I recently was asked to patch an ESX 4 host for a customer.  This customer did not make use of VMware's Update Manager, and the customer also wanted a simple set of instructions to be provided for use in future patching. Below is a simplified bullet-item version of the ESX 4 Patch Management Guide that I presented to the customer.

 

01:

On a Windows box, download the patch bundle directly from VMware. This will be .zip file.

 

02:

On a Windows box with the vSphere client installed, use the vSphere client's datastore browser to upload the .zip file to a datastore on an ESX 4 host.

 

03:

Obtain local console access, or SSH (putty), to the ESX 4 host that the bundle file was uploaded to.

 

04:

Verify that the ESX 4 host disk free space is acceptable (2X the size of the bundle), using the command:

 

vdf -h

 

05:

Move the bundle file off of the datastore and into /var/updates, using the command:

 

mv /vmfs/volumes/datastore/ESX400-200909001.zip /var/updates

 

Note: The directory /var/updates is used in this document, but any directory on a partition with adequate free space could substituted.

The patch bundle referenced in this document (ESX400-200909001.zip) was for the 09/24/2009 update release.  Adjust file names as required, for newer bundles.

 

06:

Verify that the patch bundles aren't already installed (or if they are required), using the command:

 

esxupdate query

 

07:

If applicable, use the vSphere client to put the ESX 4 host in maintenance mode.  Alternatively, use the command:

 

vimsh -n -e /hostsvc/maintenance_mode_enter

 

The following commands may also be used to list and then shut down virtual machines.  This is for environments without VMotion or for single hosts.

 

vmware-cmd -s listvms

vmware-cmd <full path to .vmx file> stop soft

 

08:

To determine which bulletins in the bundle are applicable to this ESX 4 host, use the command:

 

esxupdate --bundle file:///var/updates/ESX400-200909001.zip scan

 

09:

To check VIB signature, dependencies, and bulletin order without doing any patching (a dry run), use the command:

 

esxupdate --bundle file:///var/updates/ESX400-200909001.zip stage

 

10:

If the stage (dry run) found no problems, then the bundle can be installed using the command:

 

esxupdate --bundle file:///var/updates/ESX400-200909001.zip update

 

11:

When (or IF) prompted to reboot, use the command:

 

reboot

 

Note: Not all patches will require an ESX host reboot.

 

12:

After the system boots, verify patch bundles were installed with the command:

 

esxupdate query

 

13:

If applicable, take the ESX host out of maintenance mode with the command:

 

vimsh -n -e /hostsvc/maintenance_mode_exit

 

14:

If applicable, restart virtual machines using the vSphere client or the following command:

 

vmware-cmd <full path to .vmx file> start

 

15:

Delete the bundle zip file from the /var/updates folder, using the command:

 

rm /var/updates/*.zip

 

16:

Verify that host disk free space is still acceptable, using the command:

 

vdf -h

 

As always, thanks for reading!