6.5の最新にはアップデートできたけど、まぁやっぱり特にしがらみはないので6.7にしてみる。
本記事ではESXi 6.5の最新バージョンからESXi 6.7へのアップグレードについて記載。

zaki-hmkc.hatenablog.com

• 作業の流れ
• パッチダウンロード
• パッチの適用

作業の流れ

docs.vmware.com

6.5の場合と大体同じ。はず。
(実際はサブコマンドが若干異なっていた)

パッチダウンロード

2020.11.21時点で最新はこれ。

docs.vmware.com

アップデートファイル(zip)の入手は6.5のときと同様に「製品パッチ」で6.7を検索し、「ESXi670-202011002」をダウンロードする。
ダウンロードしたzipファイルは6.5のときと同様にデータストアへコピーしておく。

パッチの適用

予めVMを全てシャットダウンしておく。
その上でESXiにSSHログインし、CLIで作業実施。
ちなみに今回はメンテナンスモードにはしなかった。

[root@localhost:~] esxcli software vib update -d /vmfs/volumes/cheddar-share/disk2/archive/iso/ESXi670-202011002.zip --dry-run
 [DependencyError]
 VIB VMware_bootbank_esx-base_6.7.0-3.132.17167734 requires esx-update >= 6.7.0-3.132, but the requirement cannot be satisfied within the ImageProfile.
 VIB VMware_bootbank_esx-base_6.7.0-3.132.17167734 requires esx-update << 6.7.0-3.133, but the requirement cannot be satisfied within the ImageProfile.
 Please refer to the log file for more details.

おや？

esxcli software vibでなくesxcli software profileっぽい。

[root@localhost:~] esxcli software profile update -d /vmfs/volumes/cheddar-share/disk2/archive/iso/ESXi670-202011002.zip --dry-run
Error: Missing required parameter -p|--profile

Usage: esxcli software profile update [cmd options]

Description:
  update                Updates the host with VIBs from an image profile in a depot. Installed VIBs may be upgraded (or downgraded if --allow-downgrades is specified), but they will not be removed. Any VIBs in the image
                        profile which are not related to any installed VIBs will be added to the host. WARNING: If your installation requires a reboot, you need to disable HA first.

Cmd options:
  --allow-downgrades    If this option is specified, then the VIBs from the image profile which update, downgrade, or are new to the host will be installed. If the option is not specified, then the VIBs which update or
                        are new to the host will be installed.
  -d|--depot=[ <str> ... ]
                        Specifies full remote URLs of the depot index.xml or server file path pointing to an offline bundle .zip file. (required)
  --dry-run             Performs a dry-run only. Report the VIB-level operations that would be performed, but do not change anything in the system.
  -f|--force            Bypasses checks for package dependencies, conflicts, obsolescence, and acceptance levels. Really not recommended unless you know what you are doing. Use of this option will result in a warning
                        being displayed in the vSphere Client.  Use this option only when instructed to do so by VMware Technical Support.
  --maintenance-mode    Pretends that maintenance mode is in effect. Otherwise, installation will stop for live installs that require maintenance mode. This flag has no effect for reboot required remediations.
  --no-live-install     Forces an install to /altbootbank even if the VIBs are eligible for live installation or removal. Will cause installation to be skipped on PXE-booted hosts.
  --no-sig-check        Bypasses acceptance level verification, including signing. Use of this option poses a large security risk and will result in a SECURITY ALERT warning being displayed in the vSphere Client.
  -p|--profile=<str>    Specifies the name of the image profile to update the host with. (required)
  --proxy=<str>         Specifies a proxy server to use for HTTP, FTP, and HTTPS connections. The format is proxy-url:port.

-p|--profileオプションが必須とのこと。
雑につけて実行してみると、パラメタが必要みたい。

[root@localhost:~] esxcli software profile update -d /vmfs/volumes/cheddar-share/disk2/archive/iso/ESXi670-202011002.zip --dry-run -p
Error: -p must have value

-p|--profile= Specifies the name of the image profile to update the host with. (required)

うん、「image profile」ってなんだ？

サブコマンドを遡っていくと、esxcli software sources profileというのがあるみたい。

[root@localhost:~] esxcli software sources
Usage: esxcli software sources {cmd} [cmd options]

Available Namespaces:
  profile               Query depot contents image profiles
  vib                   Query depot contents for VIBs; display information about VIB URLs and files

このサブコマンドに更にlistがあり、image profile一覧を確認できる。

[root@localhost:~] esxcli software sources profile list -d /vmfs/volumes/cheddar-share/disk2/archive/iso/ESXi670-202011002.zip
Name                              Vendor        Acceptance Level  Creation Time        Modification Time
--------------------------------  ------------  ----------------  -------------------  -------------------
ESXi-6.7.0-20201101001s-standard  VMware, Inc.  PartnerSupported  2020-11-11T12:41:00  2020-11-11T12:41:00
ESXi-6.7.0-20201104001-no-tools   VMware, Inc.  PartnerSupported  2020-11-11T12:41:00  2020-11-11T12:41:00
ESXi-6.7.0-20201104001-standard   VMware, Inc.  PartnerSupported  2020-11-11T12:41:00  2020-11-11T12:41:00
ESXi-6.7.0-20201101001s-no-tools  VMware, Inc.  PartnerSupported  2020-11-11T12:41:00  2020-11-11T12:41:00

それで…？

site:docs.vmware.com "s-standard"でググってもよくわからず。
ネット全体でググるとNEC社の製品PDFがヒットして、それによると以下の通り。

パッチに含まれるプロファイルは、通常下記 4 点含まれます。標準のアップデートでは 1 番目の標準イメージプロファイルを使用します。

1. 標準イメージプロファイル (末尾が「-standard」)
2. no-tools イメージプロファイル (末尾が「-no-toosl」)
3. セキュリティ更新のみを含むイメージプロファイル (末尾が「s-standard」
4. セキュリティ更新のみの no-tools イメージプロファイル (末尾が「s-no-tools」)

