VMWare ESXi: Difference between revisions

From Edgar BV Wiki
Jump to navigation Jump to search
No edit summary
 
(70 intermediate revisions by the same user not shown)
Line 1: Line 1:
Steps:
= Installation Steps =
# install ESXi onto the hardware
# install ESXi onto the hardware (use unetbootin to create the image, don't follow the manual: it's shit)
# install VMWare vSphere client onto your PC
# install VMWare vSphere client onto your PC
# Connect using the vSphere client
# Connect using the vSphere client
# In the server -> configuration -> Licensed Features (under Software) - Edit (on the right) and enter the license key: H401K-82H0M-K8F49-0H9A4-95CM0
# In the server -> configuration -> Licensed Features (under Software) - Edit (on the right) and enter the license key: JM28P-8UJE1-68Z81-02ARH-81L04 (edgarbv) H401K-82H0M-K8F49-0H9A4-95CM0
# Create a datastore and on that create a directory .locker-HOSTNAME
# Go to Manage -> System -> Advanced settings and find ScratchConfig.ConfiguredScratchLocation edit this to be /vmfs/volumes/UUID/.locker-HOSTNAME
# now find Syslog.global.logdir and set this to the datastorename [platters]/.locker-HOSTNAME/log or via syslog.global.loghost (for remote logging)
 
= Storage =
== Expanding HDs on a VM ==
[https://ma.ttias.be/increase-a-vmware-disk-size-vmdk-formatted-as-linux-lvm-without-rebooting/ Increase A VMware Disk Size (VMDK) Formatted As Linux LVM without rebooting]
You can only extend the current disk if you have less than 4 partitions
 
If it's a root volume you have to reboot with a Debian CD and enter rescue mode. Otherwise you may be able to extend without powering off
 
=== check if you can see the extra space===
====If you have increased the size of the disk====
 
fdisk -l
 
parted
 
cfdisk
 
If not then you can rescan the scsi bus
<pre>
ls /sys/class/scsi_device/
echo 1 > /sys/class/scsi_device/0\:0\:0\:0/device/rescan
</pre>
Rescan for each device found.
 
====If you have added a new disk====
<pre>
ls  /sys/class/scsi_host/
echo "- - -" > /sys/class/scsi_host/host0/scan
</pre>
It won't show any output, but running 'fdisk -l' will show the new disk.
 
=== extend an existing disk ===
<pre>
parted
print
resizepart 2 <- NB this is the extended partition
(enter max size to max size shown on print)
resizepart 5 <- NB this is the logical partition on the extended partition
(enter max size to max size shown on print)
write
quit
vgscan
pvscan
pvdisplay
</pre>
It should now show you that the physical volume has more space, as will vgdisplay
 
From [https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006371 here]
 
Run this command to extend the physical volume:
<pre>
vgextend VolGroup00 /dev/sda3
</pre>
Note: To determine which volume group to extend, use the command vgdisplay.
 
Run this command to verify how many physical extents are available to the Volume Group:
<pre>
vgdisplay VolGroup00 | grep "Free"
</pre>
Run the following command to extend the Logical Volume:
 
  lvextend -L+#G /dev/VolGroup00/LogVol00
or
  lvextend --extents +## /dev/debian-vg/root
 
Where # is the number of Free space in GB available / ## is the amount of extents free as per the previous command. Use the full number output from Step 10 including any decimals.
 
Note: To determine which logical volume to extend, use the command lvdisplay.
 
Run the following command to expand the ext3 filesystem, inside of the Logical Volume:
 
  e2fsck -f /dev/debian-vg/root
  resize2fs /dev/debian-vg/root
 
Notes:
 
    Use  ext2online /dev/VolGroup00/LogVol00 if it is a Red Hat virtual machine.
    By default, Red Hat and CentOS 7 use the XFS file system you can grow the file system by running the xfs_growfs command.
 
Run the following command to verify that the / filesystem has the new space available:
 
  df -h /
 
== using esxcli to investigate your disks and adapters ==
  esxcli storage core adapter list
 
shows the controllers
 
[https://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vcli.ref.doc_50%2Fesxcli_storage.html  esxcli storage reference from vmware]
 
[https://vdc-repo.vmware.com/vmwb-repository/dcr-public/0a40d9c5-4d4b-490d-8efa-e373a0ff2109/43a3c005-3878-4e05-8b60-35aca804d61d/doc/GUID-EB2F5391-4270-420E-A4AB-B2D8DA6C0C98.html examining LUNSs with esxcli storage core]
 
[https://cormachogan.com/2014/02/25/a-list-of-esxcli-storage-commands-you-cant-live-without/ A list of ESXCLI storage commands you can’t live without]
 
== old info==
== By adding a new partition formatting it and then adding it to the VG==
Turn off the VM, change the size of the disk in the settings. Start up the vm.
 
use fdisk /dev/sda to view the free space. If fdisk doesn't work, use parted or cfdisk.
 
Format the extra space as type 8e (LVM). Use vgextend and then lvextend to increase the size
 
= adding new disks to a vm and booting =
When you add a new disk, you may get an OS not installed / can't boot up error. This is because for some reason, esxi adds the new disk as scsi 0:0 (which is the first disk that wants to boot up). So you need to edit the new hard disk to scsi 0:2, the old one to 0:0 and then the new one to 0:1 again.
 
= cloning VMs using the CLI =
 
Cloning a virtual machine disk without delta files or snapshots
To clone a virtual machine disk using the ESXi/ESX host terminal:
 
    Log in to the terminal of the ESXi/ESX host.
 
    Navigate to the virtual machine's directory using the cd command. It is located at:
 
    /vmfs/volumes/source_datastore/virtual_machine/
 
    Confirm the destination directory where the clone will be copied to. Create this directory, if required.
 
    For example, if this destination directory does not exist:
 
    /vmfs/volumes/destination_datastore/virtual_machine/
 
    Create the directory using this command:
 
    mkdir /vmfs/volumes/destination_datastore/virtual_machine/
 
    Clone the virtual hard disk using the vmkfstools -i command after shutting down the virtual machine:
 
    # vmkfstools -i /vmfs/volumes/Storage1/examplevm/examplevm.vmdk /vmfs/volumes/Storage2/examplevm_clone.vmdk
 
    You see output similar to:
 
    Destination disk format: VMFS thick
    Cloning disk '/vmfs/volumes/Storage1 (3)/examplevm/examplevm.vmdk'...
    Clone: 100% done.
 
    '''Notes:'''
 
        Encapsulate objects with quotes where appropriate to ensure spaces and other special characters are interpreted correctly.
 
        By default, the vmkfstools -i command will create a destination thick provisioned disk. If you want the destination disk to be thin provisioned, add -d thin to the end of the preceding command.
 
        For example:
 
        # vmkfstools -i /vmfs/volumes/Storage1/examplevm/examplevm.vmdk /vmfs/volumes/Storage2/examplevm_clone.vmdk -d thin
 
== Cloning a virtual machine disk with delta files or snapshots ==
To clone a virtual machine disk using the ESXi/ESX host terminal:
 
    Log in to the ESXi/ESX host's terminal.
 
    Navigate to the virtual machine's directory using the cd command. It is located at:
 
    /vmfs/volumes/source_datastore/virtual_machine/
 
    Confirm the destination directory where the clone will be copied to. Create this directory, if required.
 
    For example, if this destination directory does not exist:
 
    /vmfs/volumes/destination_datastore/virtual_machine/
 
    Create the directory using this command:
 
    mkdir /vmfs/volumes/destination_datastore/virtual_machine/
 
    Clone the virtual hard disk from its current snapshot delta point using the vmkfstools -i command.
 
    # vmkfstools -i /vmfs/volumes/Storage1/examplevm/examplevm-000003.vmdk /vmfs/volumes/Storage2/examplevm_clone.vmdk
 
    You see output similar to:
 
    Destination disk format: VMFS thick
    Cloning disk '/vmfs/volumes/Storage1 (3)/examplevm/examplevm-000003.vmdk'...
    Clone: 100% done.
 
Impact/Risks
 
Downtime during the clone procedure.
 
