Download - ESX4 Patch Management Guide
-
8/6/2019 ESX4 Patch Management Guide
1/24
ESX 4 Patch Management GuideESX 4.0
EN-000137-00
-
8/6/2019 ESX4 Patch Management Guide
2/24
VMware, Inc.
3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com
2 VMware, Inc.
ESX 4 Patch Management Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual propertylaws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents .
VMware, the VMware boxes logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks ofVMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarksof their respective companies.
http://www.vmware.com/supportmailto:[email protected]://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/supporthttp://www.vmware.com/support/mailto:[email protected] -
8/6/2019 ESX4 Patch Management Guide
3/24
VMware, Inc. 3
Contents
About
This
Book 5
1 AboutPatchesandUpdates 7AbouttheesxupdateUtility 7
PatchMaintenanceStrategy 8
CustomizingYourPatchProcess 9
2 InstallingUpdates 11BundleZipFiles 11
ScanningforApplicableBulletins 11
RetrievingBulletinInformation 12
VerifyingDiskSpace 13
StaginganInstallation 13
InstallingBulletins 14
InstallBulletinsonanESX4.0Host 15
3 ReferenceInformation 17esxupdateOptionsandCommands 17
esxupdateCommands 18
esxupdateExitCodesandErrorMessages 19
FrequentlyAskedQuestions 20
4 ESXPatchManagementTools 21AboutVMwarevCenterUpdateManager 21
AboutvSphereHostUpdateUtility 21
AboutvihostupdatevSphereCLI 21
Index 23
-
8/6/2019 ESX4 Patch Management Guide
4/24
ESX 4 Patch Management Guide
4 VMware, Inc.
-
8/6/2019 ESX4 Patch Management Guide
5/24
VMware, Inc. 5
Thisbook,ESX4PatchManagementGuide,providesbackgroundinformationonprocessingpatchesforESX4.0hostsanddescribeshowtousetheesxupdateutilitytoapplysoftwareupdatesandtotracksoftware
installedonESX4.0hosts.
ThisbookprovidesinformationspecifictoESX4.0hostsandtheesxupdateutility.Itdoesnotdiscussthe
following:
HowtopatchESX4.0hostsautomaticallywiththeVMwareUpdateServiceandtheVMwarevCenter
UpdateManager.Forinformationonthesetools,seeESXPatchManagementToolsonpage 21.
HowtopatchESXi4.0hostswiththevihostupdatevSphereCommandLineInterface(CLI).For
informationonvihostupdate,seeESXPatchManagementToolsonpage 21.
HowtopatchversionsofESXreleasedpriortoversion4.0.Forinformationonthisprocess,seethePatchManagementforESXServerstechnoteandtheESXServer3PatchManagementGuide.
HowtoupgradeESXhosts.Forinformationonupgrading,seethevSphereUpgradeGuide.ForalistofVMwarereleasedefinitions,seetheVMwareUpgradeandUpdatePolicybygoingtohttp://www.vmware.com/support/policies/upgrade.html.
Intended Audience
ThismanualisintendedforanyonewhomustmanuallyapplypatchestoESX4.0hosts.Theinformationin
thismanualiswrittenforsystemadministratorswhouseaserviceconsoletomanageESXhosts.
Whats Changed from ESX 3.x
ThismanualhasbeenupdatedfromtheESXServer3PatchManagementGuidetoincludenewdefinitionsand
proceduresthatareuniquetoESX4.0.
Document Feedback
VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyour
feedbackto:
VMware vSphere Documentation
TheVMwarevSpheredocumentationconsistsofthecombinedvCenterServerandESXdocumentationset.
About This Book
http://www.vmware.com/support/policies/upgrade.htmlhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfmailto:[email protected]://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/support/policies/upgrade.htmlmailto:[email protected] -
8/6/2019 ESX4 Patch Management Guide
6/24
ESX 4 Patch Management Guide
6 VMware, Inc.
Technical Support and Education Resources
Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Youcanaccessthemost
currentversionsofthismanualandotherbooksbygoingto:
http://www.vmware.com/support/pubs
Online and Telephone Support
Useonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and
registeryourproducts.Gotohttp://www.vmware.com/support.
Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseon
priority1issues.Gotohttp://www.vmware.com/support/phone_support.
