You can upgrade all cells in the server group together with the shared database by running the VMware Cloud Director installer with the --private-key-path option.

You can use the VMware Cloud Director installer for Linux to upgrade a VMware Cloud Director server group that consists of VMware Cloud Director installations on a supported Linux OS. If your VMware Cloud Director server group consists of VMware Cloud Director 9.5 appliances deployments, you use the VMware Cloud Director installer for Linux to upgrade your existing environment only as part of the migration workflow. See Upgrading and Migrating Your VMware Cloud Director Appliance.

VMware Cloud Director for Linux is distributed as a digitally signed executable file with a name of the form vmware-vcloud-director-distribution-v.v.v-nnnnnn.bin, where v.v.v represents the product version and nnnnnn the build number. For example: vmware-vcloud-director-distribution-10.4.0-19780584.bin. Running this executable installs or upgrades VMware Cloud Director.

When you run the VMware Cloud Director installer with the --private-key-path option, you can add other command options of the upgrade utility, for example, --maintenance-cell. For information about the database upgrade utility options, see Database Upgrade Utility Reference for VMware Cloud Director on Linux.

Prerequisites

  • Important: VMware Cloud Director 10.5.1 and later no longer accepts certificates whose signature algorithms use SHA-1.
    For VMware Cloud Director 10.5.1 and later, verify that none of the certificates in the certificate chain use SHA-1 as their signature algorithm, for example, sha1WithRSAEncryption.

  • Verify that your VMware Cloud Director database, the vSphere components, and the NSX components are compatible with the new version of VMware Cloud Director.

    Important: If your existing VMware Cloud Director installation uses an Oracle database or a Microsoft SQL Server database, verify that you migrated to a PostgreSQL database before the upgrade. For the possible upgrade paths, see Upgrading Your VMware Cloud Director on Linux.

  • Verify that you have superuser credentials for the target server.

  • If you want the installer to verify the digital signature of the installation file, download and install the VMware public key on the target server. If you already verified the digital signature of the installation file, you do not need to verify it again during installation. See Download and Install the VMware Public Key for an Installation of VMware Cloud Director on Linux.

  • Verify that you have a valid license key to use the version of the VMware Cloud Director software to which you are upgrading.
  • Verify that all cells permit SSH connections from the superuser without a password. To perform a verification, you can run the following Linux command: 
    sudo -u vcloud ssh -i private-key-path root@cell-ip
    This example sets your identity to vcloud, then makes an SSH connection to the cell at cell-ip as root but does not supply the root password. If the private key in private-key-path on the local cell is readable by user vcloud.vcloud and the corresponding public key is present in the authorized-keys file for the root user at cell-ip the command succeeds.
    Note:

    The vcloud user, vcloud group, and vcloud.vcloud account are created by the VMware Cloud Director installer for use as an identity with which VMware Cloud Director processes run. The vcloud user has no password.

  • Verify that you all ESXi hosts are activated. Deactivated ESXi hosts are unsupported.
  • Verify that all servers in the server group can access the shared transfer server storage. See Preparing the Transfer Server Storage for Your VMware Cloud Director on Linux.

  • Starting with version 10.3, VMware Cloud Director no longer allows administrator and tenant LDAP servers to bypass SSL certificate validation. Before you upgrade VMware Cloud Director, you must test your connection. If any of the organizations have these invalid configurations, for each one, you must turn off the Accept all certificates setting for the LDAP server and import the certificates in the LDAP settings UI.

    In recent releases, when you update the LDAP settings to turn off the Accept all certificates setting, a trust on first use dialog box automates the import of the certificate for the LDAP server of an organization. However, in earlier releases, it is a two-step process of turning the Accept all certificates setting off, and then, using the UI to upload the certificate of the LDAP server.

  • If your VMware Cloud Director installation uses an LDAPS server, to avoid LDAP login failures after the upgrade, verify that you have a properly constructed certificate for Java 8 Update 181. For information, see the Java 8 Release Changes at https://www.java.com.

Procedure

  1. Log in to the target server as root.
  2. Download the installation file to the target server.
    If you purchased the software on media, copy the installation file to a location that is accessible to the target server.
  3. Verify that the checksum of the download matches the checksum posted on the download page.
    Values for MD5 and SHA1 checksums are posted on the download page. Use the appropriate tool to verify that the checksum of the downloaded installation file matches the checksum shown on the download page. A Linux command of the following form displays the checksum for installation-file. 
    [root@cell1 /tmp]# md5sum installation-file
    The command returns the installation file checksum that must match the MD5 checksum from the download page.
  4. Ensure that the installation file is executable.
    The installation file requires execute permission. To be sure that it has this permission, open a console, shell, or terminal window and run the following Linux command, where installation-file is the full pathname to the VMware Cloud Director installation file. 
    [root@cell1 /tmp]# chmod u+x installation-file
  5. In a console, shell, or terminal window, run the installation file with the --private-key-path option and the pathname to the private key of the target cell.
    You can add other command options of the database upgrade utility. 
    ./installation-file --private-key-path /vcloud/.ssh/id_rsa
    Note: You cannot run the installation file from a directory whose pathname includes any embedded space characters.

    The installer detects an earlier version of VMware Cloud Director and prompts you to confirm the upgrade.

    If the installer detects a version of VMware Cloud Director that is equal to or later than the version in the installation file, it displays an error message and exits.

  6. Enter y and press Enter to confirm the upgrade.

Results

The installer initiates the following multi-cell upgrade workflow.
  1. Verifies that the current cell host meets all requirements.
  2. Unpacks the VMware Cloud Director RPM package.
  3. Upgrades VMware Cloud Director software on the current cell.
  4. Upgrades the VMware Cloud Director database.
  5. Upgrades VMware Cloud Director software on each of the remaining cells, then restarts VMware Cloud Director services on the cell.
  6. Restarts VMware Cloud Director services on the current cell.

What to do next

  1. Start the VMware Cloud Director services on all cells in the server group.

  2. Verify that your AMQP connections are working properly.

  3. For each cell, verify that there are no add-on upgrade errors in vcloud-container-info.log.

  4. Upgrade the NSX-V Manager Instances Registered to VMware Cloud Director
  5. Upgrade vCenter Server Systems, ESXi Hosts, and NSX Edges Registered to Your VMware Cloud Director