If your SDDC Manager appliance has a connection to the internet (either directly or through a proxy server), you can run the Async Patch Tool from the SDDC Manager appliance to download and enable an async patch. Once the patch is successfully enabled, you can use the SDDC Manager UI to apply the patch to all workload domains.

Prerequisites

  • Refer to KB 88287 to ensure that the async patch is supported with your version of VMware Cloud Foundation. Contact VMware Support if you have questions about the available async patches and which versions of VMware Cloud Foundation support them.
  • You must have the latest version of the Async Patch Tool.
    Note: If an existing or older version of the Async Patch Tool exists in the directory, you will need to remove these files before downloading the latest version of the Async Patch Tool.

    rm -r /home/vcf/asyncPatchTool

    rm -r <outputdirectory>

    The default directory is /home/vcf/apToolBundles if outputDirectory was not specified when the Async Patch Tool was previously run.

  • Configure TCP keepalive in your SSH client to prevent socket connection timeouts when using the Async Patch Tool for long-running operations.
  • The Async Patch Tool is supported with VMware Cloud Foundation 4.2.1 and later.

Procedure

  1. Download the Async Patch Tool to a computer that has access to the SDDC Manager appliance.
    1. Log in to VMware Customer Connect and browse to the Download VMware Cloud Foundation page.
    2. In the Select Version field, select your current version of VMware Cloud Foundation.
    3. Click Drivers & Tools.
    4. Expand VMware Cloud Foundation Tools and click Go To Downloads in the Async Patch Tool row.
    5. Click Download Now.
  2. Copy the Async Patch Tool to the SDDC Manager appliance and configure it for use.
    1. SSH in to the SDDC Manager appliance using the vcf user account.
    2. Create the asyncPatchTool directory.
      mkdir /home/vcf/asyncPatchTool
    3. Copy the Async Patch Tool file (vcf-async-patch-tool.tar.gz) that you downloaded in step 1 to the /home/vcf/asyncPatchTool directory.
    4. Navigate to /home/vcf/asyncPatchTool and extract the contents of vcf-async-patch-tool.tar.gz.
      tar -xvf vcf-async-patch-tool.tar.gz
    5. Set the permissions for the asyncPatchTool directory.
      cd /home/vcf/
      chmod -R 755 asyncPatchTool
      chown -R vcf:vcf asyncPatchTool
  3. List the available async patches.
    1. Navigate to /home/vcf/asyncPatchTool/bin.
    2. Run the following command:
      ./vcf-async-patch-tool --listAsyncPatch --du customer_connect_email
      Replace customer_connect_email with your VMware Customer Connect email address.
      Optionally, you can use the --sku and --productType options to filter the list of patches. See VCF Async Patch Tool Options for details.
      Note: If you connect to the internet through a proxy server, use the --proxyServer, --ps option to specify the FQDN and port of the proxy server. For example, --proxyServer FQDN:port.
    3. Enter Y to confirm that you are running the latest version of the Async Patch Tool.
    4. Enter your VMware Customer Connect (Depot) password.
    The Async Patch Tool lists all available async patches.
  4. Enable an async patch.
    1. Run the following command:
      ./vcf-async-patch-tool -e --patch product:version --du customer_connect_email --sddcSSOUser SSOuser --sddcSSHUser vcf --it ONLINE
      • Replace product:version with the product and version of a patch retrieved in step 3. For example: VCENTER:7.0.3.00300-19234570.
      • Replace customer_connect_email with your VMware Customer Connect email address.
      • Replace SSOuser with the SSO user account, for example, administrator@vsphere.local.
      Note: If you connect to the internet through a proxy server, use the --proxyServer, --ps option to specify the FQDN and port of the proxy server. For example, --proxyServer FQDN:port.
    2. Enter Y to confirm that you are running the latest version of the Async Patch Tool.
    3. Read the information and enter Y to acknowledge the pre-requisites.
    4. Enter the password for the SSH user.
    5. Enter the password for the root user.
    6. Enter the password for the SSO user.
    7. Enter your VMware Customer Connect (Depot) password.
    The Async Patch Tool downloads the patch and uploads it to the internal LCM repository on the SDDC Manager appliance.
  5. Log in to the SDDC Manager UI and apply the async patch to all workload domains.
  6. After the async patch is successfully applied, use the Async Patch Tool to disable the patch.
    1. SSH in to the SDDC Manager appliance using the vcf user account.
    2. Navigate to /home/vcf/asyncPatchTool/bin.
    3. Run the following command:
      ./vcf-async-patch-tool --disableAllPatches --sddcSSOUser SSOuser --sddcSSHUser vcf
      Replace SSOuser with the SSO user account, for example, administrator@vsphere.local.

What to do next

If you deploy a new workload domain after you have applied an async patch, that workload domain will not include the async patch. Use this procedure to apply the async patch to the new workload domain.