VMware Cloud Community
dscottimw
Enthusiast
Enthusiast
‎12-13-2018 12:03 PM

Trying to use install-vmhostpatch to update an esxi 6.0 host but getting failed to download metadata error

Hi all,

I recently (last weekend) upgraded my virtual center servers from 6.0 U3 to 6.7 U1 and have now discovered the vum instance will no longer patch / update any esx hosts that are not version 6.7 (which is my entire environment of 300 plus hosts).  So I was trying to write quick powercli script to accomplish this task.  I am trying to use install-vmhostpatch -webpath parameter to avoid having to copy the patch file locally to every host.  But it is not working for me as of yet. I keep getting "Failed to download metadata" I'm sure I'm missing something obvious in my simple script.  Once I get the functionality working I'll add more refinements to the script (like error checking etc.). 

What credentials does it use to connect via http to the source server?

Does it matter that the source web server is a Linux server?

Can you use the [-HostUsername <String>] [-HostPassword <SecureString>] [-HostCredential <PSCredential>] options with the -WebPath option?

Script and output are:

$tobpatched = Read-Host "Please enter the name of the ESXi 6.0 host you want to patch "

$esxcreds = Get-Credential -Message "Enter the root credentials for $tobpatched "

#connect to the esx host

Connect-VIServer -Server $tobpatched -Credential $esxcreds -ErrorAction Stop

#check to see if the host is in maintenance mode.

$connstate = Get-vmhost |Select-Object ConnectionState

if ($connstate.ConnectionState -ne "Maintenance") {Set-vmhost -VMHost $tobpatched -State Maintenance}

#install patches

Write-Host "Starting to install the patches" -ForegroundColor Cyan

Install-VMHostPatch -WebPath http://servername/path/topatches/ESXi600-201811001/metadata.zip -Verbose

Output:

Please enter the name of the ESXi 6.0 host you want to patch : vsdc-01-ah

Windows PowerShell credential request.

Enter the root credentials for vsdc-01-ah

User: root

Password for user root: ********

Name                           Port  User

----                           ----  ----

vsdc-01-ah                     443   root

Starting to install the patches

VERBOSE: Perform operation 'Installing patch.' on VM host 'vsdc-01-ah'.

VERBOSE: 12/13/2018 2:08:18 PM  Install-VMHostPatch     Finished execution

WARNING: Failed to download metadata.

Dan Scotti
Reply
0 Kudos
7 Replies
LucD
Leadership
Leadership
‎12-13-2018 12:35 PM

To be honest, I never got the option with WebPath to work either.

What does work for me, is to use the HostPath option.

In short, I extract the patch zip and then copy the extracted folder to a datastore that is accessible by the ESXi node(s).

I then use something like this (no ESXi credentials needed when you are connected to the vCenter).

Install-VMHostPatch -VMHost myesx.domain -HostPath /vmfs/volumes/datastore/ESXi670-201811001/metadata.zip


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
dscottimw
Enthusiast
Enthusiast
‎12-13-2018 12:42 PM

Thanks LucD.

I guess that leaves me pondering how best to copy the source files to the esx hosts (I have a lot of esx hosts that use non shared storage) and then clean them up after.

I was testing the process on a specific host before connecting to the vc. that way if I mucked something up I'd only be messing up 1 host....instead of all of them.

Dan Scotti
Reply
0 Kudos
LucD
Leadership
Leadership
‎12-13-2018 12:51 PM

You can limit to 1 ESXi node, by for example passing the exact hostname.

Unfortunately you don't have a shared datastore.

Can't you set up a temporary NFS share?

I do the copy and patching on 1 ESXi node like this

$esx = Get-VMHost -Name esx1.mydomain

Copy-DatastoreItem -Item C:\Downloads\ESXi670-201811001\* -Destination vmstore:\DC1\DS1\Patch\ -Force

Install-VMHostPatch -VMHost $esx -HostPath /vmfs/volumes/DS1/Patch/metadata.zip


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dscottimw
Enthusiast
Enthusiast
‎12-14-2018 08:19 AM

Thanks LucD.

I'll try this out. 

Dan Scotti
Reply
0 Kudos
dscottimw
Enthusiast
Enthusiast
‎12-14-2018 08:21 AM

Oh and on the temporary nfs datastore the complication is that these hosts are on the outside of a firewall because they contain our externally facing web infrastructure so we don't have any nfs servers on that side of the wall.  and data security doesn't like poking holes in the firewall for these types of things.

Dan Scotti
Reply
0 Kudos
MCioe
Enthusiast
Enthusiast
‎01-25-2019 04:52 AM

Does anyone know if the install-vmHostPatch does an "install" or an "upgrade"?  I have drivers on my ESXi that I don't want to be overwritten.  The cmdlet documentation literally says it does both, install and upgrade. And the name makes me nervous, too. 

I'm also looking at the ESXCli software.vib.upgrade cmdlet.  I like it better, because you don't have to unzip the patch bundle, but it's hanging on me and I'm thinking of just switching to the Install-VMHostPatch cmdlet.

Reply
0 Kudos
LucD
Leadership
Leadership
‎01-25-2019 05:42 AM

It should be an install.
If it finds vib that do not correspond, it will message you about conflicting modules.

There is a very good explanation in Are ESXi 5.x patches cumulative?

Although a bit dated, the content is still valid.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply