If your SDDC Manager appliance does not have a connection to the internet, you can run the Async Patch Tool from a computer that does. Download an async patch, copy the patch and the Async Patch Tool to the SDDC Manager appliance, and enable the patch. You can then use the SDDC Manager UI to apply the patch to all workload domains.

Prerequisites

  • A Windows or Linux computer with internet connectivity (either directly or through a proxy server) for downloading the bundles.
  • The computer must have Java 8.
  • A Windows or Linux computer with access to the SDDC Manager appliance for uploading the bundles.
  • Refer to KB 88287 to ensure that the async patch is supported with your version of VMware Cloud Foundation. Contact VMware Support if you have questions about the available async patches and which versions of VMware Cloud Foundation support them.
  • You must have the latest version of the Async Patch Tool.
    Note: If an existing or older version of the Async Patch Tool exists in the directory, you will need to remove these files from both the Linux or Windows computer and the SDDC manager before downloading the latest version of the Async Patch Tool.

    rm -r <AP Tool directory>

    rm -r <outputdirectory>

    The default directory is /home/vcf/apToolBundles if outputDirectory was not specified when the Async Patch Tool was previously run.

  • Configure TCP keepalive in your SSH client to prevent socket connection timeouts when using the Async Patch Tool for long-running operations.
  • The Async Patch Tool is supported with VMware Cloud Foundation 4.2.1 and later.

Procedure

  1. Download the Async Patch Tool to a computer that has access to the internet.
    1. Log in to VMware Customer Connect and browse to the Download VMware Cloud Foundation page.
    2. In the Select Version field, select your current version of VMware Cloud Foundation.
    3. Click Drivers & Tools.
    4. Expand VMware Cloud Foundation Tools and click Go To Downloads in the Async Patch Tool row.
    5. Click Download Now.
  2. Extract vcf-async-patch-tool.tar.gz.
  3. Navigate to vcf-async-patch-tool/bin and confirm that you have execute permissions.
  4. List the available async patches.
    1. Run the following command:
      Linux:
      ./vcf-async-patch-tool --listAsyncPatch --du customer_connect_email
      Windows:
      vcf-async-patch-tool.bat --listAsyncPatch --du customer_connect_email
      Replace customer_connect_email with your VMware Customer Connect email address.
      Optionally, you can use the --sku and --productType options to filter the list of patches. See VCF Async Patch Tool Options for details.
      Note: If you connect to the internet through a proxy server, use the --proxyServer, --ps option to specify the FQDN and port of the proxy server. For example, --proxyServer FQDN:port.
    2. Enter Y to confirm that you are running the latest version of the Async Patch Tool.
    3. Enter your VMware Customer Connect (Depot) password.
    The Async Patch Tool lists all available async patches.
  5. Download an async patch.
    1. Run the following command:
      Linux:
      ./vcf-async-patch-tool -d --patch product:version --du customer_connect_email --sku sku_type
      Windows:
      /vcf-async-patch-tool.bat -d --patch product:version --du customer_connect_email --sku sku_type
      • Replace product:version with the product and version of a patch retrieved in step 4. For example: VCENTER:7.0.3.00300-19234570.
      • Replace customer_connect_email with your VMware Customer Connect email address.
      • Replace sku_type with VCF or VCF_ON_VXRAIL.
      • --outputDirectory is optional and can be used to specify a location for the download. Select a directory that has enough free space for the bundle. If you do not specify a location, the Async Patch Tool displays the default location in its output. For example: /root/apToolBundles.
      Note: If you connect to the internet through a proxy server, use the --proxyServer, --ps option to specify the FQDN and port of the proxy server. For example, --proxyServer FQDN:port.
    2. Enter Y to confirm that you are running the latest version of the Async Patch Tool.
    3. Enter your VMware Customer Connect (Depot) password.
    The Async Patch Tool downloads the patch and required artifacts (for example, the LCM manifest).
  6. Copy the patch and set permissions.
    1. Copy the entire output directory (for example, apToolBundles) to the SDDC Manager appliance.
      You can select any location that has enough free space available, for example, /nfs/vmware/vcf/nfs-mount/.
    2. SSH in to the SDDC Manager appliance using the vcf user account.
    3. Navigate to /nfs/vmware/vcf/nfs-mount/.
      If you copied the output directory to a different location, navigate to that directory instead.
    4. Run the following commands:
      chmod -R 755 apToolBundles
      chown -R vcf:vcf apToolBundles
  7. Copy the Async Patch Tool to the SDDC Manager appliance and configure it for use.
    1. SSH in to the SDDC Manager appliance using the vcf user account.
    2. Create the asyncPatchTool directory.
      mkdir /home/vcf/asyncPatchTool
    3. Copy the Async Patch Tool directory from the computer with internet access to the /home/vcf/asyncPatchTool directory on the SDDC Manager appliance.
    4. Set the permissions for the asyncPatchTool directory.
      cd /home/vcf/
      chmod -R 755 asyncPatchTool
      chown -R vcf:vcf asyncPatchTool
  8. Enable an async patch.
    1. Navigate to /home/vcf/asyncPatchTool/bin and run the following command:
      ./vcf-async-patch-tool -e --patch product:version --sddcSSOUser SSOuser --sddcSSHUser vcf --outputDirectory bundleDirectory --it OFFLINE
      • Replace product:version with the product and version of a patch retrieved in step 4. For example: VCENTER:7.0.3.00300-19234570.
      • Replace SSOuser with the SSO user account, for example, administrator@vsphere.local.
      • Replace bundleDirectory with the location to which you copied the bundle directory in step 6. For example, /nfs/vmware/vcf/nfs-mount/.
    2. Enter Y to confirm that you are running the latest version of the Async Patch Tool.
    3. Read the information and enter Y to acknowledge the pre-requisites.
    4. Enter the password for the SSH user.
    5. Enter the password for the root user.
    6. Enter the password for the SSO user.
    The Async Patch Tool uploads the patch to the internal LCM repository on the SDDC Manager appliance.
  9. Log in to the SDDC Manager UI and apply the async patch to all workload domains.
  10. After the async patch is successfully applied, use the Async Patch Tool to disable the patch.
    1. SSH in to the SDDC Manager appliance using the vcf user account.
    2. Navigate to /home/vcf/asyncPatchTool/bin.
    3. Run the following command:
      ./vcf-async-patch-tool --disableAllPatches --sddcSSOUser SSOuser --sddcSSHUser vcf
      Replace SSOuser with the SSO user account, for example, administrator@vsphere.local.

What to do next

If you deploy a new workload domain after applying an async patch, that workload domain will not include the async patch. Use this procedure to apply the async patch to the new workload domain.