Monday, March 21, 2016

How to update ESXi via CLI

If you don't want to use VMware Update Manager (VUM) you can leverage several CLI update alternatives.

First of all you should download patch bundle from VMware Product Patches page available at http://www.vmware.com/go/downloadpatches. It is important to know that patch bundles are cumulative. That means you need to download and install only the latest Patch Bundle to make ESXi fully patched.

ESXCLI
You can use esxcli command on each ESXi host.

To list image profiles that are provided by the Patch Bundle use following command
esxcli software sources profile list -d /path/to/.zip
The output will look like this:
[root@esx01:~] esxcli software sources profile list -d /vmfs/volumes/NFS-SYNOLOGY-SATA/ISO/update-from-esxi6.0-6.0_update02.zip
Name                              Vendor        Acceptance Level
--------------------------------  ------------  ----------------
ESXi-6.0.0-20160301001s-no-tools  VMware, Inc.  PartnerSupported
ESXi-6.0.0-20160302001-standard   VMware, Inc.  PartnerSupported
ESXi-6.0.0-20160301001s-standard  VMware, Inc.  PartnerSupported
ESXi-6.0.0-20160302001-no-tools   VMware, Inc.  PartnerSupported
Now you can update the system with a specific profile:
esxcli software profile update -d /vmfs/volumes/NFS-SYNOLOGY-SATA/ISO/update-from-esxi6.0-6.0_update02.zip -p ESXi-6.0.0-20160302001-no-tools 
The output will look like this:
[root@esx01:~] esxcli software profile update -d /vmfs/volumes/NFS-SYNOLOGY-SATA/ISO/update-from-esxi6.0-6.0_update02.zip -p ESXi-6.0.0-20160302001-no-tools 
Update Result   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.   Reboot Required: true

The last task is to reboot ESXi host as seen in the output above.
[root@esx01:~] reboot 
After reboot, you can ssh to ESXi host and verify current version.
[root@esx01:~] esxcli system version get   Product: VMware ESXi   Version: 6.0.0   Build: Releasebuild-3620759   Update: 2   Patch: 34

 Note 1: The VMware online software depot is located at https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml, therefore you can use this online depot instead of local depot downloaded manually from VMware download site. To allow outgoing HTTP (tcp ports 80,443) you have to enable httpClient rule in ESXi firewall.
esxcli network firewall ruleset set -e true -r httpClient

To list profiles ...
esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

To update ESXi host into a particular profile ...
esxcli software profile update -d
https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
-p ESXi-6.0.0-20160302001-no-tools 

you can disable it after update
esxcli network firewall ruleset set -e false -r httpClient

 Note 2: You can run an ESXCLI vCLI command remotely against a specific host or against a vCenter Server system.
ESXCLI over PowerCLI
The same can be done via PowerCLI. The code below is optimized for ESXCLI-Version2 releases in PowerCLI 6.3 R1.

#get esxcli object on particular host
$esxcli = Get-EsxCli -VMhost -V2

 #list profiles in patch bundle
$arguments = $esxcli2.software.profile.list.CreateArgs()
$arguments.depot = "vmfs/volumes///update-from-esxi6.0-6.0_update02.zip"
$esxcli2.software.profile.update.Invoke($arguments)

#update to patch bundle profile
$arguments = $esxcli2.software.profile.update.CreateArgs()
$arguments.depot = "vmfs/volumes///update-from-esxi6.0-6.0_update02.zip"
$arguments.profile = "ESXi-5.5.0-profile-standard"
$esxcli2.software.profile.update.Invoke($arguments)

PowerCLI Install-VMHostPatch
You can also use special PowerCLI cmdlet Install-VMHostPatch

  1. Download the Update file “ESXi Offline Bundle” update-from-esxi6.0-6.0_update02.zip
  2. Extract the ZIP file and upload the resulting folder to a datastore on the Virtual Host.
  3. Put host in to maintenance mode
  4. Open PowerCLI
  5. Connect-VIServer
  6. Install-VMHostPatch -HostPath /vmfs/volumes/Datastore/update-from-esxi6.0-6.0_update02/metadata.zip
Note: For Install-VMHostPatch method Patch Bundle must be explicitly unzipped. 

