Using the VMware Cloud Foundation Async Patch Tool with PowerShell¶

The VMware Cloud Foundation Async Patch Tool is a command-line tool that enables you to perform asynchronous patching on a VMware Cloud Foundation instance. This enable you to apply patches that are not part of a VMware Cloud Foundation release but are required to address a specific issue, such as a security vulnerability.

Recently, I was asked to assist a couple customers with automating the process of applying async patches to their VMware Cloud Foundation instance. The customers were already using PowerShell to automate other tasks, including using some of our open source PowerShell modules and wanted to continue using PowerShell to automate the async patching process if possible.

This article provides examples of using the Async Patch Tool with PowerShell. The examples are based on the following:

VMware Cloud Foundation with vSAN Ready Nodes (--SKU VCF).
Downloading async patches to a jump host.
Enabling and disabling async patches for a VMware Cloud Foundation instance.
Enabling version upgrades for a VMware Cloud Foundation instance.
Applying a hot patch for SDDC Manager.

Version Tested

Async Patch Tool 1.0.1.1 | April 2023 | Build 21574886

Check for additions and updates to the tool and the release notes.

Requirements¶

Operating Systems¶

The following operating systems can be used to run the Async Patch Tool with PowerShell.

Operating System	Version
Microsoft Windows Server	2019, 2022
Microsoft Windows	10, 11

PowerShell Versions¶

The following PowerShell versions can be used.

Edition	Version
Microsoft Windows PowerShell	5.1
PowerShell Core	>= 7.2.0

PowerShell Modules¶

The following PowerShell modules are required to use the Async Patch Tool with PowerShell.

PowerShell Module	Version	Publisher	Reference
VMware.PowerCLI	>= 13.0.0	VMware, Inc.	Documentation
PowerVCF	>= 2.3.0	VMware, Inc.	Documentation GitHub
PowerValidatedSolutions	>= 2.4.0	VMware, Inc.	Documentation GitHub

OpenJDK 8 Runtime¶

OpenJDK 8 Runtime is required to run the Async Patch Tool.

Example:

Jump Host

choco install openjdk8

Note

Requires Chocolatey package manager to be installed.

Extracted Structure: vcf-async-patch-tool.tar.gz

├── bin
│   ├── ...
│   ├── vcf-async-patch-tool
|   └── vcf-async-patch-tool.bat
├── conf
│   ├── ...
|   └── application-asyncpatch.properties
├── lib
|   └── ...
└── osl
    └── ...

Using the Async Patch Tool with PowerShell¶

The following steps enable you to perform offline patching of a VMware Cloud Foundation instance with vSAN Ready Nodes (--SKU VCF) using available PowerShell modules and cmdlets.

In this example, the following steps are performed:

A jump host is used to download the async patches from the VMware.
Async patches are transferred from the jump host to the SDDC Manager appliance.
Async patches are enabled on the SDDC Manager appliance.
Async patches are applied to the VMware Cloud Foundation instance from the SDDC Manager appliance.
Async patches are disabled on the SDDC Manager appliance.
The VMware Cloud Foundation instance is enabled for the next upgrade.

Install PowerShell Modules on the Jump Host¶

From a PowerShell console, install the required PowerShell modules on the jump host.

Jump Host

Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Install-Module -Name VMware.PowerCLI -MinimumVersion 13.0.0
Install-Module -Name PowerVCF -MinimumVersion 2.3.0
Install-Module -Name PowerValidatedSolutions -MinimumVersion 2.4.0
Install-Module -Name VMware.CloudFoundation.Reporting

Update the VMware PowerCLI Configuration¶

From a PowerShell console, run the following to update the PowerCLI configuration. This will assist in avoiding timeouts when copying large files from the jump host to the SDDC Manager appliance.

Jump Host

Set-PowerCLIConfiguration -WebOperationTimeoutSeconds -1

Install the Async Patch Tool on the Jump Host¶

Install the Async Patch Tool to the the jump host and perform initial configuration.

Step 1: Download and Extract the Async Patch Tool on the Jump Host¶

Download the latest release of the Async Patch Tool from VMware Customer Connect. You can find the download under the Drivers and Tools section of the VMware Cloud Foundation product download.

