Upgrading the VCSA via SSH

As two days ago the VMware vCenter Server Appliance 6.7 Update 2c patch (build 14070457) was released to resolve minor issues and update the Photon OS kernel to version 4.4.182 to resolve a couple of security issues (release notes), it was time to update a couple of VCSA appliance I set up for a client. After verifying the backup schedule was still working as intended and taking a snapshot I decided to start the upgrade via CLI and not via the vCenter�Server Appliance Management Interface (VAMI).
To be able to use the “software-packages” binary required for this we first need to change the standard shell of the root user, which usually looks like this when connecting via SSH:

Using username “root”.
Pre-authentication banner message from server:
|
| VMware vCenter Server Appliance 6.7.0.31000
|
| Type: vCenter Server with an embedded Platform Services Controller
|
End of banner message from server
root@vcenter[ ~ ]#

Enter the following commands to do the change:

chsh -s /bin/appliancesh root
logout

After reconnecting the prompt should now look like this:

Using username "root".

Pre-authentication banner message from server:
|
| VMware vCenter Server Appliance 6.7.0.31000
|
| Type: vCenter Server with an embedded Platform Services Controller
|
End of banner message from server

Keyboard-interactive authentication prompts from server:

End of keyboard-interactive prompts from server

Connected to service

* List APIs: "help api list"
* List Plugins: "help pi list"
* Launch BASH: "shell"

Command>

Now connect the patch ISO to the VCSA VM (via PowerShell or the vSphere Client) and start the upgrade with these commands:

software-packages stage --iso
software-packages list --staged
software-packages install --staged
reboot

If everything works as intended the result would look like this:

VMware vCenter Server Appliance upgrade process in SSH session

To speed up the process or when placing the upgrade ISO on a network share instead of a local storage replace the first command by one of these lines:

software-packages stage --iso --acceptEulas
software-packages stage --url --acceptEulas

Reusing storage devices for vSAN

Sometimes when a storage device (i.e. SSD or HDD) has been used for a previous vSAN deployment or has other leftovers it cannot be re-used (either for vSAN or a local VMFS datastore) right away. When you try to format the drive as shown below the error message “Cannot change the host configuration”:

Erase paritions highlighted in the Storage Devices view of a ESXi host in vSphere Client 6.7U1

The easiest way is to change the partition scheme from GPT to MSDOS via CLI (and back via GUI) and has been described in the community before.

However, even that may fail, e.g. because of the error “Read-only file system during write”. This can occur if the ESXi hypervisor finds traces of old vSAN deployments on the drive and refuses to overwrite these. In that case you first have to delete those traces manually. Log into the host in question as the root user and issue the vSAN commands needed. These are the commands for listing all known vSAN disks, deleting a SSD (cache device) and a (capacity) disk:

esxcli vsan storage list
esxcli vsan storage remove -s naa.6006016045502500c20a2b3ccecfe011 
esxcli vsan storage remove -d naa.58ce38ee2056991e

Afterwards repeat the steps described in the link above to correctly (re)claim the entire diskspace and then use it according to your plan.