VMware Cloud Community
JarryG
Expert
Expert
‎03-10-2013 07:53 AM
Jump to solution

Patching ESXi 5.x using esxcli: "instal" or "update"?

Hi community,

I'm just trying to apply the latest patch ESXi510-201303001.zip to my esxi host using command-line (no update-manager). I'm following guide from vmware knowledge base:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200893...

But I see there are two possible commands:

# esxcli software vib install -d "/vmfs/volumes/Datastore/DirectoryName/PatchName.zip"

or
# esxcli software vib update -d "/vmfs/volumes/Datastore/DirectoryName/PatchName.zip"


The only difference is "install" versus "update" and I did not find any explanation what the difference is. So which command should be used? Does it make any difference at all?

_____________________________________________ If you found my answer useful please do *not* mark it as "correct" or "helpful". It is hard to pretend being noob with all those points! 😉
0 Kudos
1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee
‎03-10-2013 08:24 PM
Jump to solution

Hi,

    There is certainly a difference.

Update:

----------

  • Using the update command is the recommended method for patch application. Using this command applies all of the newer contents in a patch, including all security fixes. Contents of the patch that are a lower revision than the existing packages on the system are not applied.

    Install:

    ---------

  • Using the install command overwrites the existing packages in the system with contents of the patch you are installing, including installing new packages and removing old packages. The install command may downgrade packages on the system and should be used with caution. If required, the install command can be used to downgrade a system (only for image profiles) when the --allow-downgrade flag is set.

  • The install method has the possibility of overwriting existing drivers. If you are using 3rd party ESXi images, VMware recommends using the update method to prevent an unbootable state.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

0 Kudos
5 Replies
Sreec
VMware Employee
VMware Employee
‎03-10-2013 08:24 PM
Jump to solution

Hi,

    There is certainly a difference.

Update:

----------

  • Using the update command is the recommended method for patch application. Using this command applies all of the newer contents in a patch, including all security fixes. Contents of the patch that are a lower revision than the existing packages on the system are not applied.

    Install:

    ---------

  • Using the install command overwrites the existing packages in the system with contents of the patch you are installing, including installing new packages and removing old packages. The install command may downgrade packages on the system and should be used with caution. If required, the install command can be used to downgrade a system (only for image profiles) when the --allow-downgrade flag is set.

  • The install method has the possibility of overwriting existing drivers. If you are using 3rd party ESXi images, VMware recommends using the update method to prevent an unbootable state.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
aravinds3107
Virtuoso
Virtuoso
‎03-10-2013 10:20 PM
Jump to solution

Notes section of the Step 7 of the KB artcile 2008939 which you have mentioned explain the differernt between install and update

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
JarryG
Expert
Expert
‎03-11-2013 11:07 AM
Jump to solution

OMG, how could I miss that paragraph? I feel really ashamed...

But one more question: if I have pure 5.1 (build 799733), is it enough to apply the latest patch? I tend to think it is so, but I see ESXi510-201212001 has ~600MB, while ESXi510-201303001 only about 300MB. Moreover ESXi510-201212001 updates tools-light too, while the last patch only esxi-base. So I suppose at least those two latest patches should be installed consequently...

_____________________________________________ If you found my answer useful please do *not* mark it as "correct" or "helpful". It is hard to pretend being noob with all those points! 😉
0 Kudos
a_p_
Leadership
Leadership
‎03-11-2013 11:16 AM
Jump to solution

The reason for the different sizes (~300MB vs. 600MB) is related to the bulletins included in the patch package. Because patch ESXi510-201212001 contains both, security and bug-fix bulletins it has twice the size. For a great overview of patches included in each package take a look at the ESXi 5.x Patch Matrix

André

Message was edited by: a.p. - made GB -> MB

peetz
Leadership
Leadership
‎03-11-2013 12:03 PM
Jump to solution

The ESXi 5.x patch bundles are cumulative, so you only need to install the latest bundle.

For details see my blog post here: http://www.v-front.de/2012/11/are-esxi-5x-patches-cumulative.html

- Andreas

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de
0 Kudos