VMware Cloud Community
m4biz
Hot Shot
Hot Shot

How to apply latest patches to ESXi host

Hi.

I'd like to know wich is the best an effective way to mantain updated ESXi host with latest security patches.

If I go on my ESXi dashboard, I see this, but I'm not shure that is the only and best way to apply patches.

Any idea?

Thanks in advance.

2023-02-07_082041.png

 

Ing. Cosimo Mercuro http://cosimomercuro.wordpress.com/
Tags (2)
Reply
0 Kudos
4 Replies
Kinnison
Commander
Commander

Comment removed...

m4biz
Hot Shot
Hot Shot

Hi Kinnison.

Thanks for you reply.

I'd like to know if , for a standalone server, is convenient to use something better than CLI.

I've heard about VMware vCenter Update Manager but I don't know if this is a convenient way.

Ing. Cosimo Mercuro http://cosimomercuro.wordpress.com/
Reply
0 Kudos
jvansickler
Contributor
Contributor

In order to apply patches to a standalone ESXi host, it must be in Maintenance Mode.  Since all the VMs would be shut down, the vCenter Server Appliance (VCSA) and its Update Manager won't be available.

The easiest way I know of to apply current (or desired) patches is to use the VMware ESXi Patch Tracker
on the v-Front (VMware Front Experience) website, maintained by vExpert Andreas Peetz. Be sure to read the Help page.

Note: When you click on the link next to the word "Imageprofile", a dialog box with instructions and the requisite CLI commands appears, ready to copy and paste.  If the box doesn't appear, check to see if you have popups disabled for the site, and enable them.

The basic process is:
1.  Browse to the site and select your desired patch. Click on the link to open the dialog box so you can copy/paste.
2. SSH into your ESXi host as root.
3. Open the firewall so you can access the patch files. (first line that begins with "esxcli")
4. Download and install the patch files (monitor for error messages) (the next two lines make up the patch install command)
5. Close the firewall (fourth line, also begins with "esxcli")
6. Reboot the ESXi host to complete the installation
7. Verify that the host matches the patch level.

Note:  Because my ESXi host isn't 100% hardware compatible with ESXi 7, I have to append "--no-hardware-warning" to the end of the patch install command.  If I forget, the patch won't install, but posts an error message informing me about adding it.

I find it easier to open a text editor, paste the patch command and add the "--no-hardware-warning" when I'm installing the patch,  That way I know it's there.

I hope this helps.

m4biz
Hot Shot
Hot Shot

Hi jvansickler.

Thanks for your reply.

I've just followed this way that has worked without issue.

This time I haven't need to put ESXi 7 in maintenance mode.

Update flows succesfully having only all VMs shutdowned.

Ing. Cosimo Mercuro http://cosimomercuro.wordpress.com/
Reply
0 Kudos