Saturday, January 28, 2012

Patching Changes with ESXi 5.x

updated 12/14/2014

VMware has been pushing people to buy their update manager for a while, but they allowed command line updates through a perl utility in the vSphere cli bundle. To use that procedure on a 4.x ESXi server, look at this post:
Upgrading to ESXi 4.1 from 4.0

To update ESXi 5.x, download the patches from the VMware Patch Portal, upload the patch or patches to a datastore on the ESXi 5.x server. You'll need to update your VMware cli tools. The easiest way to download it is to browse to the web server on the management interface of your ESXi 5.x server (https://ip_address_or_hostname_of_your_esxi5_server)

You'll see it on the upper right:

vSphere Remote Command Line

You'll also need to enable ESXi cli on the ESXi server (it's in the console in the same location that you enable SSH) as well as set the server to maintenance mode.

You can then run the esxicli utility.

You need to know the name of the patch bundle and its location on the datastore. For my server, I was able to list the patch contents of the bundle like so:

G:\Program Files (x86)\VMware\VMware vSphere CLI>bin\esxcli.exe --server=my_server_ip --username=root software sources vib list --depot=/vmfs/volumes/datastore1/patches//

as well as a large list of patches

And I installed it:

G:\Program Files (x86)\VMware\VMware vSphere CLI>bin\esxcli.exe --server=my_server_address --username=root software vib update --depot=/vmfs/volumes/datastore1/patches/
Enter password:
Installation Result
   Message: The update completed successfully, but the system needs to be reboot
ed for the changes to be effective.
   Reboot Required: true

as well as a list of patches. Of course, after that you need to reboot and exit maintenance mode.

vSphere local patching over SSH

 There is no need to even install the esxcli tool. You can simply 1. copy the zip file over 2. enable ssh (security profile - just start the ssh service) and run esxcli after connecting via ssh as an admin user.

The command line is a little different as you have no need for a username or a server name, nor do you need .exe on the command, being a linux binary.


esxcli  software vib update --depot=/vmfs/volumes/datastore1/patches/

1 comment:

Anonymous said...

I've noticed that this way leaves out patches that VUM catches.

Any word on how to prevent this?