Upgrade Virtual Container Hosts

You upgrade virtual container hosts (VCHs) by downloading a new version of vSphere Integrated Containers Engine and running the vic-machine upgrade command.

You can use vic-machine upgrade to upgrade VCHs to newer versions. You can run vic-machine upgrade on VCHs that are either running or powered off. When you upgrade a running VCH, the VCH goes temporarily offline, but container workloads continue as normal during the upgrade process. Upgrading a VCH does not affect any mapped container networks that you defined by setting the vic-machine create --container-network option. The following operations are not available during upgrade:

You cannot access container logs
You cannot attach to a container
NAT based port forwarding is unavailable

IMPORTANT:

Upgrading a VCH does not upgrade any existing container VMs that the VCH manages. For container VMs to boot from the latest version of bootstrap.iso, container developers must recreate them.
By default, previous versions of vSphere Integrated Containers deployed VCHs as vApps, unless you explicitly deployed them as resource pools by using the vic-machine create --use-rp option. This version of vSphere Integrated Containers always deploys VCHs as resource pools, not as vApps. When you upgrade VCHs that run as vApps, these VCHs remain vApps after the upgrade. Any new container VMs are deployed in the existing vApp.

For descriptions of the options that vic-machine upgrade includes in addition to the Common vic-machine Options , see VCH Upgrade Options.

Prerequisites

You deployed one or more VCHs with an older version of vic-machine.
You downloaded a new version of the vSphere Integrated Containers Engine bundle.
Run the vic-machine ls command by using the new version of vic-machine to see the upgrade status of all of the VCHs that are running on a vCenter Server instance or ESXi host. For information about running vic-machine ls, see List VCHs and Obtain Their IDs.
Optionally note the IDs of the VCHs.
Obtain the vCenter Server or ESXi host certificate thumbprint. For information about how to obtain the certificate thumbprint, see Obtain vSphere Certificate Thumbprints.

Procedure

On the system on which you run vic-machine, navigate to the directory that contains the new version of the vic-machine utility.
Run the vic-machine upgrade command.

The following example includes the options required to upgrade a VCH in a simple vCenter Server environment.
- You must specify the user name and optionally the password, either in the target option or separately in the --user and --password options.
- If the VCH has a name other than the default name, virtual-container-host, you must specify the --name or --id option.
- If multiple compute resources exist in the datacenter, you must specify the --compute-resource or --id option.
- If your vSphere environment uses untrusted, self-signed certificates, you must also specify the thumbprint of the vCenter Server instance or ESXi host in the --thumbprint option.
  
  Use upper-case letters and colon delimitation in the thumbprint. Do not use space delimitation.
```
$ vic-machine-operating_system upgrade
--target vcenter_server_username:password@vcenter_server_address
--thumbprint certificate_thumbprint
--id vch_id
```

If the upgrade operation fails with error messages, run vic-machine upgrade again, specifying a timeout longer than 3 minutes in the --timeout option.

$ vic-machine-operating_system upgrade
--target vcenter_server_username:password@vcenter_server_address
--thumbprint certificate_thumbprint
--id vch_id
--timeout 5m0s

If the upgrade operation continues to fail with error messages, run vic-machine upgrade again with the --force option.

CAUTION: Specifying the --force option bypasses safety checks, including certificate thumbprint verification. Using --force in this way can expose VCHs to the risk of man-in-the-middle attacks, in which attackers can learn vSphere credentials. Using --force can result in unexpected deployment topologies that would otherwise fail with an error. Do not use --force in production environments.
```
$ vic-machine-operating_system upgrade
--target vcenter_server_username:password@vcenter_server_address
--id vch_id
--timeout 5m0s
--force
```
(Optional) To roll back an upgraded VCH to the previous version, or to revert a VCH that failed to upgrade, run vic-machine upgrade again with the --rollback option.
```
$ vic-machine-operating_system upgrade
--target vcenter_server_username:password@vcenter_server_address
--id vch_id
--rollback
```

Result

During the upgrade process, vic-machine upgrade performs the following operations:

Validates whether the configuration of the existing VCH is compatible with the new version. If not, the upgrade fails.
Uploads the new versions of the appliance.iso and bootstrap.iso files to the VCH. There is no timeout for this stage of the upgrade process, so that the ISO files can upload over slow connections.
Creates a snapshot of the VCH endpoint VM, to use in case the upgrade fails and has to roll back.
Boots the VCH by using the new version of the appliance.iso file.
Deletes the snapshot of the VCH endpoint VM once the upgrade has succeeded.
After you upgrade a VCH, any new container VMs will boot from the new version of the bootstrap.iso file.
If the upgrade times out while waiting for the VCH service to start, the upgrade fails and rolls back to the previous version.
If the upgrade fails with the error another upgrade/configure operation is in progress, a previous attempt at upgrading the VCH might have been interrupted without rolling back. In this case, run vic-machine configure with the --reset-progress option. For information about vic-machine configure --reset-progress, see Reset Upgrade or Configuration Progress.

What to Do Next

Upgrade the HTML5 vSphere Client plug-in.

Upgrade VCHs

Upgrade Virtual Container Hosts

results matching ""

No results matching ""