Sean Wallbridge
Thanks to Robert from our office for this visual walkthrough of the ESX4 patching process, when you don’t have Virtual Center.
ESXi 4 hosts can be patched using the GUI tool VMHostUpdate. ESX4 hosts, on the other hand, have to be patched manually if there is no vCenter involved in managing the host. There are CLI tools on the host that allow for patch management but the VMware vSphere CLI toolset for Windows workstations makes the job a much easier task.
If you do not have the vSphere CLI toolset on your machine it can be downloaded from the VMware download site.
Step 1: Download patch from VMware
Patches are easily downloaded from VMware from the ESX download site. The best way to patch is to download the rollup patch in the form of a zip file. Individual bulletins” can be downloaded to patch a single issue but the rollup zip’s are the best way to go. Obtain the zip and store in a local directory on the machine that has the CLI tools. For purposes of this blog the location is C: .
Step 2: Verify the patch is appropriate for your ESX and install
First, using the vSphere client, shutdown all running guest VM’s and place ESX into Maintenance Mode. This is mandatory for the rest of the process to succeed.
Open the vSphere CLI command prompt then cd to bin.
(The rest of the examples are cut/pasted from the command prompt window)
Using the vihostupdate.pl command to execute the following:
C:Program FilesVMwareVMware vSphere CLIbin>vihostupdate.pl –server 192.168.18.110 –username root –password XXXXXX –query
(Substitute the IP or FQDN of your target server as well as the username and password)
This command will return a list of applied patches/bundles installed on the server, in this case there were none installed.
Execute the following command to scan the zip file previously downloaded for applicability to your server. Again, substitute appropriate values for server, username, password and location/name of your downloaded zip file:
C:Program FilesVMwareVMware vSphere CLIbin>vihostupdate.pl –server 192.168.18.110 –username root –password XXXXXX –bundle c:esx400-200906001.zip –scan
The command will return output similar to the following:
The bulletins which apply to but are not yet installed on this ESX host are listed.
———Bulletin ID——— —————-Summary—————–
ESX400-200906412-BG Updates esxupdate
ESX400-200906401-BG Updates VMX
ESX400-200906404-BG Updates CIM
ESX400-200906411-SG Updates udev
ESX400-200906402-BG Updates ESX Scripts
ESX400-200906406-SG Updates sudo
ESX400-200906405-SG Updates krb5 and pam_krb5
ESX400-200906410-BG Updates hostd
ESX400-200906407-SG Updates curl
ESX400-200906403-BG Updates VMware Tools
ESX400-200906408-BG Updates SCSI Driver for QLogic FC
ESX400-200906409-BG Updates LSI storelib Library
ESX400-200906413-BG Updates vmkernel iSCSI Driver
This is the listing of the bulletins within the patch zip file that apply to your server.
Use the following command to upload the zip to your server and apply the appropriate bulletins. Again, substitute appropriate values for server, username, password and location/name of your downloaded zip file:
C:Program FilesVMwareVMware vSphere CLIbin>vihostupdate.pl –server 192.168.18.110 –username root –password XXXXXX –bundle c:esx400-200906001.zip –install
The command will run for some period of time. Upon completion the following will be displayed:
The update completed successfully, but the system needs to be rebooted for the changes to be effective.
NOTE: The wording may be different if applied patches do NOT require a system reboot. In this case you will need to restart the ESX server. Once the server has rebooted, use the following command to verify the patches have applied:
C:Program FilesVMwareVMware vSphere CLIbin>vihostupdate.pl –server 192.168.18.110 –username root –password XXXXXX –query
You should see output similar to the following:
———Bulletin ID——— —–Installed—– —————-Summary——-
ESX400-200906401-BG 2009-08-27T20:24:31 Updates VMX
ESX400-200906412-BG 2009-08-27T20:24:31 Updates esxupdate
ESX400-200906404-BG 2009-08-27T20:24:31 Updates CIM
ESX400-200906411-SG 2009-08-27T20:24:31 Updates udev
ESX400-200906405-SG 2009-08-27T20:24:31 Updates krb5 and pam_krb5
ESX400-200906406-SG 2009-08-27T20:24:31 Updates sudo
ESX400-200906402-BG 2009-08-27T20:24:31 Updates ESX Scripts
ESX400-200906407-SG 2009-08-27T20:24:31 Updates curl
ESX400-200906403-BG 2009-08-27T20:24:31 Updates VMware Tools
ESX400-200906408-BG 2009-08-27T20:24:31 Updates SCSI Driver for QLogic FC
ESX400-200906409-BG 2009-08-27T20:24:31 Updates LSI storelib Library
ESX400-200906413-BG 2009-08-27T20:24:31 Updates vmkernel iSCSI Driver
If you are super paranoid you can rerun the following command:
C:Program FilesVMwareVMware vSphere CLIbin>vihostupdate.pl –server 192.168.18.110 –username root –password XXXXXX –bundle c:esx400-200906001.zip –scan
Which should then return the following:
The bulletins which apply to but are not yet installed on this ESX host are listed.
———Bulletin ID——— —————-Summary—————–
This indicates that the patch has been fully applied. You can now log back into the vSphere Client and take ESX out of maintenance mode and then start up the guest VM’s (or reboot and allow ESX to autostart them).
Patching process is now complete!