybody, whether upgrading from VCSA 6.0 or VCSA 6.0U1. A simple method was found, published by David Stamen:
- Upgrading VCSA from 6.0 U1a to 6.0U1b using CLI
Jan 12 2016 at davidstamen.com
[Mar 17 2016 Update - Upgrade via VAMI issue has been resolved in this 6.0 U2 release, detailed below, so feel free to use whichever upgrade method you prefer. VAMI still seems to be a longer process to follow.]
Important Note - update your VCSA before your ESXi!
You are supposed to update your vCenter Server Appliance (VCSA) before you update your ESXi hosts, as VMware explains here, and William Lam here. By the way, I type it as VCSA instead of VCSA, just because that's how it's capitalized in the VMware vCenter Server 6.0 Update 2 Release Notes.
David's steps have been tested, and work great in my home lab. I've added some important details, as also seen in the video below. These instructions are geared toward home lab (non-production) environments. Perform these steps at your own risk, and backup first.
Download and apply the VCSA 6.0 Update 2 patch directly from the VMware Online Depot, all in one simple command!
- Create a snapshot of your current VCSA VM, just in case the upgrade doesn't work out. This may allow you quick and easy rollback. Even better, a full backup.
- Open an SSH session (PuTTY) to your VCSA 6.0 (or VCSA 6.0 Update 1) server, but don't type the usual shell.set command.
- Paste the following command in the ssh session, at the
Command >line seen right after you login (see also screenshot below):
software-packages install --url --acceptEulas
Now you just wait for the download and the patching, to happen automatically. No need to watch, takes longer that way.
- After at least 6 minutes (depends partly on download and hard drive speeds), you should see success reported on the last line:
login as: root VMware vCenter Server Appliance 126.96.36.19900 Type: vCenter Server with an embedded Platform Services Controller firstname.lastname@example.org's password: Last failed login: Wed Mar 16 07:30:20 UTC 2016 from 10.10.1.102 on ssh:notty There was 1 failed login attempt since the last successful login. Last login: Wed Mar 16 07:30:50 2016 from 10.10.1.102 Connected to service * List APIs: "help api list" * List Plugins: "help pi list" * Enable BASH access: "shell.set --enabled True" * Launch BASH: "shell" Command> software-packages install --url --acceptEulas [2016-03-16T07:31:02.076] : Validating software update payload [2016-03-16T07:31:02.076] : Validation successful [2016-03-16T07:31:02.076] : Running pre-stage.py [2016-03-16T07:31:02.076] : Verifying staging area [2016-03-16T07:31:02.076] : Third party packages found. [2016-03-16T07:31:02.076] : Staged 167 packages. [2016-03-16 07:31:02,877] : Copying software packages 167/167 [2016-03-16 07:34:53,887] : Running test transaction .... [2016-03-16 07:34:57,109] : Running pre-install script..... [2016-03-16T07:36:21.076] : Services stopped. [2016-03-16 07:36:21,820] : Upgrading software packages .... [2016-03-16 07:40:04,007] : Running post-install script..... [2016-03-16T07:40:05.076] : **Packages upgraded successfully**, Reboot is required e the installation. Command> Broadcast message from root (Wed Mar 16 07:49:56 2016): The system is going down for reboot NOW!
- You need to restart VCSA by right-clicking in vSphere Client and selecting Power, Restart Guest. OR, optionially, restart your ESXi server using vSphere Web Client or vSphere Client, by right-clicking on the host and selecting restart, this will restart VCSA as well, if you have your shutdown/startup settings configured correctly. I prefer to know they'll be no surprises after a complete system reboot. This reboot takes quite a while, usually over 10 minutes before you can log back in, so a good time to...
- Download and install VMware vSphere Client 6.0 Update 2. You'll want to grab the client code and install it now, while waiting for that long reboot. If you have a prior 6.x version on your Windows system that's doing administration, this will automatically upgrade it. Download client build 3562874:
- Once everything is booted back up and VCSA has had a good long while to start all its services (even with an SSD, that can be 10 minutes), it's a good idea to also test login using the vSphere Client and the vSphere Web Client, and be sure everything seems to be working right in that shiny new VCSA.
- If you created a snapshot back in step one, if you're comfortable that everything is working in 188.8.131.5200 (which is seen as Build 3634788 in the vSphere Client and vSphere Web Client), you may want to go ahead and delete snapshot(s).
That's it! You'll see for yourself that you now have the latest VCSA 184.108.40.20600, as pictured above. Now you have more spare time to read more TinkerTry articles, such as the one you'll really want to read next:
Clarification. About VAMI upgrades of VCSA sometimes getting stuck at 70%, the issue has been resolved
(once you get to U2), according to VMware's William Lam:
so I would expect future articles about upgrading VCSA to put more emphasis on the friendly VAMI method than the CLI method.
My article was published just a few hours after VCSA was released. I've now received further clarification that stuck VAMI issues have been fixed for everybody, regardless of what VCSA version you're on. So as William said yesterday, folks really do have a choice between VAMI and CLI, and both methods are now quite easy.
With VAMI, you basically visit this URL and login, substituting your actual VCSA appliance name or IP address for yourvcsanameorip:
and you get nice status updates along the way.
Love how easy it is to update the VCSA. Point, click, reboot. pic.twitter.com/O1HE3BFZW1— g_mulholland (@g_mulholland) March 16, 2016
Digging into the Release Notes, it's all right there:
In the vCenter Server Appliance Management Interface, the vCenter Server Appliance update status might be stuck at 70 percent
In the vCenter Server Appliance Management Interface, the vCenter Server Appliance update status might be stuck at 70 percent, although the update is successful in the back end. You can check the update status in the /var/log/vmware/applmgmt/software-packages.log file. After a successful update, a message similar to the following is seen in the log file:
Packages upgraded successfully, Reboot is required to complete the installation
This issue is resolved in this release.
So lesson learned, I've downed the humble pie, and updated the article above, notating the VAMI fix.
Note that it's expected that KB 2144485 will be updated soon as well:
- Upgrade the vCenter Server or Platform Services Controller Appliance 6.0 via the VAMI hangs at 70% (2144485)
See also this great new post by Andreas Peetz:
- An important heads-up for users of the Embedded Host Client!
With the release of ESXi 6.0 Update 2 it is now an officially supported package that is included in ESXi out-of-the-box. In its Release Notes it is stated though that the EHC package will be further developed independently from ESXi releases, so we will see out-of-band updates to it in the future - just like with VMware Tools.
Second great news is that the EHC now fully supports ESXi when using the free Hypervisor license.
Andreas goes on to explain that you may have issues if you already had the EHC (Embedded Host Client) installed prior to upgrading, I encourage you to read his entire article for details.
- Problems downloading VMware vSphere VMware vCenter Server 5.5 Update 1c Appliance
Aug 04 2014
More info for those who get the dreaded:
You either are not entitled or do not have permissions to download this product.
Check with your My VMware Super User, Procurement Contact or Administrator.
Upgrading ESXi itself is now possible with the new Embedded Host Client v4
Dec 12 2015 by William Lam at virtuallyGhetto
Updating vSphere 6 vCenter Server Appliance
Jan 12 2016 by Aaron Margeson at Cloudy Future
Upgrade vCenter Server Appliance (VCSA) and ESXi
2016 by Trond Eirik Haavarstein at xenappblog
- Upgrading vCenter Server Appliance to 6.0 update 1
Sep 22 2015 by Anthony Poh at The Virtual Unknown