Hello all...
In response to the Meltdown and Spectre vulnerabilities.... I'll be needing to patch my ESXI 6 hosts...
These were originally installed via a custom Fujitsu OEM iso.... my questions is, will the patches overwrite or break any functionality in the current host installation?
I've actually never used the one-off patches for these hosts as of yet, I always waited until there was a Fujitsu OEM image release like the latest update 3 for ESXI 6 for example.
Any help is appreciated! Thanks....
Dennis,,,,
All ESXi patches are cumulative, you don't need to choose which VIB to install to fully update your host.
Just use
esxcli software vib update -d <path to ZIP archive> command to update your host
Here detailed instructions are VMware Knowledge Base
Feel free to install vmware's patches on top of ESXi installed from OEM ISO.
Just keep in mind if you update your host from CLI - user esxcli software vib update command rather than esxcli software vib install
So it's just that easy !?? :smileygrin: Thanks Finikiez !
Definitely it is.
HW vendors only add updated drivers and additional tools (like cli utility to configure local raid controller) into customized ISO. They don't and can't modify VMware's code.
Understood!
One more thing ...if you don't mind. I downloaded the newest patched esxi build...which of course bundles many patches together....
ESXi600-201711001
So I would need to install only the specific vibs that address the Intel speculation vulnerability for example?
Because when unzipped, there are numerous folders each containing different vibs.....driver vibs etc...
I would not want to install the entire build, correct ??
Sorry if I'm unclear...I've only patched via the iso install like I mentioned before
All ESXi patches are cumulative, you don't need to choose which VIB to install to fully update your host.
Just use
esxcli software vib update -d <path to ZIP archive> command to update your host
Here detailed instructions are VMware Knowledge Base
Right..I know they are cumulative...it was my worry that some of the unique drivers from the OEM install would get overwritten. But as you said before, they are additions, so the update would not alter those.
Thanks for your help sir!!
If there are newest drivers in the patch they will be updated.
If you have ESXi installed from customized ISO and install patch using command esxcli software vib install with old drivers they will overwrite installed versions.
That's why it's recommended to update host with esxcli software vib update