The Async Patch Tool is a utility that allows you to apply critical patches outside of the normal VMware Cloud Foundation lifecycle management process. It also provides options for managing async patches and upgrading a VMware Cloud Foundation instance that includes async patches.

Async Patch Tool Help Option

Option Descrption
-h, --help Provides information about the Async Patch Tool options.
Example:
./vcf-async-patch-tool -h

Customer Experience Improvement Program (CEIP) Option

The Async Patch Tool participates in the VMware Customer Experience Improvement Program (CEIP). You can enable or deactivate CEIP for the Async Patch Tool.

The Customer Experience Improvement Program provides VMware with information that enables VMware to improve its products and services, to fix problems, and to advise you on how best to deploy and use our products. As part of the CEIP, VMware collects technical information about your organization’s use of the VMware products and services regularly in association with your organization’s VMware license keys. This information does not personally identify any individual. For additional information regarding the CEIP, refer to the Trust & Assurance Center at http://www.vmware.com/trustvmware/ceip.html.
Option Description
--ceip true/false Enable or deactivate telemetry (CEIP) for the Async Patch Tool.
Note: The --ceip option is deprecated. You will be prompted to specify the CEIP settings when running other options using the Async Patch Tool, for example, -l, --listAsyncPatch or -e, --enableAsyncPatch.
Example:
./vcf-async-patch-tool -ceip false

List Async Patches Option

This option requires an internet connection. Use this option before applying an async patch. See Apply an Async Patch to VMware Cloud Foundation in Online Mode and Apply an Async Patch to VMware Cloud Foundation in Offline Mode.

Option Description
-l, --listAsyncPatch Lists the available async patches. Refer to KB 88287 to see which versions of VMware Cloud Foundation support each async patch.
Required Inputs Optional Inputs
--depotUser, --du

Enter your VMware Customer Connect email address for connecting with the VMware Depot.

  • --sku

    Filters the async patch list by SKU. Enter VCF or VCF_ON_VXRAIL.

  • --productType, --ptype
    Filters the async patch list by product type. Enter ESX_HOST, NSX, or VCENTER.
    Note: Product type ESX_HOST is not available for VMware Cloud Foundation on Dell EMC VxRail.
  • --proxyServer, --ps

    If you connect to the internet through a proxy server, use the --proxyServer, --ps option to specify the FQDN and port of the proxy server. For example, --proxyServer FQDN:port.

Example:
./vcf-async-patch-tool --listAsyncPatch --depotUser user@vmware.com --productType VCENTER

Enable Patch Option

The enable patch option must be run on the SDDC Manager appliance. After you enable an async patch, you can log in to the SDDC Manager UI and apply the patch to all workload domains. See Apply an Async Patch to VMware Cloud Foundation in Online Mode and Apply an Async Patch to VMware Cloud Foundation in Offline Mode.

Option Description
-e, --enableAsyncPatch Enabling a patch performs an inventory sync, bundle download (online mode only), enable patch precheck, and enable patch postcheck. It also uploads the patch to the SDDC Manager appliance internal LCM repository.
Required Inputs Optional Inputs
  • --patch

    Enter the product and version (product:version) of an async patch. For example: VCENTER:7.0.3.00300-19234570.

  • --sddcSSOUser, --ssou

    Enter the management domain SSO user. For example: administrator@vsphere.local.

  • --sddcSSHUser, --sshu

    Enter vcf.

  • --depotUser, --du (online only)

    Enter your VMware Customer Connect email address for connecting with the VMware Depot.

  • --partnerBundleDepotUserName, --pdu (online VxRail only)

    Enter your Dell EMC depot email address.

  • --instanceType, --it

    Enter ONLINE or OFFLINE.

  • --op, --outputDirectory

    Enter the full path to the location to download the pacth (online mode) or the location to which you uploaded the patch (offline mode). For example, /nfs/vmware/vcf/nfs-mount/apToolBundles.

    If you do not specify an output directory the Async Patch Tool uses /root/apToolBundles.

  • --proxyServer, --ps

    If you connect to the internet through a proxy server, use the --proxyServer, --ps option to specify the FQDN and port of the proxy server. For example, --proxyServer FQDN:port.

