Patching a Standalone ESXi host using the shell


As with any system running software, you are going to have to apply patches to it at some point and VMware is no different. VMware recommends customers install all security patches to maximize the protection that VMware provides. For a list of all security patches, you can go here Login with your myvmware credentials.

Once it has been determined patches are available for ESXi, download the offline bundle so they can be pushed out to each VMware host as needed. You can easily push the offline patch package out manually using the Windows client but I prefer to download the patch and move it to a local webserver for easier distribution. One caveat to using VMware free as a standalone server is that the api is not available. This means we need to login to turn on ssh so we can perform the following tasks.

Staging the patch

Login to the ESXi standalone server

Open the windows client
Select your host
Enter your username
Enter your password
click "Login"

Enable ssh on the remote ESXi host

In the "Inventory" pane on the left, select the host name
Click the "Configuration" tab 
Click "Security Profile" in the Software section
Click on "Properties"
Find "SSH" in the list, select it and click "Options"
Make sure "Start and stop with host" is selected and click "Start"
You can click "OK" then "OK" again

SSH is now running on your VMware server and you can login with a ssh client like putty.

Login to your host using putty

Note: Not everyone will have the exact same setup so there may be inconsistencies within environments. You will have to apply this as a general practice, not necessarily as an exact procedure. I like creating a folder named Patches, which is where I upload patches(ingenious I know!) This isn’t mandatory in any way though, so it’s really up to you where you want to place the zip file.

Create a folder named “Patches” if one doesn’t exist. You can replace <host> and <datastore> with appropriate values for your environment

mkdir /vmfs/volumes/<host>\:<datastore>/Patches/

Change directories into the new folder

cd /vmfs/volumes/<host>\:<datastore>/Patches/

Pull down the patch from your local webserver

wget http://server.domain.tld/VMware/VMware-ESXi-5.5.0-Update3-3568722…

Alternatively, you can use winscp to push the file or upload the patch using the VMware GUI client from your windows machine.

Suspending running VMs

Like any other VMware server, the standalone host will need to be put into maintenance mode. To do that, the VMs need to be suspended or powered down. A one liner cli command can be used to get all VMs current state and suspend them prior to enabling maintenance mode on the host.

Suspend running VMs

for i in `vim-cmd vmsvc/getallvms |grep -v Vmid |awk '{print $1}'`; do if [ "`vim-cmd vmsvc/power.getstate $i |grep on`" == 'Powered on' ]; then vim-cmd vmsvc/power.suspend $i; echo “$i Suspended”; fi; done

Apply ESXi Patch

VMware kb

Put host into maintenance mode

vim-cmd hostsvc/maintenance_mode_enter

Run patch as an update

esxcli software vib update -d ‘/vmfs/volumes/host:Storage/Patch/VMware-ESXi-5.5.0-Update3-3568722…’

Bring host out of maintenance mode (the VMs will remain suspended)

vim-cmd hostsvc/maintenance_mode_exit

Now we can rebooot


Verify the state of the ESXi host

When the host comes back up, ssh should be disabled and depending on the autostart parameters, VMs should be running as well. In the event the VM’s haven’t started, login to the GUI client and power them on.

You can also login using the GUI to enable ssh and run this from the command line

for i in `vim-cmd vmsvc/getallvms |grep -v Vmid |awk '{print $1}'`; do if [ "`vim-cmd vmsvc/power.getstate $i |grep Suspended`" ]; then vim-cmd vmsvc/power.on $i; echo “$i Resumed”; fi; done

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by