というわけで、-standardを使えば良さそう。

[root@localhost:~] esxcli software profile update -d /vmfs/volumes/cheddar-share/disk2/archive/iso/ESXi670-202011002.zip -p ESXi-6.7.0-20201101001s-standard --dry-run
Update Result
   Message: Dryrun only, host not changed. The following installers will be applied: [BootBankInstaller, LockerInstaller]
   Reboot Required: true
   VIBs Installed: VMW_bootbank_ata-libata-92_3.00.9.2-16vmw.670.0.0.8169922, VMW_bootbank_ata-pata-amd_0.3.10-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-atiixp_0.4.6-4vmw.670.0.0.8169922, VMW_bootbank_ata-pata-cmd64x_0.2.5-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-hpt3x2n_0.3.4-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-pdc2027x_1.0-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-serverworks_0.4.3-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-sil680_0.4.8-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-via_0.3.3-2vmw.670.0.0.8169922, VMW_bootbank_block-cciss_3.6.14-10vmw.670.0.0.8169922, VMW_bootbank_bnxtnet_20.6.101.7-24vmw.670.3.73.14320388, VMW_bootbank_bnxtroce_20.6.101.0-20vmw.670.1.28.10302608, VMW_bootbank_brcmfcoe_11.4.1078.25-14vmw.670.3.73.14320388, VMW_bootbank_char-random_1.0-3vmw.670.0.0.8169922, VMW_bootbank_ehci-ehci-hcd_1.0-4vmw.670.0.0.8169922, VMW_bootbank_elxiscsi_11.4.1174.0-2vmw.670.0.0.8169922, VMW_bootbank_elxnet_11.4.1097.0-5vmw.670.3.73.14320388, VMW_bootbank_hid-hid_1.0-3vmw.670.0.0.8169922, VMW_bootbank_i40en_1.8.1.9-2vmw.670.3.73.14320388, VMW_bootbank_iavmd_1.2.0.1011-2vmw.670.0.0.8169922, VMW_bootbank_igbn_0.1.1.0-5vmw.670.3.73.14320388, VMW_bootbank_ima-qla4xxx_2.02.18-1vmw.670.0.0.8169922, VMW_bootbank_ipmi-ipmi-devintf_39.1-5vmw.670.1.28.10302608, VMW_bootbank_ipmi-ipmi-msghandler_39.1-5vmw.670.1.28.10302608, VMW_bootbank_ipmi-ipmi-si-drv_39.1-5vmw.670.1.28.10302608, VMW_bootbank_iser_1.0.0.0-1vmw.670.1.28.10302608, VMW_bootbank_ixgben_1.7.1.16-2vmw.670.3.104.16075168, VMW_bootbank_lpfc_11.4.33.26-14vmw.670.3.104.16075168, VMW_bootbank_lpnic_11.4.59.0-1vmw.670.0.0.8169922, VMW_bootbank_lsi-mr3_7.708.07.00-3vmw.670.3.73.14320388, VMW_bootbank_lsi-msgpt2_20.00.06.00-2vmw.670.3.73.14320388, VMW_bootbank_lsi-msgpt35_09.00.00.00-5vmw.670.3.73.14320388, VMW_bootbank_lsi-msgpt3_17.00.02.00-1vmw.670.3.73.14320388, VMW_bootbank_misc-cnic-register_1.78.75.v60.7-1vmw.670.0.0.8169922, VMW_bootbank_misc-drivers_6.7.0-2.48.13006603, VMW_bootbank_mtip32xx-native_3.9.8-1vmw.670.1.28.10302608, VMW_bootbank_ne1000_0.8.4-2vmw.670.2.48.13006603, VMW_bootbank_nenic_1.0.29.0-1vmw.670.3.73.14320388, VMW_bootbank_net-bnx2_2.2.4f.v60.10-2vmw.670.0.0.8169922, VMW_bootbank_net-bnx2x_1.78.80.v60.12-2vmw.670.0.0.8169922, VMW_bootbank_net-cdc-ether_1.0-3vmw.670.0.0.8169922, VMW_bootbank_net-cnic_1.78.76.v60.13-2vmw.670.0.0.8169922, VMW_bootbank_net-e1000_8.0.3.1-5vmw.670.3.112.16701467, VMW_bootbank_net-e1000e_3.2.2.1-2vmw.670.0.0.8169922, VMW_bootbank_net-enic_2.1.2.38-2vmw.670.0.0.8169922, VMW_bootbank_net-fcoe_1.0.29.9.3-7vmw.670.0.0.8169922, VMW_bootbank_net-forcedeth_0.61-2vmw.670.0.0.8169922, VMW_bootbank_net-igb_5.0.5.1.1-5vmw.670.0.0.8169922, VMW_bootbank_net-ixgbe_3.7.13.7.14iov-20vmw.670.0.0.8169922, VMW_bootbank_net-libfcoe-92_1.0.24.9.4-8vmw.670.0.0.8169922, VMW_bootbank_net-mlx4-core_1.9.7.0-1vmw.670.0.0.8169922, VMW_bootbank_net-mlx4-en_1.9.7.0-1vmw.670.0.0.8169922, VMW_bootbank_net-nx-nic_5.0.621-5vmw.670.0.0.8169922, VMW_bootbank_net-tg3_3.131d.v60.4-2vmw.670.0.0.8169922, VMW_bootbank_net-usbnet_1.0-3vmw.670.0.0.8169922, VMW_bootbank_net-vmxnet3_1.1.3.0-3vmw.670.3.104.16075168, VMW_bootbank_nfnic_4.0.0.44-0vmw.670.3.104.16075168, VMW_bootbank_nhpsa_2.0.22-3vmw.670.1.28.10302608, VMW_bootbank_nmlx4-core_3.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_nmlx4-en_3.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_nmlx4-rdma_3.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_nmlx5-core_4.17.13.1-1vmw.670.3.73.14320388, VMW_bootbank_nmlx5-rdma_4.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_ntg3_4.1.5.0-0vmw.670.3.116.16713306, VMW_bootbank_nvme_1.2.2.28-3vmw.670.3.116.16713306, VMW_bootbank_nvmxnet3-ens_2.0.0.21-1vmw.670.0.0.8169922, VMW_bootbank_nvmxnet3_2.0.0.29-1vmw.670.1.28.10302608, VMW_bootbank_ohci-usb-ohci_1.0-3vmw.670.0.0.8169922, VMW_bootbank_pvscsi_0.1-2vmw.670.0.0.8169922, VMW_bootbank_qcnic_1.0.2.0.4-1vmw.670.0.0.8169922, VMW_bootbank_qedentv_2.0.6.4-10vmw.670.1.28.10302608, VMW_bootbank_qfle3_1.0.50.11-9vmw.670.0.0.8169922, VMW_bootbank_qfle3f_1.0.25.0.2-15vmw.670.3.104.16075168, VMW_bootbank_qfle3i_1.0.2.3.9-3vmw.670.0.0.8169922, VMW_bootbank_qflge_1.1.0.11-1vmw.670.0.0.8169922, VMW_bootbank_sata-ahci_3.0-26vmw.670.0.0.8169922, VMW_bootbank_sata-ata-piix_2.12-10vmw.670.0.0.8169922, VMW_bootbank_sata-sata-nv_3.5-4vmw.670.0.0.8169922, VMW_bootbank_sata-sata-promise_2.12-3vmw.670.0.0.8169922, VMW_bootbank_sata-sata-sil24_1.1-1vmw.670.0.0.8169922, VMW_bootbank_sata-sata-sil_2.3-4vmw.670.0.0.8169922, VMW_bootbank_sata-sata-svw_2.3-3vmw.670.0.0.8169922, VMW_bootbank_scsi-aacraid_1.1.5.1-9vmw.670.0.0.8169922, VMW_bootbank_scsi-adp94xx_1.0.8.12-6vmw.670.0.0.8169922, VMW_bootbank_scsi-aic79xx_3.1-6vmw.670.0.0.8169922, VMW_bootbank_scsi-bnx2fc_1.78.78.v60.8-1vmw.670.0.0.8169922, VMW_bootbank_scsi-bnx2i_2.78.76.v60.8-1vmw.670.0.0.8169922, VMW_bootbank_scsi-fnic_1.5.0.45-3vmw.670.0.0.8169922, VMW_bootbank_scsi-hpsa_6.0.0.84-3vmw.670.0.0.8169922, VMW_bootbank_scsi-ips_7.12.05-4vmw.670.0.0.8169922, VMW_bootbank_scsi-iscsi-linux-92_1.0.0.2-3vmw.670.0.0.8169922, VMW_bootbank_scsi-libfc-92_1.0.40.9.3-5vmw.670.0.0.8169922, VMW_bootbank_scsi-megaraid-mbox_2.20.5.1-6vmw.670.0.0.8169922, VMW_bootbank_scsi-megaraid-sas_6.603.55.00-2vmw.670.0.0.8169922, VMW_bootbank_scsi-megaraid2_2.00.4-9vmw.670.0.0.8169922, VMW_bootbank_scsi-mpt2sas_19.00.00.00-2vmw.670.0.0.8169922, VMW_bootbank_scsi-mptsas_4.23.01.00-10vmw.670.0.0.8169922, VMW_bootbank_scsi-mptspi_4.23.01.00-10vmw.670.0.0.8169922, VMW_bootbank_scsi-qla4xxx_5.01.03.2-7vmw.670.0.0.8169922, VMW_bootbank_sfvmk_1.0.0.1003-7vmw.670.3.104.16075168, VMW_bootbank_shim-iscsi-linux-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-iscsi-linux-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libata-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libata-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libfc-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libfc-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libfcoe-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libfcoe-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-vmklinux-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-vmklinux-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-vmklinux-9-2-3-0_6.7.0-0.0.8169922, VMW_bootbank_smartpqi_1.0.1.553-28vmw.670.3.73.14320388, VMW_bootbank_uhci-usb-uhci_1.0-3vmw.670.0.0.8169922, VMW_bootbank_usb-storage-usb-storage_1.0-3vmw.670.0.0.8169922, VMW_bootbank_usbcore-usb_1.0-3vmw.670.0.0.8169922, VMW_bootbank_vmkata_0.1-1vmw.670.0.0.8169922, VMW_bootbank_vmkfcoe_1.0.0.1-1vmw.670.1.28.10302608, VMW_bootbank_vmkplexer-vmkplexer_6.7.0-0.0.8169922, VMW_bootbank_vmkusb_0.1-1vmw.670.3.116.16713306, VMW_bootbank_vmw-ahci_2.0.5-1vmw.670.3.116.16713306, VMW_bootbank_xhci-xhci_1.0-3vmw.670.0.0.8169922, VMware_bootbank_cpu-microcode_6.7.0-3.112.16701467, VMware_bootbank_elx-esx-libelxima.so_11.4.1184.2-3.89.15160138, VMware_bootbank_esx-base_6.7.0-3.128.17167699, VMware_bootbank_esx-dvfilter-generic-fastpath_6.7.0-0.0.8169922, VMware_bootbank_esx-update_6.7.0-3.128.17167699, VMware_bootbank_esx-xserver_6.7.0-3.73.14320388, VMware_bootbank_lsu-hp-hpsa-plugin_2.0.0-16vmw.670.1.28.10302608, VMware_bootbank_lsu-intel-vmd-plugin_1.0.0-2vmw.670.1.28.10302608, VMware_bootbank_lsu-lsi-drivers-plugin_1.0.0-1vmw.670.2.48.13006603, VMware_bootbank_lsu-lsi-lsi-mr3-plugin_1.0.0-13vmw.670.1.28.10302608, VMware_bootbank_lsu-lsi-lsi-msgpt3-plugin_1.0.0-9vmw.670.2.48.13006603, VMware_bootbank_lsu-lsi-megaraid-sas-plugin_1.0.0-9vmw.670.0.0.8169922, VMware_bootbank_lsu-lsi-mpt2sas-plugin_2.0.0-7vmw.670.0.0.8169922, VMware_bootbank_lsu-smartpqi-plugin_1.0.0-3vmw.670.1.28.10302608, VMware_bootbank_native-misc-drivers_6.7.0-3.89.15160138, VMware_bootbank_qlnativefc_3.1.8.0-5vmw.670.3.73.14320388, VMware_bootbank_rste_2.0.2.0088-7vmw.670.0.0.8169922, VMware_bootbank_vsan_6.7.0-3.128.17098396, VMware_bootbank_vsanhealth_6.7.0-3.128.17098397, VMware_locker_tools-light_11.1.1.16303738-16701467
   VIBs Removed: VMW_bootbank_ata-libata-92_3.00.9.2-16vmw.650.0.0.4564106, VMW_bootbank_ata-pata-amd_0.3.10-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-atiixp_0.4.6-4vmw.650.0.0.4564106, VMW_bootbank_ata-pata-cmd64x_0.2.5-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-hpt3x2n_0.3.4-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-pdc2027x_1.0-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-serverworks_0.4.3-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-sil680_0.4.8-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-via_0.3.3-2vmw.650.0.0.4564106, VMW_bootbank_block-cciss_3.6.14-10vmw.650.0.0.4564106, VMW_bootbank_bnxtnet_20.6.101.7-23vmw.650.3.96.13932383, VMW_bootbank_brcmfcoe_11.4.1078.25-14vmw.650.3.96.13932383, VMW_bootbank_char-random_1.0-3vmw.650.0.0.4564106, VMW_bootbank_ehci-ehci-hcd_1.0-4vmw.650.0.14.5146846, VMW_bootbank_elxnet_11.1.91.0-1vmw.650.0.0.4564106, VMW_bootbank_hid-hid_1.0-3vmw.650.0.0.4564106, VMW_bootbank_i40en_1.8.1.9-2vmw.650.3.96.13932383, VMW_bootbank_igbn_0.1.1.0-4vmw.650.3.96.13932383, VMW_bootbank_ima-qla4xxx_2.02.18-1vmw.650.0.0.4564106, VMW_bootbank_ipmi-ipmi-devintf_39.1-5vmw.650.2.50.8294253, VMW_bootbank_ipmi-ipmi-msghandler_39.1-5vmw.650.2.50.8294253, VMW_bootbank_ipmi-ipmi-si-drv_39.1-4vmw.650.0.0.4564106, VMW_bootbank_ixgben_1.7.1.15-1vmw.650.3.96.13932383, VMW_bootbank_lpfc_11.4.33.26-14vmw.650.3.138.16576891, VMW_bootbank_lsi-mr3_7.708.07.00-3vmw.650.3.96.13932383, VMW_bootbank_lsi-msgpt2_20.00.06.00-2vmw.650.3.96.13932383, VMW_bootbank_lsi-msgpt35_09.00.00.00-5vmw.650.3.96.13932383, VMW_bootbank_lsi-msgpt3_17.00.02.00-1vmw.650.3.96.13932383, VMW_bootbank_misc-cnic-register_1.78.75.v60.7-1vmw.650.0.0.4564106, VMW_bootbank_misc-drivers_6.5.0-3.96.13932383, VMW_bootbank_mtip32xx-native_3.9.5-1vmw.650.0.0.4564106, VMW_bootbank_ne1000_0.8.3-8vmw.650.2.75.10884925, VMW_bootbank_nenic_1.0.29.0-1vmw.650.3.96.13932383, VMW_bootbank_net-bnx2_2.2.4f.v60.10-2vmw.650.0.0.4564106, VMW_bootbank_net-bnx2x_1.78.80.v60.12-1vmw.650.0.0.4564106, VMW_bootbank_net-cdc-ether_1.0-3vmw.650.0.0.4564106, VMW_bootbank_net-cnic_1.78.76.v60.13-2vmw.650.0.0.4564106, VMW_bootbank_net-e1000_8.0.3.1-5vmw.650.0.0.4564106, VMW_bootbank_net-e1000e_3.2.2.1-2vmw.650.0.0.4564106, VMW_bootbank_net-enic_2.1.2.38-2vmw.650.0.0.4564106, VMW_bootbank_net-fcoe_1.0.29.9.3-7vmw.650.0.0.4564106, VMW_bootbank_net-forcedeth_0.61-2vmw.650.0.0.4564106, VMW_bootbank_net-igb_5.0.5.1.1-5vmw.650.0.0.4564106, VMW_bootbank_net-ixgbe_3.7.13.7.14iov-20vmw.650.0.0.4564106, VMW_bootbank_net-libfcoe-92_1.0.24.9.4-8vmw.650.0.0.4564106, VMW_bootbank_net-mlx4-core_1.9.7.0-1vmw.650.0.0.4564106, VMW_bootbank_net-mlx4-en_1.9.7.0-1vmw.650.0.0.4564106, VMW_bootbank_net-nx-nic_5.0.621-5vmw.650.0.0.4564106, VMW_bootbank_net-tg3_3.131d.v60.4-2vmw.650.0.0.4564106, VMW_bootbank_net-usbnet_1.0-3vmw.650.0.0.4564106, VMW_bootbank_net-vmxnet3_1.1.3.0-3vmw.650.3.138.16576891, VMW_bootbank_nhpsa_2.0.22-3vmw.650.2.50.8294253, VMW_bootbank_nmlx4-core_3.16.0.0-1vmw.650.0.0.4564106, VMW_bootbank_nmlx4-en_3.16.0.0-1vmw.650.0.0.4564106, VMW_bootbank_nmlx4-rdma_3.16.0.0-1vmw.650.0.0.4564106, VMW_bootbank_nmlx5-core_4.16.0.0-1vmw.650.0.0.4564106, VMW_bootbank_ntg3_4.1.3.2-1vmw.650.2.75.10884925, VMW_bootbank_nvme_1.2.2.28-2vmw.650.3.129.16389870, VMW_bootbank_nvmxnet3_2.0.0.23-1vmw.650.1.36.7388607, VMW_bootbank_ohci-usb-ohci_1.0-3vmw.650.0.0.4564106, VMW_bootbank_pvscsi_0.1-1vmw.650.1.26.5969303, VMW_bootbank_qedentv_2.0.6.4-8vmw.650.2.50.8294253, VMW_bootbank_qfle3_1.0.2.7-1vmw.650.0.0.4564106, VMW_bootbank_qflge_1.1.0.3-1vmw.650.0.0.4564106, VMW_bootbank_qlnativefc_2.1.73.0-5vmw.650.3.96.13932383, VMW_bootbank_sata-ahci_3.0-26vmw.650.1.26.5969303, VMW_bootbank_sata-ata-piix_2.12-10vmw.650.0.0.4564106, VMW_bootbank_sata-sata-nv_3.5-4vmw.650.0.0.4564106, VMW_bootbank_sata-sata-promise_2.12-3vmw.650.0.0.4564106, VMW_bootbank_sata-sata-sil24_1.1-1vmw.650.0.0.4564106, VMW_bootbank_sata-sata-sil_2.3-4vmw.650.0.0.4564106, VMW_bootbank_sata-sata-svw_2.3-3vmw.650.0.0.4564106, VMW_bootbank_scsi-aacraid_1.1.5.1-9vmw.650.0.0.4564106, VMW_bootbank_scsi-adp94xx_1.0.8.12-6vmw.650.0.0.4564106, VMW_bootbank_scsi-aic79xx_3.1-5vmw.650.0.0.4564106, VMW_bootbank_scsi-bnx2fc_1.78.78.v60.8-1vmw.650.0.0.4564106, VMW_bootbank_scsi-bnx2i_2.78.76.v60.8-1vmw.650.0.0.4564106, VMW_bootbank_scsi-fnic_1.5.0.45-3vmw.650.0.0.4564106, VMW_bootbank_scsi-hpsa_6.0.0.84-1vmw.650.0.0.4564106, VMW_bootbank_scsi-ips_7.12.05-4vmw.650.0.0.4564106, VMW_bootbank_scsi-iscsi-linux-92_1.0.0.2-3vmw.650.0.0.4564106, VMW_bootbank_scsi-libfc-92_1.0.40.9.3-5vmw.650.0.0.4564106, VMW_bootbank_scsi-megaraid-mbox_2.20.5.1-6vmw.650.0.0.4564106, VMW_bootbank_scsi-megaraid-sas_6.603.55.00-2vmw.650.0.0.4564106, VMW_bootbank_scsi-megaraid2_2.00.4-9vmw.650.0.0.4564106, VMW_bootbank_scsi-mpt2sas_19.00.00.00-1vmw.650.0.0.4564106, VMW_bootbank_scsi-mptsas_4.23.01.00-10vmw.650.0.0.4564106, VMW_bootbank_scsi-mptspi_4.23.01.00-10vmw.650.0.0.4564106, VMW_bootbank_scsi-qla4xxx_5.01.03.2-7vmw.650.0.0.4564106, VMW_bootbank_shim-iscsi-linux-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-iscsi-linux-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libata-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libata-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libfc-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libfc-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libfcoe-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libfcoe-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-vmklinux-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-vmklinux-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-vmklinux-9-2-3-0_6.5.0-0.0.4564106, VMW_bootbank_smartpqi_1.0.1.553-28vmw.650.3.96.13932383, VMW_bootbank_uhci-usb-uhci_1.0-3vmw.650.0.0.4564106, VMW_bootbank_usb-storage-usb-storage_1.0-3vmw.650.0.0.4564106, VMW_bootbank_usbcore-usb_1.0-3vmw.650.2.50.8294253, VMW_bootbank_vmkata_0.1-1vmw.650.1.36.7388607, VMW_bootbank_vmkplexer-vmkplexer_6.5.0-0.0.4564106, VMW_bootbank_vmkusb_0.1-1vmw.650.3.138.16576891, VMW_bootbank_vmw-ahci_1.1.6-1vmw.650.3.96.13932383, VMW_bootbank_xhci-xhci_1.0-3vmw.650.0.0.4564106, VMware_bootbank_cpu-microcode_6.5.0-3.134.16576879, VMware_bootbank_emulex-esx-elxnetcli_11.1.28.0-0.0.4564106, VMware_bootbank_esx-base_6.5.0-3.149.17167537, VMware_bootbank_esx-dvfilter-generic-fastpath_6.5.0-1.36.7388607, VMware_bootbank_esx-tboot_6.5.0-3.149.17167537, VMware_bootbank_esx-xserver_6.5.0-3.120.15256549, VMware_bootbank_lsu-hp-hpsa-plugin_2.0.0-16vmw.650.3.96.13932383, VMware_bootbank_lsu-lsi-lsi-mr3-plugin_1.0.0-11vmw.650.2.75.10884925, VMware_bootbank_lsu-lsi-lsi-msgpt3-plugin_1.0.0-8vmw.650.2.79.11925212, VMware_bootbank_lsu-lsi-megaraid-sas-plugin_1.0.0-8vmw.650.1.26.5969303, VMware_bootbank_lsu-lsi-mpt2sas-plugin_2.0.0-6vmw.650.1.26.5969303, VMware_bootbank_native-misc-drivers_6.5.0-3.120.15256549, VMware_bootbank_rste_2.0.2.0088-4vmw.650.0.0.4564106, VMware_bootbank_vsan_6.5.0-3.149.17127931, VMware_bootbank_vsanhealth_6.5.0-3.149.17127932, VMware_locker_tools-light_6.5.0-3.134.16576879
   VIBs Skipped: VMware_bootbank_esx-ui_1.33.7-15803439, VMware_bootbank_vmware-esx-esxcli-nvme-plugin_1.2.0.36-2vmw.670.3.116.16713306
[root@localhost:~]

