This procedure describes how to patch the Active, Passive, and Witness node if your vCenter Server Appliance is configured in a vCenter High Availability (HA) cluster.

A vCenter High Availability cluster consists of three vCenter Server Appliances that act as an Active, Passive, and Witness node. For information about configuring vCenter High Availability, see vSphere Availability.

You patch the three nodes in a sequence and use a manual failover so that you always patch a non-Active node. For patching the nodes, you must use the software-packages utility from the appliance shell. For information about patching the appliance from the appliance shell, see Patching the vCenter Server Appliance by Using the Appliance Shell.

Prerequisites

  • Verify that patching a vCenter HA configuration is supported for your version of vCenter Server Appliance. For certain vCenter Server 6.7 patch releases, you must remove the vCenter HA configuration and update the vCenter Server Appliance using either the vCenter Server Appliance Management Interface or the software-packages utility in the appliance shell of a vCenter Server Appliance. To learn if your version of vCenter Server Appliance can be patched using this procedure, see Knowledge Base article KB 55938.

  • If you are using a proxy, you must configure it in the appliance management interface. See Configure the DNS, IP Address, and Proxy Settings.

Procedure

  1. Place the vCenter HA cluster in maintenance mode.
    1. In the vSphere Client inventory, click the Configure tab.
    2. Under Settings, select vCenter HA and click Edit.
    3. Select Maintenance Mode and click OK.
  2. Log in as root to the appliance shell of the Active node by using the public IP address.
  3. Patch the Witness node.
    1. From the appliance shell of the Active node, access the Bash shell and establish an SSH session to the Witness node.
      ssh root@Witness_node_IP_address
    2. Patch the Witness node.
      Use the software-packages utility.
    3. Exit the SSH session to the Witness node.
      exit
  4. Patch the Passive node.
    1. From the appliance shell of the Active node, access the Bash shell and establish an SSH session to the Passive node.
      ssh root@Passve_node_IP_address
    2. Patch the Passive node.
      Use the software-packages utility.
    3. Exit the SSH session to the Passive node.
      exit
  5. Log out from the appliance shell of the Active node.
  6. Initiate a vCenter HA failover manually.
    1. Log in to the Active node with the vSphere Client and click Configure.
    2. Under Settings, select vCenter HA and click Initiate Failover.
    3. To start the failover click Yes.

      A dialog box offers you the option to force a failover without synchronization. In most cases, performing synchronization first is best.

    You can see in the vSphere Client that the Passive node has become the Active node and the Active node has become the Passive node.

  7. Log in as root to the appliance shell of the new Active node by using the public IP address.
  8. Patch the new Passive node.
    1. From the appliance shell of the Active node, access the Bash shell and establish an SSH session to the Passive node.
      ssh root@Passve_node_IP_address
    2. Patch the Passive node.
      Use the software-packages utility.
    3. Exit the SSH session to the Passive node.
      exit
  9. Log out from the appliance shell of the Active node.
  10. Exit the maintenance mode.
    1. In the vSphere Client inventory, click the Configure tab.
    2. Under Settings, select vCenter HA and click Edit.
    3. Select Turn On vCenter HA and click OK.