I am running ESXi 5.1 build 1065491 and vCenter 5.1.
I am upgrading to 5.5.
My plan was to upgrade to ESXi 5.5 U1 (build 1623387).
Then, apply the HeartBleed patch 201404001.
However, I see there is a ESXiU1-Rollup_2 patch, but the instruction say it cannot be used for an upgrade and only for new installs.
If that is the case, how do you get the Rollup2 driver updates for a newly updated ESXi 5.5 U1?
thanks
Hi Friend,
As per below KB, it seems you even can go for below path
VMware ESXi 5.5, Patch Release ESXi550-201404001
Apply this patch on ESXi 5.5 hosts to resolve all issues fixed in ESXi 5.5 Update 1, and additionally the OpenSSL Heartbleed issue.
VMware KB: Resolving OpenSSL Heartbleed for ESXi 5.5 - CVE-2014-0160
You will another option as well in above KB
On your query, can you please point me to the KB that you are referring to?
For VC 5.1, you can directly go for upgrading VC 55U1a.
vCenter Server 5.5 Update 1a Release Notes
hi,
It appears Patch Release ESXi550-201404001 is to be used if your are on ESXi 5.5.
I am currently running 5.1 so i have to update to 5.5 using VMware-VMvisor-Installer-5.5.0.update01-1623387.x86_64.iso
That was found in this blog.
http://blogs.vmware.com/kb/2014/04/patching-esxi-5-5-heartbleed-without-installing-update-1.html
The info about the roll-up is in the README - ESX5.5U1-SuperISO-2-README.pdf
Important: The ESXi 5.5.1 Driver Rollup 2 is designed for fresh installations of ESXi hosts.
VMware does not support using the ESXi 5.5.1 Driver Rollup 2 to upgrade an existing ESXi installation.
The pdf can be found at the below link
http://www.tinkertry.com/vmware-esxi-5-5-update-1-driver-rollup-2-released-apr-24-2014/
So, I am not sure how the driver Rollup2 updates are applied.
Do you need any of the drivers from the rollup (driver version can be found in the readme for the Rollup image)? Unless that's the case, you may proceed with the steps you mentioned.
If driver updates are required, download the individual drivers manually from the VMware drivers download page and apply them manually or via Update Manager after upgrading the host to the latest patch bundle
André
The reason I ask about the drivers ..
When I installed ESXi 5.1 on the Dell PE R510, it failed with I think was a driver issue.
I had to download a special ESXi Image from the Dell Web Site.
I am hoping this is corrected in ESXi 5.5? and,
when applying the patch for HeartBleed, I will use excli "update" instead of "install"
Stan
VMware does integrate all individual drivers in their image, that's why vendors offer OEM images for their specific hardware. You may want to consider to use the DELL image "VMware ESXi 5.5 Dell Version: A04, Build# 1746974" (which already contains the Heartbleed patches) from Driver Details | Dell US for the upgrade.
André
Thanks
That is a better option..
Then, no need then to use esxcli to patch ESXi even though I moved the zip to the datastore:smileygrin:
Yes and no. No need to apply the patch to resolve the Heartbleed issue. However, according to the build number DELL offers version 5.5.0c , i.e. the build without Update 1a. Maybe due to the NFS issue in Update 1!? If you want to patch the host to Update 1a you may apply patch "ESXi550-201404001" after the upgrade. I'd recommend you run esxcli with the "update" option as well as with "--dry-run" to see whether which vibs will be replaces.
André
I have ESXi550-201404001.zip on the datastore.
I was going with the below cmd:
esxcli software vib update -d "/vmfs/volumes/50851ccb-d83b2e2e-e82f-782bcb47bf37/ISOs/ESXi550-201404001.zip"
what will I be able to tell about vibs being replaced?
i am not sure i would know right from wrong :smileyconfused:
Just add "--dry-run" to the command line to simulate what the command would do.
esxcli software vib update -d "/vmfs/volumes/50851ccb-d83b2e2e-e82f-782bcb47bf37/ISOs/ESXi550-201404001.zip" --dry-run
André
ok, using dry-run,,
is this more to see if there are errors vs seeing what is actually be updated?
It will just show you which vibs will be added/removed and which stay the same.
André
a new security announcement came out last week for ESXi 5.5 (note: for ESXi 5.5 without patch ESXi550-201403102-SG)
Is the above patch included in the HeartBLeed patch or the Update 1a?
I upgraded to 5.5 from 5.1 and applied the patch for HearBleed and am at ESXi build 1746018 and am wondering if this new patch needs applied.
Based on the build number of 1746018 I would think it id included?
thanks
According to KB 2065827, ESXi550-201403102-SG is a security patch for VMware Tools included in the Update 1 bundle. The latest Heartbleed patch includes/replaces the VMware Tools .vib, so you should be ok. (see ESXi 5.x Patch Matrix)
André
ok thanks
i moved onto the vCenter 5.1 to 5.5 upgrade,
but ran into http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=206051...
I tried 3 times and stll get the error - Simple Insall Setup Wizard ended prematurely.
The vCenter is in a work group, but I would not think this should matter if I have the DNS set and FQDN.