Extract the Async Patch Tool to a directory on the jump host.

Example:

Note

The following example uses the 7-Zip command line tool to extract the Async Patch Tool.

Jump Host

New-Item C:\Users\Rainpole\Downloads\asyncPatchTool -itemType Directory

New-Item C:\Users\Rainpole\Downloads\apToolBundles -itemType Directory

& "C:\Program Files\7-Zip\7z.exe" e "C:\Users\Rainpole\Downloads\vcf-async-patch-tool.tar.gz" -o"C:\Users\Rainpole\Downloads\" -y

& "C:\Program Files\7-Zip\7z.exe" x "C:\Users\Rainpole\Downloads\vcf-async-patch-tool.tar" -o"C:\Users\Rainpole\Downloads\asyncPatchTool" -y

Remove-Item C:\Users\Rainpole\Downloads\vcf-async-patch-tool.tar -Force

Step 2: Configure the Async Patch Tool on the Jump Host¶

Set the skip.user.prompt.itest option to true in conf\application-asyncpatch.properties to skip the user prompt for confirming the latest version of the the Async Patch Tool.
Set the lcm.aptool.recovery.include.vrealize option in conf\application-asyncpatch.properties to skip the user prompt for confirming the download of vRealize Suite components. When set to true, the Async Patch Tool will download the vRealize Suite components. When set to false, the Async Patch Tool will not download the vRealize Suite components.

Example:

Jump Host

asyncPatchTool\conf\application-asyncpatch.properties

skip.user.prompt.itest=true

lcm.aptool.recovery.include.vrealize=true

Install the Async Patch Tool on the SDDC Manager Appliance¶

Install the Async Patch Tool to the SDDC Manager appliance and set the permissions and ownership on the destination path.

Step 1: Copy and Extract the Async Patch Tool on the SDDC Manager Appliance¶

Using the vcf-async-patch-tool.tar.gz file downloaded to the jump host, copy the Async Patch Tool to the SDDC Manager appliance.

Example:

Jump Host

$SDDC_MANAGER_FQDN = "sfo-vcf01.sfo.rainpole.io"
$SDDC_MANAGER_USERNAME = "vcf"
$SDDC_MANAGER_PASSWORD = "VMw@re1!"
$SDDC_SSO_USERNAME = "[email protected]"
$SDDC_SSO_PASSWORD = "VMw@re1!"
$AP_DOWNLOAD_PATH = "C:\Users\Rainpole\Downloads"
$AP_HOME_PATH = "/home/vcf"
$AP_INSTALL_PATH = "/home/vcf/asyncPatchTool"
$AP_ARCHIVE_FILE = "vcf-async-patch-tool.tar.gz"
$AP_COMMAND = "mkdir $AP_INSTALL_PATH && tar -xzf $AP_HOME_PATH/$AP_ARCHIVE_FILE -C $AP_INSTALL_PATH && chmod -R 755 $AP_INSTALL_PATH && chown -R vcf:vcf $AP_INSTALL_PATH && rm $AP_HOME_PATH/$AP_ARCHIVE_FILE"

Copy-FiletoSddc -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -source $AP_DOWNLOAD_PATH\$AP_ARCHIVE_FILE -destination $AP_HOME_PATH

Invoke-SddcCommand -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -command $AP_COMMAND

Step 2: Configure the Async Patch Tool on the SDDC Manager Appliance¶

Set the skip.user.prompt.itest option to true in conf/application-asyncpatch.properties to skip the user prompt for confirming the latest version of the the Async Patch Tool by editing the /home/vcf/asyncPatchTool/conf/application-asyncpatch.properties on the SDDC Manager appliance.

