DISCLAIMER: This procedure may DESTROY your server, then:
- Backup before going on, and hopefully check the restore! (backup is nothing if restore doesn’t work…)
- Verify requirements (if you already have ESXi mostly fitted)
- See docs and study your situation before taking action
Act on your own responsibility: this procedure may not work for you!
The mission
My problem was to Upgrade ESXi server using the CLI as stated in this useful link, but the server must be in “maintenance mode” which stop all VMs, FW included: the management IP is on the LAN port, not the WAN one.
My server
- contain the Main FireWall VM which rulez all 4 physical network for Virtual and Physical machines
- have the default gateway and DNS on FW LAN port, nor the WAN one (“Use the security basics Luke!, at least…”)
Then I have to let ESXi connect to internet while FW VM is off and I have to add new kernel interface on the WAN port enabled for management.
Requirements
- Access to ESXi server console
- Access to ALL physical network with a windows PC with vSphere client installed and a browser
The procedure
- Connect PC on LAN port and use vSphere client to connect and create the kenel port enabled for management on WAN physical port:
- Modify DNS and Default GW using the wan router IP
- Connect PC to WAN switch/router and swith off LAN port with command “esxcli network nic down -n vmnicN” with N the number of your port
- Let ESXi look online the available releases with command “esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep -i ESXi-6” and if it look like following
- If it works you can enable again the LAN net with command “esxcli network nic down -n vmnicN”
- Stop all VM and put server in “maintenance mode”
- Get the actual version with command “esxcli software profile get”
- Do the upgrade with your selected version with command “esxcli software profile update -p ESXi-6.7.0-20190104001-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml”: hope you will see something like the following, which means you successfully upgrade and need to reboot
- Go to the server console to follow the reboot process and reboot the server
- Once rebooted the server is still in maintenance mode and all VMs will be down: with a browser connect to server, exit the maintenance mode and start the FW VM (for v 6.7 the vSphere client is not supported)
- Connect the PC to LAN port and go to LAN management IP with the browser.
- Rollback the DNS and GW as before
- Remove the management port created for the job
TADA!
Enjoy your brand new updated server!