vCenter

 View Only
  • 1.  patching ESXi 7 hosts in vCenter?

    Posted Apr 07, 2023 06:54 PM

    Does this look healthy in terms of the ESXi hosts being ready to be updated? If not, what should the next steps be, to bring this to a good state?

    (+ ideally all the next steps )

    (Please talk to me like to a 5-year-old with some WU, yum, softwareupdate, BigFix experience, but who is only barely familiar with VMware - thank you!)

    vCenter ESXi updates - ESXi host - Screenshot 2023-04-07 113221.png

    vCenter ESXi updates - attached baselines - Screenshot 2023-04-07 112711.png

    "11 months ago" - normal? (vCenter seems to be successfully downloading patches daily.)



  • 2.  RE: patching ESXi 7 hosts in vCenter?

    Posted Apr 07, 2023 07:12 PM

    Maybe this is getting somewhere: the vCenter DNS name is inaccessible from the host:

     

    [root@ESXi-hosta:/tmp] wget --spider http://vCenter3.v***t.com:9084/vum/repository/hostupdate/CIS/CIS-ESXi-7.0-A
    ddon-cumulative_metadata.zip
    wget: bad address 'vCenter3.v***t.com:9084'
    [root@ESXi-hosta:/tmp] ping vCenter3.v***t.com
    getaddrinfo() for "vCenter3.v***t.com" failed (-2: Name or service not known)

     

    (URLs are masked. Actual URLs are legit, and should be accessible.)

    After adding the requisite DNS servers, the "cannot scan" and "cannot download files" issues went away.

    Next, will try staging and remediating.



  • 3.  RE: patching ESXi 7 hosts in vCenter?

    Posted Apr 07, 2023 07:52 PM

    Configure DNS on ESXi host , so that it can reach Update manager / vCenter URL and download the patch bundle upload, create baseline and attach and scan.

    Then proceed with remediation.

     



  • 4.  RE: patching ESXi 7 hosts in vCenter?

    Posted Apr 07, 2023 08:10 PM

    Thanks - the DNS issue has been fixed (and I took that part of the question down) - does it look OK otherwise, from the screenshots? E.g. the "11 months ago" part?

    In other words, what is VMware's definitive process to confirm the baselines have been updated to the latest available patches?

    (In WU, it's the "last checked" timestamp and lack of errors; in yum - that 'yum check-update' runs w/o errors and completes successfully, in addition to repositories being synced. What about in vCenter?)



  • 5.  RE: patching ESXi 7 hosts in vCenter?
    Best Answer

    Posted Apr 07, 2023 11:33 PM

    what is VMware's definitive process to confirm the baselines have been updated to the latest available patches?

    If you go to Lifecycle Manager → Baselines → Critical Host Patches (or whichever Baseline you are interested in) → Then sort by Release date, you can then see the latest patches that have been downloaded into that baseline.

    Also check your update settings via Lifecycle Manager → Patch Downloads → Settings → Edit. Here you can confirm Automatic Downloads are enabled and how frequently it checks for updates.  You can also check Lifecycle Manager → Patch Setup, and confirm that your VMware Download Sources are present and have a connectivity status of "Connected".

    Provided your vCenter host is able to talk to the VMware download repositories, it will download patches automatically, and new updates will appear regularly, as and when they are available. Typically the most recent patches will be dated within the last 30 days. As long as what you are seeing ticks all those boxes. you're all good 



  • 6.  RE: patching ESXi 7 hosts in vCenter?

    Posted Apr 07, 2023 11:41 PM

    If you go to Lifecycle Manager ...

    Menu -> Lifecycle Manager - got it! Thank you!

    (Checked everything and it's looking good.)