Additional Information
 
Additional steps for virtual machine disks with delta files or snapshots
 
The original virtual machine files are still intact without modifications. You may opt to either create a new virtual machine and attach the cloned disk file(s), or replace the existing disks attached to the virtual machine with the cloned copies. These steps encompass the latter option.
 
To replace the original virtual machine disk(s) and delta snapshot file(s) with the cloned copy or copies:
 
    Detach the virtual hard disk from the virtual machine's configuration in the VMware vSphere or Infrastructure Client.
 
    Attach the new (cloned) virtual hard disk, /vmfs/volumes/Storage2/examplevm_clone.vmdk to the virtual machine.
 
    Rename the snapshot database (.vmsd) file for the virtual machine. At this time, it is no longer valid due to manipulation of the virtual machine's disk layout during troubleshooting:
 
    # mv examplevm.vmsd examplevm.vmsd.old
 
    Power on the virtual machine and confirm the guest operating system can boot successfully. Verify data integrity and confirm data is not missing or corrupt.
 
    With the virtual machine still powered-on, you may remove the original disk files to free datastore space. Files in use by the powered-on virtual machine cannot be removed by the VMware ESX server. This can be used as a safeguard.
 
= add new user =
Go to local users and groups and right click on the screen to add a new user. The password needs to be 8 characters long.
 
Then go to permissions and right click on the screen to add a permission. Choose the assigned role and then add the new user (on the left)
 
= auto start vm's =
under the configuration tab for the machine, at "Virtual Machine Startup/Shutdown"
Choose Properties.  You can configure the startup/shutdown here.
 
https://communities.vmware.com/thread/520839
 
Start the VMs automatically after Existing Host from Maintenance Mode, follow the below steps :
 
*    In vCenter Server, right-click the ESX/ESXi host and click Exit Maintenance Mode.
*    Open an SSH session to the ESX/ESXi host.
*    Run this command:
          /sbin/vmware-autostart.sh start
 
or
 
Use the Configuration > Virtual Machine Startup/Shutdown option in VirtualCenter
 
== renaming the hostname / domain name ==
[https://kb.vmware.com/s/article/1010821 Changing the name of an ESX or ESXi host (1010821)]
 
Or see join or leave AD below
 
== using vsphere client ==
Select the Host machine, then tab configure. Under software choose VM Startup/shutdown. Press 'edit' top right. Move the desired machines into the boot order using the move up / move down.
 
= starting from a cdrom or iso after OS has been installed =
 
In advanced boot options change the bootup delay to 99999 milliseconds. Then when you start up the VM you can press esc to select a boot device


= keyboard shortcuts for console =
= keyboard shortcuts for console =
Line 15: Line 252:


