via ssh to VCSA
software-packages stage --url –acceptEulas
software-packages validate
software-packages list –staged
software-packages install –staged
If it fails with "Test RPM Transaction Failed. Collect Logs for Diagnostics" then most likely the /storage/log directory is full
Check if log partition is full with df -h
In not full then:
rm /etc/applmgmt/appliance/software_update_state.conf
reboot
and install update
If full then delete logs:
cd /storage/log/vmware/sso/tomcat/
rm catalina*log
rm localhost_access*
cd /storage/log/vmware/eam/web/
rm catalina*log
rm localhost_access*
cd /storage/log/vmware/lookupsvc/tomcat/
rm catalina*log
rm localhost_access*
cd /var/log/vmware/vmware-sps
rm sps-access*log
Finally install update
Via ssh test if it is the certificate issue from VMware KB87274 by running:
openssl dgst -verify /var/vmware/applmgmt/fileintegrity/pub.key -signature /var/vmware/applmgmt/fileintegrity/fileintegrity_config.sig /etc/vmware/appliance/fileintegrity_config.json
If Verification Failure
is returned then the KB87274 workaround is needed.
-
Upload python generate_signature.py script to the VCSA " root directory" using SCP
Cant login with graphical SCP client? Run
chsh -s /bin/bash root
on the VCSA. -
Run
python generate_signature.py
(attached this gist at bottom)Should return
True
-
Run
openssl dgst -verify /var/vmware/applmgmt/fileintegrity/pub.key -signature /var/vmware/applmgmt/fileintegrity/fileintegrity_config.sig /etc/vmware/appliance/fileintegrity_config.json
This should return a
Verified OK
response. -
Run the following commands:
shell
service-control --stop applmgmt
rm -rf /storage/core/software-update/*
rm -rf /storage/db/patching.db
mv /storage/core/software-packages/staged-configuration.json /storage/core
mv /etc/applmgmt/appliance/software_update_state.conf /storage/core
service-control --start applmgmt
- Retry the update.
This will prevent VAMI backup from running (soft prerequisite before updating via VAMI UI) https://kb.vmware.com/s/article/74833
cd /etc/vmware/vmware-vmon/svcCfgfiles/
cp .state_vsan-health.json ../.state_vsan-health.json
rm /etc/vmware/vmware-vmon/svcCfgfiles/.state_vsan-health.json
cd /usr/lib/vmware-vmon
vmon-cli -U vsan-health -R root
service-control --start vmware-vsan-health