Upgrade External PSC HA 6.5 to 6.7 part2

This article is the second part of the Upgrade External PSC 6.5 to 6.7 series, if you missed the first article you can start from it by clicking here.

We ended up the first part of the upgrade procedure by deploying the new PSC 6.7 appliance with a temporary IP, now we can continue the wizard to configure the new appliance with the  configuration from the old one that will be decomissioned.

Let’s continue with the upgrade.

After the introduction tab we can jump into the upgrade and filling in the required fields with the PSC credentials, after that we can click on “Next” and let the procedure do some check.

On the pre-check phase is possible that you can get a warning:

warning – Unable to retrieve replication status of the partners

resolution – Make sure vmdir service is reachable and started in partner nodes and this node before continuing

that’s normal because by following the procedure on the KB we stopped all the services on the other PSCs appliances:

  1. Except the node that is to be migrated, stop the services on all other PSC nodes

I have also found a thread on the forum that talks about that and the point basically is “no worry, if your replication was fine before starting you can go ahead”. Then you can click on next and start the Data transfer between old and new PSC. Before the end of the process as you can see below a message is prompted. Its an informational messages that explain that with PSC 6.7 the TLS1.0 and 1.1 protocols are disabled by the default enhanced security.

After the data migration process is completed you can check you newly PSC 6.7 with the browser by clickin on the link.
If you get some issue connecting via SSH you can check in the VAMI if the service is enalbed by default, in my case was disabled so I started it.

Then you can restart the services on the other PSC to let them replicating the data:

  • service-control –start –all

and than you can check the status of the replication by using:

  • .vdcrepadmin -f showpartnerstatus -h “localhost or psc-fqdn” -u administrator

and then insert the password.
If the partner has 0 change behind this means that they are fine and the replication is working.

Then after the check you can proceed with the next PSC by following the steps done before, here a recap:

  1. Except the node that is to be upgraded, stop the services on all other PSC nodes. Use this command to stop the services.
    • PSC Appliance – service-control –stop –all
  2. Upgrade the Platform Services Controller 6.5 node to 6.7.
  3. Start the services on all other PSC nodes in the environment and allow them to replicate.
    Note: It is very important to allow the PSCs to replicate with the upgraded node before proceeding. The steps to check replication status can be found in Determining replication agreements and status with the Platform Services Controller 6.x
  4. Choose the next node to be upgraded and stop the services of all the other nodes, including the node that has been upgraded previously.
  5. Repeat this process until all the PSC nodes have been upgraded and start the services on all the PSC nodes. 
    • PSC Appliace – service-control –start –all

 

After the upgrade of all the PSCs you must conclude the configuration by running this script on all PSC nodes:

  • Navigate with: cd /usr/lib/vmware-sso/bin

  • Then launch the script: python updateSSOConfig.py –lb-fqdn=PSC_HA_VIP_FQD

Then you need to run another script but this time run it on a single PSC node only:

  • Navigate with: cd /usr/lib/vmware-sso/bin

  • Launch: python UpdateLsEndpoint.py –lb-fqdn=PSC_HA_VIP_FQDN –user=administrative_user –password=password

Than you can check if your VIP is redirecting the 443 request on the newly PSCs, as you can see below its working!

This will conclude the PSC upgrade procedure. The next step for consider concluded the upgrade will be the vCenter upgrade to 6.7, we will see it in another article.

Leave a Reply