VMware: Updating / Patching ESX Server

Okay, VMware patch day .. or, patch weekend. There’s this VMware update Service.. but we’ll take esxupdate – ‘the long way home’? not necessarily! Logo_VMware

What we have: a few VMware ESX Servers. To find out what version we’re running we type.

[root@vmdesx001 root]# vmware -v
VMware ESX Server 3.5.0 build-82663

Ok, lets see what updates are already installed / which patch level we’re running:

[root@vmdesx001 root]# esxupdate query -a
Installed software bundles:
  —— Name —— — Install Date — — Summary —
         3.5.0-64607    15:33:01 05/08/08 Full bundle of ESX 3.5.0-64607
ESX350-200802303-SG    15:33:02 05/08/08 util-linux security update



ESX350-201008411-SG    12:43:52 10/31/10 Updates krb5
ESX350-201008412-SG    12:43:52 10/31/10 Updates perl
    ESX350-Update05a    12:43:52 10/31/10 ESX Server 3.5.0 Update 5
For a differential list of rpms, use the -l/–listrpms option.
[root@vmdesx001 root]#

First, we need to read about ‘Managing Patches for ESX Server 3.0.3 and ESX Server 3.5 Hosts’

Then we navigate to: http://www.vmware.com/download/vi/ to select and download from the available updates.

We create the Repository on a NFS Share and later we’ll promote that share using FTP protocol. First, we’ll download Update Package 5 / 5a and put / extract that to the NFS / FTP Share..

let’s see what can be installed ..

esxupdate -d ftp://172.16.88.194/nfsshare/VMware/PatchRepository/ESX3.5 –test update

ERROR: [Errno 4] IOError: [Errno ftp error] (111, ‘Connection refused’)

oups, we need to allow outgoing traffic ..

esxcfg-firewall –allowoutgoing

see if it works now..

[root@vmdesx002 root]# esxupdate -d ftp://172.16.88.194/nfsshare/VMware/PatchRepository/ESX3.5 –test update
INFO: No -b specified, selecting all bundles in depot.
INFO: Configuring…
INFO: The following bundles are being skipped.
INFO: [ESX350-200904406-SG] requires [‘ESX350-200904402-SG’] but these bundles cannot be found. Please make sure they are in the depot and specified in the bundle list.

 

nice, it’s not working .. google for that .. oh, we’re not the only one having this issue .. nice .. (as usual, the companies spend so much money for marketing .. they need to cut costs in the quality check department…!) it’s seems there’s a script which has a bug => Patch Installation Might Require Obsolete Bundles to be Included in the Patch Depot – resolution => To work around this issue, make sure the patch bundle ESX350-200802403-BG is placed in the patch depot. BUT, I can’t find this ESX350-200802403-BG – think, read, study .. I swear, I could kill.. ok, View all Patches – we’re on 3.5 .. let’s see if we find ESX350-200802403-BG – surprise this little (you know what word..) is part of: ESX350-Update05a – UPDATE – joke? The fix is part of the fix and how should I apply a fix which needs to be installed before I can apply the fix? cruel joke, cruel joke. Look further Christian – there you go: ESX350-200911202-UG – UPDATE  includes ESX350-200802403-BG.

so let’s just apply (test first) this single fix using the esxupdate B parameter (bundle)..

esxupdate -d ftp://172.16.88.194/nfsshare/VMware/PatchRepository/ESX3.5 -b ESX350-200911202-UG  –test update

INFO: Configuring…
INFO: Preparing to install [‘ESX350-200911202-UG’]…
INFO: Downloading VMware-esx-scripts-3.5.0-207095.i386.rpm…
INFO: Checking disk space and running test transaction…
INFO: — TOTALS: 0 packages installed, 1 pending or failed, 0 removed, 0 excluded —
INFO: Test install of [‘ESX350-200911202-UG’] succeeded.
== The esxupdate –test report ==
—– ESX350-200911202-UG  —–: installed
[root@vmdesx002 root]#

 

so we got green light:

[root@vmdesx002 root]#  esxupdate -d ftp://172.16.88.194/nfsshare/VMware/PatchRepository/ESX3.5 -b ESX350-200911202-UG -n update
INFO: Configuring…
INFO: Preparing to install [‘ESX350-200911202-UG’]…
INFO: Downloading VMware-esx-scripts-3.5.0-207095.i386.rpm…
INFO: Checking disk space and running test transaction…
INFO: Pre-installing [‘VMware-esx-scripts.i386’]…
INFO: | Gathering header information file(s) from server(s)
INFO: | Server: Bundle ESX350-200911202-UG
INFO: | Finding updated packages
INFO: | Downloading needed headers
INFO: | VMware-esx-scripts-0-3.5. 100% |=========================| 6.3 kB    00:00
INFO: | Resolving dependencies
INFO: | Dependencies resolved
INFO: | I will do the following:
INFO: | [update: VMware-esx-scripts 3.5.0-207095.i386]
INFO: | Downloading Packages
INFO: | Getting VMware-esx-scripts-3.5.0-207095.i386.rpm
INFO: | Running test transaction:
INFO: | Test transaction complete, Success!
INFO: | VMware-esx-scripts 100 % done 1/2
INFO: | Completing update for VMware-esx-scripts  – 2/2
INFO: | Updated:  VMware-esx-scripts 3.5.0-207095.i386
INFO: | Transaction(s) Complete
INFO: Pre-install packages up-to-date
INFO: Restarting /usr/sbin/esxupdate…
INFO: Configuring…
INFO: Preparing to install [‘ESX350-200911202-UG’]…
INFO: The following RPMs are already installed on the system and will be skipped: [‘VMware-esx-scripts.i386’]
INFO: Checking disk space and running test transaction…
INFO: Running esxcfg-boot to regenerate initrds…
INFO: — TOTALS: 1 packages installed, 0 pending or failed, 0 removed, 0 excluded —
INFO: Install of [‘ESX350-200911202-UG’] succeeded.
[root@vmdesx002 root]#

Yess, strike, what a wonderful day .. patching succeeded.

let’s see if we can successfully patch to Update 5 / 5a.

esxupdate -d ftp://172.16.88.194/nfsshare/VMware/PatchRepository/ESX3.5 –test update

INFO: No -b specified, selecting all bundles in depot.
INFO: Configuring…
INFO: The following bundles are being skipped.
INFO: [ESX350-200903209-UG] superseded by [‘ESX350-201002411-BG’, ‘ESX350-Update05a’].
INFO: [ESX350-200912401-BG] superseded by [‘ESX350-201006401-SG’, ‘ESX350-201003401-BG’, ‘ESX350-201008409-BG’, ‘ESX350-201008403-BG’, ‘ESX350-201008401-SG’].
INFO: [ESX350-200803213-UG] is already installed, nothing for esxupdate to do.
INFO: [ESX350-200911202-UG] is already installed, nothing for esxupdate to do.



INFO: [ESX350-200911216-UG] superseded by [‘ESX350-201002411-BG’, ‘ESX350-Update05a’].
ERROR: This bundle requires the host to be in maintenance mode.  Since the host is not in maintenance mode, esxupdate cannot proceed. The VMs need to be turned off or migrated to another host first.

it asks for Maintenance Mode – of course. we shut down the virtual machines and put the system into maintenance mode ..

[root@vmdesx002 root]# vimsh -n -e /hostsvc/maintenance_mode_enter

no errors – we can proceed with the real command Smile

esxupdate -d ftp://172.16.88.194/nfsshare/VMware/PatchRepository/ESX3.5 -n update

reboot your server after the updates / patches have been applied..

Leave a Reply

Your email address will not be published. Required fields are marked *