Ctrl+Shift+X Exit VM Console
Ctrl+Shift+X Exit VM Console
= installing tools on a VM =
The tools allow you to do things like copy paste into the console. In order to install the tools, you mount a CD from the internal datastore. Choose the version for the OS you have. Mount the CD, then copy the contents to /usr/local/src and unzip them. Inside this directory you run the perl scripts. For Linux you will need the kernel headers package
== Debian ==
apt-get install open-vm-tools
= Resetting the password for ESXi =
There is the [http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1317898 Cisco Way] and the
[http://www.vm-help.com/esx/esx3i/Reset_root_password.php Unofficial way]
NB you will have to use udpkg to install gzip from the cdrom (find the deb and use udpkg -i file.deb). Also you will need nano editor because vi isn't installed with the rescue disk.
After the host was shut down, I booted up with the Linux live CD. I then ran the commands '''fdisk -l''' and '''ls -l /mnt/sda5/''' / '''ls -l /mnt/sda6/''' to determine the location of the most recent state.tgz file. Note that if you're using ESXi Embedded then you may only see local.tgz instead of state.tgz and you should then copy and recreate that file.
After determining where the most recent state.tgz file was located, this was copied to /tmp. '''gzip''' and '''tar''' were then used to extract local.tgz from state.tgz. If you're using ESXi Embedded then you will copy local.tgz to tmp and run gzip and tar on that file. Once local.tar was extracted the '''cd etc''' command was run followed by '''vi shadow'''
ssentially you'll want to have the root entry as root::13358:0:99999:7::: . Once you have removed the password hash, press ESC and to save the change type in :wq and press Enter. You can run cat shadow to confirm that the change was saved successfully.
Once the shadow file has been updated, you'll use cd .. to go back to /tmp and then run '''tar -czvf local.tgz etc''' to create the local.tgz file. If you're using ESXi Embedded then you'll copy this file to the drive where it came from in step 3. Otherwise you'll run '''tar -czvf state.tgz local.tgz''' to create state.tgz which should then be copied to the correct location. In the below image you'll notice that I don't always use the -v option with the tar command.
Once the file has been copied back to the /bootbank partition the host can be rebooted back into ESXi. You'll be able to login with the root account with no password and will be greeted with the familiar message to change the root password
=Import VirtualBox harddisks=
On your VirtualBox host create a clone of the VMs hard disk like that: vboxmanage clonehd in.vdi out.vmdk –format VMDK –variant Fixed,ESX
If your VirtualBox drive is allready a vmdk then in.vmdk
This creates two files. One with the actual data and the other holding a descriptor. If the virtual hard drive is not completely filled, zipping the image will dramatically reduce its size.
On your ESXi host create a new VM without hard drive. Use the advanced mode to do so.
Copy the hard drive image to your ESXi host by using scp (or similar). Place it (both files) into the directory of you newly created VM.
Edit the settings of your new VM and add that hard drive.
That’s all. Using this method your virtual hard drive should now be a SCSI hard drive as expected by ESXi even if it was a SATA drive in VirtualBox before.
From [http://www.kodira.de/2013/06/import-virtualbox-vms-in-vmware-esxi/]
==Import Windows 7 client from VirtualBox==
Same as above, but change HD type from SCSI to SATA
=Virtualdisk manager=
This can be used to expand, shrink, repair, create, etc vmdk files
Download from [https://code.vmware.com/web/sdk/65/vddk vmware] (vmware-vdiskmanager.exe  is part of the The Virtual Disk Development Kit (VDDK)
Some examples of use can be found [https://www.vmware.com/support/ws45/doc/disks_vdiskmanager_eg_ws.html here]
=Items disappearing from the navigation tree=
If the inventory tree views are no longer showing items and you can't click on the triangle any more, in 6.5 you can click on your username, go to settings and turn off '''show only recent objects'''
=Hardware sensors=
https://communities.vmware.com/thread/520839
  vmkload_mod ipmi_si_drv
  vmkload_mod ipmi_devintf
I then get from esxcfg-module -l|grep ipmi
  ipmi_msghandler    2    40
  ipmi_si_drv              0    48
  ipmi_devintf              0    20
Then using the Web Client under Monitor->System sensors I get the sensor info displayed, i.e. CPU temp/Volts, etc.
I have made sure they are all enabled using :-
  esxcli system module set -m ipmi_si_drv -e 1
  esxcli system module set -m ipmi_devintf -e 1
  esxcli system module set -m ipmi_msghandler -e 1
Then using 'esxcli system module list|grep ipmi' I get:-
ipmi      true    true
ipmi_msghandler    true    true
ipmi_si_drv              true    true
ipmi_devintf              true    true
I have obviously rebooted the host (many times!), but the modules are still not loaded at start-up.
=Backup of esxi config=
https://www.altaro.com/vmware/esxi-backup-command-line/
ESXi’s vim-cmd allows you to backup and restore the host’s configuration directly from shell. To do this, enable SSH on the host and use putty to log in as root. Once you’re in, run the following two commands in the given order. You are given a URL which you’ll use to download the TGZ bundle from the host using a standard browser. Note that you need the replace the * character in the URL with the IP address of the ESXi host. I am not quite sure why the IP address of the host is not included from the start.
  vim-cmd hostsvc/firmware/sync_config
  vim-cmd hostsvc/firmware/backup_config
Using vim-cmd from the ESXi command line to backup the host's configuration
Just like the PowerCLI method, you must first put the host in maintenance mode before you’re able to restore from a configuration backup file. To do this, we’re still using vim-cmd. You also need to copy the backup file to a folder on the ESXi host using something like WinSCP. The host will then reboot to complete the restore process.
  vim-cmd hostsvc/maintenance_mode_enter
  vim-cmd hostsvc/firmware/restore_config /tmp/configBundle-esx-pn1.vsphere65.local.tgz
https://graspingtech.com/backup-vmware-esxi-6-5-configuration/
=Unregister a vm=
  #vim-cmd vmsvc/getallvms
command to display the names of the virtual machines registered on this host.
  #vim-cmd vmsvc/unregister vmid
[https://kb.vmware.com/s/article/1005051]
=Updates=
Find the release notes here.
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-vcenter-server-67-release-notes.html
Also, update VCSA to the latest version before you update the hypervisor
== Updating VCSA ==
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.upgrade.doc/GUID-E2E359B1-5834-4BFF-AEFE-6CEBFC8CC3D5.html
https://www.settlersoman.com/how-to-update-or-patch-vcenter-6-appliance-vcsa/
make a snapshot of the VCSA from the ESXI host running the server.
Log In to the vCenter Server Appliance Management Interface (on port 5480) as root (or as administrator@ if root doesn't work and you need to change the root password)
If you get a root password expired thing during the pre-update checks, go to Access and turn ssh + bash on. Login with ssh as administrator@ or another local.domain user and then run
  shell
  sudo passwd
change the password.
log in as root - '''NB perform the updates as root, not as administrator@!'''
Now the pre update checks should work.
go to the updates and apply them
After the updates have installed and VCSA is rebooted, check to see if it has started properly. It will take quite some time for the shell prompt to disappear and the VCSA frontend to appear - be patient! As in 10 minutes patient! However, if you have a login prompt, log in as root and then
  shell
  service-control --start --all
and then log in at port 5480 again and see if there are more updates
== Updating the Hypervisor / ESXI ==
Make sure you have updated VCSA first!
=== Using vCenter Update Manager (VUM) ===
https://www.altaro.com/vmware/how-to-patch-esxi-with-update-manager/
You need VCSA v 6.5+ for the VUM
Step 1 – Highlight the vCenter Server name in Navigator, select the Update Manager tab and click on the Go To Admin View button.
Figure 2 - Changing to VUM's Admin view in vSphere Web client
Figure 2 – Changing to VUM’s Admin view in vSphere Web client
Step 2 – Once in Admin view, select the ESXi Images tab and click on Import ESXi Image. Doing so, loads another dialog box where you specify the ESXi image (ISO file) you want imported. Click on Browse and navigate to the folder where the image is stored. Select the ISO file and click OK. The file will upload as shown in Fig. 3. The upload progress bar, shows the remaining time and the speed at which the file is being uploaded.
Figure 3 - Importing an ESXi ISO image to VUM
Figure 3 – Importing an ESXi ISO image to VUM
Step 3 – Once the ISO is uploaded, details about the ESXi image are displayed as per Figure 4.
Figure 4 - Product and version details for the ESXi image just imported
Figure 4 – Product and version details for the ESXi image just imported
Creating a baseline
Step 4 – Next, we create what’s called a Host Baseline. To do this, we simply right-click on the image just imported and select Create baseline as shown in Figure 5.
Figure 5 - Creating an ESXi host baseline
Figure 5 – Creating an ESXi host baseline
Step 5 – Type in a name for the baseline and press OK. The baseline should now be listed under the Hosts Baselines under Custom as per Fig. 6.
Figure 6 - The freshly created baseline as listed under the Hosts Baselines screen
Figure 6 – The freshly created baseline as listed under the Hosts Baselines screen
Attaching a baseline
Step 6 – We’re almost there. The idea now is to attach the baseline to one or more hosts. We then run a compliance check to determine if the upgrade or update is actually required. To do this, one must change over to Compliance view. Just hit the Go to compliance view button at the top-right corner as shown in Fig. 7.
Figure 7 - Changing over to Compliance view
Figure 7 – Changing over to Compliance view
The baseline can in fact be attached to a number of objects including a datacenter, cluster or an individual ESXi host. This is what allows you to patch multiple hosts. It is important to note though that you may inadvertently hit hosts not earmarked for updates so be careful when attaching baseline to higher level objects.
In the example that follows, I’ve attached the baseline to one of three ESXi hosts forming a cluster.
Figure 8 - Attaching a baseline to a host
Figure 8 – Attaching a baseline to a host
Step 7 – Next, we carry out a scan on the host to verify that the update/upgrade is in fact required. From the same screen, click on Scan for Updates and select Upgrades on the dialog that pops up followed by OK. This will initiate a scan the results of which are displayed under the Compliance Status column after the scan completes.
Figure 9 - Scanning a host for compliance
Figure 9 – Scanning a host for compliance
As expected, the host is found to be non-complaint, meaning that the 6.5.0d update is in fact applicable.
Figure 10 - A non-compliant result indicates that the host is missing one or more updates
Figure 10 – A non-compliant result indicates that the host is missing one or more updates
How to remediate the host
In this case, remediating is the act of pushing a patch or update to an ESXi host. A host is remediated by clicking on the Remediate button. Alternatively, right-click on the ESXi hostname (or IP address) in Navigator and select Remediate from the Update Manager menu.
Figure 11 - Remediating a host from the context menu
Figure 11 – Remediating a host from the context menu
Step 1 – The remediation process starts by selecting the baseline image you want applied. In this case, I’ve selected the one created for the 6.5.0d upgrade.
Figure 12 - Remediation Step 1 - Select the baseline applied
Figure 12 – Remediation Step 1 – Select the baseline applied
Step 2 – Next, select the host you wish to remediate. In this case, only one host is listed which is the one highlighted in Navigator. If say, the baseline had been attached to a cluster, then you’d have all the hosts within that cluster listed as target objects.
Figure 13 - Remediation Step 2 - Selecting the target to remediate
Figure 13 – Remediation Step 2 – Selecting the target to remediate
Step 3 – Accept the EULA by ticking the box at the bottom.
Figure 14 - Remediation Step 3 - Accept the End User License Agreement
Figure 14 – Remediation Step 3 – Accept the End User License Agreement
Step 4 – The next screen, gives you the option to postpone remediation tasks to a later date and time. You can also set the task to ignore warnings in reference to unsupported devices and such.
Figure 15 - Remediation Step 4 - Scheduling the remediation task (Optional)
Figure 15 – Remediation Step 4 – Scheduling the remediation task (Optional)
Step 5 – In all probability, the ESXi being remediated will be hosting VMs. This screen gives you control over what happens to the VMs currently powered on. You can choose to have them powered off, suspended or leave them in their current state. Like it or not, powered on VMs must be migrated or shut down for the remediation process to complete. Your options are to migrate VMs manually to some other host or simply power them off prior to remediating. Alternatively, set the VMs to power down by selecting the Power Off virtual machines option from the VM Power State drop-down box as shown in Fig. 16. You can also set the task to disconnect removable media from any hosted VMs as this may cause the remediation task to stall.
Figure 16 - Remediation Step 5 - Configuring the host remediation options
Figure 16 – Remediation Step 5 – Configuring the host remediation options
Step 6 – If the host being remediated is a cluster member, you can control various aspects related to clustering as shown in Fig. 17. Further details on each setting are available here.
Figure 17 - Remediation Step 6 - Configuring the cluster remediation options
Figure 17 – Remediation Step 6 – Configuring the cluster remediation options
Step 7 – The Pre-check Remediation tasks runs a series of checks and generates a report of what exactly is carried out on the host. Press Finish to initiate the remediation task.
Figure 18 - Remediation Step 7 - Completing the remediation task
Figure 18 – Remediation Step 7 – Completing the remediation task
The remediation task’s progress is displayed in the Recent Tasks window in vSphere Web client.
Figure 19 - A remediation task in progress
Figure 19 – A remediation task in progress
The host should enter maintenance mode and later disconnect while the update is being applied. It should then reboot and re-connect automatically, assuming the remediation processes succeeded in updating the host.
Figure 20 - A host is disconnected while being updated as can be seen in vSphere client and DCUI
Figure 20 – A host is disconnected while being updated as can be seen in vSphere client and DCUI
Once remediation completes, you can easily verify that the host is running the latest version by inspecting the host details on the Summary screen. Fig. 21 compares the host’s summary pre and post remediation.
Figure 21 - Comparing ESXi version details pre and post remediation
Figure 21 – Comparing ESXi version details pre and post remediation
This VMware KB article helps you correlate build and version numbers if needed. As per the partial table below, you can see that in our case, the ESXi host updated from 6.5 GA to 6.5.0d.
Figure 22 - Correlating ESXi version and build numbers
Figure 22 – Correlating ESXi version and build numbers
Conclusion
Update Manager is a must have if you want to easily and effectively implement patch management for ESXi. Incidentally, Update Manager is one other reason why you’d want to move over to vCSA 6.5 since VUM is now embedded with this vCenter release.
Make sure you have the correct version iso of the ESXI patch / version you have installed.
=== Using the CLI ===
https://esxi-patches.v-front.de/ is where you can find the latest patches and instructions for updating using the CLI
https://tinkertry.com/easy-update-to-latest-esxi
<pre>
esxcli network firewall ruleset set -e true -r httpClient
esxcli software profile update -p ESXi-6.7.0-20190802001-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
esxcli network firewall ruleset set -e false -r httpClient
</pre>
don't forget to
  tail -f /var/log/vpxa.log
To see if it's ready for a reboot. This process can take hours!
Useful to know
Restart the ESXi host daemon and vCenter Agent services using these commands:
  /etc/init.d/hostd restart
  /etc/init.d/vpxa restart
To restart all management agents on the host, run the command:
  services.sh restart &tail -f /var/log/jumpstart-stdout.log
==== from 6.5 to 6.7 ====
https://tinkertry.com/easy-update-to-esxi-67
It comes down to this though:
* reboot before doing this - preferably power down
* upgrade VMSA (VmWare Server Appliance) if you have it
* dry run
<pre>
esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.7.0-8169922-standard --dry-run
</pre>
* the real thing
  esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.7.0-8169922-standard
* reboot
== Updating the web interface ==
https://www.ivobeerens.nl/2018/05/01/configure-vm-autostart-in-the-esxi-embedded-host-client/
Note: The web interface is properly called the ESXI Embedded host client. Web client etc is used for the server appliance vCenter. You can tell the difference between the server appliance vCenter web interface and the embedded host client interface because the server appiance one has a black background and the embedded one has a blue background / border. vCenter is not free.
You can tell which version you have by looking at Help (top bar) -> about. It should show you the client and build version
The upgrade of the Host client is easy, no maintenance mode and reboot of the ESXi host is needed. The upgrade can be done by following these steps:
* Download the latest VIB https://labs.vmware.com/flings/esxi-embedded-host-client
* Upload the VIB on a datastore on your ESXi host
* SSH to the ESXi host
* Enter the following command to update the host client
<pre>
esxcli software vib update -v /vmfs/volumes/datastore/vibname.vib
</pre>
NOTE the path - it won't work if you cd to /vmfs/volumes/etc and then try to run ./vibname.vib
Also, presumably when you update the hypervisor you will probably also need to re-update the embedded host client.
= Vmware Vcenter Server Appliance (VCSA) =
[https://docs.vmware.com/en/VMware-vSphere/index.html VMWare Vsphere documentation]
When installing, make sure your SSO domain is different from your internal domain name, so use something like yourdomain.local. Most examples online use vshpere.local
== Single Sign On (SSO) ==
=== change SSO password policy to never expires ===
Navigate to the Configuration UI.
    From the Home menu, select Administration.
    Under Single Sign On, click Configuration.
Click Policies, select Password Policy, and click Edit.
    Set maximum lifetime to 0
=== reset the SSO password ===
Log in to vCenter Server Appliance using SSH as the root user.
enter the shell
Run
<pre>
/usr/lib/vmware-vmdir/bin/vdcadmintool
</pre>
Press 3 to enter the Reset Account Password option.
    a) It will prompt for an “Account UPN”
    b) Enter administrator@vsphere.local
    c) A new temporary password is generatedss4
    You can use this temporary password to login to vCenter server and change the SSO password after login to vCenter server.
    After login, Click on Administration>Single Sign On > Users
    a) Right click on Administrator and select Modify
    b) Change the password
We have successfully reset the vCenter SSO password.
=== SSO information ===
To find out your SSO domain, you can ssh in, log in, then:
<pre>
shell
</pre>
gets you into bash
<pre>
cat /etc/vmware/install-defaults/vmdir.domain-name
</pre>
or
<pre>
/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost
</pre>
To get the site name
<pre>
/usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost
</pre>
To find out which AD account is used to connect to Active Directory
<pre>
cat /etc/vmware/install-defaults/ad.domain.username
</pre>
[https://www.stephenhackers.co.uk/vmware-vcenter-single-sign-on-invalid-credentials-native-platform-error-code-1765328360/ SSO can also fail if time is out of sync with the domain controller.]
To check
==== log file location ====
/storage/log/vmware/sso/vmware-sts-idmd.log
/storage/log/vmware/sso/websso.log
or /var/log/vmware/sso
===other bits  ===
[https://www.virtuallyghetto.com/2015/04/vcenter-server-6-0-tidbits-part-2-what-is-my-sso-domain-name-site-name.html Some really usefull Tidbits]
== resetting root password (for SSH access) ==
Below is for if you can't access the vCenter Server Appliance at port 5480
[https://kb.vmware.com/s/article/2147144 here]
<pre>
To reset the lost forgotten root password in vCenter Server Appliance 6.5:
    Take a snapshot or backup of the vCenter Server Appliance 6.5 before proceeding. Do not skip this step.
    Reboot the vCenter Server Appliance 6.5.
    After the OS starts, press e key to enter the GNU GRUB Edit Menu.
    Locate the line that begins with the word Linux.
    Append these entries to the end of the line:
    rw init=/bin/bash
 
    Press F10 to continue booting.
    Run the mount -o remount,rw / command.
    In the Command prompt, enter the command passwd and provide a new root password (twice for confirmation):
    passwd
   
    Unmount the filesystem by running this command:
    umount /
   
    Reboot the vCenter Server Appliance 6.5 by running this command:
    reboot -f
   
    Confirm that you can access the vCenter Server Appliance 6.5 using the new root password.
    Remove the snapshot taken in Step 1 if applicable.
</pre>
Once you have done that, log in the the VCSA at port 5480 as root and go to Administration to make sure the password doesn't expire again - or that it sends an email when it does expire.
== join or leave AD ==
[https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vcsa.doc/GUID-08EA2F92-78A7-4EFF-880E-2B63ACC962F3.html Join or Leave an Active Directory Domain]
If you do this, then make sure that the hostname of the esxi machine is resolvable. You can do this in vsphere by clicking on the machine, tab configure, under networking TCP/IP configuration, then select the Default system stack line. You can see the hostname, domain name and DNS servers. You can edit these using the edit button above the lines, below the TCP/IP Configuration title.
On the esxi host website, you can select Default TCP/IP stack under Networking and click 'edit settings' above the icon / Default TCP/IP Stack icon
Otherwise you may run into [https://kb.vmware.com/s/article/2007398 ESX/ESXi hosts fail to scan in vCenter Update Manager 4.1.x, 5.x, and 6.0 (2007398)]
== Check and restart VCSA services ==
To List all the Services in vCSA appliance
service-control --list-services
To check a status of all services you can enter the following command:
service-control --status
List services and their status
If you see a service which has stopped and you’ll need to restart it, then simply go and enter this command: (example of vpxd service)
service-control --start vpxd
to stop is also simple
service-control --stop vpxd
You can also do stop all services, and then start them all. They’ll stop and start by keeping their dependency. This allows to completely restart all vCenter services without restarting the whole appliance.
Type this:
service-control --stop  --all
and then this:
service-control --start –all
The start of all services takes time because they have to initialize and also the dependencies one with another is assured automatically, so be patient. In my own testing, it took me about 5 min until all services have restarted completely.
[https://www.starwindsoftware.com/blog/vmware-vcenter-server-appliance-vcsa-and-after-install-tricks some tips and tricks] NOTE - he is talking about using the web client, ie the flash client in the GUI section
== Setting a timezone ==
If you can't click on the Time part of the VM Appliance manamement
https://communities.vmware.com/thread/570302
    SSH console to the VCenter Server
    cd /opt/vmware/share/vami
    ./vami_set_timezone_cmd Europe/Amsterdam
== Different clients ==
Starting with VMware vSphere 6.5 there are mainly two different “Web Client”:
    the vSphere Web Client (based on Flash and introduced in vSphere 5.0) (blue background top)
    the new HTML5-based vSphere Client (with the same name of the legacy Windows client, for this reason, we simply call it HTML5 vSphere Client) (black background top)
But there are also other web clients, for most specific use cases:
    the Appliance Manager UI (VAMI): used to manage the configuration of the virtual appliance, in case you are using the vCenter Server Appliance (vCSA) for the vCenter Server and/or the Platform Service Controller (PSC)
    the PSC UI: specific for the management of the PSC components, especially the certificate management and SSO management. This interface is available only on embedded or external PSC nodes.
    the Host Client: an HTML5 web client for the host management, if you don’t have the vCenter Server running or if you have standalone hosts
Web Client URL Scope
vSphere Web Client https://vCenter_FQDN/vsphere-client Entire infrastructure
vSphere Client https://vCenter_FQDN/ui Entire infrastructure
VAMI https://vCSA_FQDN:5480 vCSA configuration (NOTE, for me this is https://VCSA_IP:5840)
PSC UI https://PSC_FQDN/psc PSC configuration
Host Client https://ESXi_FQDN/ui Single host management
From [https://vinfrastructure.it/2018/08/is-the-html5-based-vsphere-client-finally-mature/ Is the html5 vsphere client finally mature?]
= Log file locations =
[https://kb.vmware.com/s/article/2110014?CoveoV2.CoveoLightningApex.getInitializationData=1&r=2&ui-communities-components-aura-components-forceCommunity-seoAssistant.SeoAssistant.getSeoData=1&other.KM_Utility.getArticleDetails=1&other.KM_Utility.getArticleMetadata=2&other.KM_Utility.getUrl=1&other.KM_Utility.getUser=1&other.KM_Utility.getAllTranslatedLanguages=2&ui-comm-runtime-components-aura-components-siteforce-qb.Quarterback.validateRoute=1 Location of VMware vCenter Server 6.0 log files (2110014)]

Latest revision as of 13:40, 16 December 2020

Installation Steps

  1. install ESXi onto the hardware (use unetbootin to create the image, don't follow the manual: it's shit)
  2. install VMWare vSphere client onto your PC
  3. Connect using the vSphere client
  4. In the server -> configuration -> Licensed Features (under Software) - Edit (on the right) and enter the license key: JM28P-8UJE1-68Z81-02ARH-81L04 (edgarbv) H401K-82H0M-K8F49-0H9A4-95CM0
  5. Create a datastore and on that create a directory .locker-HOSTNAME
  6. Go to Manage -> System -> Advanced settings and find ScratchConfig.ConfiguredScratchLocation edit this to be /vmfs/volumes/UUID/.locker-HOSTNAME
  7. now find Syslog.global.logdir and set this to the datastorename [platters]/.locker-HOSTNAME/log or via syslog.global.loghost (for remote logging)

Storage

Expanding HDs on a VM

Increase A VMware Disk Size (VMDK) Formatted As Linux LVM without rebooting You can only extend the current disk if you have less than 4 partitions

If it's a root volume you have to reboot with a Debian CD and enter rescue mode. Otherwise you may be able to extend without powering off

check if you can see the extra space

If you have increased the size of the disk

fdisk -l

parted

cfdisk

If not then you can rescan the scsi bus

ls /sys/class/scsi_device/
echo 1 > /sys/class/scsi_device/0\:0\:0\:0/device/rescan

Rescan for each device found.

If you have added a new disk

ls  /sys/class/scsi_host/
echo "- - -" > /sys/class/scsi_host/host0/scan

It won't show any output, but running 'fdisk -l' will show the new disk.

extend an existing disk

parted
print
resizepart 2 <- NB this is the extended partition
(enter max size to max size shown on print)
resizepart 5 <- NB this is the logical partition on the extended partition
(enter max size to max size shown on print)
write
quit
vgscan
pvscan
pvdisplay

It should now show you that the physical volume has more space, as will vgdisplay

From here

Run this command to extend the physical volume:

vgextend VolGroup00 /dev/sda3

Note: To determine which volume group to extend, use the command vgdisplay.

Run this command to verify how many physical extents are available to the Volume Group:

vgdisplay VolGroup00 | grep "Free"

Run the following command to extend the Logical Volume:

  lvextend -L+#G /dev/VolGroup00/LogVol00

or

  lvextend --extents +## /dev/debian-vg/root

Where # is the number of Free space in GB available / ## is the amount of extents free as per the previous command. Use the full number output from Step 10 including any decimals.

Note: To determine which logical volume to extend, use the command lvdisplay.

Run the following command to expand the ext3 filesystem, inside of the Logical Volume:

  e2fsck -f /dev/debian-vg/root
  resize2fs /dev/debian-vg/root

Notes:

   Use   ext2online /dev/VolGroup00/LogVol00 if it is a Red Hat virtual machine.
   By default, Red Hat and CentOS 7 use the XFS file system you can grow the file system by running the xfs_growfs command.

Run the following command to verify that the / filesystem has the new space available:

 df -h /

using esxcli to investigate your disks and adapters

  esxcli storage core adapter list

shows the controllers

esxcli storage reference from vmware

examining LUNSs with esxcli storage core

A list of ESXCLI storage commands you can’t live without

old info

By adding a new partition formatting it and then adding it to the VG

Turn off the VM, change the size of the disk in the settings. Start up the vm.

use fdisk /dev/sda to view the free space. If fdisk doesn't work, use parted or cfdisk.

Format the extra space as type 8e (LVM). Use vgextend and then lvextend to increase the size

adding new disks to a vm and booting

When you add a new disk, you may get an OS not installed / can't boot up error. This is because for some reason, esxi adds the new disk as scsi 0:0 (which is the first disk that wants to boot up). So you need to edit the new hard disk to scsi 0:2, the old one to 0:0 and then the new one to 0:1 again.

cloning VMs using the CLI

Cloning a virtual machine disk without delta files or snapshots To clone a virtual machine disk using the ESXi/ESX host terminal:

   Log in to the terminal of the ESXi/ESX host.
   Navigate to the virtual machine's directory using the cd command. It is located at:
   /vmfs/volumes/source_datastore/virtual_machine/
   Confirm the destination directory where the clone will be copied to. Create this directory, if required.
   For example, if this destination directory does not exist:
   /vmfs/volumes/destination_datastore/virtual_machine/
   Create the directory using this command:
   mkdir /vmfs/volumes/destination_datastore/virtual_machine/
   Clone the virtual hard disk using the vmkfstools -i command after shutting down the virtual machine:
   # vmkfstools -i /vmfs/volumes/Storage1/examplevm/examplevm.vmdk /vmfs/volumes/Storage2/examplevm_clone.vmdk
   You see output similar to:
   Destination disk format: VMFS thick
   Cloning disk '/vmfs/volumes/Storage1 (3)/examplevm/examplevm.vmdk'...
   Clone: 100% done.
   Notes:
       Encapsulate objects with quotes where appropriate to ensure spaces and other special characters are interpreted correctly.
       By default, the vmkfstools -i command will create a destination thick provisioned disk. If you want the destination disk to be thin provisioned, add -d thin to the end of the preceding command.
       For example:
       # vmkfstools -i /vmfs/volumes/Storage1/examplevm/examplevm.vmdk /vmfs/volumes/Storage2/examplevm_clone.vmdk -d thin

Cloning a virtual machine disk with delta files or snapshots

To clone a virtual machine disk using the ESXi/ESX host terminal:

   Log in to the ESXi/ESX host's terminal.
   Navigate to the virtual machine's directory using the cd command. It is located at:
   /vmfs/volumes/source_datastore/virtual_machine/
   Confirm the destination directory where the clone will be copied to. Create this directory, if required.
   For example, if this destination directory does not exist:
   /vmfs/volumes/destination_datastore/virtual_machine/
   Create the directory using this command:
   mkdir /vmfs/volumes/destination_datastore/virtual_machine/
   Clone the virtual hard disk from its current snapshot delta point using the vmkfstools -i command.
   # vmkfstools -i /vmfs/volumes/Storage1/examplevm/examplevm-000003.vmdk /vmfs/volumes/Storage2/examplevm_clone.vmdk
   You see output similar to:
   Destination disk format: VMFS thick
   Cloning disk '/vmfs/volumes/Storage1 (3)/examplevm/examplevm-000003.vmdk'...
   Clone: 100% done.

