-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade guide document #1229
Merged
Merged
Upgrade guide document #1229
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,200 @@ | ||
--- | ||
layout: "nsxt" | ||
page_title: "VMware NSX Terraform Provider NSX upgrade support" | ||
description: |- | ||
VMware NSX Terraform Provider NSX upgrade support | ||
--- | ||
|
||
# NSX Provider for NSX Upgrade | ||
|
||
NSX Terraform Provider offers support for [upgrading NSX components](https://docs.vmware.com/en/VMware-NSX/4.1/upgrade/GUID-E04242D7-EF09-4601-8906-3FA77FBB06BD.html). | ||
|
||
The provider support consists of several resources and data sources which can perform a complete upgrade cycle. | ||
The NSX Terraform provider support upgrades for NSX on ESX hosts, NSX Edge appliances, and NSX manager appliances. | ||
|
||
**NOTE:** The upgrade process using the Terraform NSXT provider assumes that the Terraform NSX provider uses NSX upgrade | ||
components exclusively. Therefore, concurrent changess to upgrade components via other means, e.g. UI, might fail the process. | ||
**NOTE:** The NSX upgrade process should start each upgrade with a clean state. So whenever an upgrade is executed, e.g. | ||
from v3.2.3 to v4.1.1 the Terraform state file should be retained until the upgrade is completed. Then, if the same plan | ||
is used later on to upgrade from v4.1.1 to v4.2.0, the Terraform state file should be deleted prior to applying the plan. | ||
|
||
## Upgrade process steps | ||
|
||
### Preparation for upgrade | ||
|
||
Upgrade preparation consists of several actions, and is performed using [nsxt_upgrade_prepare](../resources/upgrade_prepare.html.markdown): | ||
salv-orlando marked this conversation as resolved.
Show resolved
Hide resolved
|
||
* Uploading the upgrade and precheck bundles. | ||
* Acceptance of the user agreement. | ||
* Reporting of failed pre-checks. | ||
|
||
**NOTE:** Only one `nsxt_upgrade_prepare` resource should be used in the upgrade plan. | ||
|
||
```hcl | ||
resource "nsxt_upgrade_prepare" "prepare_res" { | ||
upgrade_bundle_url = "http://url-to-upgrade-bundle.mub" | ||
precheck_bundle_url = "http://url-to-precheck-bundle.pub" | ||
accept_user_agreement = true | ||
} | ||
``` | ||
|
||
**NOTE:** Acceptance of the license agreement is required to initiate the upgrade process. | ||
**NOTE:** Precheck bundle is usable only while upgrading a NSX manager of version v4.1.1 and above. | ||
|
||
### Checking the readiness for upgrade | ||
|
||
When preparation is complete, it is required to validate the readiness for upgrade using the | ||
[nsxt_upgrade_prepare_ready](../data-sources/upgrade_prepare_ready.html.markdown) data source. | ||
When NSX preparation results with failures or warnings, the data source will fail the upgrade. | ||
Warnings should be acknowledged as described below. | ||
|
||
For example: | ||
``` | ||
Error: | ||
There are unacknowledged warnings in prechecks: | ||
Component: EDGE, code: pUBCheck, description: Checks if new version of pub available on VMware Download site. | ||
Component: MP, code: backupOperationCheck, description: Warns if backup is not taken recently and blocks management plane upgrade if backup is in progress | ||
|
||
Please address these errors from NSX or using nsxt_upgrade_precheck_acknowledge resource | ||
``` | ||
|
||
Prechecks which are in `failure' or in warning state can also be obtained from the `nsxt_upgrade_prepare` resource, | ||
using its `failed_prechecks` attribute. | ||
|
||
### Acknowledgement of upgrade issues and warnings | ||
|
||
The execution of `nsxt_upgrade_prepare` and `nsxt_upgrade_prepare_ready` could result with various warnings which would | ||
halt the upgrade process. However, warnings can be suppressed with the [nsxt_upgrade_precheck_acknowledge](../resources/upgrade_precheck_acknowledge.html.markdown) resource. | ||
|
||
The resource uses the `precheck_ids` to conclude which prechecks are safe to ignore for this upgrade cycle. | ||
salv-orlando marked this conversation as resolved.
Show resolved
Hide resolved
|
||
The `nsxt_upgrade_precheck_acknowledge` resource requires the `target_version` from the `nsxt_upgrade_prepare` resource | ||
to make sure that the acknowledged warnings are from the correct execution, and to enforce execution of the | ||
`nsxt_upgrade_precheck_acknowledge` resource after preparation is complete. | ||
|
||
The `nsxt_upgrade_prepare_ready` data source verifies that the preparation phase of the upgrade was concluded successfully | ||
and enable the execution of the upgrade. In case that there are still open issues, these will raise as described above. | ||
|
||
```hcl | ||
resource "nsxt_upgrade_precheck_acknowledge" "test" { | ||
precheck_ids = ["backupOperationCheck", "pUBCheck"] | ||
target_version = nsxt_upgrade_prepare.prepare_res.target_version | ||
} | ||
|
||
data "nsxt_upgrade_prepare_ready" "ready" { | ||
upgrade_prepare_id = nsxt_upgrade_prepare.prepare_res.id | ||
depends_on = [nsxt_upgrade_precheck_acknowledge.test] | ||
} | ||
``` | ||
|
||
### Running the upgrade | ||
|
||
In order to configure and execute upgrade of NSXT edges, hosts, and managers, use [nsxt_upgrade_run](../resources/upgrade_run.html.markdown) resource. | ||
|
||
This resource will start with configuration of upgrade unit groups and upgrade plan settings for `EDGE`and `HOST` | ||
components. Host component groups may be created within this resource with custom host lists and attributes, or it can | ||
use the predefined groups which NSX provides. | ||
|
||
Following the configuration of the edge, host groups, it will execute the upgrade for each component. If there are | ||
either `EDGE` or `HOST` groups excluded from the upgrade, the corresponding component will be paused after enabled | ||
salv-orlando marked this conversation as resolved.
