ESXi 6.7升级到7.0

这个属于ESXi的大版本升级,所以一般用两种方式: Cli 直接升级或者用vCSA Life Cycle Manager 用创建baseline 的方式升级

用cli的方式升级前面的文章已经写过了,因此这篇文章主要用来说以下用vCSA 的Life Cycle Manager 的方式升级

大概步骤也很简单,主要就是import ISO创建baseline, 然后相应的ESXi Host 选择baseline进行升级.

可以借鉴下面的两篇文章:

https://virtualg.uk/upgrade-esxi-6-7-to-7-0-lifecycle-manager-vlm/ 
https://www.nakivo.com/blog/how-to-upgrade-from-vmware-vsphere-esxi-6-7-to-7-0/

 

用cli的方式升级ESXi 6.7 到7.0 2c

ESXi 跨越大版本(比如说6.5到6.7,6.7到7)的升级,总的来说有两种方式. 一种是通过vCSA 的Life Cycle Manager 来import ISO,设定好baseline 来升级. 另外一种就是通过cli 的方式来直接升级. (通过ISO文件启动来升级的方式比较少见)

什么情况下用的到cli的方式来升级呢? 比如说vCSA 所在的ESXi 的host 需要升级,或者说你没有使用vCSA,而只是使用single ESXi host 等等

下面就详细说以下Cli 的升级方式.

Cli 升级也分为两种方式, 一种是offline 升级,一种是online升级. 不管是offline还是online, 首先都需要关闭ESXi host上的所有VM,方便进入maintenance 模式

命令参数:  -p 代表 profile,  -d 代表depot

Offline 升级:

  1. 从my.vmware.com上下载offline 升级的bundle, 如下图,选择Vmware vSphere Hypervisor(ESXi) Offline Bundle. 下载完了一定要注意验证md5

      2.ESXi host上面打开SSH, 把bundle 文件上传到datastore

      3.检查这个offline bundle中的可用的profile, 一般选择standard 结尾的那个profile, no-tools结尾的一般用于pxe

esxcli software sources profile list -d /vmfs/volumes/datastore1/ISOs/VMware-ESXi-7.0U2a-17867351-depot

       这里我们选择    ESXi-7.0U2a-17867351-standard

4. Dry-run upgrade, 看看那些VIBs会被移除和新增

esxcli software profile update -p ESXi-7.0U2a-17867351-standard -d /vmfs/volumes/datastore1/ISOs/VMware-ESXi-7.0U2a-17867351-depot --dry-run

      5.设置ESXi host进入maintenance mode

esxcli system maintenanceMode set –enable true

      6. 升级

esxcli software profile update -p ESXi-7.0U2a-17867351-standard -d /vmfs/volumes/datastore1/ISOs/VMware-ESXi-7.0U2a-17867351-depot

       7. 设置ESXi 退出maintenance mode

esxcli system maintenanceMode set --enable false

       8. 重启

reboot

 

Online升级: 

  1. ESXi host 进入maintenance 模式
esxcli system maintenanceMode set --enable true

      2. 防火墙里打开http traffic

esxcli network firewall ruleset set -e true -r httpClient

      3. 在VM repo上检查ESXi 7.0 可用的profiles

esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep ESXi-7.0

查询需要一定的时间, 然后如上面的offline 升级一样,会列出可用的profile,我们这里选择最新的以standard结尾的profile

ESXi-7.0U2d-18538813-standard

       4. dry-run检查

esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-7.0U2d-18538813-standard --dry-run

      5. 正式升级

esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-7.0U2d-18538813-standard

需要一定的时间来完成,这个时候安心等待就可以

从6.X升级到7的时候,有的时候会出现下面的错误提示:

Got no data from process: LANG=en_US.UTF-8 /usr/lib/vmware/esxcli-software profile.update -d "https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml" -p "ESXi-7.0U2d-18538813-standard"

这是因为你的ESXi Host上没有一个static scratch分区. 要不然就按照下面的方法来设置static scratch分区:

Enabling ESXi Persitent Scratch Partition

要不然就直接先用offline升级的方式升级到7.0,然后在用Cli 或者其他的方法升级到最新的7.X ESXi版本. 这是因为在ESXi 7 中,使用scratch 的方式发生了变化. 我建议使用offline 的方式,因为offline 的方式升级速度非常的快!

