Skip to content

Instantly share code, notes, and snippets.

@KimTholstorf

KimTholstorf/_vcenter_software_update_cli.md

Last active February 15, 2022 07:58
Show Gist options
  • Save KimTholstorf/2d4ee32a0b325f46ea99b4d44e74ce1d to your computer and use it in GitHub Desktop.
Save KimTholstorf/2d4ee32a0b325f46ea99b4d44e74ce1d to your computer and use it in GitHub Desktop.
Download ZIP
Patch vCenter from commandline
Raw
_vcenter_software_update_cli.md

Update vCenter Server Appliance via ssh and commandline

via ssh to VCSA

software-packages stage --url –acceptEulas
software-packages validate
software-packages list –staged
software-packages install –staged

image

ERROR: Test RPM Transaction Failed. Collect Logs for Diagnostics

image

If it fails with "Test RPM Transaction Failed. Collect Logs for Diagnostics" then most likely the /storage/log directory is full

Check if log partition is full with df -h

In not full then:

rm /etc/applmgmt/appliance/software_update_state.conf
reboot

and install update

If full then delete logs:

cd /storage/log/vmware/sso/tomcat/
rm catalina*log
rm localhost_access*

cd /storage/log/vmware/eam/web/
rm catalina*log
rm localhost_access*

cd /storage/log/vmware/lookupsvc/tomcat/
rm catalina*log
rm localhost_access*

cd /var/log/vmware/vmware-sps
rm sps-access*log

Finally install update

ERROR: Downloading RPM vsphere-ui-7.0.3.00300-9405520.noarch.rpm

image

Via ssh test if it is the certificate issue from VMware KB87274 by running:

openssl dgst -verify /var/vmware/applmgmt/fileintegrity/pub.key -signature /var/vmware/applmgmt/fileintegrity/fileintegrity_config.sig /etc/vmware/appliance/fileintegrity_config.json

If Verification Failure is returned then the KB87274 workaround is needed.

Workaround

  1. Upload python generate_signature.py script to the VCSA " root directory" using SCP

    Cant login with graphical SCP client? Run chsh -s /bin/bash root on the VCSA.

  2. Run python generate_signature.py (attached this gist at bottom)

    Should return True

  3. Run openssl dgst -verify /var/vmware/applmgmt/fileintegrity/pub.key -signature /var/vmware/applmgmt/fileintegrity/fileintegrity_config.sig /etc/vmware/appliance/fileintegrity_config.json

    This should return a Verified OK response.

  4. Run the following commands:

shell
service-control --stop applmgmt
rm -rf /storage/core/software-update/*
rm -rf /storage/db/patching.db
mv /storage/core/software-packages/staged-configuration.json /storage/core
mv /etc/applmgmt/appliance/software_update_state.conf /storage/core
service-control --start applmgmt
  1. Retry the update.

ERROR: VSAN health service is not running

This will prevent VAMI backup from running (soft prerequisite before updating via VAMI UI) https://kb.vmware.com/s/article/74833

cd /etc/vmware/vmware-vmon/svcCfgfiles/
cp .state_vsan-health.json ../.state_vsan-health.json
rm /etc/vmware/vmware-vmon/svcCfgfiles/.state_vsan-health.json
cd /usr/lib/vmware-vmon
vmon-cli -U vsan-health -R root
service-control --start vmware-vsan-health
Raw
generate_signature.py
import sys, os
sys.path.append('/usr/lib/vmware/site-packages')
from cis.integrity_checker import IntegrityChecker
try:
os.remove('/var/vmware/applmgmt/fileintegrity/fileintegrity_config.sig')
except:
pass
integrity_check = IntegrityChecker()
print(integrity_check.signature("/etc/vmware/appliance/fileintegrity_config.json", "/var/vmware/applmgmt/fileintegrity/fileintegrity_config.sig"))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment