Dear all
Hi
i installed vcsa 6.7 build number : 11727113 and i config vcsaHA and it is now working
now i want to update my vcsa to lastest version now what do i havd to do before update vcsa ?
All of vcsa ( Active - passive , witness) will automatically update ?
Do i had to do normal update just on active vCenter ?
BR
so thanks
but how do i had to update witness and passive nodes?
BR
There is also an official guide from VMware available for patching a VCHA setup:
Patch a vCenter High Availability Environment
But I would recommend to destroy the HA cluster so that only the active node remains, update this node and re-activate VCHA again after the update was successful. In my experience this is faster and easier than patching 3 VMs with failovering from active to passive node.
And if the patch goes wrong for some reason? What do you have left over?
Easy quick methods have a cost, in this case it is the risk of losing vCenter completely. The guidance given isn't without merit. Whilst updating one of the three nodes, the vCenter DB is protected.
Good find on the VMware guide. I couldn't find it quickly despite looking. I found a reference to it in another VMware page, but the reference wasn't a link.
And if the patch goes wrong for some reason? What do you have left over?
Easy quick methods have a cost, in this case it is the risk of losing vCenter completely. The guidance given isn't without merit. Whilst updating one of the three nodes, the vCenter DB is protected.
Just like we've been doing vCenter updates for the last 10 years without HA: With snapshots and/or backups.
I have never lost a vCenter through any update. If something goes wrong, the snapshot will be reverted or the backup restored.
VMware also mentions this in the vCenter update documentation: Install vCenter Server Appliance Patches
As a precaution in case of failure, you can back up the vCenter Server Appliance.
I did according this document:
first update witness
then update passive
now after update passive node show this error:
Connection refused: The remote service is not running, OR is overloaded, OR a firewall is rejecting connections.
and i restart witness and passive manually but not solved
what is the problem ?
please see attach pic
I told you that it's the best way to destroy VCHA and patch only once without the VCHA failover. Then you wouldn't have any problems and you'd be done. There are dozens of posts here where there were problems with VCHA during updates.
You could now start troubleshooting. For me it looks like a splitbrain or isolation scenario. Active and Passive node have the vCenter Management IP, which shouldn't be and apparently the nodes can't talk to each other anymore. Maybe you restarted passive and witness node at the same time. You must not do this, because VCHA always requires that 2 nodes can talk to each other (either Active & Passive or Active & Witness or Passive & Witness), otherwise management is no longer possible.
For VCHA troubleshooting this ressource may be helpfull: Troubleshoot Your vCenter HA Environment
But if this would be my setup, I would now power off the passive node and Witness. Check if everything is ok with the active node and if the vSphere client works properly. After that I would remove the HA configuration (this button still seems to work) and if everything is still fine I would take a snapshot of VCSA, update the remaining VM and re-activate HA again. At least that would be my approach.
is that your means remove vcHA completely and just update active vcsa and another config vcHA ?
BR
Yes. That would be my approach to solve this issue. Also the VCHA troubleshooting guides from VMware are about to destroy and reconfigure VCHA in the most failure cases.
But in order to break nothing more, I would proceed step by step. First shut down passive and witness node, check if the active node still works correctly, restart the active node if necessary and only if everything is OK with the active node I would completely remove VCHA. Maybe a backup of the active and passive node still makes sense before you start, but that's up to you.
i restart my vcenter server now after a few minute it not start now would you say me what is the priority restart between vcenter active- passive and witness
i think had to do try it manual
in this method just we have a down time for vcenter
Are you allowing enough time for the nodes to boot up?
VCSA can to take an age to fully start-up (at least in my experience).
Also when you think it is started, not all services may have started.
The web-service for example seems to require several more minutes to become fully operational, and I suspect this must be working for a failover to be triggered.
As I understood the best method is :
1- Remove vCenter HA
2- update vCenter appliance
3- setup vcHA
and finally we have down time in vcenter
Are these correct ?
BR
Babak
We can discuss whether this is the best method or not. At least for me and all the infrastructures I manage, this way works best and causes the least problems. Other people may have different experiences and opinions with this topic (VCHA patching).
However, you will always have a downtime with a vCenter update. Either during the update itself, when VCHA is not active (in my experience 10-30 minutes) or during the failover between nodes (about 5-10 minutes).
1- Remove vCenter HA
2- update vCenter appliance
3- setup vcHA
If your management ip is on the active node, removing (destroying) the VCHA config will not cause a downtime. Also enabling VCHA will not cause any downtime. But you will have a downtime during the update of the vCenter appliance.
If your management ip is on the passive node (because of a failover in the past), the management ip will switch to the active node during removing VCHA. This will cause a short service interruption of maybe 5-10 minutes (and after that you will have a downtime again because of the update itself).