Patching vSphere
In my previous article I explained the benefits, and walked through the installation, of VMware vSphere Hypervisor (ESXi). The aim of this article is to outline the patching process, to ensure your virtualisation lab is always up to date with the latest bug fixes, security updates and new features.
Being an enterprise platform, the patching process for the standard (free) version is not immediately obvious. In fact when I first started using the vSphere Client I spent a lot of time hunting for a user friendly update option, I was hoping for something like software update in OS X. Unfortunately this feature simply does not exist, unless you have a fully licensed version with vCenter and Update Manager installed.
Thankfully, there are multiple ways you can apply new patches (for example vSphere Management Assistant), but in my opinion the easiest option is to use the command line. Initially this might sound scary, but trust me the process is very simple and does not require any special software or knowledge.
Getting Started:
As always with VMware vSphere, your best bet is to complete this process using a Windows client, as unfortunately OS X and Linux support is still a little hit and miss.
The first step is to download the patches. To do this head over to the VMware Patch Portal and select “ESXi (Embedded and Installable), 5.0.0”. This will list all the available patch bundles.
Download each patch bundle, from the oldest to the newest, but do not unzip them. I recommend creating a folder called “patches”.
Once complete, launch the vSphere Client and connect to your host. Start by browsing your primary storage, do this by right clicking the specific datastore from the “Summary” tab and selecting “Browse Datastore”.
From the datastore browser click to upload your newly created “patches” folder.
This process may take a few minutes, but once complete all the required patches will be stored on the host, which will make life a lot easier later.
Enable the ESXi Shell and SSH:
To enable the ESXi Shell and SSH simply click on the “Configuration” tab, then select “Security Profile” from the “Software” section. Under “Services”, click “Edit”.
Select “ESXi Shell” and click “Options > Start”. Repeat the process for “SSH”.
Preparing VMware vSphere Hypervisor (ESXi):
Before initiating the patching you must first shutdown all of your virtual machines and enter maintenance mode. To do this right click your host and click “Enter Maintenance Mode”.
Appling Patches:
Now you are ready to connect to the host using SSH. Any SSH client should work, if you don’t already have one I recommend you download Putty (which is free).
Connect using the host IP address (standard ports) and when prompted enter your username (e.g. root) and password (if set).
Now apply each patch (oldest to newest) in turn using the following command:
esxcli software vib update --depot /vmfs/volumes/<dataStoreName>/<folderName>/filename.zip
Each patch will take a little while to install, with no indication of progress. Simply wait for the prompt to re-appear.
Once you have applied all the patches restart the host by typing “reboot”.
Finally, once your host has rebooted you must exit maintenance mode before restarting your virtual machines. There is no need to disable the ESXi Shell or SSH services as this will be done automatically.
That’s it! You now have a fully up to date version of VMware vSphere Hypervisor (ESXi). The only other thing to keep an eye on is if any of the patches included a new version of VMware Tools, if so you should update each of your virtual machines using the standard process.