vSphere 5.5 update notes
UM vCenter update (It hosts SSO)
MSU vCenter update
MSU/UM esxi host update
UM vCenter update
The first attempt to upgrade the UM vCenter (SSO+Lookup Service+Inventory Service+vCenter) failed. Ticket 14442399502 opened. Response was there are a few possible problems:
- Disk C: may have issues and should have a disk-check run
- Check ran OK
- MS Installer may not have need privileges on a directory (see MS KB http://support.microsoft.com/kb/834484 )
- Reset C:\ and all subdirectories in "Security" tab to make sure SYSTEM is included with Full Control
- Two VMware KB articles: kb.vmware.com/kb/2017147 and kb.vmware.com/kb/2047080
- Didn't seem to work. The "Change" option in the control panel didn't try to install any storage profile parts
The plan is to retry the "Upgrade" after addressing the issues above but instead of doing the "Simple" upgrade, first remove ALL VMware components from UMVMGT and then install each one individually. Create a new snapshot first. When the vCenter is installed we respond that we already have a DB to use and provide the ODBC credentials to use it.
Starting on second update attempt. I started to to the SSO component and noticed it found the FQDN host name as UMVMGT. I went into control panel and added the physics.lsa.umich.edu network domain and rebooted the system.
As I started to upgrade the SSO instance (using Custom install) I got the following pop-up which doesn't seem to have a consistent DNS name or IP amongst the values:
To get around this I did the following:
- Change the system name from UMVMGT with no domain to umvmgt with domain physics.lsa.umich.edu (required reboot)
- Uninstalled ALL VMware components except VMware Tools
- Connect to the console via the vSphere Client connecting to the ESXi host running umvmgt.physics.lsa.umich.edu
- Ran the Custom Install for each component in order. When I got the the vCenter I used the existing DB.
- Rebooted once it finished.
Seems OK after reboot.
Setting up Certs for UM Systems
VMware has some articles on how to setup X509 certificates for use with vSphere:
Since I can get InCommon
certificates from the University of Michigan for free (https://webservices.itcs.umich.edu/index.php?screen=request&service=ssl_certificate
) I decided to set this up, especially since certificates are required in 5.5.
I installed OpenSSL
on umvmgt (version 0.9.8f). I created a C:\Certs directory and six subdirectories for each service needing a certificate.
See all 9 certificate requests in
- Certs.zip: VMware vSphere cert requests zipfile
After I did the above I found this article: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2057340
James may be interested in using that one.
MSU vCenter update
The procedure is to create a new vCenter appliance, then point it at the old appliance and it reads in all of the settings and assumes its identity.
- Download the following component from the VMWare website:
VMware vCenter Server 5.x Appliance - OVA File
- In the vCenter client, create a VM using the OVA file using File->Deploy OVF Template
- During the deployment, change the network from the default to the private (msulocal) network and give it an unused ip address in this range. This is only temporary, in this case I borrowed the IP belonging to an old rocks host.
- Add a new network device on the public network
- Start the newly deployed VM
- Follow the instructions here to perform the install. It will complain about not being able to interact with the SSO server, but just ignore it. Make sure to check 'Replace the SSL Certificates'.
- Upgrade the standalone vSphere client. This is easily done by attempting to login using the old client. There will be a popup prompting you to download and run the new installer.
- Apparently the secondary network uses dhcpd by default and assigns it an ip/hostname through that. This is a pain to fix, so in the future perhaps a dhcp server could just assign it the correct ip/hostname information to begin with. In this case, to fix it do the following:
- Follow the instructions here to configure the aglt2 network.
- In the stand alone client, go to vCenter settings and change all of the vcenter settings with the old hostname to the correct one (typically SSO related settings)
- Reconfigure SSO
- Log in to https://msu-vcenter.msulocal:5480
- In the web interface, stop the server, then go to the SSO tab
- Update the settings, test them, and then save them
I tried to use VUM (VMWare Update Manager) to do this. I put UMVM01 into maintenance mode, added the ESXi ISO to VUM and "Scan"ed the system for updates and patches. My mistake was trying to do both. I ended up with some script error about not being able to run. I changed VUM to have a separate baseline just for the patches and one for the update. I then ran the patch updates and it worked. Then I ran the ESXi5.5 update and it seemed to work BUT I was unable to reconnect to UMVM01 from the vCenter after the it was back up as ESXi 5.5. I could ping the public and private addresses from the vCenter but it wouldn't connect. I tried restarting the management agents a few times but that didn't work. Finally I noticed it was using the shortname and private IP but the gateway was 126.96.36.199. I changed the DNS name to umvm01.aglt2.org and the IP to 188.8.131.52 and then it worked. There was a needed follow-on setup of patches found that I also installed.
I will need to make DNS/IP changes on UMVM02/03 likely.
Another issue was the the upgrade of vCenter updated some component on the ESXi hosts. This requires a reboot before you can initiate the upgrade to 5.5.
Had some issues getting UMVM03 to upgrade. IP kept getting reset to 10.10.1.39 (private). Eventually got it working. All were upgraded by 15:00 on February 22, 2014.
This was a surprisingly painless upgrade.
- Follow the procedure at VMware51Update to backup, list updates, and take care of the firewall
- Installed the latest 'standard' profile with
esxcli software profile update --depot https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml --proxy=http://proxy.msulocal:3128 --profile ESXi-5.5.0-20131204001-standard
Some links for reference:
- 18 Feb 2014