なるほど、大丈夫そう。

ということで--dry-runを外して実行。

[root@localhost:~] esxcli software profile update -d /vmfs/volumes/cheddar-share/disk2/archive/iso/ESXi670-202011002.zip -p ESXi-6.7.0-20201101001s-standard
Update Result
   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
   Reboot Required: true
   VIBs Installed: VMW_bootbank_ata-libata-92_3.00.9.2-16vmw.670.0.0.8169922, VMW_bootbank_ata-pata-amd_0.3.10-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-atiixp_0.4.6-4vmw.670.0.0.8169922, VMW_bootbank_ata-pata-cmd64x_0.2.5-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-hpt3x2n_0.3.4-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-pdc2027x_1.0-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-serverworks_0.4.3-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-sil680_0.4.8-3vmw.670.0.0.8169922, VMW_bootbank_ata-pata-via_0.3.3-2vmw.670.0.0.8169922, VMW_bootbank_block-cciss_3.6.14-10vmw.670.0.0.8169922, VMW_bootbank_bnxtnet_20.6.101.7-24vmw.670.3.73.14320388, VMW_bootbank_bnxtroce_20.6.101.0-20vmw.670.1.28.10302608, VMW_bootbank_brcmfcoe_11.4.1078.25-14vmw.670.3.73.14320388, VMW_bootbank_char-random_1.0-3vmw.670.0.0.8169922, VMW_bootbank_ehci-ehci-hcd_1.0-4vmw.670.0.0.8169922, VMW_bootbank_elxiscsi_11.4.1174.0-2vmw.670.0.0.8169922, VMW_bootbank_elxnet_11.4.1097.0-5vmw.670.3.73.14320388, VMW_bootbank_hid-hid_1.0-3vmw.670.0.0.8169922, VMW_bootbank_i40en_1.8.1.9-2vmw.670.3.73.14320388, VMW_bootbank_iavmd_1.2.0.1011-2vmw.670.0.0.8169922, VMW_bootbank_igbn_0.1.1.0-5vmw.670.3.73.14320388, VMW_bootbank_ima-qla4xxx_2.02.18-1vmw.670.0.0.8169922, VMW_bootbank_ipmi-ipmi-devintf_39.1-5vmw.670.1.28.10302608, VMW_bootbank_ipmi-ipmi-msghandler_39.1-5vmw.670.1.28.10302608, VMW_bootbank_ipmi-ipmi-si-drv_39.1-5vmw.670.1.28.10302608, VMW_bootbank_iser_1.0.0.0-1vmw.670.1.28.10302608, VMW_bootbank_ixgben_1.7.1.16-2vmw.670.3.104.16075168, VMW_bootbank_lpfc_11.4.33.26-14vmw.670.3.104.16075168, VMW_bootbank_lpnic_11.4.59.0-1vmw.670.0.0.8169922, VMW_bootbank_lsi-mr3_7.708.07.00-3vmw.670.3.73.14320388, VMW_bootbank_lsi-msgpt2_20.00.06.00-2vmw.670.3.73.14320388, VMW_bootbank_lsi-msgpt35_09.00.00.00-5vmw.670.3.73.14320388, VMW_bootbank_lsi-msgpt3_17.00.02.00-1vmw.670.3.73.14320388, VMW_bootbank_misc-cnic-register_1.78.75.v60.7-1vmw.670.0.0.8169922, VMW_bootbank_misc-drivers_6.7.0-2.48.13006603, VMW_bootbank_mtip32xx-native_3.9.8-1vmw.670.1.28.10302608, VMW_bootbank_ne1000_0.8.4-2vmw.670.2.48.13006603, VMW_bootbank_nenic_1.0.29.0-1vmw.670.3.73.14320388, VMW_bootbank_net-bnx2_2.2.4f.v60.10-2vmw.670.0.0.8169922, VMW_bootbank_net-bnx2x_1.78.80.v60.12-2vmw.670.0.0.8169922, VMW_bootbank_net-cdc-ether_1.0-3vmw.670.0.0.8169922, VMW_bootbank_net-cnic_1.78.76.v60.13-2vmw.670.0.0.8169922, VMW_bootbank_net-e1000_8.0.3.1-5vmw.670.3.112.16701467, VMW_bootbank_net-e1000e_3.2.2.1-2vmw.670.0.0.8169922, VMW_bootbank_net-enic_2.1.2.38-2vmw.670.0.0.8169922, VMW_bootbank_net-fcoe_1.0.29.9.3-7vmw.670.0.0.8169922, VMW_bootbank_net-forcedeth_0.61-2vmw.670.0.0.8169922, VMW_bootbank_net-igb_5.0.5.1.1-5vmw.670.0.0.8169922, VMW_bootbank_net-ixgbe_3.7.13.7.14iov-20vmw.670.0.0.8169922, VMW_bootbank_net-libfcoe-92_1.0.24.9.4-8vmw.670.0.0.8169922, VMW_bootbank_net-mlx4-core_1.9.7.0-1vmw.670.0.0.8169922, VMW_bootbank_net-mlx4-en_1.9.7.0-1vmw.670.0.0.8169922, VMW_bootbank_net-nx-nic_5.0.621-5vmw.670.0.0.8169922, VMW_bootbank_net-tg3_3.131d.v60.4-2vmw.670.0.0.8169922, VMW_bootbank_net-usbnet_1.0-3vmw.670.0.0.8169922, VMW_bootbank_net-vmxnet3_1.1.3.0-3vmw.670.3.104.16075168, VMW_bootbank_nfnic_4.0.0.44-0vmw.670.3.104.16075168, VMW_bootbank_nhpsa_2.0.22-3vmw.670.1.28.10302608, VMW_bootbank_nmlx4-core_3.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_nmlx4-en_3.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_nmlx4-rdma_3.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_nmlx5-core_4.17.13.1-1vmw.670.3.73.14320388, VMW_bootbank_nmlx5-rdma_4.17.13.1-1vmw.670.2.48.13006603, VMW_bootbank_ntg3_4.1.5.0-0vmw.670.3.116.16713306, VMW_bootbank_nvme_1.2.2.28-3vmw.670.3.116.16713306, VMW_bootbank_nvmxnet3-ens_2.0.0.21-1vmw.670.0.0.8169922, VMW_bootbank_nvmxnet3_2.0.0.29-1vmw.670.1.28.10302608, VMW_bootbank_ohci-usb-ohci_1.0-3vmw.670.0.0.8169922, VMW_bootbank_pvscsi_0.1-2vmw.670.0.0.8169922, VMW_bootbank_qcnic_1.0.2.0.4-1vmw.670.0.0.8169922, VMW_bootbank_qedentv_2.0.6.4-10vmw.670.1.28.10302608, VMW_bootbank_qfle3_1.0.50.11-9vmw.670.0.0.8169922, VMW_bootbank_qfle3f_1.0.25.0.2-15vmw.670.3.104.16075168, VMW_bootbank_qfle3i_1.0.2.3.9-3vmw.670.0.0.8169922, VMW_bootbank_qflge_1.1.0.11-1vmw.670.0.0.8169922, VMW_bootbank_sata-ahci_3.0-26vmw.670.0.0.8169922, VMW_bootbank_sata-ata-piix_2.12-10vmw.670.0.0.8169922, VMW_bootbank_sata-sata-nv_3.5-4vmw.670.0.0.8169922, VMW_bootbank_sata-sata-promise_2.12-3vmw.670.0.0.8169922, VMW_bootbank_sata-sata-sil24_1.1-1vmw.670.0.0.8169922, VMW_bootbank_sata-sata-sil_2.3-4vmw.670.0.0.8169922, VMW_bootbank_sata-sata-svw_2.3-3vmw.670.0.0.8169922, VMW_bootbank_scsi-aacraid_1.1.5.1-9vmw.670.0.0.8169922, VMW_bootbank_scsi-adp94xx_1.0.8.12-6vmw.670.0.0.8169922, VMW_bootbank_scsi-aic79xx_3.1-6vmw.670.0.0.8169922, VMW_bootbank_scsi-bnx2fc_1.78.78.v60.8-1vmw.670.0.0.8169922, VMW_bootbank_scsi-bnx2i_2.78.76.v60.8-1vmw.670.0.0.8169922, VMW_bootbank_scsi-fnic_1.5.0.45-3vmw.670.0.0.8169922, VMW_bootbank_scsi-hpsa_6.0.0.84-3vmw.670.0.0.8169922, VMW_bootbank_scsi-ips_7.12.05-4vmw.670.0.0.8169922, VMW_bootbank_scsi-iscsi-linux-92_1.0.0.2-3vmw.670.0.0.8169922, VMW_bootbank_scsi-libfc-92_1.0.40.9.3-5vmw.670.0.0.8169922, VMW_bootbank_scsi-megaraid-mbox_2.20.5.1-6vmw.670.0.0.8169922, VMW_bootbank_scsi-megaraid-sas_6.603.55.00-2vmw.670.0.0.8169922, VMW_bootbank_scsi-megaraid2_2.00.4-9vmw.670.0.0.8169922, VMW_bootbank_scsi-mpt2sas_19.00.00.00-2vmw.670.0.0.8169922, VMW_bootbank_scsi-mptsas_4.23.01.00-10vmw.670.0.0.8169922, VMW_bootbank_scsi-mptspi_4.23.01.00-10vmw.670.0.0.8169922, VMW_bootbank_scsi-qla4xxx_5.01.03.2-7vmw.670.0.0.8169922, VMW_bootbank_sfvmk_1.0.0.1003-7vmw.670.3.104.16075168, VMW_bootbank_shim-iscsi-linux-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-iscsi-linux-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libata-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libata-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libfc-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libfc-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libfcoe-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-libfcoe-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-vmklinux-9-2-1-0_6.7.0-0.0.8169922, VMW_bootbank_shim-vmklinux-9-2-2-0_6.7.0-0.0.8169922, VMW_bootbank_shim-vmklinux-9-2-3-0_6.7.0-0.0.8169922, VMW_bootbank_smartpqi_1.0.1.553-28vmw.670.3.73.14320388, VMW_bootbank_uhci-usb-uhci_1.0-3vmw.670.0.0.8169922, VMW_bootbank_usb-storage-usb-storage_1.0-3vmw.670.0.0.8169922, VMW_bootbank_usbcore-usb_1.0-3vmw.670.0.0.8169922, VMW_bootbank_vmkata_0.1-1vmw.670.0.0.8169922, VMW_bootbank_vmkfcoe_1.0.0.1-1vmw.670.1.28.10302608, VMW_bootbank_vmkplexer-vmkplexer_6.7.0-0.0.8169922, VMW_bootbank_vmkusb_0.1-1vmw.670.3.116.16713306, VMW_bootbank_vmw-ahci_2.0.5-1vmw.670.3.116.16713306, VMW_bootbank_xhci-xhci_1.0-3vmw.670.0.0.8169922, VMware_bootbank_cpu-microcode_6.7.0-3.112.16701467, VMware_bootbank_elx-esx-libelxima.so_11.4.1184.2-3.89.15160138, VMware_bootbank_esx-base_6.7.0-3.128.17167699, VMware_bootbank_esx-dvfilter-generic-fastpath_6.7.0-0.0.8169922, VMware_bootbank_esx-update_6.7.0-3.128.17167699, VMware_bootbank_esx-xserver_6.7.0-3.73.14320388, VMware_bootbank_lsu-hp-hpsa-plugin_2.0.0-16vmw.670.1.28.10302608, VMware_bootbank_lsu-intel-vmd-plugin_1.0.0-2vmw.670.1.28.10302608, VMware_bootbank_lsu-lsi-drivers-plugin_1.0.0-1vmw.670.2.48.13006603, VMware_bootbank_lsu-lsi-lsi-mr3-plugin_1.0.0-13vmw.670.1.28.10302608, VMware_bootbank_lsu-lsi-lsi-msgpt3-plugin_1.0.0-9vmw.670.2.48.13006603, VMware_bootbank_lsu-lsi-megaraid-sas-plugin_1.0.0-9vmw.670.0.0.8169922, VMware_bootbank_lsu-lsi-mpt2sas-plugin_2.0.0-7vmw.670.0.0.8169922, VMware_bootbank_lsu-smartpqi-plugin_1.0.0-3vmw.670.1.28.10302608, VMware_bootbank_native-misc-drivers_6.7.0-3.89.15160138, VMware_bootbank_qlnativefc_3.1.8.0-5vmw.670.3.73.14320388, VMware_bootbank_rste_2.0.2.0088-7vmw.670.0.0.8169922, VMware_bootbank_vsan_6.7.0-3.128.17098396, VMware_bootbank_vsanhealth_6.7.0-3.128.17098397, VMware_locker_tools-light_11.1.1.16303738-16701467
