This section provides instructions to upgrade VMware Telco Cloud Service Assurance on production footprint using the following procedure.

Caution: During the upgrade process, you must not access the VMware Telco Cloud Service Assurance UI.
For Self-signed certificates for Harbor, follow the below procedure:
  • Copy the Harbor Certs file in /etc/ssl/certs directory.
  • If you do not have permission to the directory /etc/ssl/certs, then put the Harbor Cert in any other location where you have access, and run the below command:
    trust anchor <path-to-cert>
    • If trust command is not available, then install p11-kit-trust package which contains trust command.
Note:
  1. If you do not want to specify the registry user name and password in the installation script, perform Docker login.
    To log in to Docker, run the following command if podman-docker is installed in the deployment host.
    docker login <harbor-fqdn> --compat-auth-file=/root/.docker/config.json
  2. If podman-docker is installed on the Deployer Host, ignore the following message and warnings while running docker commands.
    Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
  3. To log in to Docker, run the following command if docker is installed in the deployment host.
    docker login <harbor-fqdn>
  4. Ensure that the --registry-password is passed inside single quotation if you are passing this to the installation script.
Execute the upgradeTCSA.sh script.
<harbor-registry-fqdn>  with <acr-container-registry>
<harbor-registry-username> with with <acr-container-username>
<harbor-registry-password> with with <acr-container-password>
Note:
  • After executing this command wait for a few minutes, you will be prompted to provide the keycloak password. Deployment upgrade will continue after providing the password in the console. You must enter the keycloak password in the console even if it is the default password or a custom password. The default password is vmware@1!.
  • The --registry-cert is an optional parameter. If you are using a private certification-based Harbor, you must pass a certificate path value to it.
  • Ensure that the --registry-password is passed inside single quotation if you are passing this to the installation script.
  • The <project-name> specified in the registry URL will be automatically created with the same name in Harbor registry during deployment.
  • You can specify 120 minutes for the timeout value. If there is any latency in the network, you can increase this value.
After the upgradeTCSA.sh script exits, you must execute the postUpgrade.sh script for cleaning the stale entries.
root [ ~ ]# cd $TCSA_WORK_SPACE/tcx-deployer/scripts
root [ ~/upgrade/tcx-deployer/scripts ]# ./postUpgrade.sh <path-of-kubeconfig-file>
After the postUpgrade.sh script exits, manually check the VMware Telco Cloud Service Assurance deployment status by running the following command from the deployment VM.
root [ ~/upgrade/tcx-deployer/scripts ]# kubectl get apps -A
For all the apps, the reconciliation status must be successful.
root [ ~/upgrade/tcx-deployer/scripts ]# kubectl get tcxproduct -A
NAME                        STATUS            READY   MESSAGE                               AGE
tcsa                        updateCompleted   True    All App CRs reconciled successfully   12h
tps-tcx-platform-services   updateCompleted   True    All App CRs reconciled successfully   13h
Note: After successful deployment, you can launch the VMware Telco Cloud Service Assurance UI. For more information, see Accessing UI topic.

After the VMware Telco Cloud Service Assurance upgrade is successful, follow the steps mentioned in the Post Upgrade topic.

After perfoming the steps in the Post Upgrade, you must upgrade all the remote data collector managers. For more information, see Upgrading Remote Collector Manager.
Note:

After perfoming the steps in the Upgrading Remote Collector Manager, you must upgrade the domain managers as mentioned in the Upgrade Domain Manager topic.

Note: If there are any SSL Handshake errors and the discovery fails in the Domain Managers while discovering VMware Aria Operations, VMware Telco Cloud Automation, Cisco ACI, VCD, and VIMS after upgrading the Domain Manager and VMware Telco Cloud Service Assurance Core then to regenerate the Kafka Edge Certificate follow the procedure given in the SSL Handshake Error Post TCSA and Domain Manager Upgrade topic given in the VMware Telco Cloud Service Assurance Troubleshooting Guide.