Patching ESX 3 hosts from the Service Console

Sometimes you won’t have access to VMware’s Update Manager. But that doesn’t mean you shouldn’t be patching your hosts. Start by visiting the VMware website for the latest contents file and the latest binary patches. I don’t recommend you rely on the patches you downloaded 3 months ago, as VMware will invariably have superceded a number of patches since then. I also don’t recommend attempting to mount a DVD-R of burnt patches on a CD-ROM drive, as this will also fail. You then need to scp or otherwise copy everything to somewhere like /ESXpatch. I don’t know whether it is still the case, but running things like patches and installation routines from VMFS-2 used to be a problem. Whether that’s really an issue with VMFS-3, I’m not so sure. You will also need the latest copy of “ESX-3.5.0-contents.zip”. This can be found here.

Unzip ESX-3.5.0-contents.zip in the root of /ESXpatch. This will give you contents.xml and contents.xml.sig in the root of the directory. The xml file points to the current patch bundles and their default location. Kind of like what I used to do with my esxupdate script, but way more Web 2.0, because it’s all xml and stuff.

You then need to unzip all of the patch bundles that you’ve downloaded from the VMware ESX patch repository. If you used the datastore browser to upload the zip files to a VMFS volume, do the following:

mv /vmfs/volumes/datastorename/patches/ /ESXpatch/

Of course, if you had a working copy of Veeam‘s FastSCP on your Vista laptop, you wouldn’t need to do that step. But what do I know?

cd /ESXpatch

unzip ‘*.zip’

This will extract all of the zip files ready to use.

Delete the zip files

rm -f *.zip

I recommend you enter maintenance mode before you do decide to do your patching, as this method won’t automatically evacuate guests on the host to other nodes in the DRS cluster. To enter maintenance mode from the Service console, run

vimsh -n -e /hostsvc/maintenance_mode_enter

Obviously you’ll need to exit Maintenance Mode once the patches and reboots are all done.

run esxupdate update from /ESXpatch and away you go …

I also recommend reading the ESX Server 3 Patch Management Guide. This is a very useful document for understanding just what is going on when you’ve patching your environment and gives some useful suggestions for ways of doing things. Most of the above could be put in a simple shell script, with the only manual process being downloading the patch files.

One Comment

  1. Thanks for this post. It is much more clear than anything on vmware’s support site. Worked like a charm!

Comments are closed.