   VIBs Removed: VMW_bootbank_ata-libata-92_3.00.9.2-16vmw.650.0.0.4564106, VMW_bootbank_ata-pata-amd_0.3.10-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-atiixp_0.4.6-4vmw.650.0.0.4564106, VMW_bootbank_ata-pata-cmd64x_0.2.5-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-hpt3x2n_0.3.4-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-pdc2027x_1.0-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-serverworks_0.4.3-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-sil680_0.4.8-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-via_0.3.3-2vmw.650.0.0.4564106, VMW_bootbank_block-cciss_3.6.14-10vmw.650.0.0.4564106, VMW_bootbank_bnxtnet_20.6.101.7-23vmw.650.3.96.13932383, VMW_bootbank_brcmfcoe_11.4.1078.25-14vmw.650.3.96.13932383, VMW_bootbank_char-random_1.0-3vmw.650.0.0.4564106, VMW_bootbank_ehci-ehci-hcd_1.0-4vmw.650.0.14.5146846, VMW_bootbank_elxnet_11.1.91.0-1vmw.650.0.0.4564106, VMW_bootbank_hid-hid_1.0-3vmw.650.0.0.4564106, VMW_bootbank_i40en_1.8.1.9-2vmw.650.3.96.13932383, VMW_bootbank_igbn_0.1.1.0-4vmw.650.3.96.13932383, VMW_bootbank_ima-qla4xxx_2.02.18-1vmw.650.0.0.4564106, VMW_bootbank_ipmi-ipmi-devintf_39.1-5vmw.650.2.50.8294253, VMW_bootbank_ipmi-ipmi-msghandler_39.1-5vmw.650.2.50.8294253, VMW_bootbank_ipmi-ipmi-si-drv_39.1-4vmw.650.0.0.4564106, VMW_bootbank_ixgben_1.7.1.15-1vmw.650.3.96.13932383, VMW_bootbank_lpfc_11.4.33.26-14vmw.650.3.138.16576891, VMW_bootbank_lsi-mr3_7.708.07.00-3vmw.650.3.96.13932383, VMW_bootbank_lsi-msgpt2_20.00.06.00-2vmw.650.3.96.13932383, VMW_bootbank_lsi-msgpt35_09.00.00.00-5vmw.650.3.96.13932383, VMW_bootbank_lsi-msgpt3_17.00.02.00-1vmw.650.3.96.13932383, VMW_bootbank_misc-cnic-register_1.78.75.v60.7-1vmw.650.0.0.4564106, VMW_bootbank_misc-drivers_6.5.0-3.96.13932383, VMW_bootbank_mtip32xx-native_3.9.5-1vmw.650.0.0.4564106, VMW_bootbank_ne1000_0.8.3-8vmw.650.2.75.10884925, VMW_bootbank_nenic_1.0.29.0-1vmw.650.3.96.13932383, VMW_bootbank_net-bnx2_2.2.4f.v60.10-2vmw.650.0.0.4564106, VMW_bootbank_net-bnx2x_1.78.80.v60.12-1vmw.650.0.0.4564106, VMW_bootbank_net-cdc-ether_1.0-3vmw.650.0.0.4564106, VMW_bootbank_net-cnic_1.78.76.v60.13-2vmw.650.0.0.4564106, VMW_bootbank_net-e1000_8.0.3.1-5vmw.650.0.0.4564106, VMW_bootbank_net-e1000e_3.2.2.1-2vmw.650.0.0.4564106, VMW_bootbank_net-enic_2.1.2.38-2vmw.650.0.0.4564106, VMW_bootbank_net-fcoe_1.0.29.9.3-7vmw.650.0.0.4564106, VMW_bootbank_net-forcedeth_0.61-2vmw.650.0.0.4564106, VMW_bootbank_net-igb_5.0.5.1.1-5vmw.650.0.0.4564106, VMW_bootbank_net-ixgbe_3.7.13.7.14iov-20vmw.650.0.0.4564106, VMW_bootbank_net-libfcoe-92_1.0.24.9.4-8vmw.650.0.0.4564106, VMW_bootbank_net-mlx4-core_1.9.7.0-1vmw.650.0.0.4564106, VMW_bootbank_net-mlx4-en_1.9.7.0-1vmw.650.0.0.4564106, VMW_bootbank_net-nx-nic_5.0.621-5vmw.650.0.0.4564106, VMW_bootbank_net-tg3_3.131d.v60.4-2vmw.650.0.0.4564106, VMW_bootbank_net-usbnet_1.0-3vmw.650.0.0.4564106, VMW_bootbank_net-vmxnet3_1.1.3.0-3vmw.650.3.138.16576891, VMW_bootbank_nhpsa_2.0.22-3vmw.650.2.50.8294253, VMW_bootbank_nmlx4-core_3.16.0.0-1vmw.650.0.0.4564106, VMW_bootbank_nmlx4-en_3.16.0.0-1vmw.650.0.0.4564106, VMW_bootbank_nmlx4-rdma_3.16.0.0-1vmw.650.0.0.4564106, VMW_bootbank_nmlx5-core_4.16.0.0-1vmw.650.0.0.4564106, VMW_bootbank_ntg3_4.1.3.2-1vmw.650.2.75.10884925, VMW_bootbank_nvme_1.2.2.28-2vmw.650.3.129.16389870, VMW_bootbank_nvmxnet3_2.0.0.23-1vmw.650.1.36.7388607, VMW_bootbank_ohci-usb-ohci_1.0-3vmw.650.0.0.4564106, VMW_bootbank_pvscsi_0.1-1vmw.650.1.26.5969303, VMW_bootbank_qedentv_2.0.6.4-8vmw.650.2.50.8294253, VMW_bootbank_qfle3_1.0.2.7-1vmw.650.0.0.4564106, VMW_bootbank_qflge_1.1.0.3-1vmw.650.0.0.4564106, VMW_bootbank_qlnativefc_2.1.73.0-5vmw.650.3.96.13932383, VMW_bootbank_sata-ahci_3.0-26vmw.650.1.26.5969303, VMW_bootbank_sata-ata-piix_2.12-10vmw.650.0.0.4564106, VMW_bootbank_sata-sata-nv_3.5-4vmw.650.0.0.4564106, VMW_bootbank_sata-sata-promise_2.12-3vmw.650.0.0.4564106, VMW_bootbank_sata-sata-sil24_1.1-1vmw.650.0.0.4564106, VMW_bootbank_sata-sata-sil_2.3-4vmw.650.0.0.4564106, VMW_bootbank_sata-sata-svw_2.3-3vmw.650.0.0.4564106, VMW_bootbank_scsi-aacraid_1.1.5.1-9vmw.650.0.0.4564106, VMW_bootbank_scsi-adp94xx_1.0.8.12-6vmw.650.0.0.4564106, VMW_bootbank_scsi-aic79xx_3.1-5vmw.650.0.0.4564106, VMW_bootbank_scsi-bnx2fc_1.78.78.v60.8-1vmw.650.0.0.4564106, VMW_bootbank_scsi-bnx2i_2.78.76.v60.8-1vmw.650.0.0.4564106, VMW_bootbank_scsi-fnic_1.5.0.45-3vmw.650.0.0.4564106, VMW_bootbank_scsi-hpsa_6.0.0.84-1vmw.650.0.0.4564106, VMW_bootbank_scsi-ips_7.12.05-4vmw.650.0.0.4564106, VMW_bootbank_scsi-iscsi-linux-92_1.0.0.2-3vmw.650.0.0.4564106, VMW_bootbank_scsi-libfc-92_1.0.40.9.3-5vmw.650.0.0.4564106, VMW_bootbank_scsi-megaraid-mbox_2.20.5.1-6vmw.650.0.0.4564106, VMW_bootbank_scsi-megaraid-sas_6.603.55.00-2vmw.650.0.0.4564106, VMW_bootbank_scsi-megaraid2_2.00.4-9vmw.650.0.0.4564106, VMW_bootbank_scsi-mpt2sas_19.00.00.00-1vmw.650.0.0.4564106, VMW_bootbank_scsi-mptsas_4.23.01.00-10vmw.650.0.0.4564106, VMW_bootbank_scsi-mptspi_4.23.01.00-10vmw.650.0.0.4564106, VMW_bootbank_scsi-qla4xxx_5.01.03.2-7vmw.650.0.0.4564106, VMW_bootbank_shim-iscsi-linux-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-iscsi-linux-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libata-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libata-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libfc-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libfc-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libfcoe-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libfcoe-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-vmklinux-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-vmklinux-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-vmklinux-9-2-3-0_6.5.0-0.0.4564106, VMW_bootbank_smartpqi_1.0.1.553-28vmw.650.3.96.13932383, VMW_bootbank_uhci-usb-uhci_1.0-3vmw.650.0.0.4564106, VMW_bootbank_usb-storage-usb-storage_1.0-3vmw.650.0.0.4564106, VMW_bootbank_usbcore-usb_1.0-3vmw.650.2.50.8294253, VMW_bootbank_vmkata_0.1-1vmw.650.1.36.7388607, VMW_bootbank_vmkplexer-vmkplexer_6.5.0-0.0.4564106, VMW_bootbank_vmkusb_0.1-1vmw.650.3.138.16576891, VMW_bootbank_vmw-ahci_1.1.6-1vmw.650.3.96.13932383, VMW_bootbank_xhci-xhci_1.0-3vmw.650.0.0.4564106, VMware_bootbank_cpu-microcode_6.5.0-3.134.16576879, VMware_bootbank_emulex-esx-elxnetcli_11.1.28.0-0.0.4564106, VMware_bootbank_esx-base_6.5.0-3.149.17167537, VMware_bootbank_esx-dvfilter-generic-fastpath_6.5.0-1.36.7388607, VMware_bootbank_esx-tboot_6.5.0-3.149.17167537, VMware_bootbank_esx-xserver_6.5.0-3.120.15256549, VMware_bootbank_lsu-hp-hpsa-plugin_2.0.0-16vmw.650.3.96.13932383, VMware_bootbank_lsu-lsi-lsi-mr3-plugin_1.0.0-11vmw.650.2.75.10884925, VMware_bootbank_lsu-lsi-lsi-msgpt3-plugin_1.0.0-8vmw.650.2.79.11925212, VMware_bootbank_lsu-lsi-megaraid-sas-plugin_1.0.0-8vmw.650.1.26.5969303, VMware_bootbank_lsu-lsi-mpt2sas-plugin_2.0.0-6vmw.650.1.26.5969303, VMware_bootbank_native-misc-drivers_6.5.0-3.120.15256549, VMware_bootbank_rste_2.0.2.0088-4vmw.650.0.0.4564106, VMware_bootbank_vsan_6.5.0-3.149.17127931, VMware_bootbank_vsanhealth_6.5.0-3.149.17127932, VMware_locker_tools-light_6.5.0-3.134.16576879
   VIBs Skipped: VMware_bootbank_esx-ui_1.33.7-15803439, VMware_bootbank_vmware-esx-esxcli-nvme-plugin_1.2.0.36-2vmw.670.3.116.16713306
[root@localhost:~] echo $?
0

