It is indeed not straightforward.
The sample script below shows how it could be done but it has a few prerequisites.
1) the script assumes that the VI Update Manager (UM) depot is present
2) it assumes that all patches are downloaded and available in the UM depot
3) if does not take into account any proxy that could be between you and the VC
Get-VIServer -Server <VC-server>
$pm = Get-View (Get-View (Get-VMHost -Name <ESX-hostname>).ID).configManager.patchManager
$repository = New-Object VMware.Vim.HostPatchManagerLocator
$repository.url = "http://<VC-server>:<VC-hhtp-port>/vci/hostupdates/hostupdate/esx/esx-3.5.0"
$taskImpl = $pm.ScanHostPatch_Task($repository,"*")
# Wait for task to finish
$task = Get-View $taskImpl
while ($task.Info.State -eq "running"){$task = Get-View $taskImpl}
# Display the results
foreach($patch in $task.Info.Result){
Write-Host $patch.Id $patch.Installed $patch.Applicable
}
Some annotations:
- the repository URL is composed of
1) the VC-server - ex http://vcserver
2) the VC http port - ex :81
3) Apache path to the UM depot folder - ex /vci/hostupdates
4) path to the depot folder for the specific ESX version -ex /hostupdate/esx/esx-3.5.0
In my test environment that gives: http://app1.test.local:81/vci/hostupdates/hostupdate/esx/esx-3.5.0 for a scan of an ESX 3.5 host.
- the path to the specific ESX version can normally be found on your VC in the folder C:\Documents and Settings\All Users\Application Data\VMware\VMware Update Manager\Data
- I didn't use the Wait-Task cmdlet since there appear to be some problems with that. Instead I rolled my own loop to wait till the task is complete
The script is definitely open for improvements.
- get the ESX version of the target host and compose the URL automatically
- handle other return states from the task. Now it supposes the task completes successfully.
- pretty-print the results
- report more properties for each patch. See HostPatchManagerStatus for all the available fields
