ESXi

 View Only
  • 1.  Applying a patch... do I need to update first?

    Posted Sep 02, 2020 02:28 PM

    Hi folks,

    Rookie question...

    Recently was told by VMWare support to install patch ESXi 6.7 EP14 (Build-15820472).

    The host is currently using ESXi 6.7 GA (Build-8169922).

    Does that mean I have to update to ESXi 6.7 U3, before I download and install VIB for EP14 ?  (I download because the facility has no internet connection)

    Appreciate your help.

    Regards

    Lum



  • 2.  RE: Applying a patch... do I need to update first?

    Posted Sep 02, 2020 05:38 PM

    The patch bundles basically contain everything you need, in order to update/patch a host, i.e. it's cumulative. However, whether it is possible to update/patch the host directly to the latest build using the patch bundle depends on a couple of things, like how you plan to install the patch (e.g. CD, command line, Update Manager), and whether the installed image is the default VMware image, or a vendor (or otherwise) customized image, which contains additional (required) drivers, and tools for your specific hardware.


    André



  • 3.  RE: Applying a patch... do I need to update first?

    Posted Sep 02, 2020 06:01 PM

    Thanks Andre for replying.

    I intend to install the patch manually... (since the host PC does not have internet access).

    The image on the current host is the base ESXi 6.7 installation - i.e. not vendor installed. There were no additional 3rd party drivers installed.

    The instructions from VMSupport guy say:

    Please find the steps below:
    = You can download that VIB on your local machine.
    = Then connect to host using winscp /SSH.
    = Upload the file to the host or you can upload to datastore

    The link to the patch (https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202004001.html) say:

    ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command.

    Is the "esxcli software vib" command sufficient to update the host? Or will I be required to use the "image profile and esxcli software profile" commands as well ?

    That part is a little confusing.



  • 4.  RE: Applying a patch... do I need to update first?
    Best Answer

    Posted Sep 02, 2020 06:35 PM

    In this case, both options will have a similar result.

    Personally I prefer the esxcli software profile install version of the command for hosts that do not require additional drivers.

    Hint: The command has a "--dry-run" option which allows you to preview the results without modifying things.

    One additional note, the patch that you mentioned is from April, and other (newer) patches have been released since then. So if your host supports it, you may use the August patch instead.

    André



  • 5.  RE: Applying a patch... do I need to update first?

    Posted Sep 02, 2020 07:04 PM

    Thank you, Andre.

    I will read up the "esxcli software profile" command.

    Thanks for the suggestion to use the August patch.



  • 6.  RE: Applying a patch... do I need to update first?

    Posted Sep 02, 2020 07:05 PM

    Is there a reason not to use the latest 6.7? Any way....

    After shutting down all VMs...

    vim-cmd hostsvc/maintenance_mode_enter
    esxcli network firewall ruleset set -e true -r httpClient
    esxcli software profile update -p ESXi-6.7.0-20200403001-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
    esxcli network firewall ruleset set -e false -r httpClient
    vim-cmd hostsvc/maintenance_mode_exit

    This works as long your ESXi management is allowed to connect to the internet. If not you have to download a *.zip.

    Regards,
    Joerg



  • 7.  RE: Applying a patch... do I need to update first?

    Posted Sep 02, 2020 07:10 PM

    Thank you for the reply Joerg.

    I guess it doesn't hurt to use the latest 6.7 build.

    The host has no internet access, so I will be downloading elsewhere and then SCP to the host.

    Appreciate the example!