Example:

SDDC Manager

asyncPatchTool/conf/application-asyncpatch.properties

skip.user.prompt.itest=true

Downloading and Enabling Async Patches¶

Step 1: List Async Patches Using a Jump Host¶

Example:

Jump Host

$AP_APT_PATH = "C:\Users\Rainpole\Downloads\asyncPatchTool"
$AP_OUTPUT_PATH = "C:\Users\Rainpole\Downloads\apToolBundles"
$AP_DEPOT_USERNAME = "[email protected]"
$AP_DEPOT_PASSWORD = "VMw@re1!"
$AP_DEPOT_SKU = "VCF"
$AP_COMMAND = "$AP_APT_PATH\bin\vcf-async-patch-tool.bat --listAsyncPatch --depotUser $AP_DEPOT_USERNAME --depotPassword $AP_DEPOT_PASSWORD --sku $AP_DEPOT_SKU --outputDirectory $AP_OUTPUT_PATH"

Invoke-Expression -Command $AP_COMMAND

Note

You can pass the --productType option to filter the list of patches by product type by setting $AP_PRODUCT_TYPE to a supported value (e.g., "ESX_1ST") and passing it to the --productType option.

Step 2: Download Async Patches Using a Jump Host¶

The results of listing the available async patches are presented as a table with the product and version in their own columns. You must concatenate the product and version to form the PRODUCT_TYPE:VERSION to pass as the $AP_PATCH variable.

Use the following example to download the async patches to the jump host.

Example:

Jump Host

$AP_APT_PATH = "C:\Users\Rainpole\Downloads\asyncPatchTool"
$AP_OUTPUT_PATH = "C:\Users\Rainpole\Downloads\apToolBundles"
$AP_DEPOT_USERNAME = "[email protected]"
$AP_DEPOT_PASSWORD = "VMw@re1!"
$AP_PATCH = "ESX_HOST:7.0.2-19290878"
$AP_COMMAND = "$AP_APT_PATH\bin\vcf-async-patch-tool.bat --download --patch $AP_PATCH --depotUser $AP_DEPOT_USERNAME --depotPassword $AP_DEPOT_PASSWORD --sku $AP_DEPOT_SKU --outputDirectory $AP_OUTPUT_PATH"

Invoke-Expression -Command $AP_COMMAND

Note

If the same download directory has been used for multiple product patch downloads, there will be different input specs associated. Before you begin, it is recommend to always clean up the download directory to avoid errors.
The --precheck and --postcheck can be included with the command to run pre-checks and post-checks.
The --proxyServer with fqdn_ip:port can be used to specify a proxy server for the download. (e.g., --proxyServer proxy.rainpole.io:8080)

Step 3: Transfer Async Patches from the Jump Host to the SDDC Manager Appliance¶

It is recommended to transfer the artifacts from the jump host to the SDDC Manager appliance using the following destination path: /nfs/vmware/vcf/nfs-mount/.

Use the following examples to transfer the artifacts from the jump host to the SDDC Manager appliance using VMware Guest Tools.

Example:

Jump Host

$SDDC_MANAGER_FQDN = "sfo-vcf01.sfo.rainpole.io"
$SDDC_MANAGER_USERNAME = "vcf"
$SDDC_MANAGER_PASSWORD = "VMw@re1!"
$SDDC_SSO_USERNAME = "[email protected]"
$SDDC_SSO_PASSWORD = "VMw@re1!"
$AP_OUTPUT_PATH = "C:\Users\Rainpole\Downloads\apToolBundles"
$AP_BUNDLE_PATH = "/nfs/vmware/vcf/nfs-mount/apToolBundles"
$AP_COMMAND = "chmod -R 755 $AP_BUNDLE_PATH && chown -R vcf:vcf $AP_BUNDLE_PATH"

Copy-FiletoSddc -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -source $AP_OUTPUT_PATH -destination $AP_BUNDLE_PATH

Invoke-SddcCommand -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -command $AP_COMMAND

Warning

This process can take a long time to complete as files are transfered from the jump host to SDDC Manager using VMware Guest Tools.

Step 4: Enable an Async Patch on the SDDC Manager Appliance¶

Use the following example to enable an async patch for the VMware Cloud Foundation instance on the SDDC Manager appliance.