References:





  • VMware Product Patches
  • VMware : Are ESXi Patches Cumulative 
  • Andreas Peetz : Are ESXi 5.x patches cumulative?
  • Quickest Way to Patch an ESX/ESXi Using the Command-line
  • Install-VMHostPatch
  • Home Lab Upgrade to 6.0u2
    • Posted by at 5 comments:

    Friday, March 18, 2016

    What's new in PowerCLI 6.3 R1?

    PowerCLI 6.3 R1 introduces the following new features and improvements:

    Get-VM is now faster than ever!
    The Get-VM Cmdlet has been optimized and refactored to ensure maximum speed when returning larger numbers of virtual machine information. This was a request which we heard time and time again, when you start working in larger environments with thousands of VMs the most used cmdlet is Get-VM so making this faster means this will increase the speed of reporting and automation for all scripts using Get-VM. Stay tuned for a future post where we will be showing some figures from our test environment but believe me, it’s fast!


    New-ContentLibrary access
    New in this release we have introduced a new cmdlet for working with Content Library items, the Get-ContentLibraryItem cmdlet will list all content library items from all content libraries available to the connection. This will give you details and set you up for deploying in our next new feature…. 
    The New-VM Cmdlet has been updated to allow for the deployment of items located in a Content Library. Use the new –ContentLibrary parameter with a content library item to deploy these from local and subscribed library items, a quick sample of this can be seen below:

    $CLItem = Get-ContentLibraryItem TTYLinux
    New-VM -Name "NewCLItem" -ContentLibraryItem $CLItem -Datastore datastore1 -VMHost 10.160.74.38
    Or even simpler….
    Get-ContentLibraryItem -Name TTYLinux | New-VM -Datastore datastore1 -VMHost 10.160.74.38

    ESXCLI is now easier to use
    Another great feature which has been added has again come from our community and users who have told us what is hard about our current version, the Get-Esxcli cmdlet has now been updated with a –V2 parameter which supports specifying method arguments by name.
    The original Get-ESXCLI cmdlet (without -v2) passes arguments by position and can cause scripts to not work when working with multiple ESXi versions or using scripts written against specific ESXi versions.

    A simple example of using the previous version is as follows:
    $esxcli = Get-ESXCLI -VMHost (Get-VMhost | Select -first 1)
    $esxcli.network.diag.ping(2,$null,$null,“10.0.0.8”,$null,$null,$null,$null,$null,$null,$null,$null,$null)

     Notice all the $nulls ?  Now check out the V2 version:

     $esxcli2 = Get-ESXCLI -VMHost (Get-VMhost | Select -first 1) -V2
    $arguments = $esxcli2.network.diag.ping.CreateArgs()
    $arguments.count = 2
    $arguments.host = "10.0.0.8"
    $esxcli2.network.diag.ping.Invoke($arguments)

    Get-View, better than ever
    For the more advanced users out there, those who constantly use the Get-View Cmdlet you will be pleased to know that a small but handy change has been made to the cmldet to enable it to auto-complete all available view objects in the Get-View –ViewType parameter, this will ease in the use of this cmdlet and enable even faster creation of scripts using this cmdlet.

    Updated Support
    As well as the great enhancements to the product listed above we have also updated the product to make sure it has now been fully tested and works with  Windows 10 and PowerShell v5, this enables the latest versions and features of PowerShell to be used with PowerCLI.
    PowerCLI has also been updated to now support vCloud Director 8.0 and vRealize Operations Manager 6.2 ensuring you can also work with the latest VMware products.

    More Information and Download
    For more information on changes made in vSphere PowerCLI 6.3 Release 1, including improvements, security enhancements, and deprecated features, see the vSphere PowerCLI Change Log. For more information on specific product features, see the VMware vSphere PowerCLI 6.3 Release 1 User’s Guide. For more information on specific cmdlets, see the VMware vSphere PowerCLI 6.3 Release 1 Cmdlet Reference.

    You can find the PowerCLI 6.3 Release 1 download HERE. Get it today!

