You must use the Security Intelligence CLI when upgrading your Security Intelligence 1.0 installation to Security Intelligence version 1.1 or later.
Beginning with Security Intelligence version 1.1, you upgrade the Security Intelligence version 1.1 or later appliance using the NSX Manager UI only. Although you can upgrade from version 1.1 of the appliance using the CLI, that CLI upgrade process does not include important pre-upgrade checks. See Upgrade the Security Intelligence 1.1 Using the UI.
To upgrade from Security Intelligence 1.0.x to Security Intelligence 3.2 or later, you must first upgrade your current installation to Security Intelligence 1.2.x using the Security Intelligence 1.0.x CLI. You must then use the NSX Manager 3.1.x UI to upgrade to Security Intelligence 3.2 or later.
小心:
When using the CLI method to upgrade the Security Intelligence appliance, do not forcefully end the SSH session or press Ctrl+C. Doing so ends the upgrade process and might leave the Security Intelligence appliance in an unhealthy state.
前提条件
Download the Security Intelligence upgrade bundle (.nub) file. See 下载 Security Intelligence 升级包.
Verify that there is free space in the /tmp partition in the Security Intelligence host. The free space must be at least the size of the .nub upgrade bundle file that you downloaded.
Also verify that there is at least twice the size of the .nub upgrade bundle file or 4 GB of free space in the /image partition in the Security Intelligence host.
过程
- Log in to your Security Intelligence appliance using the CLI admin credentials that you had set up during the previous Security Intelligence appliance deployment.
$ssh admin@<Security Intelligence IP Address>
- From the Security Intelligence command line, use the following command to copy the Security Intelligence.nub upgrade file from where you downloaded it.
copy url <url_to_NSX_intelligence_upgrade_nub>
Following is an example, using a Security Intelligence version 1.2 .nub file.
copy url http://localserver/VMware-NSX-Intelligence-appliance-1.2.0.0.0.16730870.nub
- Verify the upgrade bundle using the following command.
提示:
Press Tab after entering upgrade-bundle and the <upgrade_bundle_name> is auto-filled.
verify upgrade-bundle upgrade_bundle_name
Following is a sample output for updating the verify upgrade-bundle command.
Checking upgrade bundle /var/vmware/nsx/file-store/VMware-NSX-Intelligence-appliance-1.2.0.0.0.16730870.nub contents
Verifying bundle VMware-NSX-Intelligence-appliance-1.2.0.0.0.16730870.bundle with signature VMware-NSX-Intelligence-appliance-1.2.0.0.0.16730870.bundle.sig
Moving bundle to /image/VMware-NSX-Intelligence-appliance-1.2.0.0.0.16730870.bundle
Extracting bundle payload
Successfully verified upgrade bundle
Bundle manifest:
appliance_type: 'nsx-intelligence-appliance'
version: '1.2.0.0.0.16730870'
os_image_path: 'files/nsx-root.squashfs'
os_image_md5_path: 'files/nsx-root.squashfs.md5'
Current upgrade info:
{
"info": "",
"body": {
"meta": {
"from_version": "1.0.1.0.0.14576942",
"old_data_dev": "/dev/mapper/nsx-data",
"new_data_dev": "/dev/mapper/nsx-data__bak",
"new_os_dev": "/dev/sda3",
"to_version": "1.2.0.0.0.16730870",
"new_config_dev": "/dev/mapper/nsx-config__bak",
"old_os_dev": "/dev/sda2",
"bundle_path": "/image/VMware-NSX-Intelligence-appliance-1.2.0.0.0.16730870",
"old_config_dev": "/dev/mapper/nsx-config"
},
"history": []
},
"state": 1,
"state_text": "CMD_SUCCESS"
}
- Upgrade the Security Intelligence 1.0.x appliance using the Security Intelligence Playbook.
提示:
Press Tab after entering upgrade-bundle and the <upgrade_bundle_name> is auto-filled. Press Tab after entering playbook and the <nsx_intelligence_playbook_name> is auto-populated.
start upgrade-bundle <upgrade_bundle_name> playbook <nsx_intelligence_playbook_name>
注:
If the /data partition is large, the step to copy data from that partition might take some time to finish if the partition is large.
The system reboots as part of the upgrade process, as shown in the following example.
mynsxintel> start upgrade-bundle VMware-NSX-Intelligence-appliance-1.2.0.0.0.16730870 playbook VMware-NSX-Intelligence-appliance-1.2.0.0.0.16730870-playbook
****************************************************************************
Node Upgrade is in progress. Please do not make any changes, until
the upgrade operation is complete.
****************************************************************************
2020-09-13 13:50:26,455 - Validating playbook /var/vmware/nsx/file-store/VMware-NSX-Intelligence-appliance-1.2.0.0.0.16730870-playbook.yml
2020-09-13 13:50:26,583 - Running "shutdown_pace_svc" (step 1 of 7)
2020-09-13 13:50:51,734 - Running "install_os" (step 2 of 7)
2020-09-13 13:51:55,482 - Running "retain_pace_config" (step 3 of 7)
2020-09-13 13:52:00,529 - Running "switch_os" (step 4 of 7)
2020-09-13 13:52:17,786 -
System will now reboot (step 5 of 7)
{
"info": "",
"body": null,
"state": 1,
"state_text": "CMD_SUCCESS"
}
mynsxintel>
Broadcast message from root@mynsxintel (Fri 2020-09-13 13:52:22 UTC):
The system is going down for reboot at Fri 2020-09-13 13:53:22 UTC!
- (可选) If you are upgrading from Security Intelligence 1.0.1 or later, you can verify the upgrade's progress using the following command.
get upgrade progress-status
- (可选) After the reboot process is finished, log in to the Security Intelligence appliance console as admin and run the following command to verify the appliance upgrade status.
get upgrade progress-status | json
- (可选) From the Security Intelligence appliance console, verify that the Security Intelligence appliance version is correct and matches the version of the upgrade bundle you downloaded from the Broadcom support portal.
Following is a sample output based on the examples used in earlier steps.
mynsxintel> get version
VMware NSX Intelligence, Version 1.2.0.0.0.16730870