Example:
./vcf-async-patch-tool -e --patch VCENTER:7.0.3.00300-19234570 --sddcSSOUser administrator@vsphere.local --sddcSSHUser vcf --outputDirectory /nfs/vmware/vcf/nfs-mount/apToolBundles --it ONLINE

Precheck Option

Prechecks are performed as part of the -e, --enableAsyncPatch and -r, --enableVCFUpgrade options. You can also run the precheck option on its own prior to enabling an async patch or enabling a VCF upgrade to make sure the operation will succeed. You must run the precheck option on the SDDC Manager appliance.

Option Description
--pre, --precheck Validates that the system is able to enable an async patch or enable a VCF upgrade.
Required Inputs Optional Inputs
  • -e, --enableAsyncPatch or -r, --enableVCFUpgrade

    For -r, --enableVCFUpgrade you must provide the target version for VCF. For example: 4.4.0.0.

  • --patch (enable patch only)

    Enter the product and version (product:version) of an async patch. For example: VCENTER:7.0.3.00300-19234570.

  • --sddcSSOUser, --ssou

    Enter the management domain SSO user. For example: administrator@vsphere.local.

  • --sddcSSHUser, --sshu

    Enter vcf.

  • --depotUser, --du (online only)

    Enter your VMware Customer Connect email address for connecting with the VMware Depot.

  • --partnerBundleDepotUserName, --pdu (online, VxRail, enable VCF upgrade only)

    Enter your Dell EMC depot email address.

  • --instanceType, --it

    Enter ONLINE or OFFLINE.

  • --op, --outputDirectory (offline only)

    Enter the full path to the location to which you uploaded the patch or bundles. For example, /nfs/vmware/vcf/nfs-mount/apToolBundles.

  • --op, --outputDirectory (online only)

    Enter the full path to the location to download the patch or bundles. For example, /nfs/vmware/vcf/nfs-mount/apToolBundles.

    If you do not specify an output directory the Async Patch Tool uses /root/apToolBundles.

  • --proxyServer, --ps

    If you connect to the internet through a proxy server, use the --proxyServer, --ps option to specify the FQDN and port of the proxy server. For example, --proxyServer FQDN:port.

Online Mode Example:
./vcf-async-patch-tool -e --pre --patch VCENTER:7.0.3.00300-19234570 --sddcSSOUser administrator@vsphere.local --sddcSSHUser vcf --depotUser user@vmware.com --outputDirectory /nfs/vmware/vcf/nfs-mount/apToolBundles --it ONLINE
Offline Mode Example:
./vcf-async-patch-tool --pre --enableVCFUpgrade 4.4.0.0 --sddcSSOUser administrator@vsphere.local --sddcSSHUser vcf --outputDirectory /nfs/vmware/vcf/nfs-mount/apToolBundles --it OFFLINE

Postcheck Option

Postchecks are performed as part of the -e, --enableAsyncPatch option. You can also run the postcheck option on its own after enabling an async patch. You must run the postcheck option on the SDDC Manager appliance.

Option Description
--post, --postcheck Validates that an async patch has been uploaded to the SDDC Manager appliance internal LCM repository and is available for upgrade.
Required Inputs Optional Inputs
  • -e, --enableAsyncPatch
  • --patch

    Enter the product and version (product:version) of an async patch. For example: VCENTER:7.0.3.00300-19234570.

  • --sddcSSOUser, --ssou

    Enter the management domain SSO user. For example: administrator@vsphere.local.

  • --sddcSSHUser, --sshu

    Enter vcf.

  • --op, --outputDirectory

    Enter the full path to the bundle download location that you used when you enabled the patch. For example, /nfs/vmware/vcf/nfs-mount/apToolBundles.

None.
Example:
./vcf-async-patch-tool -e --post --patch VCENTER:7.0.3.00300-19234570 --sddcSSOUser administrator@vsphere.local --sddcSSHUser vcf --outputDirectory /nfs/vmware/vcf/nfs-mount/apToolBundles

Deactivate All Patches Option

You cannot enable async patches or enable VCF Upgrades if your VMware Cloud Foundation instance already has any async patches enabled. All patches are deactivated when you run the Async Patch Tool with -r, --enableVCFUpgrade option. You can also run the --disableAllPatches option on its own. You must run the option on the SDDC Manager appliance.

