Manually patching Vmware ESXi

 

Intro

I run few ESXi standalone servers. As with any other hypervisor it is necessary to apply security/bugfixes updates from time to time.

Those who can afford fully blown vSphere are blessed with VMware vSphere Update Manager which makes it smooth sailing all way down.

For those with standalone ESXi servers, well it requires a bit of tinkering. Here goes a quick how to.

Enabling ESXi Shell access using the vSphere Client

but first, random picture from my library

insta-12

  • Log into a ESXi Server system using the vSphere Client.
  • Select the host in the inventory panel.
  • Click the Configuration tab and click Security Profile.
  • In the Services section, click Properties.
  • Select following services and “Start and stop manually”,
  • Click Start to enable the service, Click OK.
ESXi Shell
SSH
Direct Console UI

 

Actual patching procedure

 

  • Establish current patch level (it’s listed in vSphere Client/ Home / Inventory / top of the centre panel, next to hostname and ESXi version)
  • Get patches from https://my.vmware.com/group/vmware/patch#search
  • I like to copy them to my NFS R/O datastore called pub
    then SSH to host I’m patching and cp patch to local datastore

 

cp /vmfs/volumes/Pub/patches/vmware/esxi-5.5/update-from-esxi5.5-5.5_update02.zip /vmfs/volumes/datastore1/
esxcli software vib list
df -h

Filesystem Size Used Available Use% Mounted on
NFS 50.0G 5.0G 45.0G 10% /vmfs/volumes/Pub
VMFS-5 129.2G 4.3G 124.9G 3% /vmfs/volumes/datastore1
VMFS-3 698.2G 482.9G 215.3G 69% /vmfs/volumes/iSCSI VMFS
vfat 4.0G 23.4M 4.0G 1% /vmfs/volumes/5279164e-affc9636-2674-0025b3a810c8
vfat 249.7M 157.0M 92.7M 63% /vmfs/volumes/afb6527c-f8a9b47a-8fe2-48b63cd2199e
vfat 249.7M 8.0K 249.7M 0% /vmfs/volumes/51cd767a-24889ff2-71c2-6faa073b6977
vfat 285.8M 191.3M 94.6M 67% /vmfs/volumes/5279163b-93c92b0e-ab9c-0025b3a810c8

You probably want this:

esxcli system maintenanceMode set --enable true

And then we are ready to perform the actual patching

esxcli software vib update --depot=/vmfs/volumes/datastore1/update-from-esxi5.5-5.5_update02.zip

 

Installation Result

Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
Reboot Required: true

I’m using HP servers so now it might be a good time to also add HP vibs for server drivers and sensors, see bottom of the page!

Reboot, check everything, including logs

tail -f /var/log/syslog.log

and deactivate services:

  • ESXi Shell
  • SSH
  • Direct Console UI

 

Major upgrade i.e. from 5.0 to 5.5

That worked for me as well, open firewall for outgoing http requests:

esxcli network firewall ruleset set -e true -r httpClient

Install the ESXi 5.5 U1 Imageprofile from the VMware Online depot

esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-20140302001-standard

Reboot your host

 

Missing HP agents and drivers

After installing ESXi image from vmware website HP drivers may be missing. Here is how to cure it:

esxcli network firewall ruleset set -e true -r httpClient
# for ESXi 5.5
esxcli software vib install -d http://vibsdepot.hp.com/hpq/hpq-index-ecli-550.xml
# for ESXi 6
esxcli software vib install -d http://vibsdepot.hp.com/hpq/latest/index.xml

 

  2 Responses to “Manually patching Vmware ESXi”

  1. The vibsdepot.hp.com changed into vibsdepot.hpe.com.

  2. This does look promising. I’ll keep coming back for more.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)