    Posted by at No comments:
    Labels:

    Wednesday, March 16, 2016

    General recommendations for stretched vSphere HA Cluster aka Metro Cluster Storage (vMSC)

    This is just a brief blog post with general recommendations for VMware vSphere Metro Cluster Storage (aka vMSC). For more holistic view, please read white paper "VMware vSphere Metro Storage Cluster Recommended Practices"

    vSphere HA Cluster Recommended Configuration Settings:
    • Set Admission Control - Failover capacity by defining percentage of the cluster (50% for CPU and Memory)
    • Set Host Isolation Response - Power Off and Restart VMs
    • Specify multiple host isolation addresses - Advanced configuration option das.isolationaddressX
    • Disable default gateway as host isolation address - Advanced configuration option das.useDefaultIsolationAddress=false
    • Change the default settings of vSphere HA and configure it to Respect VM to Host affinity rules during failover - Advanced configuration option das.respectVmHostSoftAffinityRules=true
    • The minimum number of heartbeat datastores is two and the maximum is five. VMware recommends increasing the number of heartbeat datastores from two to four in a stretched cluster environment Advanced configuration option das.heartbeatDsPerHost=4
    • VMware recommends using "Select any of the cluster datastores taking into account my preferences" for heartbeat datastores and choose two datastores (active distributed volumes/LUNs) on each site
    • PDL and APD considerations depends on stretched cluster mode (uniform/non-uniform). However, VMware recommends to configure PDL/APD responses therefore VM Component Protection (VMCP) must be enabled and response should be set to "Power Off and Restart VMs - Conservative". Detail configuration should be discussed with particular storage vendor. 
    vSphere DRS Recommended Configuration Settings:
    • DRS mode - Fully automated
    • Use DRS VM/Host rules to set VM per site locality
    • Use DRS "Should Rules" and avoid the use of "Must Rules"
    SIOC/SDRS

    • Based on KB 2042596 SIOC is not supported
    • Based on KB 2042596 SDRS is only supported when the IO Metric function is disabled.

    Distributed (stretched) Storage Recommendations:
    • Always consult your configuration with your storage vendor
    • VMware highly recommends to use storage witness (aka arbitrator, tie-braker, etc.) in third site.
    Custom automation for compliance check and / or operational procedures Recommendations:
    • VMware recommends manually defining “sites” by creating a group of hosts that belong to a site and then adding VMs to these sites based on the affinity of the datastore on which they are provisioned. 
    • VMware recommends automating the process of defining site affinity by using tools such as VMware vCenter OrchestratorTM or VMware vSphere PowerCLITM. 
    • If automating the process is not an option, use of a generic naming convention is recommended to simplify the creation of these groups. 
    • VMware recommends that these groups be validated on a regular basis to ensure that all VMs belong to the group with the correct site affinity.
    Other relevant references:
    Posted by at 6 comments:
    Labels: , , , ,

    Friday, March 04, 2016

    How to show vCenter Instance configuration?

    Login to vCenter Server Appliance (VCSA) via ssh.

    Enable BASH access: "shell.set --enabled True"
    Launch BASH: "shell"

    Run following command to list vCenter Instance configuration.

    vc01:/etc/vmware-vpx # cat /etc/vmware-vpx/instance.cfg 
    applicationDN=dc\=virtualcenter,dc\=vmware,dc\=int
    instanceUuid=b7cc1468-6d27-4117-943f-7b1b4485028b
    ldapPort=389
    ldapInstanceName=VMwareVCMSDS
    ldapStoragePath=/etc/vmware-vpx/

    vCenter UUID is very important identifier which is unique identification of particular instance in external systems like Vmware Platform Service Controller (PSC), vROps, SRM, etc.

    UUID is in our example b7cc1468-6d27-4117-943f-7b1b4485028b

    Posted by at No comments:
    Labels: ,

    Cisco Virtual Switch Update Manager

    Do you have Cisco Nexus 1000V in your vSphere environment? Then VSUM can be pretty handy toll for you.

    VSUM is a free virtual appliance from Cisco that integrates into the vSphere Web Client. Once deployed, VSUM allows you to do the following actions from the web client:

    • Deploy Nexus 1000v and Application Virtual Switch (AVS)
    • Upgrade the 1000v and AVS
    • Migrate virtual networking from vSwitch/VDS
    • Monitor your 1000v/AVS environment                              

    In other words, Cisco VSUM is a virtual appliance that is registered as a plug-in to VMware vCenter Server. The Cisco VSUM user interface is an integral part of VMware vSphere Web Client. The Cisco VSUM enables you to install, migrate, monitor, and upgrade the VSMs in high availability (HA) or standalone mode and the VEMs on ESX/ESXi hosts.



    Posted by at No comments:
    Labels: , , ,
    Subscribe to: Posts (Atom)