これでESXiホストをリブートする。

6.7.0 Update 3 (Build 17167699)になりました。

ちなみに今回は6.5の最新版にアップデートしてから6.7へアップグレードしたけど、6.5の古いバージョンから6.7へ一気にアップグレードできるかは未確認。(可能かどうかも調べてない)

ESXi 6.7だとRHEL8やCentOS8とか選べますねー(6.5だとリストになかった)

シングルバイナリで簡単・軽量で動くKubernetesディストリビューション「k0s」が出たということで、手元で試してみた。

新しい Kuberentes distro, #k0s が OSSで公開されました！
軽量、ワンバイナリ、Intel/ARM対応、アップデートも簡単！ チェックしてみてください！https://t.co/B4gBUPWau2

— Mirantis Japan (@Mirantis_JP) 2020年11月13日

k0sproject.io

github.com

www.publickey1.jp

• バイナリを入手
  • version
  • help
• 設定
• 起動
• kubeconfig
• クラスタの状態(1)
• node
  • token作る
  • workerをクラスタに追加
• クラスタの状態(2) シングルworker構成
  • metrics server
  • サンプルpod

動作させたOSはCentOS 7.8

[zaki@cloud-dev k0s]$ cat /etc/redhat-release 
CentOS Linux release 7.8.2003 (Core)

バイナリを入手

github.com

まずバイナリを入手。
2020.11.17時点でver 0.7.0が最新。

[zaki@cloud-dev k0s]$ curl -LO https://github.com/k0sproject/k0s/releases/download/v0.7.0/k0s-v0.7.0-amd64
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   642  100   642    0     0   1414      0 --:--:-- --:--:-- --:--:--  1414
100  162M  100  162M    0     0  6422k      0  0:00:25  0:00:25 --:--:-- 11.5M
[zaki@cloud-dev k0s]$

実行権限を付ける。
(ドキュメント内はコマンド名はk0sになってるので、気になる人はリネームする)

[zaki@cloud-dev k0s]$ ll
合計 166192
-rw-rw-r--. 1 zaki zaki 170177942 11月 17 08:09 k0s-v0.7.0-amd64
[zaki@cloud-dev k0s]$ file k0s-v0.7.0-amd64
k0s-v0.7.0-amd64: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
[zaki@cloud-dev k0s]$ chmod 755 k0s-v0.7.0-amd64

あと、

push it to all the nodes you wish to connect to the cluster.

とのことでマルチノードにする場合は各ノードにコピーとあるけど、とりあえずシングルノードで動かしてみるので省略。

version

[zaki@cloud-dev k0s]$ ./k0s-v0.7.0-amd64 version
v0.7.0

help

[zaki@cloud-dev k0s]$ ./k0s-v0.7.0-amd64 --help
k0s is yet another Kubernetes distro. Yes. But we do some of the things pretty different from other distros out there.
It is a single binary all-inclusive Kubernetes distribution with all the required bells and whistles preconfigured to make 
building a Kubernetes clusters a matter of just copying an executable to every host and running it.

Usage:
  k0s [command]

Available Commands:
  api            Run the controller api
  default-config Output the default k0s configuration yaml to stdout
  docs           Generate Markdown docs for the k0s binary
  etcd           Manage etcd cluster
  help           Help about any command
  server         Run server
  token          Manage join tokens
  version        Print the k0s version
  worker         Run worker

Flags:
  -c, --config string            config file (default: ./k0s.yaml)
  -d, --debug                    Debug logging (default: false)
  -h, --help                     help for k0s
  -l, --logging stringToString   Logging Levels for the different components (default [containerd=info,konnectivity-server=1,kube-apiserver=1,kube-controller-manager=1,kube-scheduler=1,kubelet=1,etcd=info])

Use "k0s [command] --help" for more information about a command.

設定

設定のベースはこちらから。

github.com

※ あとで気付いたけど、設定のYAMLは./k0s-v0.7.0-amd64 default-configでも出力できる。

アドレスはローカルのIPアドレスに変更。

apiVersion: ""
kind: ""
metadata: null
spec:
  api:
    address: 192.168.0.18
    sans:
    - 192.168.0.18
    - 192.168.0.18
    extraArgs: {}
  controllerManager:
    extraArgs: {}
  scheduler:
    extraArgs: {}
  storage:
    type: etcd
    kine: null
    etcd:
      peerAddress: 192.168.0.18
  network:
    podCIDR: 10.244.0.0/16
    serviceCIDR: 10.96.0.0/12
    provider: calico
    calico:
      mode: vxlan
      vxlanPort: 4789
      vxlanVNI: 4096
      mtu: 1450
      wireguard: false
  podSecurityPolicy:
    defaultPolicy: 00-k0s-privileged
  workerProfiles: []
images:
  konnectivity:
    image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent
    version: v0.0.13
  metricsserver:
    image: gcr.io/k8s-staging-metrics-server/metrics-server
    version: v0.3.7
  kubeproxy:
    image: k8s.gcr.io/kube-proxy
    version: v1.19.0
  coredns:
    image: docker.io/coredns/coredns
    version: 1.7.0
  calico:
    cni:
      image: calico/cni
      version: v3.16.2
    flexvolume:
      image: calico/pod2daemon-flexvol
      version: v3.16.2
    node:
      image: calico/node
      version: v3.16.2
    kubecontrollers:
      image: calico/kube-controllers
      version: v3.16.2
  repository: ""
telemetry:
  interval: 10m0s
  enabled: true
helm:
  repositories:
  - name: stable
    url: https://charts.helm.sh/stable
  - name: prometheus-community
    url: https://prometheus-community.github.io/helm-charts
  charts:
  - name: prometheus-stack
    chartname: prometheus-community/prometheus
    version: "11.16.8"
    values: |2
        values: "for overriding"
    namespace: default

起動

[zaki@cloud-dev k0s]$ ./k0s-v0.7.0-amd64 server -c k0s.yaml
Error: mkdir /var/lib/k0s: permission denied
Usage:
  k0s server [join-token] [flags]

Flags:
      --enable-worker    enable worker (default false)
  -h, --help             help for server
      --profile string   worker profile to use on the node (default "default")

