I recently was asked to patch an ESX 4 host for a customer. This customer did not make use of VMware's Update Manager, and the customer also wanted a simple set of instructions to be provided for use in future patching. Below is a simplified bullet-item version of the ESX 4 Patch Management Guide that I presented to the customer.
On a Windows box, download the patch bundle directly from VMware. This will be .zip file.
On a Windows box with the vSphere client installed, use the vSphere client's datastore browser to upload the .zip file to a datastore on an ESX 4 host.
Obtain local console access, or SSH (putty), to the ESX 4 host that the bundle file was uploaded to.
Verify that the ESX 4 host disk free space is acceptable (2X the size of the bundle), using the command:
Move the bundle file off of the datastore and into /var/updates, using the command:
mv /vmfs/volumes/datastore/ESX400-200909001.zip /var/updates
Note: The directory /var/updates is used in this document, but any directory on a partition with adequate free space could substituted.
The patch bundle referenced in this document (ESX400-200909001.zip) was for the 09/24/2009 update release. Adjust file names as required, for newer bundles.
Verify that the patch bundles aren't already installed (or if they are required), using the command:
If applicable, use the vSphere client to put the ESX 4 host in maintenance mode. Alternatively, use the command:
vimsh -n -e /hostsvc/maintenance_mode_enter
The following commands may also be used to list and then shut down virtual machines. This is for environments without VMotion or for single hosts.
vmware-cmd -s listvms
vmware-cmd <full path to .vmx file> stop soft
To determine which bulletins in the bundle are applicable to this ESX 4 host, use the command:
esxupdate --bundle file:///var/updates/ESX400-200909001.zip scan
To check VIB signature, dependencies, and bulletin order without doing any patching (a dry run), use the command:
esxupdate --bundle file:///var/updates/ESX400-200909001.zip stage
If the stage (dry run) found no problems, then the bundle can be installed using the command:
esxupdate --bundle file:///var/updates/ESX400-200909001.zip update
When (or IF) prompted to reboot, use the command:
Note: Not all patches will require an ESX host reboot.
After the system boots, verify patch bundles were installed with the command:
If applicable, take the ESX host out of maintenance mode with the command:
vimsh -n -e /hostsvc/maintenance_mode_exit
If applicable, restart virtual machines using the vSphere client or the following command:
vmware-cmd <full path to .vmx file> start
Delete the bundle zip file from the /var/updates folder, using the command:
Verify that host disk free space is still acceptable, using the command:
As always, thanks for reading!