ESX Baseline Jun 08

From vWiki
Jump to navigation Jump to search

Summary of updates

All outstanding major DELL firmware and ESX patches as of June 2008...

  1. DELL Firmware Updates
    • PERC v5.2.1-0067
    • SAS v1.06
    • BMC v2.05
    • BIOS v2.2.6
  2. DELL Open Manage upgrade v5.4
  3. ESX software v3.5 update 1
  4. ESX software patches included in "RTS ESX baseline (9 Jun 08)"
    • ESX350-Update01 ESX Server 3.5.0 Update 1
    • ESX350-200802303-SG util-linux security update
    • ESX350-200802304-SG perl security update
    • ESX350-200802305-SG openssl security update
    • ESX350-200802306-BG tzdata update
    • ESX350-200802408-SG Security Updates to the Python Package.
    • ESX350-200802415-SG Security Update to Samba Packages.
    • ESX350-200803201-UG Upgrade the Openwsman Protocol Adapter
    • ESX350-200803202-UG Update to VMware-esx-tools, others
    • ESX350-200803203-UG Update to VMware-cim-esx
    • ESX350-200803204-UG Update the VMware mptscsi_2xx driver
    • ESX350-200803205-UG Update to VMware-esx-drivers-net-ixgbe
    • ESX350-200803206-UG Update the VMware lpfc_elx_v740 driver
    • ESX350-200803207-UG Update the VMware qla2300-v707 driver
    • ESX350-200803208-UG Update to the esxupdate utility
    • ESX350-200803209-UG Update to the ESX Server Service Console
    • ESX350-200803210-UG Update to VMware-esx-drivers-net-bnx2
    • ESX350-200803211-UG Update to vmkernel and vmnix
    • ESX350-200803212-UG Update VMware qla4010/qla4022 drivers
    • ESX350-200803213-UG Driver Versioning Method Changes
    • ESX350-200803214-UG Update to Third Party Code Libraries
    • ESX350-200803215-UG Update to Virtual Infrastructure Client
    • ESX350-200803216-UG Update to VMware-esx-drivers-net-tg3
    • ESX350-200803217-UG Update to the mgmt-vmware Service
    • ESX350-200804404-BG Update to VMware-esx-drivers-scsi-vmkisc
    • ESX350-200804405-BG Update to VMware-esx-drivers-scsi-megara
    • ESX350-200805501-BG Updates to the VMkernel and other RPMs.
    • ESX350-200805502-BG Update to VMware ESX Scripts.
    • ESX350-200805503-BG Update to VMnix
    • ESX350-200805504-SG Security Update to Cyrus SASL
    • ESX350-200805505-SG Security Update to unzip
    • ESX350-200805506-SG Security Update to Tcl/Tk
    • ESX350-200805507-SG Security Update to krb5
    • ESX350-200805508-SG Security Update to cim-smwg
    • ESX350-200805513-BG Update to VMware-esx-iscsi
    • ESX350-200805514-BG Update to VMware-esx-drivers-net-e1000
    • ESX350-200805515-SG Update to VMware-esx-srvrmgmt.


Full upgrade procedure

Useful Unix commands, not specifically required, but may be of use - General Unix

Prep for updates

  1. Copy required install files to ESX's...
    • Most easily achieved by script on ESX On UKLONVCP1, EG to copy required updates to UKLONESXT1 (note that DELL patches will vary depending on whether a 1950 or 2950, see below)
      • pscp "c:\Program Files\Dell\SysMgt\ITAssistant\repository\ITA\FRMW_LX_R169302.BIN" "c:\Program Files\Dell\SysMgt\ITAssistant\repository\ITA\ESM_FRMW_LX_R172182.BIN" "c:\Program Files\Dell\SysMgt\ITAssistant\repository\ITA\ESM_FRMW_LX_R182898.BIN" "c:\Program Files\Dell\SysMgt\ITAssistant\repository\ITA\PE2950_BIOS_LX_2.2.6.BIN" user@esx:/home/user/
      • pscp -r C:\Software_Repository\ESX\VMware-esx-upgrade-from-esx3-3.5.0-64607a\ user@esx:/home/user/
  2. Put ESX into Maintenance Mode
    • If a stand-alone ESX, all VM's will need to be shutdown
    • If a cluster ESX, all VM's should be VMotion'ed to alternative ESX's


