Upgrading VRA 8.1 to 8.3 using vRLCM

The first steps when upgrading any system is to RTFM but with the vRLCM in the mix, a lot of the pre-steps like downloading the binaries and checking the compatibility can be done in the web interface.

To upgrade VMware vRealize Automation (VRA) we need to make sure the VMware vRealize Suite Lifecycle Manager (vRLCM) is on the latest version and is patched. Log in and go to Home > Settings > System Upgrade and do an online check to see if there are any upgrades available, if a new VRA release has come out there will also be a new vRLCM as these are now normally released in lock step across the vRealize suite. Take a snapshot of the server and Click Check for Upgrade. you can check the status of the the upgrade in the requests section.

Once upgraded log in again and add the required binaries.

If you have a My VMware account added you can pull the binaries directly from VMware depot to the appliance, if you do not have direct or proxy access tot he internet you can import them from a NFS share or from the vRLCM local file system (need to download and copy them there).

Once we have this upgraded and the upgrade binaries donwloaded for all the products we plan to target e.g. vIDM & VRA we can kick it off.

vIDM Upgrade

To start off I’m going to upgrade the identity manager (vIDM). Open up the vRLCM environment and check the compatibility. I’m currently running version 3.3.2, click on the 3 dots (…) inside the environment tile and then select “View Compatibility”. VRA 8.3 is not there (at time of this blog) but I know if I check the interop site that 3.3.2 is supported so it’s always worth a second check as there could be a delay in updating systems or a note which might not apply to your environment . I’m going to upgrade this to 3.3.4 which does not support VRA 8.1 so if this was a production platform there might be a 2 step upgrade required, worth logging a GSS case or check with your VMware rep if not sure. This is a lab so I’m going straight to 3.3.4 and VRA 8.3.

Check that your IDM is working as expected and that there are no errors in the admin console. Take a snapshot and then go back to vRLCM and click on upgrade.

Run an Inventory Sync, you need to do this before the Proceed button is available.

Run a Pre Check…..hmmm my root password needs to be updated.

I could see this issue in the admin console on the vIDM server, to update this in the admin vIDM console go Appliance Settings > Manage Configuration > System Security and update the root password details or via vRLCM by selecting the product in the environment title > VMware Identity Manager Primary Node > change Node password.

vIDM Admin Console


Jump back into vRLCM and re-run the precheck, you can go to the requests tab and click on the vIDM upgrade request this should be in a “Pending Action” state. If you have changed the password using the vIDM console you night need to add/update this in the locker and then use these new passwords. Tip run an inventory again and let it fail and then just add the new passwords when you come to do a retry.

Upgrade and monitor the progress in the request tab

Request workflow

I hit another major issue in the upgrade the appliance was rebooted and when it came up again it no longer had any network connectivity and the workflow reported an issue.

I noticed that the /etc/sysconfig/networking/device/ifcfg-eth0 network config file was no longer present in the file system and the was a message in the VM console :

I manually added in network configure by running the /opt/vmware/share/vami/vami_config_net command and then rebooted the system, went back into vRLCM and click retry on the workflow which continue the upgrade which completed.

VRA Upgrade

Now to the main event upgrading the VRA platform, this follow the same process as the vIDM upgrade make sure that the upgrade binaries have been downloaded to the vRLCM Home > Settings > Binary Mapping > Add Binaries

Click Upgrade and perform a inventory sync

When the sync is complete you can proceed to upgrade the platform.

Note this is part of the upgrade workflow, good time to check your datastore has space.

The host I’m running the VRA node on only has 32GB of memory so will have to ignore the warning on the pre check.

Kick off the upgrade and wait for all the workflows to complete………………

There has been a few times that vRLCM reported that my upgrade had failed, this is manly due to the platform running slow (storage) and things taking longer to load/upgrade, if you have space it’s good to run this off SSD but remember the snapshot size requirement this will need to be a 256GB+ disk.

If a failure happens it’s good to try and retry in the vRLCM request workflow window to see if the issue has self resolved over time (this should not happen in a production environment..hopefully), sometimes the retry process will give you some option e.g.
1. Revert and try again
2. Revert and cancel upgrade
3. Succeed upgrade request
On my upgrade I had this problem, I checked the server to see what it was doing before reverting. I could see that it was still building containers and was just taking some time so I left it to complete . There are a few log files and commands that you can use to see the status of the upgrade and the platform start up . Once i saw that VRA had deployed successfully in the deploy.log I selected “Succeed upgrade request” in vRLCM.

This watches the pods in the prelude (VRA) namespace and will show you when a state change takes place.

kubectl get pods -n prelude -w 
tail -f /var/log/deploy.log

This outputs the deployment log and can help if anything fails.

Log locations:

You can also go to the below location and tail out the logs
/opt/vmware/var/log/vami/vami.log /opt/vmware/var/log/vami/updatecli.log