Option Description
--da, --disableAllPatches Deactivates all async patches on the system that were previously enabled.
Required Inputs Optional Inputs
  • --sddcSSOUser, --ssou

    Enter the management domain SSO user. For example: administrator@vsphere.local.

  • --sddcSSHUser, --sshu

    Enter vcf.

None.
Example:
./vcf-async-patch-tool -disableAllPatches --sddcSSOUser administrator@vsphere.local --sddcSSHUser vcf

Enable VCF Upgrade Option

The enable VCF upgrade option must be run on the SDDC Manager appliance. After you apply an async patch, and one or more of the VMware Cloud Foundation component versions deviates from the BOM, you must use the Async Patch Tool to upgrade from VMware Cloud Foundation. 4.x to VMware Cloud Foundation 4.y.
Note: If you are upgrading to VMware Cloud Foundation 5.0, you do not need to use the Async Patch Tool to enable upgrade. You should still use the Async Patch Tool to deactivate all async patches and run an inventory sync before upgrading to VMware Cloud Foundation 5.0.

The -r, --enableVCFUpgrade option prepares an async patched environment for upgrade and uploads the upgrade bundles to the SDDC Manager appliance internal LCM repository. See Upgrade an Async Patched Version of VMware Cloud Foundation in Online Mode and Upgrade an Async Patched Version of VMware Cloud Foundation in Offline Mode.

Option Description
-r, --enableVCFUpgrade

Requires the target version for VCF. For example: 4.4.0.0.

Enables upgrade to a target version of VMware Cloud Foundation.
Required Inputs Optional Inputs
  • --sddcSSOUser, --ssou

    Enter the management domain SSO user. For example: administrator@vsphere.local.

  • --sddcSSHUser, --sshu

    Enter vcf.

  • --depotUser, --du (online only)

    Enter your VMware Customer Connect email address for connecting with the VMware Depot.

  • --partnerBundleDepotUserName, --pdu (online VxRail only)

    Enter your Dell EMC depot email address.

  • --instanceType, --it

    Enter ONLINE or OFFLINE.

  • --op, --outputDirectory (required for offline only)

    Enter the full path to the location to which you uploaded the patch or bundles. For example, /nfs/vmware/vcf/nfs-mount/apToolBundles.

  • --op, --outputDirectory (optional for online)

    Enter the full path to the location to download the patch or bundles. For example, /nfs/vmware/vcf/nfs-mount/apToolBundles.

    If you do not specify an output directory the Async Patch Tool uses /root/apToolBundles.

  • --proxyServer, --ps

    If you connect to the internet through a proxy server, use the --proxyServer, --ps option to specify the FQDN and port of the proxy server. For example, --proxyServer FQDN:port.

Online Mode Example:
./vcf-async-patch-tool --enableVCFUpgrade 4.4.0.0 --depotUser user@vmware.com --sddcSSOUser administrator@vsphere.local --sddcSSHUser vcf --it ONLINE
Offline Mode Example:
./vcf-async-patch-tool --enableVCFUpgrade 4.4.0.0 --sddcSSOUser administrator@vsphere.local --sddcSSHUser vcf --outputDirectory /nfs/vmware/vcf/nfs-mount/apToolBundles --it OFFLINE

Inventory Sync Option

Inventory sync is performed as part of the -e, --enableAsyncPatch and -r, --enableVCFUpgrade options. You can also run the inventory sync option on its own. You must run the inventory sync option on the SDDC Manager appliance.

This option updates the SDDC Manager inventory with the accurate information about the versions of vCenter Server, NSX, and VMware ESXi that are running in your VMware Cloud Foundation instance. The SDDC Manager inventory can get out of sync if you upgrade any of these components outside of VMware Cloud Foundation.

Option Description
--performInventorySync, --sync Updates the SDDC Manager inventory and saves a CSV file with information about each VMware Cloud Foundation component.
Sample output file (in /home/vcf/asyncPatchTool/bin):
Sample CSV file from the inventory sync operation
Note: In this example, no versions were updated as part of the inventory sysc.
Required Inputs Optional Inputs
  • --sddcSSOUser, --ssou

    Enter the management domain SSO user. For example: administrator@vsphere.local.

  • --sddcSSHUser, --sshu

    Enter vcf.

None.
Example:
./vcf-async-patch-tool --sync --sddcSSOUser administrator@vsphere.local --sddcSSHUser vcf