Example:

Jump Host

$SDDC_MANAGER_FQDN = "sfo-vcf01.sfo.rainpole.io"
$SDDC_MANAGER_USERNAME = "vcf"
$SDDC_MANAGER_PASSWORD = "VMw@re1!"
$SDDC_SSO_USERNAME = "[email protected]"
$SDDC_SSO_PASSWORD = "VMw@re1!"
$SDDC_SSH_USERNAME = "vcf"
$SDDC_SSH_PASSWORD = "VMw@re1!"
$SDDC_MANAGER_ROOT_PASSWORD = "VMw@re1!"
$AP_APT_PATH = "/home/vcf/asyncPatchTool"
$AP_INPUTSPEC_PATH = "/nfs/vmware/vcf/nfs-mount/apToolBundles/inputSpecs"
$AP_BUNDLE_PATH = "/nfs/vmware/vcf/nfs-mount/apToolBundles/"
$AP_INPUTSPEC_FILE = "bundle-#####.spec"
$AP_INSTANCE_TYPE = "OFFLINE"
$AP_COMMAND = "$AP_APT_PATH/bin/vcf-async-patch-tool --inputSpec $AP_INPUTSPEC_PATH/$AP_INPUTSPEC_FILE --sddcSSOUser $SDDC_SSO_USERNAME --sddcSSOPassword $SDDC_SSO_PASSWORD --sddcSSHUser $SDDC_SSH_USERNAME --sddcSSHPassword $SDDC_SSH_PASSWORD --rootUserPassword $SDDC_MANAGER_ROOT_PASSWORD --outputDirectory $AP_BUNDLE_PATH --instanceType $AP_INSTANCE_TYPE"

Invoke-SddcCommand -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -command $AP_COMMAND

The value for the --inputSpec ($AP_INPUTSPEC_PATH/$AP_INPUTSPEC_FILE) is the path to the input specification file that was downloaded to the jump host and then transfered to the SDDC Manager appliance. The file name is the the name of the bundle ID with the .spec extension (e.g., /nfs/vmware/vcf/nfs-mount/apToolBundles/inputSpecs/bundle-#####.spec) and can be identified during the download process.

For example, the following is a sample output from the download process:

Jump Host

-----------------------------------------------------
VCF Async Patch Tool - Version: x.y.z-########
Documentation: https://kb.vmware.com/s/article/88287
-----------------------------------------------------
...
YYYY-MM-DD 00:00:00.000 [INFO ] Downloading Async Patch Input Spec for ESX_HOST - x.y.x-########
YYYY-MM-DD 00:00:00.000 [INFO ] Fetching Async Patch Input Spec from https://depot.vmware.com/PROD2/evo/vmw/asyncPatchSpecs/v1/bundle-#####.spec          <-- inputSpec file -- 
YYYY-MM-DD 00:00:00.000 [INFO ] Validating bundle download input spec
YYYY-MM-DD 00:00:00.000 [INFO ] Validating download directory space
YYYY-MM-DD 00:00:00.000 [INFO ] Usable space: ######.### MB
YYYY-MM-DD 00:00:00.000 [INFO ] Downloaded bundles:
YYYY-MM-DD 00:00:00.000 [INFO ] Not downloaded bundles: bundle-#####(###.#### MB)
YYYY-MM-DD 00:00:00.000 [INFO ] Required disk space: ###.#### MB
YYYY-MM-DD 00:00:00.000 [INFO ] C:\Users\Rainpole\Downloads\apToolBundles has enough usable space ###.#### MB for downloading bundles bundle-#####(###.#### MB)
YYYY-MM-DD 00:00:00.000 [INFO ] Downloading bundles, artifacts to directory: C:\Users\Rainpole\Downloads\apToolBundles
YYYY-MM-DD 00:00:00.000 [INFO ] Downloading bundle: bundle-####
YYYY-MM-DD 00:00:00.000 [INFO ] Download Progress of bundle tar : bundle-#####.tar : #.# MB, Average Speed: ###.## Mbps, Total Size: ###.#### MB
YYYY-MM-DD 00:00:00.000 [INFO ] Deleted the temp dir Tar File  C:\Users\Rainpole\Downloads\apToolBundles\tmp\bundles\bundle-#####.tar
YYYY-MM-DD 00:00:00.000 [INFO ] Successfully downloaded bundle: bundle-#####
YYYY-MM-DD 00:00:00.000 [INFO ] Completed downloading:1 of total:1
YYYY-MM-DD 00:00:00.000 [INFO ] Successfully downloaded all bundles to download directory C:\Users\Rainpole\Downloads\apToolBundles
YYYY-MM-DD 00:00:00.000 [INFO ] Validating bundle bundle-##### tar file, manifest file and manifest signature file exist
YYYY-MM-DD 00:00:00.000 [INFO ] Validating bundle bundle-##### signature
YYYY-MM-DD 00:00:00.000 [INFO ] Downloading latest LCM manifest from depot
YYYY-MM-DD 00:00:00.000 [INFO ] Successfully downloaded latest LCM manifest
YYYY-MM-DD 00:00:00.000 [INFO ] Telemetry data collection is not enabled