Impact/Risks

Downtime during the clone procedure.

Additional Information

Additional steps for virtual machine disks with delta files or snapshots

The original virtual machine files are still intact without modifications. You may opt to either create a new virtual machine and attach the cloned disk file(s), or replace the existing disks attached to the virtual machine with the cloned copies. These steps encompass the latter option.

To replace the original virtual machine disk(s) and delta snapshot file(s) with the cloned copy or copies:

   Detach the virtual hard disk from the virtual machine's configuration in the VMware vSphere or Infrastructure Client.
   Attach the new (cloned) virtual hard disk, /vmfs/volumes/Storage2/examplevm_clone.vmdk to the virtual machine.
   Rename the snapshot database (.vmsd) file for the virtual machine. At this time, it is no longer valid due to manipulation of the virtual machine's disk layout during troubleshooting:
   # mv examplevm.vmsd examplevm.vmsd.old
   Power on the virtual machine and confirm the guest operating system can boot successfully. Verify data integrity and confirm data is not missing or corrupt.
   With the virtual machine still powered-on, you may remove the original disk files to free datastore space. Files in use by the powered-on virtual machine cannot be removed by the VMware ESX server. This can be used as a safeguard.

add new user

Go to local users and groups and right click on the screen to add a new user. The password needs to be 8 characters long.

Then go to permissions and right click on the screen to add a permission. Choose the assigned role and then add the new user (on the left)

auto start vm's

under the configuration tab for the machine, at "Virtual Machine Startup/Shutdown"

Choose Properties. You can configure the startup/shutdown here.

https://communities.vmware.com/thread/520839

Start the VMs automatically after Existing Host from Maintenance Mode, follow the below steps :

  • In vCenter Server, right-click the ESX/ESXi host and click Exit Maintenance Mode.
  • Open an SSH session to the ESX/ESXi host.
  • Run this command:
         /sbin/vmware-autostart.sh start

or

Use the Configuration > Virtual Machine Startup/Shutdown option in VirtualCenter

renaming the hostname / domain name

Changing the name of an ESX or ESXi host (1010821)

Or see join or leave AD below

using vsphere client

Select the Host machine, then tab configure. Under software choose VM Startup/shutdown. Press 'edit' top right. Move the desired machines into the boot order using the move up / move down.

starting from a cdrom or iso after OS has been installed

In advanced boot options change the bootup delay to 99999 milliseconds. Then when you start up the VM you can press esc to select a boot device

keyboard shortcuts for console

Ctrl+Shift+Insert Sends Ctrl+Alt+Delete

Ctrl+G Transfers mouse and keyboard input from the local machine to the virtual machine (same as clicking in the window) great for when you don't have a mouse handy

Ctrl+Alt+Enter Full Screen VM

Ctrl+Alt Unlocks mouse/keyboard from VM console window, also exists full screen mode

Ctrl+Shift+X Exit VM Console

installing tools on a VM

The tools allow you to do things like copy paste into the console. In order to install the tools, you mount a CD from the internal datastore. Choose the version for the OS you have. Mount the CD, then copy the contents to /usr/local/src and unzip them. Inside this directory you run the perl scripts. For Linux you will need the kernel headers package

Debian

apt-get install open-vm-tools

Resetting the password for ESXi

There is the Cisco Way and the

Unofficial way

NB you will have to use udpkg to install gzip from the cdrom (find the deb and use udpkg -i file.deb). Also you will need nano editor because vi isn't installed with the rescue disk.

After the host was shut down, I booted up with the Linux live CD. I then ran the commands fdisk -l and ls -l /mnt/sda5/ / ls -l /mnt/sda6/ to determine the location of the most recent state.tgz file. Note that if you're using ESXi Embedded then you may only see local.tgz instead of state.tgz and you should then copy and recreate that file.


After determining where the most recent state.tgz file was located, this was copied to /tmp. gzip and tar were then used to extract local.tgz from state.tgz. If you're using ESXi Embedded then you will copy local.tgz to tmp and run gzip and tar on that file. Once local.tar was extracted the cd etc command was run followed by vi shadow


ssentially you'll want to have the root entry as root::13358:0:99999:7::: . Once you have removed the password hash, press ESC and to save the change type in :wq and press Enter. You can run cat shadow to confirm that the change was saved successfully.


Once the shadow file has been updated, you'll use cd .. to go back to /tmp and then run tar -czvf local.tgz etc to create the local.tgz file. If you're using ESXi Embedded then you'll copy this file to the drive where it came from in step 3. Otherwise you'll run tar -czvf state.tgz local.tgz to create state.tgz which should then be copied to the correct location. In the below image you'll notice that I don't always use the -v option with the tar command.


Once the file has been copied back to the /bootbank partition the host can be rebooted back into ESXi. You'll be able to login with the root account with no password and will be greeted with the familiar message to change the root password

Import VirtualBox harddisks

On your VirtualBox host create a clone of the VMs hard disk like that: vboxmanage clonehd in.vdi out.vmdk –format VMDK –variant Fixed,ESX

If your VirtualBox drive is allready a vmdk then in.vmdk

This creates two files. One with the actual data and the other holding a descriptor. If the virtual hard drive is not completely filled, zipping the image will dramatically reduce its size.

On your ESXi host create a new VM without hard drive. Use the advanced mode to do so.

Copy the hard drive image to your ESXi host by using scp (or similar). Place it (both files) into the directory of you newly created VM.

Edit the settings of your new VM and add that hard drive.

That’s all. Using this method your virtual hard drive should now be a SCSI hard drive as expected by ESXi even if it was a SATA drive in VirtualBox before.

From [1]

Import Windows 7 client from VirtualBox

Same as above, but change HD type from SCSI to SATA

Virtualdisk manager

This can be used to expand, shrink, repair, create, etc vmdk files

Download from vmware (vmware-vdiskmanager.exe is part of the The Virtual Disk Development Kit (VDDK)

Some examples of use can be found here

Items disappearing from the navigation tree

If the inventory tree views are no longer showing items and you can't click on the triangle any more, in 6.5 you can click on your username, go to settings and turn off show only recent objects

Hardware sensors

https://communities.vmware.com/thread/520839

  vmkload_mod ipmi_si_drv
  vmkload_mod ipmi_devintf

I then get from esxcfg-module -l|grep ipmi

  ipmi_msghandler     2     40
  ipmi_si_drv               0     48
  ipmi_devintf               0     20

Then using the Web Client under Monitor->System sensors I get the sensor info displayed, i.e. CPU temp/Volts, etc.

I have made sure they are all enabled using :-

  esxcli system module set -m ipmi_si_drv -e 1
  esxcli system module set -m ipmi_devintf -e 1
  esxcli system module set -m ipmi_msghandler -e 1

Then using 'esxcli system module list|grep ipmi' I get:-

ipmi true true

ipmi_msghandler true true

ipmi_si_drv true true

ipmi_devintf true true


I have obviously rebooted the host (many times!), but the modules are still not loaded at start-up.

Backup of esxi config

https://www.altaro.com/vmware/esxi-backup-command-line/

ESXi’s vim-cmd allows you to backup and restore the host’s configuration directly from shell. To do this, enable SSH on the host and use putty to log in as root. Once you’re in, run the following two commands in the given order. You are given a URL which you’ll use to download the TGZ bundle from the host using a standard browser. Note that you need the replace the * character in the URL with the IP address of the ESXi host. I am not quite sure why the IP address of the host is not included from the start.

  vim-cmd hostsvc/firmware/sync_config
  vim-cmd hostsvc/firmware/backup_config

Using vim-cmd from the ESXi command line to backup the host's configuration


Just like the PowerCLI method, you must first put the host in maintenance mode before you’re able to restore from a configuration backup file. To do this, we’re still using vim-cmd. You also need to copy the backup file to a folder on the ESXi host using something like WinSCP. The host will then reboot to complete the restore process.

  vim-cmd hostsvc/maintenance_mode_enter
  vim-cmd hostsvc/firmware/restore_config /tmp/configBundle-esx-pn1.vsphere65.local.tgz

https://graspingtech.com/backup-vmware-esxi-6-5-configuration/

Unregister a vm

  #vim-cmd vmsvc/getallvms 

command to display the names of the virtual machines registered on this host.

