You want to redeploy an NSX Edge VM when it becomes defunct or its placement in the datacenter needs to change. For example, when the NSX Edge must be moved to another datastore or compute resource, redeploy the NSX Edge node. You can also move the node to another network. However, there could be other reasons to redeploy depending on your network requirements.
You can only redeploy an existing NSX Edge node (physical server or NSX Edge VM appliance) with an NSX Edge VM appliance.
Prerequisites
-
While you can change some configurations of NSX Edge transport node payload, do not change these configurations on the existing NSX Edge node, that is to be redeployed by a new node:
- Failure domain
- Transport node connectivity
- Physical NIC configuration
- Logical routers
- Load balancer allocations
-
Ensure connectivity between NSX Edge node and NSX Manager is down if the existing NSX Edgenode is a physical server or a manually deployed VM through vSphere Client. If connectivity is Up, then NSX does not allow the existing NSX Edge node to be replaced with a new one.
- Existing autodeployed NSX Edge will remain with hardware version 13. Starting with NSX 4.0.1.1, if the NSX Edge VM is redeployed, the new NSX Edge VM is automatically deployed with an upgraded hardware version compatible with the ESXi host version. VM hardware versions compatible with ESXi hosts are listed in KB article 2007240.
Procedure
What to do next
- If you want to bring up a replaced physical server or manually deployed NSX Edge VM appliance as part of your network, ensure that the node is disconnected from the network. Then, run del nsx to completely delete NSX VIBs on the node. See the NSX Installation Guide for more details on del nsx.
After you run del nsx on the host, old entries of logical routers, VTEP IP addresses, uplink IP addresses are released. You can now prepare the replaced physical server as a new NSX transport node.
- After you redeploy a NSX Edge VM Appliance, few of the security parameters are set to their default values. Reconfigure these parameters as per your environment.
- set auth-policy minimum-password-length <password-length-arg>
Set the minimum number of characters that passwords must have. The smallest value that can be set is 8
For example, nsx> set auth-policy minimum-password-length 12
- set user <node-username> password-expiration <password-expiration-arg>
Set number of days the user's password is valid after a password change.
Where, <username> is the Username of user,
<password-expiration> is the number of days password valid after change (1 - 9999)
For example, nsx> set user audit password-expiration 120
- set auth-policy cli max-auth-failures <auth-failures-arg>
Set the number of failed CLI authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled.
Where, <auth-failures> is the number of authentication failures to trigger lockout
For example, nsx> set auth-policy cli max-auth-failures 5
-
set banner
Set the security banner or message of the day.
For example, nsx> set banner
Enter TEXT message. End with 'Ctrl-D'
reset dataplane hugepage
Reset the hugepage-related boot time option to factory default.
For examplensx-edge-1> reset dataplane hugepage
0000:0b:00.0 already bound to driver vfio-pci, skipping 0000:1b:00.0 already bound to driver vfio-pci, skipping 0000:13:00.0 already bound to driver vfio-pci, skipping INFO: Config was written to: /config/vmware/edge/config.json Generating grub configuration file ... Found linux image: /vmlinuz-3.14.17-nn4-server Found initrd image: //initrd.img-3.14.17-nn4-server File descriptor 4 (/tmp/ffinvYglp (deleted)) leaked on lvs invocation. Parent PID 32203: /bin/sh done INFO: Updated grub. Please reboot to take effect.
- set auth-policy minimum-password-length <password-length-arg>