Step 5: Install an Async Patch(es) to the VMware Cloud Foundation instance¶

Apply the async patch(es) to all workload domains using the UI or API.

Note

This process is out of scope for this article.

Once the async patch(es) has been applied to the VMware Cloud Foundation instance, delete the artifacts from the SDDC Manager appliance.

Example: Remotely delete the artifacts from the SDDC Manager appliance.

Jump Host

$SDDC_MANAGER_FQDN = "sfo-vcf01.sfo.rainpole.io"
$SDDC_MANAGER_USERNAME = "vcf"
$SDDC_MANAGER_PASSWORD = "VMw@re1!"
$SDDC_SSO_USERNAME = "[email protected]"
$SDDC_SSO_PASSWORD = "VMw@re1!"
$AP_BUNDLE_PATH = "/nfs/vmware/vcf/nfs-mount/apToolBundles"
$AP_COMMAND = "rm -r $AP_BUNDLE_PATH"

Invoke-SddcCommand -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -command $AP_COMMAND

Example: Directly delete the artifacts from the SDDC Manager appliance.

SDDC Manager

$AP_BUNDLE_PATH = "/home/vcf/apToolBundles"

Remove-Item -Path $AP_BUNDLE_PATH -Recurse -Force

Step 6: Disable Async Patches on the SDDC Manager Appliance¶

Use the following example to disable async patches for the VMware Cloud Foundation instance on the SDDC Manager appliance.

Example:

Jump Host

$SDDC_MANAGER_FQDN = "sfo-vcf01.sfo.rainpole.io"
$SDDC_MANAGER_USERNAME = "vcf"
$SDDC_MANAGER_PASSWORD = "VMw@re1!"
$SDDC_SSO_USERNAME = "[email protected]"
$SDDC_SSO_PASSWORD = "VMw@re1!"
$SDDC_SSH_USERNAME = "vcf"
$SDDC_SSH_PASSWORD = "VMw@re1!"
$SDDC_SSH_PASSWORD = "VMw@re1!"
$AP_APT_PATH = "/home/vcf/asyncPatchTool"
$AP_COMMAND = "$AP_APT_PATH/bin/vcf-async-patch-tool --disableAllPatches --sddcSSOUser $SDDC_SSO_USERNAME --sddcSSOPassword $SDDC_SSO_PASSWORD --sddcSSHUser $SDDC_SSH_USERNAME --sddcSSHPassword $SDDC_SSH_PASSWORD --rootUserPassword $SDDC_MANAGER_ROOT_PASSWORD"

Invoke-SddcCommand -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -command $AP_COMMAND

Enable an Upgrade on the SDDC Manager Appliance¶

After installing async patches to you VMware Cloud Foundation instance, use the following example to enable an upgrade for the VMware Cloud Foundation instance.

Step 1: Download the Upgrade Content¶

From the jump host, download the upgrade content.