     6. 恢复原来的防火墙设置

esxcli network firewall ruleset set -e false -r httpClient

     7. ESXi host退出maintenance模式

esxcli system maintenanceMode set --enable false

     8. 重启

reboot

vCSA 6.7 升级到vCSA 7.0 (大版本升级)

vCSA的升级分为两种:

一个是大版本的升级,比如说6.5升级到6.7, 6.7升级到7.0. 这个时候就需要挂载新的vCenter 的ISO, 运行里面的installer.exe 来进行GUI升级,一步一步的按照步骤来做就可以了

一个是小版本的升级, 比如说7.02a 升级到7.02c之类的,其实就是打了一个小的patch, 这个时候就简单多了,直接进入VAMI界面, 也就是https://VCSA-ip:5480, 选择左下方的update 就可以了,选择好版本号,就可以便利的进行升级了.

小版本的升级可以参阅这篇文章:

https://virtualg.uk/how-to-upgrade-to-vmware-vcenter-server-vcsa-7-0-update-2/

这篇文章我们主要说vCSA 6.7升级到7.0, 也就是大版本升级的一般步骤.

千万要记住,一定要先升级vCSA, 然后再升级ESXi.

也即是说vCSA的版本一定要比ESXi高. 举个例子,7.0U2的 vCSA 可以连接6.7U3 的ESXi。 但是6.7U3的vCSA是无法连接7.0U2的ESXi的.

大概的升级过程,可以参见这篇文章:

https://www.crazycen.com/vmware/1660.html

英文版:

https://miketabor.com/how-to-upgrade-vcenter-server-appliance-6-7-to-7-0/

需要注意的是, vCenter Server一定通过VAMI打开SSH Access, 升级过程中需要用到

另外一点就是, 你可以会遇到下面两个错误提示:

Exception in invoking authentication handler unidentifiable C++ exception
no healthy upstream

这两个error常发生在vCSA升级完自动升级完,跳转回登录界面, 然后你登录了,有的时候就会出现上面的错误.

原因很简单,其实vCSA的升级还没有完全完成. 你可以去上个厕所,泡个咖啡什么的休息以下. 然后再刷新这个页面,重新登录就可以了

Virtualization Networking: Secondary IP range static routed to main IP of the server

今天收了一台leaseweb服务器,上面有两个IP range,主IP是/29, 第二个IP range是/24.

第二个/24 IP range, 没有自己的gateway IP 和 broadcast IP,是因为直接把这个IP range static route 到服务器的主IP,这样做的好处是省了两个IP. 但是对于虚拟化来说,这却是个不好的消息. 因为没有gateway,需要自己设置一个gateway,比较麻烦. 下面是搜索到的解决方案:

1) 来自于WHT: 

https://www.webhostingtalk.com/showthread.php?t=1411451

————————————–

1) Secondary IP blocks are delivered as a static route towards the main IP of the server. I
f you are binding these IPs directly to your machine, you should use a 255.255.255.255 netmask 
for each IP to allow all IPs to be usable.
If you are performing virtualization with anything other than OpenVZ, then you would 
need to establish a gateway in the secondary block and subnet accordingly on your side.
---
2) Secondary ranges are statically routed towards the main IP of the server itself and
 there is no defined gateway on our side. If you are using these directly on the machine
 or with OpenVZ, then no special configuration is needed and all IPs within the secondary
 subnet may be utilized without waste for a network, gateway, or broadcast. If you are
 configuring with Xen, KVM, or other similar methods of virtualization, you would need
 to setup a routed bridge to create a gateway for your VMs.

 

2) 来自于lowendtalk

https://www.lowendtalk.com/discussion/167250/proxmox-on-buyvm-routing
https://www.lowendtalk.com/discussion/122957/routing-ip-address-on-a-network-bridge

3) 来自于iweb.com, 在他们的knowledgebase 直接写了几个example, 如果用hyper-v 或者proxmox 的话会非常舒服,用esxi 的话也基本上是一个原理.

在Linux下:

Additional IPs at iWeb are not provided with an additional gateway so customers using VMWare or other virtualization tools might be wondering how they can use the additional IPs to create new Guest OS or Virtual Machines. It can be done by configuring VMWare to bridge connection to eth0.

