Execute the Upgrade Script on VM Based Deployment (Native Kubernetes)

This section provides instructions to upgrade
VMware Telco Cloud Service Assurance
on production footprint using the following procedure.
During the upgrade process, you must not access the
VMware Telco Cloud Service Assurance
UI.
  1. Copy the Harbor Certs file from
    /etc/docker/certs.d/<HarborIP>/ca.crt
    to the
    /etc/ssl/certs
    directory.
  2. If you do not have permission to the
    /etc/ssl/certs
    directory, then put the Harbor Cert in any other location where you have access, and run the below command:
    trust anchor <path-to-cert>
    or you can run the following trust anchor command with the default harbor cert path
    trust anchor /etc/docker/certs.d/<HarborIP>/ca.crt
    If
    trust
    command is not available, then install
    p11-kit-trust
    package which contains
    trust
    command.
  3. You must set the following tag to false if it is set to true.
    export PUSH_TO_CHART_REPO=false
  4. If you do not want to specify the registry user name and password in the upgrade script, perform Docker login.
    1. To log in to Docker, run the following command if podman-docker is installed in the deployment host.
      docker login <harbor-fqdn> --compat-auth-file=/root/.docker/config.json
    2. To log in to Docker, run the following command if docker is installed in the deployment host.
      docker login <harbor-fqdn>
  5. Execute the
    upgradeTCSA.sh
    script.
    root [ ~ ]# cd $TCSA_WORK_SPACE/tcx-deployer/scripts root [ ~/upgrade/tcx-deployer/scripts ]# ./upgradeTCSA.sh --kubeconfig <your-kubeconfig-location> --registry-cert <harbor-registry-cert-path> --registry <harbor-registry-fqdn>/<project-name> --registry-password <harbor-registry-password> --registry-username <harbor-registry-username> --timeout <timeout in minute>
    • After executing this command wait for a few minutes, you will be prompted to provide the keycloak password. Deployment upgrade will continue after providing the password in the console. You must enter the keycloak password in the console even if it is the default password or a custom password. The default password is
      vmware@1!
      .
    • You can specify 120 minutes for the timeout value. If there is any latency in the network, you can increase this value.
    • Ensure that the
      --registry-password
      is passed inside single quotation if you are passing this to the installation script through command line.
  6. After the upgrade script exits, manually check the
    VMware Telco Cloud Service Assurance
    deployment status by running the following command from the deployment VM.
    root [ ~/tcx-deployer/scripts ]# kubectl get tcxproduct -A
    or
    root [ ~/tcx-deployer/scripts ]# kubectl get apps -A
    For all the applications, the reconciliation status must be successful.
    [root@wdc-10-214-174-032 ~]# kubectl get tcxproduct -A NAME STATUS READY MESSAGE AGE tcsa updateCompleted True All App CRs reconciled successfully 12h tps-tcx-platform-services updateCompleted True All App CRs reconciled successfully 13h
    • After a successful upgrade, you can launch the
      VMware Telco Cloud Service Assurance
      UI. For more information, see Accessing VMware Telco Cloud Service Assurance UI topic. Ensure that the About page in VMware Telco Cloud Service Assurance UI reflects the upgraded version of VMware Telco Cloud Service Assurance.
    • If the
      Isitio-edge-ingressgateway
      pod fails with
      ImagePullBackOff
      error, then refer to the "Pod fails with ImagePullBackOff error" section in the
      VMware Telco Cloud Service Assurance Troubleshooting Guide
      .
  7. After the upgrade is successful, you must execute the
    postUpgrade.sh
    script for cleaning the stale entries from the deployer host.
    $TCSA_WORK_SPACE/tcx-deployer/scripts/postUpgrade.sh <your-kubeconfig-location>
  8. After the
    VMware Telco Cloud Service Assurance
    upgrade is successful, follow the steps mentioned in the Post Upgrade topic.
After the
VMware Telco Cloud Service Assurance
upgrade is successful, follow the steps mentioned in the Post Upgrade topic.
After performing the steps in the Post Upgrade, you must upgrade all the remote data collector managers. For more information, see Upgrading Remote Collector Manager.
  • If you do not have a remote data collector manager then you can skip this step.
  • If the user wants to enable the
    Grafana Schedule and Export Reports
    post the deployment, then follow the procedure mentioned in the "Optional feature : Enabling Grafana Schedule and Export Reports Feature" section.
After performing the steps in the Upgrading Remote Collector Manager, you must upgrade the domain managers as mentioned in the Upgrade Domain Manager topic.
If there are any SSL Handshake errors and the discovery fails in the Domain Managers while discovering VMware Aria Operations,
VMware Telco Cloud Automation
, Cisco ACI, VCD, and vIMS after upgrading the Domain Manager and
VMware Telco Cloud Service Assurance
Core then to regenerate the Kafka Edge Certificate follow the procedure given in the "SSL Handshake Error Post TCSA and Domain Manager Upgrade" topic given in the
VMware Telco Cloud Service Assurance
Troubleshooting Guide
.