Example:

Jump Host

$AP_APT_PATH = "C:\Users\Rainpole\Downloads\asyncPatchTool"
$AP_DEPOT_USERNAME = "[email protected]"
$AP_DEPOT_PASSWORD = "VMw@re1!"
$AP_DEPOT_SKU = "VCF"
$AP_VERSION_SOURCE = "4.4.1"
$AP_VERSION_TARGET = "4.5.0"
$AP_COMMAND = "$AP_APT_PATH\bin\vcf-async-patch-tool.bat --download --sourceVcfVersion $AP_VERSION_SOURCE --targetVcfVersion $AP_VERSION_TARGET --sku $AP_DEPOT_SKU --depotUser $AP_DEPOT_USERNAME --depotPassword $AP_DEPOT_PASSWORD"

Invoke-Expression -Command $AP_COMMAND

Note

The --proxyServer with fqdn_ip:port can be used to specify a proxy server for the download. (e.g., --proxyServer proxy.rainpole.io:8080)

Step 2: Transfer Upgrade Content from the Jump Host to the SDDC Manager Appliance¶

It is recommended to transfer the artifacts from the jump host to the SDDC Manager appliance using the following destination path: /nfs/vmware/vcf/nfs-mount/.

Use the following examples to transfer the artifacts from the jump host to the SDDC Manager appliance using VMware Guest Tools.

Example:

Jump Host

$SDDC_MANAGER_FQDN = "sfo-vcf01.sfo.rainpole.io"
$SDDC_MANAGER_USERNAME = "vcf"
$SDDC_MANAGER_PASSWORD = "VMw@re1!"
$SDDC_SSO_USERNAME = "[email protected]"
$SDDC_SSO_PASSWORD = "VMw@re1!"
$AP_OUTPUT_PATH = "C:\Users\Rainpole\Downloads\apToolBundles"
$AP_BUNDLE_PATH = "/nfs/vmware/vcf/nfs-mount/apToolBundles"
$AP_COMMAND = "chmod -R 755 $AP_BUNDLE_PATH && chown -R vcf:vcf $AP_BUNDLE_PATH"

Copy-FiletoSddc -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -source $AP_OUTPUT_PATH -destination $AP_BUNDLE_PATH

Invoke-SddcCommand -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -command $AP_COMMAND

Warning

This process can take a long time to complete as files are transfered from the jump host to SDDC Manager using VMware Guest Tools.

Step 3: Enable the Upgrade for the VMware Cloud Foundation Instance¶

Enable the upgrade.

Example:

Jump Host

$SDDC_MANAGER_FQDN = "sfo-vcf01.sfo.rainpole.io"
$SDDC_MANAGER_USERNAME = "vcf"
$SDDC_MANAGER_PASSWORD = "VMw@re1!"
$SDDC_SSO_USERNAME = "[email protected]"
$SDDC_SSO_PASSWORD = "VMw@re1!"
$SDDC_MANAGER_ROOT_PASSWORD = "VMw@re1!"
$AP_APT_PATH = "/home/vcf/asyncPatchTool"
$AP_VERSION_TARGET = "4.5.0"
$AP_BUNDLE_PATH = "/nfs/vmware/vcf/nfs-mount/apToolBundles/"
$AP_INSTANCE_TYPE = "OFFLINE"
$AP_COMMAND = "./$AP_APT_PATH/bin/vcf-async-patch-tool --enableVCFUpgrade --targetVcfVersion $AP_VERSION_TARGET --sddcSSOUser $SDDC_SSO_USERNAME --sddcSSOPassword $SDDC_SSO_PASSWORD --sddcSSHUser $SDDC_SSH_USERNAME --sddcSSHPassword $SDDC_SSH_PASSWORD --rootUserPassword $SDDC_MANAGER_ROOT_PASSWORD --outputDirectory $AP_BUNDLE_PATH --instanceType $AP_INSTANCE_TYPE"

Invoke-SddcCommand -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -command $AP_COMMAND

Note

The --precheck and --postcheck can be inclued with the command to run pre-checks and post-checks.

Apply a Hot Patch to the SDDC Manager Appliance¶

Use the following examples to download and apply a hot patch to the SDDC Manager appliance using the Async Patch Tool.

Step 1: Download the Hot Patch Content¶

An input specification file must be obtained from VMware, used for the hot patch download, and then transfered to the SDDC Manager appliance from the jump host. Rename the input specification file to hotpatch_input.spec.

Use the following example to download the hot patch to the jump host.