Global Flags:
  -c, --config string            config file (default: ./k0s.yaml)
  -d, --debug                    Debug logging (default: false)
  -l, --logging stringToString   Logging Levels for the different components (default [kube-scheduler=1,kubelet=1,etcd=info,containerd=info,konnectivity-server=1,kube-apiserver=1,kube-controller-manager=1])

mkdir /var/lib/k0s: permission denied
2020-11-17 08:13:33.849990 I | mkdir /var/lib/k0s: permission denied
[zaki@cloud-dev k0s]$

あぁ、なるほど。

--helpで見た限り、ディレクトリを変更するオプションがすぐに見当たらないので、とりあえずrootで動かす。

$ sudo ./k0s-v0.7.0-amd64 server -c k0s.yaml

ちなみに、ビックリするほど秒でログが流れてターミナルのバッファが消えて行って、コマンド実行時のログは無くなったｗ

[zaki@cloud-dev ~]$ ss -atln
State      Recv-Q Send-Q           Local Address:Port                          Peer Address:Port              
LISTEN     0      128                  127.0.0.1:36099                                    *:*                  
LISTEN     0      128                  127.0.0.1:8133                                     *:*                  
LISTEN     0      128                  127.0.0.1:2379                                     *:*                  
LISTEN     0      128               192.168.0.18:2380                                     *:*                  
LISTEN     0      128                  127.0.0.1:33776                                    *:*                  
LISTEN     0      128                  127.0.0.1:10257                                    *:*                  
LISTEN     0      128                  127.0.0.1:10259                                    *:*                  
LISTEN     0      128                          *:22                                       *:*                  
LISTEN     0      100                  127.0.0.1:25                                       *:*                  
LISTEN     0      128                       [::]:9443                                  [::]:*                  
LISTEN     0      128                       [::]:8132                                  [::]:*                  
LISTEN     0      128                       [::]:10251                                 [::]:*                  
LISTEN     0      128                       [::]:6443                                  [::]:*                  
LISTEN     0      128                       [::]:10252                                 [::]:*                  
LISTEN     0      128                       [::]:22                                    [::]:*                  
LISTEN     0      100                      [::1]:25                                    [::]:*                  
LISTEN     0      128                       [::]:8092                                  [::]:*       

こんな感じ。

kubeconfig

ドキュメントになくて迷ったけど、公式ページのdemo動画を見ると、/var/lib/k0s/pki/admin.conf admin.confにあることがわかる。

[zaki@cloud-dev k0s]$ sudo cp /var/lib/k0s/pki/admin.conf admin.conf
[zaki@cloud-dev k0s]$ ls -l
合計 166204
-rw-r--r--. 1 root root      5687 11月 17 08:34 admin.conf
-rwxr-xr-x. 1 zaki zaki 170177942 11月 17 08:09 k0s-v0.7.0-amd64
-rw-rw-r--. 1 zaki zaki      1614 11月 17 08:20 k0s.yaml

クラスタの状態(1)

[zaki@cloud-dev k0s]$ kubectl get pod --kubeconfig admin.conf -A
NAMESPACE     NAME                                       READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-5f6546844f-9xxxt   0/1     Pending   0          14m
kube-system   coredns-5c98d7d4d8-xtzqz                   0/1     Pending   0          14m
kube-system   metrics-server-7d4bcb75dd-b5cfh            0/1     Pending   0          14m

[zaki@cloud-dev k0s]$ kubectl get node --kubeconfig admin.conf
No resources found

あ、なるほど。。 APIサーバーが動いただけで、ノードはちゃんと作らないとだめなのね。

node

token作る

$ k0s token create --role=worker

実行するとトークンがstdoutへ出力される。
結構長いので変数に入れた方がよい。

[zaki@cloud-dev k0s]$  WORKER_TOKEN=$(./k0s-v0.7.0-amd64 token create --role=worker)
[zaki@cloud-dev k0s]$ echo $WORKER_TOKEN 
H4sIAAAAAAAC/2yV3Y6jOha ... ... 

workerをクラスタに追加

こちらも特権が必要。

$ sudo ./k0s-v0.7.0-amd64 worker $WORKER_TOKEN 

[zaki@cloud-dev k0s]$ sudo ./k0s-v0.7.0-amd64 worker $WORKER_TOKEN 
INFO[2020-11-17 08:44:22] initializing ContainerD                      
INFO[2020-11-17 08:44:22] initializing Kubelet                         
INFO[2020-11-17 08:44:22] Staging /var/lib/k0s/bin/kubelet             

[...]

クラスタの状態(2) シングルworker構成

[zaki@cloud-dev k0s]$ kubectl get pod --kubeconfig admin.conf -A
NAMESPACE     NAME                                       READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-5f6546844f-9xxxt   1/1     Running   0          26m
kube-system   calico-node-tgqkw                          1/1     Running   0          4m49s
kube-system   coredns-5c98d7d4d8-xtzqz                   1/1     Running   0          26m
kube-system   konnectivity-agent-h2kfx                   1/1     Running   0          4m19s
kube-system   kube-proxy-gsdmt                           1/1     Running   0          4m49s
kube-system   metrics-server-7d4bcb75dd-b5cfh            1/1     Running   0          26m
[zaki@cloud-dev k0s]$ kubectl get node --kubeconfig admin.conf
NAME        STATUS   ROLES    AGE     VERSION
cloud-dev   Ready    <none>   4m58s   v1.19.3

うごいたー

metrics server

metrics server podがデフォルトで動いてるけど、設定が足りないのか機能はしていない。

Status:
  Conditions:
    Last Transition Time:  2020-11-16T23:22:29Z
    Message:               failing or missing response from https://10.108.122.15:443/apis/metrics.k8s.io/v1beta1: Get "https://10.108.122.15:443/apis/metrics.k8s.io/v1beta1": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)    Reason:                FailedDiscoveryCheck
    Status:                False
    Type:                  Available

サンプルpod

github.com

type:NodePort Serviceでwebのpodを動かしてみる。

[zaki@cloud-dev k0s]$ kubectl apply -f https://raw.githubusercontent.com/zaki-lknr/k8s-samples/master/sample-web/httpd-nodeport/sample-http.yaml --kubeconfig admin.conf
deployment.apps/sample-http created
service/sample-http created

うっかりdefaultネームスペースにデプロイしたけど動いてるね。

[zaki@cloud-dev k0s]$ kubectl get pod,svc --kubeconfig admin.conf
NAME                               READY   STATUS    RESTARTS   AGE
pod/sample-http-6c94f59975-kvf2c   1/1     Running   0          14s
pod/sample-http-6c94f59975-sx2nb   1/1     Running   0          14s

NAME                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
service/kubernetes    ClusterIP   10.96.0.1        <none>        443/TCP        35m
service/sample-http   NodePort    10.108.242.248   <none>        80:31291/TCP   14s

[zaki@cloud-dev k0s]$ sudo ss -anptl | grep 31291
LISTEN     0      128          *:31291                    *:*                   users:(("kube-proxy",pid=1192269,fd=11))
[zaki@cloud-dev k0s]$ curl localhost:31291
<html><body><h1>It works!</h1></body></html>

アクセスできた。

あと、ストレージはなさそう。

[zaki@cloud-dev k0s]$ kubectl get sc --kubeconfig admin.conf 
No resources found

ちなみに11/17 9:30時点で、Publickeyさんの記事から直接k0sのページに飛んだつもりになってると、似た名前の別サイトになってるので注意笑
(これで20分くらい溶かした)

k8spharos.dev

Helmチャートを使ってPrometheusをインストールする、その2

前回のはあまり前提を把握できてなく勢いでデプロイしたけど、「Helmを使ってPrometheus Operatorをデプロイ」していたので、今回はOperator無しのPrometheusをデプロイする。

zaki-hmkc.hatenablog.com

• 環境
• 違い
• 設定内容
• とりあえずデフォルトでデプロイ
• デプロイされるコンポーネントのon/off
• PrometheusのServiceリソース
• Grafanaを追加
  • Grafanaのログイン情報
  • ダッシュボードの作成
• metrics server

[zaki@cloud-dev ~]$ helm search repo prometheus-community
NAME                                                    CHART VERSION   APP VERSION     DESCRIPTION                                       
prometheus-community/kube-prometheus-stack              11.1.1          0.43.2          kube-prometheus-stack collects Kubernetes manif...
prometheus-community/prometheus                         11.16.8         2.21.0          Prometheus is a monitoring system and time seri...

[...]

[zaki@cloud-dev ~]$ 

要は、前回はこのprometheus-community/kube-prometheus-stackを使ってOperatorインストール→OperatorによるPrometheusデプロイ、という手順になっていたけど、今回はprometheus-community/prometheusを入れてみよう、という話。

環境

[zaki@cloud-dev helm-prometheus]$ kubectl version --short
Client Version: v1.19.3
Server Version: v1.19.1
[zaki@cloud-dev helm-prometheus]$ helm version --short
v3.4.1+gc4e7485

kindで作った1.19クラスターにHelmは最新です。

そういやHelmリポジトリの https://kubernetes-charts.storage.googleapis.com はサービス終了したみたいですね。
Helm 3.4.1でkubernetes-charts.storage.googleapis.comがリポジトリ設定されている状態でコマンド実行すると警告が表示されます。
(Helm CLIバージョンが3.3.4以下だと出ません)

[zaki@cloud-dev ~]$ helm repo list
WARNING: "kubernetes-charts.storage.googleapis.com" is deprecated for "stable" and will be deleted Nov. 13, 2020.
WARNING: You should switch to "https://charts.helm.sh/stable" via:
WARNING: helm repo add "stable" "https://charts.helm.sh/stable" --force-update
NAME    URL                                             
stable  https://kubernetes-charts.storage.googleapis.com

わかった。リポジトリがわで閉じてるんじゃなくて、helm 3.4.1だとコマンドで制限してるのかな。
helm 3.3.4だと大丈夫だった。

阪神関係ない pic.twitter.com/tZNMq8N64K

— z a k i (@zaki_hmkc) 2020年11月12日

違い

Helm用のカスタマイズYAMLの内容がだいぶ違う

[zaki@cloud-dev ~]$ helm show values prometheus-community/kube-prometheus-stack  | wc -l
2194
[zaki@cloud-dev ~]$ helm show values prometheus-community/prometheus  | wc -l
1610

• Helm版Prometheus OperatorのカスタマイズYAML (ver 11.1.1時点)
• Helm版PrometheusのカスタマイズYAML (ver 11.16.8時点)

設定内容

全部を見たわけではないけれど、Operatorを使用しないバージョンでも、AlertManagerやNodeExporter、configmapReloadなど最小限のスタック構成でデプロイされる。

$ helm show values prometheus-community/prometheus | grep ^[a-z]
rbac:
podSecurityPolicy:
imagePullSecrets:
serviceAccounts:
alertmanager:
configmapReload:
kubeStateMetrics:
nodeExporter:
server:
pushgateway:
alertmanagerFiles:
serverFiles:
extraScrapeConfigs:
alertRelabelConfigs:
networkPolicy:
forceNamespace: null

alertmanagerやnodeExporterなど、まとめてデプロイできるものもある。

とりあえずデフォルトでデプロイ

[zaki@cloud-dev helm-prometheus]$ helm install prometheus -n monitoring --create-namespace prometheus-community/prometheus
W1112 23:47:36.178461 3044310 warnings.go:67] rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
W1112 23:47:36.181509 3044310 warnings.go:67] rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
W1112 23:47:36.243036 3044310 warnings.go:67] rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
W1112 23:47:36.246129 3044310 warnings.go:67] rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
NAME: prometheus
LAST DEPLOYED: Thu Nov 12 23:47:36 2020
NAMESPACE: monitoring
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:
prometheus-server.monitoring.svc.cluster.local


Get the Prometheus server URL by running these commands in the same shell:
  export POD_NAME=$(kubectl get pods --namespace monitoring -l "app=prometheus,component=server" -o jsonpath="{.items[0].metadata.name}")
  kubectl --namespace monitoring port-forward $POD_NAME 9090