Here is the specific way to make it work
Configure your first additional IP as a secondary IP on eth0:0
IP configuration is done in /etc/sysconfig/network-scripts/ifcfg-eth0:0
Enable IP forwarding to route VM traffic
IP forwarding can be enabled by adding net.ipv4.ip_forward = 1 to /etc/sysctl.conf
In VMWare make sure that your VM uses the bridge connection to eth0.
Configure your VM with one of your remaining 5 additional IPs.
The netmask is 255.255.255.248 (If you have been provided with 6 IPs). You can calculate the netmask via a website such as http://www.ipcalc.net/
Use XX.XX.XX.1 as the gateway
Example with actual IPs:

If you have been assigned the following additional IPs:

72.55.155.169
72.55.155.170
72.55.155.171
72.55.155.172
72.55.155.173
72.55.155.174
You would :

Configure the ip 72.55.155.169 as a secondary IP on eth0:0
Enable IP forwarding to route VM traffic
Make sure that your VM uses the bridge connection to eth0
Configure your VM with one of the available IPs (.170, .171, .172, .173 or .174)
Use 255.255.255.248 as the Netmask.
Use 72.55.155.169 as gateway.
Your VM’s network should now be properly configured!

 

在windows下:

This document takes in consideration that the host server network interface is configured with the following network configuration

Primary IP: <your primary ip address>
Netmask: 255.255.255.224
Gateway: <your primary ip address gateway>
Secondary IP: <your secondary ip address>
Netmask: 255.255.255.248
Gateway: <your primary ip address gateway>:
The secondary IP is crucial since it acts as a gateway for the virtual machine, in this case we used the first IP of the range.

Step 1. Enable bridged network configuration on virtual network interfaces

Open Start->Program Files->Vmware->Vmware server->Manage Virtual network
Open the Automatic bridging tab
Uncheck the automatic bridging
Open the Host Virtual Network Mapping tab
In the vmnet0 drop down menu select the interfaces which is configured with your primary address
Close the virtual network manager
Open Start->Program Files->Vmware->Vmware server-> Vmware server
Within the summary of the vm set the network interface for each vm to bridged
Step 2. Configure vm virtual network interfaces

Open the vm you wish to configure
Open Start->Network Connections (within the vm)
Configure the network interface with one of your secondary ip address (except the secondary ip you are using on the main host):
IP: <another secondary ip address>
Netmask: 255.255.255.248
Gateway: <the main host secondary ip address>
Step 3. Enable routing and remote access

Mare sure the windows firewall is disabled.

Routing and Remote access must be enabled on the main host as well as the vm’s

Open Start->Administrative Tools->Routing and Remote access
Right-click on the server
Select Configure and Enable Routing and Remote access
Select Custom configuration, click next
Select LAN Routing, click next
Click Finish
Make sure the service is started
Update: Since September 2012, iWeb provides a /28 range of primary IP. It allows you to use the same gateway for the VM as well as the host itself in bridge mode.

 

ESXi Maintenance模式

当你需要给ESXi Host 打patch, 或者upgrade,或者需要升级硬件,比如说安装更多的内存的时候,你需要将ESXi Host置于maintenance状态. 而只有在用户的请求下, ESXi Host 才会进入或者离开maintenance状态.

当ESXi Host进入maintenance状态之前,需要运行在ESXi Host上的所有VM,或者被迁移到其他的Host(手动迁移,或者DRS自动迁移),或者被关机. 只有完成了这些操作,ESXi Host上没有任何正在运行的VM时,才可以进入maintenance状态.

在maintenance状态下,你无法deploy任何新的VM或者启动任何处于关机状态下的VM.

升级vCSA(vCenter Server Appliance) 6.5 到6.7u3 或者6.7u3n 遇到的问题

vCSA(vCenter Server Appliance)爆出漏洞, 赶紧给vCSA升级.

选择了在线升级的方式,直接登录vCSA VAMI平台(注意这里要用root登录VAMI平台,不能用一般用户[email protected]之类的),点击update,选择了最新的vCenter版本,确出来下面的错误:

Appliance (OS) root password is expired or is going to expire soon. Please change the root password before installing an update

然后在VAMI平台里面更新root password, 也报下面的错误:

Could not set the password

如果你用command  chage -l root的话,也报下面的错误:

这是因为VAMI是无法修改过期的root密码的,你只能用CLI的方式, SSH登录vCSA 然后修改.

步骤:

  1. 在VAMI平台里面enable SSH,然后用root连接上vCSA
  2. 运行下面的commands:
shell.set --enabled true
shell
passwd

3. 确认root密码被修改了:

chage -l root

4.可以设置root从不过期:

chage -I -1 -m 0 -M 99999 -E -1 root

5. 重新在VAMI里面升级

参考文章:

https://kb.vmware.com/s/article/67414

注意,从7.0U1和6.7P03开始,可以用SSO administrator登录VAMI,然后重设root密码