  #vim-cmd vmsvc/unregister vmid

[2]

Updates

Find the release notes here.

https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-vcenter-server-67-release-notes.html

Also, update VCSA to the latest version before you update the hypervisor

Updating VCSA

https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.upgrade.doc/GUID-E2E359B1-5834-4BFF-AEFE-6CEBFC8CC3D5.html

https://www.settlersoman.com/how-to-update-or-patch-vcenter-6-appliance-vcsa/

make a snapshot of the VCSA from the ESXI host running the server.

Log In to the vCenter Server Appliance Management Interface (on port 5480) as root (or as administrator@ if root doesn't work and you need to change the root password)

If you get a root password expired thing during the pre-update checks, go to Access and turn ssh + bash on. Login with ssh as administrator@ or another local.domain user and then run

  shell
  sudo passwd

change the password.

log in as root - NB perform the updates as root, not as administrator@!

Now the pre update checks should work.

go to the updates and apply them

After the updates have installed and VCSA is rebooted, check to see if it has started properly. It will take quite some time for the shell prompt to disappear and the VCSA frontend to appear - be patient! As in 10 minutes patient! However, if you have a login prompt, log in as root and then

  shell
  service-control --start --all

and then log in at port 5480 again and see if there are more updates

Updating the Hypervisor / ESXI

Make sure you have updated VCSA first!

Using vCenter Update Manager (VUM)

https://www.altaro.com/vmware/how-to-patch-esxi-with-update-manager/

You need VCSA v 6.5+ for the VUM

Step 1 – Highlight the vCenter Server name in Navigator, select the Update Manager tab and click on the Go To Admin View button. Figure 2 - Changing to VUM's Admin view in vSphere Web client

Figure 2 – Changing to VUM’s Admin view in vSphere Web client

Step 2 – Once in Admin view, select the ESXi Images tab and click on Import ESXi Image. Doing so, loads another dialog box where you specify the ESXi image (ISO file) you want imported. Click on Browse and navigate to the folder where the image is stored. Select the ISO file and click OK. The file will upload as shown in Fig. 3. The upload progress bar, shows the remaining time and the speed at which the file is being uploaded. Figure 3 - Importing an ESXi ISO image to VUM

Figure 3 – Importing an ESXi ISO image to VUM

Step 3 – Once the ISO is uploaded, details about the ESXi image are displayed as per Figure 4. Figure 4 - Product and version details for the ESXi image just imported

Figure 4 – Product and version details for the ESXi image just imported

– Creating a baseline

Step 4 – Next, we create what’s called a Host Baseline. To do this, we simply right-click on the image just imported and select Create baseline as shown in Figure 5. Figure 5 - Creating an ESXi host baseline

Figure 5 – Creating an ESXi host baseline

Step 5 – Type in a name for the baseline and press OK. The baseline should now be listed under the Hosts Baselines under Custom as per Fig. 6. Figure 6 - The freshly created baseline as listed under the Hosts Baselines screen

Figure 6 – The freshly created baseline as listed under the Hosts Baselines screen

– Attaching a baseline

Step 6 – We’re almost there. The idea now is to attach the baseline to one or more hosts. We then run a compliance check to determine if the upgrade or update is actually required. To do this, one must change over to Compliance view. Just hit the Go to compliance view button at the top-right corner as shown in Fig. 7. Figure 7 - Changing over to Compliance view

Figure 7 – Changing over to Compliance view


The baseline can in fact be attached to a number of objects including a datacenter, cluster or an individual ESXi host. This is what allows you to patch multiple hosts. It is important to note though that you may inadvertently hit hosts not earmarked for updates so be careful when attaching baseline to higher level objects.

In the example that follows, I’ve attached the baseline to one of three ESXi hosts forming a cluster. Figure 8 - Attaching a baseline to a host

Figure 8 – Attaching a baseline to a host

Step 7 – Next, we carry out a scan on the host to verify that the update/upgrade is in fact required. From the same screen, click on Scan for Updates and select Upgrades on the dialog that pops up followed by OK. This will initiate a scan the results of which are displayed under the Compliance Status column after the scan completes. Figure 9 - Scanning a host for compliance

Figure 9 – Scanning a host for compliance


As expected, the host is found to be non-complaint, meaning that the 6.5.0d update is in fact applicable. Figure 10 - A non-compliant result indicates that the host is missing one or more updates

Figure 10 – A non-compliant result indicates that the host is missing one or more updates


How to remediate the host

In this case, remediating is the act of pushing a patch or update to an ESXi host. A host is remediated by clicking on the Remediate button. Alternatively, right-click on the ESXi hostname (or IP address) in Navigator and select Remediate from the Update Manager menu. Figure 11 - Remediating a host from the context menu

Figure 11 – Remediating a host from the context menu


Step 1 – The remediation process starts by selecting the baseline image you want applied. In this case, I’ve selected the one created for the 6.5.0d upgrade. Figure 12 - Remediation Step 1 - Select the baseline applied

Figure 12 – Remediation Step 1 – Select the baseline applied


Step 2 – Next, select the host you wish to remediate. In this case, only one host is listed which is the one highlighted in Navigator. If say, the baseline had been attached to a cluster, then you’d have all the hosts within that cluster listed as target objects. Figure 13 - Remediation Step 2 - Selecting the target to remediate

Figure 13 – Remediation Step 2 – Selecting the target to remediate


Step 3 – Accept the EULA by ticking the box at the bottom. Figure 14 - Remediation Step 3 - Accept the End User License Agreement

Figure 14 – Remediation Step 3 – Accept the End User License Agreement


Step 4 – The next screen, gives you the option to postpone remediation tasks to a later date and time. You can also set the task to ignore warnings in reference to unsupported devices and such. Figure 15 - Remediation Step 4 - Scheduling the remediation task (Optional)

Figure 15 – Remediation Step 4 – Scheduling the remediation task (Optional)

Step 5 – In all probability, the ESXi being remediated will be hosting VMs. This screen gives you control over what happens to the VMs currently powered on. You can choose to have them powered off, suspended or leave them in their current state. Like it or not, powered on VMs must be migrated or shut down for the remediation process to complete. Your options are to migrate VMs manually to some other host or simply power them off prior to remediating. Alternatively, set the VMs to power down by selecting the Power Off virtual machines option from the VM Power State drop-down box as shown in Fig. 16. You can also set the task to disconnect removable media from any hosted VMs as this may cause the remediation task to stall. Figure 16 - Remediation Step 5 - Configuring the host remediation options

Figure 16 – Remediation Step 5 – Configuring the host remediation options

Step 6 – If the host being remediated is a cluster member, you can control various aspects related to clustering as shown in Fig. 17. Further details on each setting are available here. Figure 17 - Remediation Step 6 - Configuring the cluster remediation options

Figure 17 – Remediation Step 6 – Configuring the cluster remediation options


Step 7 – The Pre-check Remediation tasks runs a series of checks and generates a report of what exactly is carried out on the host. Press Finish to initiate the remediation task. Figure 18 - Remediation Step 7 - Completing the remediation task

Figure 18 – Remediation Step 7 – Completing the remediation task


The remediation task’s progress is displayed in the Recent Tasks window in vSphere Web client. Figure 19 - A remediation task in progress

Figure 19 – A remediation task in progress


The host should enter maintenance mode and later disconnect while the update is being applied. It should then reboot and re-connect automatically, assuming the remediation processes succeeded in updating the host. Figure 20 - A host is disconnected while being updated as can be seen in vSphere client and DCUI

Figure 20 – A host is disconnected while being updated as can be seen in vSphere client and DCUI


Once remediation completes, you can easily verify that the host is running the latest version by inspecting the host details on the Summary screen. Fig. 21 compares the host’s summary pre and post remediation. Figure 21 - Comparing ESXi version details pre and post remediation

Figure 21 – Comparing ESXi version details pre and post remediation


This VMware KB article helps you correlate build and version numbers if needed. As per the partial table below, you can see that in our case, the ESXi host updated from 6.5 GA to 6.5.0d. Figure 22 - Correlating ESXi version and build numbers

Figure 22 – Correlating ESXi version and build numbers


Conclusion

Update Manager is a must have if you want to easily and effectively implement patch management for ESXi. Incidentally, Update Manager is one other reason why you’d want to move over to vCSA 6.5 since VUM is now embedded with this vCenter release.

