This section provides instructions to upgrade VMware Telco Cloud Service Assurance on production footprint using the following procedure.
Caution: During the upgrade process, you must not access the
VMware Telco Cloud Service Assurance UI.
For Self-signed certificates for Harbor, follow the below procedure:
- Copy the Harbor Certs file in
/etc/ssl/certs
directory. - If you do not have permission to the directory
/etc/ssl/certs
, then put the Harbor Cert in any other location where you have access, and run the below command:trust anchor <path-to-cert>
- If
trust
command is not available, then installp11-kit-trust
package which containstrust
command.
- If
Note:
Execute the
upgradeTCSA.sh script.
- If you do not want to specify the registry user name and password in the installation script, perform Docker login.
To log in to Docker, run the following command if podman-docker is installed in the deployment host.
docker login <harbor-fqdn> --compat-auth-file=/root/.docker/config.json
- If podman-docker is installed on the Deployer Host, ignore the following message and warnings while running docker commands.
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
- To log in to Docker, run the following command if docker is installed in the deployment host.
docker login <harbor-fqdn>
- Ensure that the
--registry-password
is passed inside single quotation if you are passing this to the installation script.
<harbor-registry-fqdn> with <acr-container-registry> <harbor-registry-username> with with <acr-container-username> <harbor-registry-password> with with <acr-container-password>
Note:
- After executing this command wait for a few minutes, you will be prompted to provide the keycloak password. Deployment upgrade will continue after providing the password in the console. You must enter the keycloak password in the console even if it is the default password or a custom password. The default password is
vmware@1!
. - The
--registry-cert
is an optional parameter. If you are using a private certification-based Harbor, you must pass a certificate path value to it. - Ensure that the
--registry-password
is passed inside single quotation if you are passing this to the installation script. - The
<project-name>
specified in the registry URL will be automatically created with the same name in Harbor registry during deployment. - You can specify 120 minutes for the timeout value. If there is any latency in the network, you can increase this value.
After the
upgradeTCSA.sh script exits, you must execute the
postUpgrade.sh script for cleaning the stale entries.
root [ ~ ]# cd $TCSA_WORK_SPACE/tcx-deployer/scripts root [ ~/upgrade/tcx-deployer/scripts ]# ./postUpgrade.sh <path-of-kubeconfig-file>
After the
postUpgrade.sh script exits, manually check the VMware Telco Cloud Service Assurance deployment status by running the following command from the deployment VM.
root [ ~/upgrade/tcx-deployer/scripts ]# kubectl get apps -A
For all the apps, the reconciliation status must be successful.
root [ ~/upgrade/tcx-deployer/scripts ]# kubectl get tcxproduct -A NAME STATUS READY MESSAGE AGE tcsa updateCompleted True All App CRs reconciled successfully 12h tps-tcx-platform-services updateCompleted True All App CRs reconciled successfully 13h
Note: After successful deployment, you can launch the VMware Telco Cloud Service Assurance UI. For more information, see
Accessing UI topic.
After the VMware Telco Cloud Service Assurance upgrade is successful, follow the steps mentioned in the Post Upgrade topic.
After perfoming the steps in the
Post Upgrade, you must upgrade all the remote data collector managers. For more information, see
Upgrading Remote Collector Manager.
Note:
- If you do not have a remote data collector manager then you can skip this step.
- If the user wants to enable the Grafana Schedule and Export Reports post the deployment, then follow the procedure mentioned in the Optional feature : Enabling Grafana Schedule and Export Reports Feature section.
After perfoming the steps in the Upgrading Remote Collector Manager, you must upgrade the domain managers as mentioned in the Upgrade Domain Manager topic.
Note: If there are any SSL Handshake errors and the discovery fails in the Domain Managers while discovering VMware Aria Operations,
VMware Telco Cloud Automation, Cisco ACI, VCD, and VIMS after upgrading the Domain Manager and
VMware Telco Cloud Service Assurance Core then to regenerate the Kafka Edge Certificate follow the procedure given in the
SSL Handshake Error Post TCSA and Domain Manager Upgrade topic given in the
VMware Telco Cloud Service Assurance Troubleshooting Guide.