The Prometheus alertmanager can be accessed via port 80 on the following DNS name from within your cluster:
prometheus-alertmanager.monitoring.svc.cluster.local


Get the Alertmanager URL by running these commands in the same shell:
  export POD_NAME=$(kubectl get pods --namespace monitoring -l "app=prometheus,component=alertmanager" -o jsonpath="{.items[0].metadata.name}")
  kubectl --namespace monitoring port-forward $POD_NAME 9093
#################################################################################
######   WARNING: Pod Security Policy has been moved to a global property.  #####
######            use .Values.podSecurityPolicy.enabled with pod-based      #####
######            annotations                                               #####
######            (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) #####
#################################################################################


The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster:
prometheus-pushgateway.monitoring.svc.cluster.local


Get the PushGateway URL by running these commands in the same shell:
  export POD_NAME=$(kubectl get pods --namespace monitoring -l "app=prometheus,component=pushgateway" -o jsonpath="{.items[0].metadata.name}")
  kubectl --namespace monitoring port-forward $POD_NAME 9091

For more information on running Prometheus, visit:
https://prometheus.io/

[zaki@cloud-dev helm-prometheus]$ helm ls -n monitoring 
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
prometheus      monitoring      1               2020-11-12 23:47:36.030874185 +0900 JST deployed        prometheus-11.16.8      2.21.0     
[zaki@cloud-dev helm-prometheus]$ kubectl get pod -n monitoring 
NAME                                            READY   STATUS              RESTARTS   AGE
prometheus-alertmanager-57cdddd49-zwmts         0/2     ContainerCreating   0          17s
prometheus-kube-state-metrics-95d956569-mmdqd   1/1     Running             0          17s
prometheus-node-exporter-6nw7c                  1/1     Running             0          17s
prometheus-node-exporter-kkswf                  1/1     Running             0          17s
prometheus-pushgateway-5b7f66965c-n97gz         1/1     Running             0          17s
prometheus-server-585959fdd4-npr2t              0/2     ContainerCreating   0          17s

このとおりデプロイされた

[zaki@cloud-dev helm-prometheus]$ kubectl get pod -n monitoring 
NAME                                            READY   STATUS    RESTARTS   AGE
prometheus-alertmanager-57cdddd49-zwmts         1/2     Running   0          20s
prometheus-kube-state-metrics-95d956569-mmdqd   1/1     Running   0          20s
prometheus-node-exporter-6nw7c                  1/1     Running   0          20s
prometheus-node-exporter-kkswf                  1/1     Running   0          20s
prometheus-pushgateway-5b7f66965c-n97gz         1/1     Running   0          20s
prometheus-server-585959fdd4-npr2t              1/2     Running   0          20s

ストレージはAlertManagerとPrometheus本体がデフォルトで使用するようになっている。
(falseにすればemptyDirが使用される。未確認)

[zaki@cloud-dev helm-prometheus]$ kc get pv
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                                STORAGECLASS   REASON   AGE
pvc-570a78aa-2548-4ba0-8138-574ca4e57988   8Gi        RWO            Delete           Bound    monitoring/prometheus-server         standard                57s
pvc-b96f1560-ff51-45f5-8d13-b4638d0eeb1c   2Gi        RWO            Delete           Bound    monitoring/prometheus-alertmanager   standard                56s

Service一覧

[zaki@cloud-dev helm-prometheus]$ kc get svc -n monitoring 
NAME                            TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
prometheus-alertmanager         ClusterIP   10.96.8.183    <none>        80/TCP     72s
prometheus-kube-state-metrics   ClusterIP   10.96.230.26   <none>        8080/TCP   72s
prometheus-node-exporter        ClusterIP   None           <none>        9100/TCP   72s
prometheus-pushgateway          ClusterIP   10.96.8.65     <none>        9091/TCP   72s
prometheus-server               ClusterIP   10.96.21.3     <none>        80/TCP     72s

デプロイされるコンポーネントのon/off

runningなpod再掲

[zaki@cloud-dev helm-prometheus]$ kubectl get pod -n monitoring 
NAME                                            READY   STATUS    RESTARTS   AGE
prometheus-alertmanager-57cdddd49-zwmts         1/2     Running   0          20s
prometheus-kube-state-metrics-95d956569-mmdqd   1/1     Running   0          20s
prometheus-node-exporter-6nw7c                  1/1     Running   0          20s
prometheus-node-exporter-kkswf                  1/1     Running   0          20s
prometheus-pushgateway-5b7f66965c-n97gz         1/1     Running   0          20s
prometheus-server-585959fdd4-npr2t              1/2     Running   0          20s

Prometheus本体(prometheus-server)以外に、以下のものが動いている。

• prometheus-alertmanager
• prometheus-kube-state-metrics
• prometheus-node-exporter
• prometheus-pushgateway

それぞれのコンポーネントは、チャートのカスタマイズYAMLでデプロイするかどうかが設定可能で、デフォルトで4項目ともenabled: trueになっている。

不要な場合はfalseにする。

例えば、こんなcommunity-prometheus-component.yamlを用意すれば、

alertmanager:
  enabled: true

kubeStateMetrics:
  ## If false, kube-state-metrics sub-chart will not be installed
  ##
  enabled: true

nodeExporter:
  ## If false, node-exporter will not be installed
  ##
  enabled: true

server:
  ## Prometheus server container name
  ##
  enabled: true

pushgateway:
  ## If false, pushgateway will not be installed
  ##
  enabled: true

$ helm upgrade prometheus -n monitoring --create-namespace prometheus-community/prometheus -f community-prometheus-component.yaml

[zaki@cloud-dev helm-prometheus]$ kc get pod -n monitoring 
NAME                                            READY   STATUS        RESTARTS   AGE
prometheus-alertmanager-57cdddd49-zwmts         0/2     Terminating   0          17m
prometheus-kube-state-metrics-95d956569-mmdqd   0/1     Terminating   0          17m
prometheus-node-exporter-6nw7c                  1/1     Running       0          17m
prometheus-node-exporter-kkswf                  1/1     Running       0          17m
prometheus-pushgateway-5b7f66965c-n97gz         0/1     Terminating   0          17m
prometheus-server-585959fdd4-npr2t              2/2     Running       0          17m

というか、Prometheus本体もfalseに設定ができる。
(その場合は入れたいコンポーネント個別のHelmチャートをインストールすればいいはずなので、この設定にする必要性は…どうなんだろ？)

[zaki@cloud-dev helm-prometheus]$ kc get pod -n monitoring 
NAME                                 READY   STATUS        RESTARTS   AGE
prometheus-node-exporter-6nw7c       1/1     Running       0          18m
prometheus-node-exporter-kkswf       1/1     Running       0          18m
prometheus-server-585959fdd4-npr2t   0/2     Terminating   0          18m

PrometheusのServiceリソース

デフォルトだとClusterIPでデプロイされる。
例えばLoadBalancerにするには、server.service.typeの値をLoadBalancerに変更すれば良い。

[zaki@cloud-dev helm-prometheus]$ kc get svc -n monitoring 
NAME                            TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)        AGE
prometheus-alertmanager         ClusterIP      10.96.14.82     <none>           80/TCP         5m11s
prometheus-kube-state-metrics   ClusterIP      10.96.116.243   <none>           8080/TCP       5m11s
prometheus-node-exporter        ClusterIP      None            <none>           9100/TCP       25m
prometheus-pushgateway          ClusterIP      10.96.176.224   <none>           9091/TCP       5m11s
prometheus-server               LoadBalancer   10.96.162.246   172.20.220.100   80:30357/TCP   5m11s

Grafanaを追加

Prometheusだけだと(カスタマイズYAMLにも特にないので)Grafanaはデプロイされない。
なので、使用する場合は追加でデプロイする。

が、実はPrometheus OperatorはGrafanaを勝手にデプロイしてくれるけど、Grafana単体をデプロイしようとすると、Prometheus用のHelmリポジトリには実は含まれていない。
(https://charts.helm.sh/stable には含まれているがDeprecated)

じゃあどこにあるかと探してみると、Grafanaのコミュニティリポジトリがあった。

https://github.com/grafana/helm-charts

[zaki@cloud-dev helm-prometheus]$ helm repo add grafana https://grafana.github.io/helm-charts
"grafana" has been added to your repositories
[zaki@cloud-dev helm-prometheus]$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "grafana" chart repository
...Successfully got an update from the "rook-release" chart repository
...Successfully got an update from the "prometheus-community" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈Happy Helming!⎈
[zaki@cloud-dev helm-prometheus]$ 

[zaki@cloud-dev helm-prometheus]$ helm search repo grafana
NAME                                            CHART VERSION   APP VERSION     DESCRIPTION                                       
grafana/grafana                                 6.1.4           7.3.1           The leading tool for querying and visualizing t...
stable/grafana                                  5.5.7           7.1.1           DEPRECATED - The leading tool for querying and ...
prometheus-community/kube-prometheus-stack      11.1.1          0.43.2          kube-prometheus-stack collects Kubernetes manif...
prometheus-community/prometheus-druid-exporter  0.8.1           v0.8.0          Druid exporter to monitor druid metrics with Pr...

はい。

[zaki@cloud-dev helm-prometheus]$ helm install grafana -n monitoring --create-namespace grafana/grafana -f grafana-config.yaml 
W1113 00:38:05.891246 3071302 warnings.go:67] rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
W1113 00:38:05.892794 3071302 warnings.go:67] rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
W1113 00:38:05.939252 3071302 warnings.go:67] rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
W1113 00:38:05.941381 3071302 warnings.go:67] rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
NAME: grafana
LAST DEPLOYED: Fri Nov 13 00:38:05 2020
NAMESPACE: monitoring
STATUS: deployed
REVISION: 1
NOTES:
1. Get your 'admin' user password by running:

   kubectl get secret --namespace monitoring grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo

2. The Grafana server can be accessed via port 80 on the following DNS name from within your cluster:

   grafana.monitoring.svc.cluster.local

   Get the Grafana URL to visit by running these commands in the same shell:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
        You can watch the status of by running 'kubectl get svc --namespace monitoring -w grafana'
     export SERVICE_IP=$(kubectl get svc --namespace monitoring grafana -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
     http://$SERVICE_IP:80

3. Login with the password from step 1 and the username: admin
#################################################################################
######   WARNING: Persistence is disabled!!! You will lose your data when   #####
######            the Grafana pod is terminated.                            #####
#################################################################################
[zaki@cloud-dev helm-prometheus]$ helm ls -n monitoring 
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
grafana         monitoring      1               2020-11-13 00:38:05.772250806 +0900 JST deployed        grafana-6.1.4           7.3.1      
prometheus      monitoring      5               2020-11-13 00:12:35.410043984 +0900 JST deployed        prometheus-11.16.8      2.21.0     
[zaki@cloud-dev helm-prometheus]$ kubectl get pod -n monitoring 
NAME                                            READY   STATUS    RESTARTS   AGE
grafana-69469d4cc8-4jzrl                        1/1     Running   0          7s
prometheus-alertmanager-57cdddd49-h7485         2/2     Running   0          30m
prometheus-kube-state-metrics-95d956569-wj2wp   1/1     Running   0          30m
prometheus-node-exporter-6nw7c                  1/1     Running   0          50m
prometheus-node-exporter-kkswf                  1/1     Running   0          50m
prometheus-pushgateway-5b7f66965c-78ccd         1/1     Running   0          30m
prometheus-server-585959fdd4-ddp7k              2/2     Running   0          30m
[zaki@cloud-dev helm-prometheus]$ kc get svc -n monitoring 
NAME                            TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)        AGE
grafana                         LoadBalancer   10.96.24.52     172.20.220.101   80:30819/TCP   13s
prometheus-alertmanager         ClusterIP      10.96.14.82     <none>           80/TCP         30m
prometheus-kube-state-metrics   ClusterIP      10.96.116.243   <none>           8080/TCP       30m
prometheus-node-exporter        ClusterIP      None            <none>           9100/TCP       50m
prometheus-pushgateway          ClusterIP      10.96.176.224   <none>           9091/TCP       30m
prometheus-server               LoadBalancer   10.96.162.246   172.20.220.100   80:30357/TCP   30m
[zaki@cloud-dev helm-prometheus]$ 

