Execute the Upgrade Script

This section provides instructions to upgrade VMware Telco Cloud Service Assurance on production footprint using the following procedure.

Prerequisites

Caution: During the upgrade process, you must not access the VMware Telco Cloud Service Assurance UI.

Procedure

Copy the Harbor Certs file from /etc/docker/certs.d/<HarborIP>/ca.crt to the /etc/ssl/certs directory.
If you do not have permission to the /etc/ssl/certs directory, then put the Harbor Cert in any other location where you have access, and run the below command:
```
trust anchor <path-to-cert>
```
or you can run the following trust anchor command with the default harbor cert path
```
trust anchor /etc/docker/certs.d/<HarborIP>/ca.crt
```
Note: If trust command is not available, then install p11-kit-trust package which contains trust command.
You must set the following tag to false if it is set to true.
```
export PUSH_TO_CHART_REPO=false
```
If you do not want to specify the registry user name and password in the upgrade script, perform Docker login.
1. To log in to Docker, run the following command if podman-docker is installed in the deployment host.
```
docker login <harbor-fqdn> --compat-auth-file=/root/.docker/config.json
```
2. To log in to Docker, run the following command if docker is installed in the deployment host.
```
docker login <harbor-fqdn>
```
Execute the upgradeTCSA.sh script.
```
root [ ~ ]# cd $TCSA_WORK_SPACE/tcx-deployer/scripts
root [ ~/upgrade/tcx-deployer/scripts ]# ./upgradeTCSA.sh --kubeconfig <your-kubeconfig-location> --registry-cert <harbor-registry-cert-path> --registry <harbor-registry-fqdn>/<project-name> --registry-password <harbor-registry-password> --registry-username <harbor-registry-username> --timeout <timeout in minute>
```
Note:
- After executing this command wait for a few minutes, you will be prompted to provide the keycloak password. Deployment upgrade will continue after providing the password in the console. You must enter the keycloak password in the console even if it is the default password or a custom password. The default password is vmware@1!.
- You can specify 120 minutes for the timeout value. If there is any latency in the network, you can increase this value.
- Ensure that the --registry-password is passed inside single quotation if you are passing this to the installation script through command line.
After the upgrade script exits, manually check the VMware Telco Cloud Service Assurance deployment status by running the following command from the deployment VM.
```
root [ ~/tcx-deployer/scripts ]# kubectl get tcxproduct -A
```
or
```
root [ ~/tcx-deployer/scripts ]# kubectl get apps -A
```
For all the applications, the reconciliation status must be successful.
```
[root@wdc-10-214-174-032 ~]# kubectl get tcxproduct -A
NAME                        STATUS            READY   MESSAGE                               AGE
tcsa                        updateCompleted   True    All App CRs reconciled successfully   12h
tps-tcx-platform-services   updateCompleted   True    All App CRs reconciled successfully   13h
```
Note:
- After a successful upgrade, you can launch the VMware Telco Cloud Service Assurance UI. For more information, see Accessing VMware Telco Cloud Service Assurance UI topic. Ensure that the About page in VMware Telco Cloud Service Assurance UI reflects the upgraded version of VMware Telco Cloud Service Assurance.
- If the Isitio-edge-ingressgateway pod fails with ImagePullBackOff error, then refer to the Pod fails with ImagePullBackOff error section in the VMware Telco Cloud Service Assurance Troubleshooting Guide.
After the upgrade is successful, you must execute the postUpgrade.sh script for cleaning the stale entries from the deployer host.
```
$TCSA_WORK_SPACE/tcx-deployer/scripts/postUpgrade.sh <your-kubeconfig-location>
```
After the VMware Telco Cloud Service Assurance upgrade is successful, follow the steps mentioned in the Post Upgrade topic.

What to do next

After the VMware Telco Cloud Service Assurance upgrade is successful, follow the steps mentioned in the Post Upgrade topic.

After perfoming the steps in the Post Upgrade, you must upgrade all the remote data collector managers. For more information, see Upgrading Remote Collector Manager.

Note:

If you do not have a remote data collector manager then you can skip this step.
If the user wants to enable the Grafana Schedule and Export Reports post the deployment, then follow the procedure mentioned in the Optional feature : Enabling Grafana Schedule and Export Reports Feature section.

After perfoming the steps in the Upgrading Remote Collector Manager, you must upgrade the domain managers as mentioned in the Upgrade Domain Manager topic.

Note: If there are any SSL Handshake errors and the discovery fails in the Domain Managers while discovering VMware Aria Operations, VMware Telco Cloud Automation, Cisco ACI, VCD, and vIMS after upgrading the Domain Manager and VMware Telco Cloud Service Assurance Core then to regenerate the Kafka Edge Certificate follow the procedure given in the SSL Handshake Error Post TCSA and Domain Manager Upgrade topic given in the VMware Telco Cloud Service Assurance Troubleshooting Guide.