Execute the Upgrade Script on VM Based Deployment (Native Kubernetes)
This section provides instructions to upgrade
VMware Telco
Cloud Service Assurance
on production footprint using the following procedure.During the upgrade process, you must not access the
VMware Telco
Cloud Service Assurance
UI.- Copy the Harbor Certs file from/etc/docker/certs.d/<HarborIP>/ca.crtto the/etc/ssl/certsdirectory.
- If you do not have permission to the/etc/ssl/certsdirectory, then put the Harbor Cert in any other location where you have access, and run the below command:trust anchor <path-to-cert>or you can run the following trust anchor command with the default harbor cert pathtrust anchor /etc/docker/certs.d/<HarborIP>/ca.crtIftrustcommand is not available, then installp11-kit-trustpackage which containstrustcommand.
- You must set the following tag to false if it is set to true.export PUSH_TO_CHART_REPO=false
- If you do not want to specify the registry user name and password in the upgrade script, perform Docker login.
- To log in to Docker, run the following command if podman-docker is installed in the deployment host.docker login <harbor-fqdn> --compat-auth-file=/root/.docker/config.json
- To log in to Docker, run the following command if docker is installed in the deployment host.docker login <harbor-fqdn>
- Execute theupgradeTCSA.shscript.root [ ~ ]# cd $TCSA_WORK_SPACE/tcx-deployer/scripts root [ ~/upgrade/tcx-deployer/scripts ]# ./upgradeTCSA.sh --kubeconfig <your-kubeconfig-location> --registry-cert <harbor-registry-cert-path> --registry <harbor-registry-fqdn>/<project-name> --registry-password <harbor-registry-password> --registry-username <harbor-registry-username> --timeout <timeout in minute>
- After executing this command wait for a few minutes, you will be prompted to provide the keycloak password. Deployment upgrade will continue after providing the password in the console. You must enter the keycloak password in the console even if it is the default password or a custom password. The default password isvmware@1!.
- You can specify 120 minutes for the timeout value. If there is any latency in the network, you can increase this value.
- Ensure that the--registry-passwordis passed inside single quotation if you are passing this to the installation script through command line.
- After the upgrade script exits, manually check theVMware Telco Cloud Service Assurancedeployment status by running the following command from the deployment VM.root [ ~/tcx-deployer/scripts ]# kubectl get tcxproduct -Aorroot [ ~/tcx-deployer/scripts ]# kubectl get apps -AFor all the applications, the reconciliation status must be successful.[root@wdc-10-214-174-032 ~]# kubectl get tcxproduct -A NAME STATUS READY MESSAGE AGE tcsa updateCompleted True All App CRs reconciled successfully 12h tps-tcx-platform-services updateCompleted True All App CRs reconciled successfully 13h
- After a successful upgrade, you can launch theVMware Telco Cloud Service AssuranceUI. For more information, see Accessing VMware Telco Cloud Service Assurance UI topic. Ensure that the About page in VMware Telco Cloud Service Assurance UI reflects the upgraded version of VMware Telco Cloud Service Assurance.
- If theIsitio-edge-ingressgatewaypod fails withImagePullBackOfferror, then refer to the "Pod fails with ImagePullBackOff error" section in theVMware Telco Cloud Service Assurance Troubleshooting Guide.
- After the upgrade is successful, you must execute thepostUpgrade.shscript for cleaning the stale entries from the deployer host.$TCSA_WORK_SPACE/tcx-deployer/scripts/postUpgrade.sh <your-kubeconfig-location>
- After theVMware Telco Cloud Service Assuranceupgrade is successful, follow the steps mentioned in the Post Upgrade topic.
After the
VMware Telco
Cloud Service Assurance
upgrade is successful, follow the steps mentioned in the Post Upgrade topic.After performing the steps in the Post Upgrade, you must upgrade all the remote data collector managers. For more information, see Upgrading Remote Collector Manager.
- If you do not have a remote data collector manager then you can skip this step.
- If the user wants to enable theGrafana Schedule and Export Reportspost the deployment, then follow the procedure mentioned in the "Optional feature : Enabling Grafana Schedule and Export Reports Feature" section.
After performing the steps in the Upgrading Remote Collector Manager, you must upgrade the domain managers as mentioned in the Upgrade Domain Manager topic.
If there are any SSL Handshake errors and the discovery fails in the Domain Managers while discovering VMware Aria Operations,.
VMware Telco Cloud Automation
, Cisco ACI, VCD, and vIMS after upgrading the Domain Manager andVMware Telco
Cloud Service Assurance
Core then to regenerate the Kafka Edge Certificate follow the procedure given in the "SSL Handshake Error Post TCSA and Domain Manager Upgrade" topic given in the VMware Telco
Cloud Service Assurance
Troubleshooting Guide