Example:

Jump Host

$AP_APT_PATH = "C:\Users\Rainpole\Downloads\asyncPatchTool"
$AP_OUTPUT_PATH = "C:\Users\Rainpole\Downloads\apToolBundles"
$AP_DEPOT_USERNAME = "[email protected]"
$AP_DEPOT_PASSWORD = "VMw@re1!"
$AP_INPUTSPEC = "C:\Users\Rainpole\Downloads\hotpatch_input.spec"
$AP_BUNDLE_PATH = "/nfs/vmware/vcf/nfs-mount/apToolBundles/bundles/"
$AP_COMMAND = "$AP_APT_PATH\bin\vcf-async-patch-tool.bat --download --inputSpec $AP_INPUTSPEC --depotUser $AP_DEPOT_USERNAME --depotPassword $AP_DEPOT_PASSWORD --outputDirectory $AP_OUTPUT_PATH"

Invoke-Expression -Command $AP_COMMAND

Note

If the same download directory has been used for multiple product patch downloads, there will be different input specs associated. Before you begin, it is recommend to always clean up the download directory to avoid errors.
The --precheck and --postcheck can be inclued with the command to run pre-checks and post-checks.
The --proxyServer with fqdn_ip:port can be used to specify a proxy server for the download. (e.g., --proxyServer proxy.rainpole.io:8080)

Step 2: Transfer Hot Patch Content from the Jump Host to the SDDC Manager Appliance¶

Transfer the hot patch artifacts for SDDC Manager from the jump host to the SDDC Manager appliance using the following destination path: /nfs/vmware/vcf/nfs-mount/. This includes the downloaded hot patch content and the input specification file.

Use the following examples to transfer the artifacts from the jump host to the SDDC Manager appliance using VMware Guest Tools.

Example:

Jump Host

$SDDC_MANAGER_FQDN = "sfo-vcf01.sfo.rainpole.io"
$SDDC_MANAGER_USERNAME = "vcf"
$SDDC_MANAGER_PASSWORD = "VMw@re1!"
$SDDC_SSO_USERNAME = "[email protected]"
$SDDC_SSO_PASSWORD = "VMw@re1!"
$AP_OUTPUT_PATH = "C:\Users\Rainpole\Downloads\apToolBundles"
$AP_BUNDLE_PATH = "/nfs/vmware/vcf/nfs-mount/apToolBundles"
$AP_INPUTSPEC_FILE = "hotpatch_input.spec"
$AP_INPUTSPEC_SRC = "C:\Users\Rainpole\Downloads"
$AP_INPUTSPEC_DST = "/nfs/vmware/vcf/nfs-mount/apToolBundles/inputSpecs"
$AP_COMMAND = "chmod -R 755 $AP_BUNDLE_PATH && chown -R vcf:vcf $AP_BUNDLE_PATH"

Copy-FiletoSddc -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -source $AP_INPUTSPEC_SRC\$AP_INPUTSPEC_FILE -destination $AP_INPUTSPEC_DST/$AP_INPUTSPEC_FILE

Copy-FiletoSddc -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -source $AP_OUTPUT_PATH -destination $AP_BUNDLE_PATH

Invoke-SddcCommand -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -command $AP_COMMAND

Warning

This process can take a long time to complete as files are transfered from the jump host to SDDC Manager using VMware Guest Tools.

Step 3: Enable the Hot Patch for the SDDC Manager Appliance¶

Using the Aysnc Patch Tool, enable the hot patch for the SDDC Manager appliance. This step will perform an RPM-based upgrade for your SDDC Manager services based the input specification provided by VMware.

Example:

Jump Host

$SDDC_MANAGER_FQDN = "sfo-vcf01.sfo.rainpole.io"
$SDDC_MANAGER_USERNAME = "vcf"
$SDDC_MANAGER_PASSWORD = "VMw@re1!"
$SDDC_SSO_USERNAME = "[email protected]"
$SDDC_SSO_PASSWORD = "VMw@re1!"
$SDDC_SSH_USERNAME = "vcf"
$SDDC_SSH_PASSWORD = "VMw@re1!"
$SDDC_MANAGER_ROOT_PASSWORD = "VMw@re1!"
$AP_APT_PATH = "/home/vcf/asyncPatchTool"
$AP_INPUTSPEC_PATH = "/nfs/vmware/vcf/nfs-mount/apToolBundles/inputSpecs/"
$AP_BUNDLE_PATH = "/nfs/vmware/vcf/nfs-mount/apToolBundles/bundles/"
$AP_INPUTSPEC_FILE = "hotpatch_input.spec"
$AP_INSTANCE_TYPE = "OFFLINE"
$AP_COMMAND = "$AP_APT_PATH/bin/vcf-async-patch-tool --inputSpec $AP_INPUTSPEC_PATH/$AP_INPUTSPEC_FILE --sddcSSOUser $SDDC_SSO_USERNAME --sddcSSOPassword $SDDC_SSO_PASSWORD --sddcSSHUser $SDDC_SSH_USERNAME --sddcSSHPassword $SDDC_SSH_PASSWORD --rootUserPassword $SDDC_MANAGER_ROOT_PASSWORD --outputDirectory $AP_BUNDLE_PATH --instanceType $AP_INSTANCE_TYPE"

Invoke-SddcCommand -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -command $AP_COMMAND

The value for the --inputSpec ($AP_INPUTSPEC_PATH/$AP_INPUTSPEC_FILE) is the path to the input specification file that was provided by VMware and then transfered to the SDDC Manager appliance from the jump host.

Removing the Async Patch Tool and Patch Artifacts from the SDDC Manager Appliance¶

Use the following example to delete the Async Patch Tool and Patch Artifacts from the SDDC Manager appliance.

Remove the Async Patch Artifacts¶

Remotely delete the artifacts from the SDDC Manager appliance.

Example:

Jump Host

$SDDC_MANAGER_FQDN = "sfo-vcf01.sfo.rainpole.io"
$SDDC_MANAGER_USERNAME = "vcf"
$SDDC_MANAGER_PASSWORD = "VMw@re1!"
$SDDC_SSO_USERNAME = "[email protected]"
$SDDC_SSO_PASSWORD = "VMw@re1!"
$AP_BUNDLE_PATH = "/nfs/vmware/vcf/nfs-mount/apToolBundles"
$AP_COMMAND = "rm -r $AP_BUNDLE_PATH"

Invoke-SddcCommand -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -command $AP_COMMAND

Remove the Async Patch Tool¶

Remotely delete the Async Patch Tool from the SDDC Manager appliance.

Example:

Jump Host

$SDDC_MANAGER_FQDN = "sfo-vcf01.sfo.rainpole.io"
$SDDC_MANAGER_USERNAME = "vcf"
$SDDC_MANAGER_PASSWORD = "VMw@re1!"
$SDDC_SSO_USERNAME = "[email protected]"
$SDDC_SSO_PASSWORD = "VMw@re1!"
$AP_APT_PATH = "/home/vcf/asyncPatchTool"
$AP_COMMAND = "rm -r $AP_APT_PATH"

Invoke-SddcCommand -server $SDDC_MANAGER_FQDN -user $SDDC_SSO_USERNAME -pass $SDDC_SSO_PASSWORD -vmUser $SDDC_MANAGER_USERNAME -vmPass $SDDC_MANAGER_PASSWORD -command $AP_COMMAND

Removing the Async Patch Tool and Patch Artifacts on the Jump Host¶

Use the following example to delete the Async Patch Tool and Patch Artifacts from the jump host.

Remove the Async Patch Artifacts¶

Remove the Async Patch artifacts from the jump host.

Jump Host

$AP_BUNDLE_PATH = "C:\Users\Rainpole\Downloads\apToolBundles"

Remove-Item -Path $AP_BUNDLE_PATH -Recurse -Force

Remove the Async Patch Tool¶

Remove the Async Patch Tool from the jump host.

Jump Host

$AP_APT_PATH = "C:\Users\Rainpole\Downloads\asyncPatchTool"

Remove-Item -Path $AP_APT_PATH -Recurse -Force

Hope this helps!

Disclaimer

This is not an official VMware by Broadcom document. This is a personal blog post. The information is provided as-is with no warranties and confers no rights. It is not intended to replace official documentation. Please, refer to official documentation for the most up-to-date information.