Manually patching Vmware ESXi
I run few ESXi standalone servers. As with any other hypervisor it is necessary to apply security/bugfixes updates from time to time.
Those who can afford fully blown vSphere are blessed with VMware vSphere Update Manager which makes it smooth sailing all way down.
For those with standalone ESXi servers, well it requires a bit of tinkering. Here goes a quick how to.
Enabling ESXi Shell access using the vSphere Client
but first, random picture from my library
- Log into a ESXi Server system using the vSphere Client.
- Select the host in the inventory panel.
- Click the Configuration tab and click Security Profile.
- In the Services section, click Properties.
- Select following services and “Start and stop manually”,
- Click Start to enable the service, Click OK.
ESXi Shell SSH Direct Console UI
Actual patching procedure
- Establish current patch level (it’s listed in vSphere Client/ Home / Inventory / top of the centre panel, next to hostname and ESXi version)
- Get patches from https://my.vmware.com/group/vmware/patch#search
- I like to copy them to my NFS R/O datastore called pub
then SSH to host I’m patching and cp patch to local datastore
cp /vmfs/volumes/Pub/patches/vmware/esxi-5.5/update-from-esxi5.5-5.5_update02.zip /vmfs/volumes/datastore1/ esxcli software vib list df -h Filesystem Size Used Available Use% Mounted on NFS 50.0G 5.0G 45.0G 10% /vmfs/volumes/Pub VMFS-5 129.2G 4.3G 124.9G 3% /vmfs/volumes/datastore1 VMFS-3 698.2G 482.9G 215.3G 69% /vmfs/volumes/iSCSI VMFS vfat 4.0G 23.4M 4.0G 1% /vmfs/volumes/5279164e-affc9636-2674-0025b3a810c8 vfat 249.7M 157.0M 92.7M 63% /vmfs/volumes/afb6527c-f8a9b47a-8fe2-48b63cd2199e vfat 249.7M 8.0K 249.7M 0% /vmfs/volumes/51cd767a-24889ff2-71c2-6faa073b6977 vfat 285.8M 191.3M 94.6M 67% /vmfs/volumes/5279163b-93c92b0e-ab9c-0025b3a810c8
You probably want this:
esxcli system maintenanceMode set --enable true
And then we are ready to perform the actual patching
esxcli software vib update --depot=/vmfs/volumes/datastore1/update-from-esxi5.5-5.5_update02.zip
Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective. Reboot Required: true
I’m using HP servers so now it might be a good time to also add HP vibs for server drivers and sensors, see bottom of the page!
Reboot, check everything, including logs
tail -f /var/log/syslog.log
and deactivate services:
- ESXi Shell
- Direct Console UI
Major upgrade i.e. from 5.0 to 5.5
That worked for me as well, open firewall for outgoing http requests:
esxcli network firewall ruleset set -e true -r httpClient
Install the ESXi 5.5 U1 Imageprofile from the VMware Online depot
esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-20140302001-standard
Reboot your host
Missing HP agents and drivers
After installing ESXi image from vmware website HP drivers may be missing. Here is how to cure it:
esxcli network firewall ruleset set -e true -r httpClient # for ESXi 5.5 esxcli software vib install -d http://vibsdepot.hp.com/hpq/hpq-index-ecli-550.xml # for ESXi 6 esxcli software vib install -d http://vibsdepot.hp.com/hpq/latest/index.xml
The vibsdepot.hp.com changed into vibsdepot.hpe.com.
This does look promising. I’ll keep coming back for more.