Apply DELL firmware updates

  1. Putty onto ESX, login as simons
  2. Sudo as root
    • su -
  3. Move into home directory
    • cd /home/user
  4. Make updates executable
    • chmod +x *.BIN
  5. Apply updates using following commands in order indicated. Do not boot until completion of last update.
    • 1950 Only
      1. ./FRMW_LX_R169302.BIN
      2. ./ESM_FRMW_LX_R171043.BIN
      3. ./ESM_FRMW_LX_R182899.BIN
      4. ./PE1950_BIOS_LX_2.2.6.BIN
    • 2950 Only
      1. ./FRMW_LX_R169302.BIN
      2. ./ESM_FRMW_LX_R172182.BIN
      3. ./ESM_FRMW_LX_R182898.BIN
      4. ./PE2950_BIOS_LX_2.2.6.BIN

Update DELL OpenManage

  1. Putty onto ESX, login as simons
  2. Sudo as root
    • su -
  3. Move into home directory
    • cd /home/user
  4. Uncompress install
    • tar -zxvf OM_5.4.0_ManNode_A01.tar.gz
  5. Move into install directory
    • cd linux/supportscripts
  6. Install Openmanage upgrade
    • ./srvadmin-install.sh -b -w -r -s
  7. Start OpenManage
    • ./srvadmin-services.sh start

Confirm CPU Virtualisation is Enabled

  1. Browse to server's IT Assistant
    1. EG https://esx:1311
  2. Navigate to System\Main System Chassis\BIOS page, and go to the Setup tab
  3. Ensure "CPU Virtualization Technology" is enabled
    1. Enable if not, go into option and select "Enabled"
    2. Hit "Apply Changes", then "Reboot System" to apply

Upgrade ESX software

  1. Move into install
    • cd /home/user/VMware-esx-upgrade-from-esx3-3.5.0-64607a\3.5.0-64607
  2. Run update install
    • esxupdate -n update
  3. On completion reboot ESX
  4. Confirm reboot complete (takes a few mins) and Virtual Centre reconnects sucessfully

Apply ESX patches

This section of procedure is depreciated due to a fault with Update Manager - do not use it

  1. Run up Virtual Infrastructure client and ensure you've the right version installed...
    • Help | About... Client should be v2.5.0 build 84767
      • If not, browse to vcentre and install new version
  2. Ensure you've got the Update Manager plug-in installed and enabled
    • Plugins | Manage Plugins.., Available tab: Update Manager should be installed
    • Installed tab, Update Manager should be enabled
  3. Highlight the ESX, righ-click and select Scan for updates
  4. Once the scan has completed go to the Update Manager tab
  5. Right-click over the "ESX baseline (9 Jun 08)" baseline and select Remediate
    • VC will scan the ESX's, then push out all applicable update, then reboot the ESX

This is the procedure to use...

  1. Ensure ESX is in Maintenance Mode
  2. Enable FTP client access to outside world
    • esxcfg-firewall -e ftpClient
  3. Use esxupdate to apply all patches from the patch depot on uklonvcp1
  4. ESX will reboot once all patches installed

Tidy Up

  1. Show disk usage (note for later comparison)
    • df -h
  2. Delete files...
    • rm -f -d -r docs/
    • rm -f -d -r linux/
    • rm -f -d -r 3.5.0-64607/
    • rm -f *.BIN
    • rm -f OM_5.4.0_ManNode_A01.tar.gz
  3. Flush the local ESX FTP cache
  4. Show disk usage (should have reduced from earlier check)
    • df -h
  5. Disable FTP client access
    • esxcfg-firewall -d ftpClient

Apply VM Tools upgrade

  1. Take ESX out of maintenance mode
  2. Start up the Virtual Machines
  3. Ensure no software is started
  4. Select them all in Virtual Centre (highlight the ESX in left window, then go to the Virtual Machines tab)
  5. Right click, and select Install/Upgrade Tools, and select Automatic upgrade
  6. VC will upgrade VM Tools on the VM's then reboot them

Harmonise Resource Pool Shares

  1. Go to the Resource Allocation tab for the cluster
  2. In the CPU view check that all Limit's are set to Unlimited and Shares are set to Normal
  3. In the Memory view check that all Shares are set to Normal

Enable Cisco Discovery Protocol

  1. Log into the ESX via the command shell
  2. Display all vSwitches
    • esxcfg-vswitch -l
  3. For each vSwitch...
    1. Confirm CDP is set to listen
      • esxcfg-vswitch -b vSwitch0
    2. If down, enable it...
      • esxcfg-vswitch -B listen vSwitch0

Final checks

  1. Ensure all applicable software is started on VM's
  2. Ensure no alarms on Netcool for affected VM's or ESX's