VMware Cloud Community
LumH
Enthusiast
Enthusiast
‎09-02-2020 07:28 AM
Jump to solution

Applying a patch... do I need to update first?

Hi folks,

Rookie question...

Recently was told by VMWare support to install patch ESXi 6.7 EP14 (Build-15820472).

The host is currently using ESXi 6.7 GA (Build-8169922).

Does that mean I have to update to ESXi 6.7 U3, before I download and install VIB for EP14 ?  (I download because the facility has no internet connection)

Appreciate your help.

Regards

Lum

0 Kudos
1 Solution

Accepted Solutions
a_p_
Leadership
Leadership
‎09-02-2020 11:34 AM
Jump to solution

In this case, both options will have a similar result.

Personally I prefer the esxcli software profile install version of the command for hosts that do not require additional drivers.

Hint: The command has a "--dry-run" option which allows you to preview the results without modifying things.

One additional note, the patch that you mentioned is from April, and other (newer) patches have been released since then. So if your host supports it, you may use the August patch instead.

André

View solution in original post

6 Replies
a_p_
Leadership
Leadership
‎09-02-2020 10:37 AM
Jump to solution

The patch bundles basically contain everything you need, in order to update/patch a host, i.e. it's cumulative. However, whether it is possible to update/patch the host directly to the latest build using the patch bundle depends on a couple of things, like how you plan to install the patch (e.g. CD, command line, Update Manager), and whether the installed image is the default VMware image, or a vendor (or otherwise) customized image, which contains additional (required) drivers, and tools for your specific hardware.


André

0 Kudos
LumH
Enthusiast
Enthusiast
‎09-02-2020 11:01 AM
Jump to solution

Thanks Andre for replying.

I intend to install the patch manually... (since the host PC does not have internet access).

The image on the current host is the base ESXi 6.7 installation - i.e. not vendor installed. There were no additional 3rd party drivers installed.

The instructions from VMSupport guy say:

Please find the steps below:
= You can download that VIB on your local machine.
= Then connect to host using winscp /SSH.
= Upload the file to the host or you can upload to datastore

The link to the patch (https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202004001.html) say:

ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command.

Is the "esxcli software vib" command sufficient to update the host? Or will I be required to use the "image profile and esxcli software profile" commands as well ?

That part is a little confusing.

0 Kudos
a_p_
Leadership
Leadership
‎09-02-2020 11:34 AM
Jump to solution

In this case, both options will have a similar result.

Personally I prefer the esxcli software profile install version of the command for hosts that do not require additional drivers.

Hint: The command has a "--dry-run" option which allows you to preview the results without modifying things.

One additional note, the patch that you mentioned is from April, and other (newer) patches have been released since then. So if your host supports it, you may use the August patch instead.

André

LumH
Enthusiast
Enthusiast
‎09-02-2020 12:03 PM
Jump to solution

Thank you, Andre.

I will read up the "esxcli software profile" command.

Thanks for the suggestion to use the August patch.

0 Kudos
IRIX201110141
Champion
Champion
‎09-02-2020 12:04 PM
Jump to solution

Is there a reason not to use the latest 6.7? Any way....

After shutting down all VMs...

vim-cmd hostsvc/maintenance_mode_enter
esxcli network firewall ruleset set -e true -r httpClient
esxcli software profile update -p ESXi-6.7.0-20200403001-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
esxcli network firewall ruleset set -e false -r httpClient
vim-cmd hostsvc/maintenance_mode_exit

This works as long your ESXi management is allowed to connect to the internet. If not you have to download a *.zip.

Regards,
Joerg

0 Kudos
LumH
Enthusiast
Enthusiast
‎09-02-2020 12:09 PM
Jump to solution

Thank you for the reply Joerg.

I guess it doesn't hurt to use the latest 6.7 build.

The host has no internet access, so I will be downloading elsewhere and then SCP to the host.

Appreciate the example!

0 Kudos