How to patch an ESXi 4.1 Hypervisor Host

Today I’m running a ESXi, 4.1.0, 800380 on a baremetal server and want to keep it current. Here are the steps I took to successfully update my VMWare ESXi host.

Enable SSH on the host.

You can do this one of two ways, either via the vSphere Client on the host configuration tab or via the physical console. If you use the physical console, you’ll log in and change the Troubleshooting Mode Options to enable “remote tech support”. If you are remote, you can edit the Security Profile and enable Remote Tech Support in the Host’s Configuration tab.

Download the patches.

Make sure you’re downloading the patches for the ESXi Product, and not ESX. Here’s the VMWare portal for patches.

Upload the patches to the Host.

Using the vSphere client, upload the patches directly to the root of a local datastore by browsing the datastore and selecting the file(s) to upload.

Log in via SSH and apply the patch. Execute the following command and read the output:

~ # esxupdate --bundle=/vmfs/volumes/datastore1/ESXi410-201301001.zip info
ID - ESXi410-201301402-BG
Release Date - 2013-01-31T08:00:00
Vendor - VMware, Inc.
Summary - Updates VMware tools
Severity - critical
Urgency - important
Category - bugfix
Install Date -
Description - For more information, see http://kb.vmware.com/kb/2041339.
KB URL - http://kb.vmware.com/kb/2041339
Contact - http://www.vmware.com/support/contacts/
Compliant - False
RebootRequired - False
HostdRestart - False
MaintenanceMode - False
List of constituent VIBs:
deb_vmware-esx-tools-light_4.1.0-3.33.988178

ID - ESXi410-201301401-SG
Release Date - 2013-01-31T08:00:00
Vendor - VMware, Inc.
Summary - Updates Firmware
Severity - security
Urgency - important
Category - security
Install Date -
Description - For more information, see http://kb.vmware.com/kb/2041338.
KB URL - http://kb.vmware.com/kb/2041338
Contact - http://www.vmware.com/support/contacts/
Compliant - False
RebootRequired - True
HostdRestart - False
MaintenanceMode - True
List of constituent VIBs:
deb_vmware-esx-firmware_4.1.0-3.33.988178

You should see similar output to what is shown above after the command was entered. Take careful notice to the lines that say “RebootRequired” and “MaintenanceMode” if either of those are “True” as they are in the second Patch ID output above, you’ll need to shut down your guests and put the host in Maintenance Mode to complete the update process.

After shutting down guests and putting the host into maintenance mode, execute the following command:

~ # esxupdate --bundle=/vmfs/volumes/datastore1/ESXi410-201301001.zip update
Unpacking deb_vmware-esx-tools-light_.. #################################################### [100%]

Unpacking deb_vmware-esx-firmware_4.1.. #################################################### [100%]

Removing packages :vmware-esx-tools-l.. #################################################### [100%]

Installing packages :deb_vmware-esx-f.. #################################################### [100%]

Installing packages :deb_vmware-esx-t.. #################################################### [100%]

The update completed successfully, but the system needs to be rebooted for the
changes to be effective.

You’ll notice it prompts you that a reboot is necessary to complete the patching. Reboot the host via the vSphere Client or by typing “reboot” into the ssh session, and reconnect to the host after it’s back up. If you have more patches, restart your SSH session and apply the other patches one at a time. Once patching is complete, take your host out of maintenance mode (if required) and start-up your guests.

Congratulations, your host is patched! Don’t forget to update the VMWare Tools on your guests if necessary.


EDIT: The esxupdate command output has a few other options which you may wish to explore.

Usage: esxupdate [options] (check|info|query|remove|scan|stage|update)

Options:
  -h, --help             show this help message and exit
  -b BULLETIN            a bulletin ID on which to run the command.  May be
                         specified multiple times.
  -m META, --meta=META   a metadata file on which to run the command.  May be
                         specified multiple times.
  --bundle=BundleZipUrl  An offline bundle .zip file to work with.  May be
                         specified multiple times.
  --loglevel=LOGLEVEL    enable more verbose log file output.  May be a number
                         (1-50), or one of DEBUG|INFO|WARNING|ERROR|CRITICAL.
                         Defaults to INFO (20).
  --http_proxy=Url:Port  use the proxy server at Url and Port
  --timeout=TIMEOUT      The timeout value for HTTP, HTTPS and FTP
                         connections.
  --retry=RETRY          The number of times to retry HTTP, HTTPS and FTP
                         connections.
  -a, --all              Display all bulletins.  Default is to display only
                         the applicable updates.

Leave a Reply