Show resolved
Hide resolved
|
||
groups get upgraded. At the same time, `MP` upgrade won't be processed, because that requires `EDGE` and `HOST` to be | ||
fully upgraded. Refer to the exposed attribute for current upgrade state details. For example, check `upgrade_plan` | ||
salv-orlando marked this conversation as resolved.
Show resolved
Hide resolved
|
||
for current upgrade plan, which also includes the plan not specified in this resource and `state` for upgrade status of | ||
each component and UpgradeUnitGroups in the component. For more details, please check NSX admin guide. | ||
salv-orlando marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
The order of the groups within the `nsxt_upgrade_run` resource defined the order of the upgrade execution. | ||
|
||
In the example below, host_group `HostWithDifferentSettings` will use different settings than the defaulted ones. The | ||
salv-orlando marked this conversation as resolved.
Show resolved
Hide resolved
|
||
group configuration is initiated with the `nsxt_upgrade_run` while the other groups in this example are predefined and | ||
consumed using the data sources `nsxt_edge_upgrade_group` and `nsxt_host_upgrade_group`. | ||
|
||
**NOTE:** Only one `nsxt_upgrade_run` resource should be used in the upgrade plan. | ||
|
||
```hcl | ||
resource "nsxt_upgrade_run" "run" { | ||
upgrade_prepare_ready_id = data.nsxt_upgrade_prepare_ready.ready.id | ||
|
||
edge_group { | ||
id = data.nsxt_edge_upgrade_group.eg1.id | ||
enabled = false | ||
} | ||
|
||
edge_group { | ||
id = data.nsxt_edge_upgrade_group.eg2.id | ||
enabled = true | ||
} | ||
|
||
host_group { | ||
id = data.nsxt_host_upgrade_group.hg1.id | ||
parallel = true | ||
} | ||
|
||
data "nsxt_policy_host_transport_node" "host_transport_node1" { | ||
display_name = "host_transport_node1" | ||
} | ||
|
||
host_group { | ||
display_name = "HostWithDifferentSettings" | ||
parallel = false | ||
hosts = [data.nsxt_policy_host_transport_node.host_transport_node1.id] | ||
} | ||
|
||
data "nsxt_policy_host_transport_node" "host_transport_node2" { | ||
display_name = "host_transport_node2" | ||
} | ||
|
||
data "nsxt_policy_host_transport_node" "host_transport_node3" { | ||
display_name = "host_transport_node3" | ||
} | ||
|
||
host_group { | ||
display_name = "OtherHostsWithDifferentSettings" | ||
parallel = true | ||
rebootless_upgrade = false | ||
hosts = [ | ||
data.nsxt_policy_host_transport_node.host_transport_node2.id, | ||
data.nsxt_policy_host_transport_node.host_transport_node3.id] | ||
} | ||
|
||
edge_upgrade_setting { | ||
parallel = true | ||
post_upgrade_check = true | ||
} | ||
|
||
host_upgrade_setting { | ||
parallel = true | ||
post_upgrade_check = true | ||
} | ||
} | ||
``` | ||
|
||
### Post upgrade checks | ||
|
||
Upgrade post check data sources can be used to examine the results of the edge and host upgrades, to cunclude if the | ||
upgrade has completed successfully. | ||
|
||
The example below uses Terraform `check` to test the upgrade results. | ||
|
||
```hcl | ||
data "nsxt_upgrade_postcheck" "pc1" { | ||
upgrade_run_id = nsxt_upgrade_run.run.id | ||
type = "EDGE" | ||
} | ||
|
||
data "nsxt_upgrade_postcheck" "pc2" { | ||
upgrade_run_id = nsxt_upgrade_run.run.id | ||
type = "HOST" | ||
} | ||
|
||
check "edge_post_check" { | ||
assert { | ||
condition = data.nsxt_upgrade_postcheck.pc1.failed_group == null | ||
error_message = "Edge group upgrade check failed" | ||
} | ||
} | ||
|
||
check "host_post_check" { | ||
assert { | ||
condition = data.nsxt_upgrade_postcheck.pc2.failed_group == null | ||
error_message = "Host group upgrade check failed" | ||
} | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets emphasize that upgrade configuration and state should be dedicated to upgrade only, and not shared with regular terraform config and state
Also do we want to recommend that state is cleared post successful upgrade?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done - I added a note at the beginning of the doc, about state management for upgrade.