Make sure you have the correct version iso of the ESXI patch / version you have installed.

Using the CLI

https://esxi-patches.v-front.de/ is where you can find the latest patches and instructions for updating using the CLI

https://tinkertry.com/easy-update-to-latest-esxi

esxcli network firewall ruleset set -e true -r httpClient
esxcli software profile update -p ESXi-6.7.0-20190802001-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml 
esxcli network firewall ruleset set -e false -r httpClient

don't forget to

  tail -f /var/log/vpxa.log

To see if it's ready for a reboot. This process can take hours!

Useful to know

Restart the ESXi host daemon and vCenter Agent services using these commands:

  /etc/init.d/hostd restart
  /etc/init.d/vpxa restart

To restart all management agents on the host, run the command:

  services.sh restart &tail -f /var/log/jumpstart-stdout.log

from 6.5 to 6.7

https://tinkertry.com/easy-update-to-esxi-67

It comes down to this though:

  • reboot before doing this - preferably power down
  • upgrade VMSA (VmWare Server Appliance) if you have it
  • dry run
esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.7.0-8169922-standard --dry-run
  • the real thing
  esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.7.0-8169922-standard
  • reboot

Updating the web interface

https://www.ivobeerens.nl/2018/05/01/configure-vm-autostart-in-the-esxi-embedded-host-client/

Note: The web interface is properly called the ESXI Embedded host client. Web client etc is used for the server appliance vCenter. You can tell the difference between the server appliance vCenter web interface and the embedded host client interface because the server appiance one has a black background and the embedded one has a blue background / border. vCenter is not free.

You can tell which version you have by looking at Help (top bar) -> about. It should show you the client and build version

The upgrade of the Host client is easy, no maintenance mode and reboot of the ESXi host is needed. The upgrade can be done by following these steps:

esxcli software vib update -v /vmfs/volumes/datastore/vibname.vib

NOTE the path - it won't work if you cd to /vmfs/volumes/etc and then try to run ./vibname.vib

Also, presumably when you update the hypervisor you will probably also need to re-update the embedded host client.

Vmware Vcenter Server Appliance (VCSA)

VMWare Vsphere documentation

When installing, make sure your SSO domain is different from your internal domain name, so use something like yourdomain.local. Most examples online use vshpere.local

Single Sign On (SSO)

change SSO password policy to never expires

Navigate to the Configuration UI.

   From the Home menu, select Administration.
   Under Single Sign On, click Configuration.

Click Policies, select Password Policy, and click Edit.

   Set maximum lifetime to 0

reset the SSO password

Log in to vCenter Server Appliance using SSH as the root user.

enter the shell

Run

/usr/lib/vmware-vmdir/bin/vdcadmintool

Press 3 to enter the Reset Account Password option.

   a) It will prompt for an “Account UPN”
   b) Enter administrator@vsphere.local
   c) A new temporary password is generatedss4
   You can use this temporary password to login to vCenter server and change the SSO password after login to vCenter server.
   After login, Click on Administration>Single Sign On > Users
   a) Right click on Administrator and select Modify
   b) Change the password

We have successfully reset the vCenter SSO password.

SSO information

To find out your SSO domain, you can ssh in, log in, then:

shell

gets you into bash

cat /etc/vmware/install-defaults/vmdir.domain-name

or

/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost

To get the site name

/usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost

To find out which AD account is used to connect to Active Directory

cat /etc/vmware/install-defaults/ad.domain.username

SSO can also fail if time is out of sync with the domain controller.

To check

log file location

/storage/log/vmware/sso/vmware-sts-idmd.log

/storage/log/vmware/sso/websso.log

or /var/log/vmware/sso

other bits

Some really usefull Tidbits

resetting root password (for SSH access)

Below is for if you can't access the vCenter Server Appliance at port 5480

here


To reset the lost forgotten root password in vCenter Server Appliance 6.5:

    Take a snapshot or backup of the vCenter Server Appliance 6.5 before proceeding. Do not skip this step.
    Reboot the vCenter Server Appliance 6.5.
    After the OS starts, press e key to enter the GNU GRUB Edit Menu.
    Locate the line that begins with the word Linux.
    Append these entries to the end of the line:

    rw init=/bin/bash
  
    Press F10 to continue booting.
    Run the mount -o remount,rw / command.
    In the Command prompt, enter the command passwd and provide a new root password (twice for confirmation):

    passwd
     
    Unmount the filesystem by running this command:

    umount /
     
    Reboot the vCenter Server Appliance 6.5 by running this command:

    reboot -f
     
    Confirm that you can access the vCenter Server Appliance 6.5 using the new root password.
    Remove the snapshot taken in Step 1 if applicable.

Once you have done that, log in the the VCSA at port 5480 as root and go to Administration to make sure the password doesn't expire again - or that it sends an email when it does expire.

join or leave AD

Join or Leave an Active Directory Domain

If you do this, then make sure that the hostname of the esxi machine is resolvable. You can do this in vsphere by clicking on the machine, tab configure, under networking TCP/IP configuration, then select the Default system stack line. You can see the hostname, domain name and DNS servers. You can edit these using the edit button above the lines, below the TCP/IP Configuration title.

On the esxi host website, you can select Default TCP/IP stack under Networking and click 'edit settings' above the icon / Default TCP/IP Stack icon

Otherwise you may run into ESX/ESXi hosts fail to scan in vCenter Update Manager 4.1.x, 5.x, and 6.0 (2007398)

Check and restart VCSA services

To List all the Services in vCSA appliance

service-control --list-services

To check a status of all services you can enter the following command:

service-control --status

List services and their status

If you see a service which has stopped and you’ll need to restart it, then simply go and enter this command: (example of vpxd service)

service-control --start vpxd

to stop is also simple

service-control --stop vpxd

You can also do stop all services, and then start them all. They’ll stop and start by keeping their dependency. This allows to completely restart all vCenter services without restarting the whole appliance.

Type this:

service-control --stop --all

and then this:

service-control --start –all

The start of all services takes time because they have to initialize and also the dependencies one with another is assured automatically, so be patient. In my own testing, it took me about 5 min until all services have restarted completely.

some tips and tricks NOTE - he is talking about using the web client, ie the flash client in the GUI section

Setting a timezone

If you can't click on the Time part of the VM Appliance manamement

https://communities.vmware.com/thread/570302

   SSH console to the VCenter Server
   cd /opt/vmware/share/vami
   ./vami_set_timezone_cmd Europe/Amsterdam

Different clients

Starting with VMware vSphere 6.5 there are mainly two different “Web Client”:

   the vSphere Web Client (based on Flash and introduced in vSphere 5.0) (blue background top)
   the new HTML5-based vSphere Client (with the same name of the legacy Windows client, for this reason, we simply call it HTML5 vSphere Client) (black background top)

But there are also other web clients, for most specific use cases:

   the Appliance Manager UI (VAMI): used to manage the configuration of the virtual appliance, in case you are using the vCenter Server Appliance (vCSA) for the vCenter Server and/or the Platform Service Controller (PSC)
   the PSC UI: specific for the management of the PSC components, especially the certificate management and SSO management. This interface is available only on embedded or external PSC nodes.
   the Host Client: an HTML5 web client for the host management, if you don’t have the vCenter Server running or if you have standalone hosts

Web Client URL Scope

vSphere Web Client https://vCenter_FQDN/vsphere-client Entire infrastructure

vSphere Client https://vCenter_FQDN/ui Entire infrastructure

VAMI https://vCSA_FQDN:5480 vCSA configuration (NOTE, for me this is https://VCSA_IP:5840)

PSC UI https://PSC_FQDN/psc PSC configuration

Host Client https://ESXi_FQDN/ui Single host management

From Is the html5 vsphere client finally mature?

Log file locations

Location of VMware vCenter Server 6.0 log files (2110014)