Grafanaのログイン情報

デフォルトだと、adminのユーザー名はadminだが、パスワードは自動でランダムな文字列が設定される。
パスワードを固定の文字列に設定したい場合は、カスタマイズYAMLに設定すれば良い。(はず。未確認)

デフォルトのランダムなパスワードにしている場合は、helm installの出力に確認するためのコマンドが表示されてるので、実行すればわかる。

[zaki@cloud-dev helm-prometheus]$ kubectl get secret -n monitoring grafana -o jsonpath='{.data.admin-user}' | base64 -d; echo
admin
[zaki@cloud-dev helm-prometheus]$ kubectl get secret -n monitoring grafana -o jsonpath='{.data.admin-password}' | base64 -d; echo
AogEjq07n00OHyn0gzaZHZbQTMIDrlns56Bwvudy

ダッシュボードの作成

デプロイされているPrometheusのServiceリソース名はprometheus-serverで、ポートは80なので、データソースのURLは(同じネームスペースなのでService名のみで)http://prometheus-serverを入力。

※ ちなみにprometheusをデプロイした時に設定情報は出力されていた

The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:
prometheus-server.monitoring.svc.cluster.local

見えてますね。(グラフの線を出すためのメトリクス値収集のために1日半ほど放置してましたｗ)

metrics server

下記参照

zaki-hmkc.hatenablog.com

AnsibleでHelm version3を操作する。

• 使用モジュール
  • 旧helmモジュール
  • 検証環境
• playbook例
  • repository設定
  • helm repo update
  • Helm chartのインストール
  • カスタマイズYAML
    • release_values (valuesもaliasで使用可能)
    • values_files (注意点有り)
• サンプルコード(playbook全体)
• (11/5追記) コレクションのFQCNの変更について

使用モジュール

docs.ansible.com

Helm version3 を使うには、community.kubernetes collectionのhelmモジュールを使用する。

このモジュールはHelm関連のPythonパッケージは必要とせず、CLIのhelmコマンドを内部から実行する仕様になっている。
よってAnsibleの実行環境・権限でhelmコマンドも使用できるようにKUBECONFIG関連も設定しておく。

旧helmモジュール

community.general collectionにも同名のhelmモジュールがあるが、こちらはHelm version2向け。
また、Ansible 2.9以前のhelmモジュールや、2.10でもFQCN表記しない場合はこちらのcommunity.general.helmが使われるので注意。

検証環境

(venv) [zaki@cloud-dev helm-sample]$ ansible --version
ansible 2.10.2
  config file = /home/zaki/src/ansible-sample/tmp/helm-sample/ansible.cfg
  configured module search path = ['/home/zaki/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/zaki/src/ansible-sample/venv/lib64/python3.6/site-packages/ansible
  executable location = /home/zaki/src/ansible-sample/venv/bin/ansible
  python version = 3.6.8 (default, Apr  2 2020, 13:34:55) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

community.kubernetes collectionバージョンは1.1.1 (pip install ansibleでインストールしている)

(venv) [zaki@cloud-dev helm-sample]$ grep version $VIRTUAL_ENV/lib/python3.6/site-packages/ansible_collections/community/kubernetes/MANIFEST.json
  "version": "1.1.1",

対象クラスタはkindで構築したKubernetes 1.19環境。

(venv) [zaki@cloud-dev helm-sample]$ kubectl version --short 
Client Version: v1.19.2
Server Version: v1.19.1
(venv) [zaki@cloud-dev helm-sample]$ helm version --short
v3.3.4+ga61ce56

(venv) [zaki@cloud-dev helm-sample]$ kubectl get pod -A
NAMESPACE            NAME                                              READY   STATUS    RESTARTS   AGE
kube-system          coredns-f9fd979d6-6qtq6                           1/1     Running   0          40m
kube-system          coredns-f9fd979d6-t6w67                           1/1     Running   0          40m
kube-system          etcd-kind-1.19-control-plane                      1/1     Running   0          40m
kube-system          kindnet-flqmf                                     1/1     Running   0          40m
kube-system          kindnet-jvk54                                     1/1     Running   0          40m
kube-system          kindnet-l74r8                                     1/1     Running   0          40m
kube-system          kube-apiserver-kind-1.19-control-plane            1/1     Running   0          40m
kube-system          kube-controller-manager-kind-1.19-control-plane   1/1     Running   3          40m
kube-system          kube-proxy-4585c                                  1/1     Running   0          40m
kube-system          kube-proxy-kqfdk                                  1/1     Running   0          40m
kube-system          kube-proxy-kzkvd                                  1/1     Running   0          40m
kube-system          kube-scheduler-kind-1.19-control-plane            1/1     Running   3          40m
local-path-storage   local-path-provisioner-78776bfc44-7q7fk           1/1     Running   2          40m

まだアプリケーションpodは何もない状態。

playbook例

Helmリポジトリを設定し、MySQLのチャートをインストールする例。

repository設定

helmモジュールでなくhelm_repositoryモジュールを使用する。

  - name: Add default repository
    community.kubernetes.helm_repository:
      name: stable
      repo_url: https://kubernetes-charts.storage.googleapis.com

この内容でansible-playbookを実行すれば、実行ユーザの~/.config/helm/repositories.yamlが設定される。

helm repo update

CLIだとリポジトリ設定後によく実行するけど、この処理単体を実現するplaybookの記述は無い。
後述のchartインストールのplaybookに以下のパラメタを追加すれば良い。

      update_repo_cache: true

Helm chartのインストール

helmモジュールを使用する。
基本的にはExampleを見れば使い方はすぐにわかると思う。

  - name: helm
    community.kubernetes.helm:
      name: mysql-sample
      update_repo_cache: true
      chart_ref: stable/mysql
      release_namespace: db
      create_namespace: true

(venv) [zaki@cloud-dev helm-sample]$ kubectl get pod -n db
NAME                            READY   STATUS    RESTARTS   AGE
mysql-sample-56859879c4-mckq8   1/1     Running   0          38s
(venv) [zaki@cloud-dev helm-sample]$ helm ls -n db
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART           APP VERSION
mysql-sample    db              1               2020-11-01 11:00:31.421374967 +0900 JST deployed        mysql-1.6.7     5.7.30     

この通りデプロイされた。
また、上記のplaybookは再実行しても冪等性が保たれてokとなる。

カスタマイズYAML

現バージョンでは2通りの設定が可能。
ただしvalues_filesは制限がある。

release_values (valuesもaliasで使用可能)

チャートに対するカスタマイズYAMLをrelease_values以下に直接記載する。
以下はServiceのtypeのカスタマイズ例

  - name: helm
    community.kubernetes.helm:
      name: mysql-sample
      update_repo_cache: true
      chart_ref: stable/mysql
      release_namespace: db
      create_namespace: true
      release_values:
        service:
          type: NodePort
          port: 3306

これをデプロイすれば、type:NodePortのServiceとなる。

(venv) [zaki@cloud-dev helm-sample]$ kc get svc -n db
NAME           TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
mysql-sample   NodePort   10.96.86.245   <none>        3306:31456/TCP   26m

values_files (注意点有り)

もう一つがカスタマイズYAMLファイルを別途作成し、そのパスを指定するもの。

  - name: helm
    community.kubernetes.helm:
      name: mysql-sample
      update_repo_cache: true
      chart_ref: stable/mysql
      release_namespace: db
      create_namespace: true
      values_files:
      - ./mysql-conf/values-service.yaml

## Configure the service
## ref: http://kubernetes.io/docs/user-guide/services/
service:
  annotations: {}
  ## Specify a service type
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types
  type: NodePort
  port: 3306
  # nodePort: 32000
  # loadBalancerIP:

こういうこと。

ただしこのvalues_filesを指定する場合は現バージョンでは注意が必要で、「カスタマイズYAML指定無しでreleaseがデプロイされている状態で、values_filesの指定のみで変更を行うとする」と、機能しない。(変更が適用されない)

具体的には、CLIでhelm get values <release-name>がnullになる状態からの変更が行われない。

ソースを見る限り、デプロイが行われる条件が「release_valuesの値とデプロイ済みreleaseのカスタマイズYAMLの値が不一致の場合」に処理されるため、values_filesの設定が参照されていない。

github.com

この設定を反映させるには、追加でforce: trueの付与も必要だが、helmの引数に--forceが付与されてチャート全体が再デプロイされる動作になるため、注意が必要。
例えばこのmysqlチャートのようにpvを使ってる場合など。

TASK [helm] *******************************************************************
fatal: [localhost]: FAILED! => changed=false 
  command: /usr/local/bin/helm --namespace=db upgrade -i --reset-values --force --create-namespace --values=./mysql-conf/values-service.yaml mysql-sample stable/mysql
  msg: |-
    Failure when executing Helm command. Exited 1.
    stdout:
    stderr: Error: UPGRADE FAILED: failed to replace object: PersistentVolumeClaim "mysql-sample" is invalid: spec: Forbidden: spec is immutable after creation except resources.requests for bound claims
    core.PersistentVolumeClaimSpec{
            AccessModes:      []core.PersistentVolumeAccessMode{"ReadWriteOnce"},
            Selector:         nil,
            Resources:        core.ResourceRequirements{Requests: core.ResourceList{s"storage": {i: resource.int64Amount{value: 8589934592}, Format: "BinarySI"}}},
    -       VolumeName:       "",
    +       VolumeName:       "pvc-c32003b0-ac97-4fc9-8d06-022e4e8162a2",
    -       StorageClassName: nil,
    +       StorageClassName: &"standard",
            VolumeMode:       &"Filesystem",
            DataSource:       nil,
    }
     && failed to replace object: Service "mysql-sample" is invalid: spec.clusterIP: Invalid value: "": field is immutable
  stderr: |-
    Error: UPGRADE FAILED: failed to replace object: PersistentVolumeClaim "mysql-sample" is invalid: spec: Forbidden: spec is immutable after creation except resources.requests for bound claims
    core.PersistentVolumeClaimSpec{
            AccessModes:      []core.PersistentVolumeAccessMode{"ReadWriteOnce"},
            Selector:         nil,
            Resources:        core.ResourceRequirements{Requests: core.ResourceList{s"storage": {i: resource.int64Amount{value: 8589934592}, Format: "BinarySI"}}},
    -       VolumeName:       "",
    +       VolumeName:       "pvc-c32003b0-ac97-4fc9-8d06-022e4e8162a2",
    -       StorageClassName: nil,
    +       StorageClassName: &"standard",
            VolumeMode:       &"Filesystem",
            DataSource:       nil,
    }
     && failed to replace object: Service "mysql-sample" is invalid: spec.clusterIP: Invalid value: "": field is immutable
  stderr_lines: <omitted>
  stdout: ''
  stdout_lines: <omitted>

ちなみに、カスタマイズYAML設定済みのreleaseが動いている状態での再実行であれば、force設定無しでvalues_filesの内容は適用される。
(むしろ冪等性が保たれず常に実行される)

ドキュメントを見るとvalues_filesは1.1.0で追加された新しい設定なので、実装側の処理漏れっぽいかな。。

サンプルコード(playbook全体)

github.com

(11/5追記) コレクションのFQCNの変更について

www.ansible.com

11/4のこのブログ記事で、AnsibleからHelmを使うサンプル付きの記事が公開されてました。

重要なのは以下。

Please note that prior to the release of kubernetes.core 1.1, its contents were released as community.kubernetes. With this content becoming Red Hat support and certified content, a name change was in order. We are in the process of making that transition.

community.kubernetesからkubernetes.coreにコレクション名が変更されることになったらしい。

github.com

Galaxy Pageにもすでに作成されているので、そのうち入れ替わる模様。

galaxy.ansible.com