Support Offerings
FindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Goto
http://www.vmware.com/support/services.
VMware Education Services
VMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerialsdesignedtobeused
asonthejobreferencetools.FormoreinformationaboutVMwareEducationServices,goto
http://mylearn1.vmware.com/mgrreg/index.cfm.
http://www.vmware.com/support/pubshttp://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/supporthttp://www.vmware.com/support/pubs -
8/6/2019 ESX4 Patch Management Guide
7/24
VMware, Inc. 7
1
Softwarepatchesprovideimmediatefixesforoneormoresecurityissuesorcriticalfixesforaspecificareaof
theproduct.Forinformationaboutaspecificpatch,gototheVMwarevSphereDownloadCenterat
http://www.vmware.com/download/vi.
Typesofsoftwareupdatesandrelatedterms:
Bulletin.A
grouping
of
one
or
more
VIBs
(vSphere
Installation
Bundle).
Bulletins
are
defined
within
metadata.
Depot.AlogicalgroupingofVIBsandassociatedmetadatathatispublishedonline.
Extension.AbulletinthatdefinesagroupofVIBsforaddinganoptionalcomponenttoaESXhost.An
extensionisusuallyprovidedbyathirdparty,asarepatchesorupdatestotheextension.
Metadata.Extradatathatdefinesdependencyinformation,textualdescriptions,systemrequirements
andbulletins.
OfflineBundlezip.AnarchivethatencapsulatesVIBsandcorrespondingmetadatainaselfcontained
depotthatisusefulforofflinepatching.
Patch.AbulletinthatgroupsoneoremoreVIBstogethertoaddressaparticularissueorenhancement.
Rollup.Acollectionofpatchesthatisgroupedforeaseofdownloadanddeployment.
RPM.Binarypackagesthatincludeasetofcontrolscripts,whichprovideinformationfortheRPMabout
howtoinstallthepackageandanypostinstallationconfigurationthatisneeded.
Update.AperiodicreleaseofanESXimage,whichcontainsmultiplefixesandsupportfornewhardware.
VIB.AVIBisasinglesoftwarepackage.
Patchesdonothaveinstallationwizards.Youinstallthemwithapatchupdatetool.Thepatchupdatetoolfor
ESX4.0hostsisesxupdate.ForinformationaboutpatchupdatetoolsforotherESXversions,seeESXPatchManagementToolsonpage 21.
About the esxupdate Utility
Youusethepatchmaintenanceutility,esxupdate,toretrieveinformationaboutupdatesandextensionsfromVMwareandthirdparties,totrackinstalledsoftware,andtoapplysoftwarepackagestoESX4.0hosts.You
runesxupdatefromtheserviceconsolewhileyouareloggedontoanESX4.0hostasuserroot.Youcanrun
onlyoneinstanceatatimeonthesameESX4.0host.
Arecordofeachinstalledbulletiniswrittentothe/etc/vmware/esxupdatedirectoryonthehost.Therecord
includesthebulletinID,theinstallationtime,theVIBsinstalled,andotherdetails.Thisdirectoryactsasa
patchdatabaseandisusedbyesxupdatetoquerythepatchesinstalledonthehost.
About Patches and Updates 1
CAUTION Thisdirectoryisreadonly.Ifyouchangethecontents,whenesxupdateperformsanintegrity
check,itwillfailforthechangedfiles.Insuchcases,esxupdateexitswithanIntegrityErrormessage.Formore
information,seeesxupdateExitCodesandErrorMessagesonpage 19.
http://www.vmware.com/downloadhttp://www.vmware.com/download -
8/6/2019 ESX4 Patch Management Guide
8/24
ESX 4 Patch Management Guide
8 VMware, Inc.
ForESX4.0hosts,therearefourbasicmodesofesxupdate:Inspectionmode,scanmode,testmode,and
updatemode.
Inspectionmode.Queriesyoursystemforbulletinsandbulletindetails.Youusetwocommandstoretrievebulletininformation:esxupdatequeryandesxupdateinfo.
UsetheesxupdatequerycommandtodisplayalistofbulletinsinstalledonESX4.0host.Theoutput
liststhebulletinsinascendinginstallationorderandincludesthebulletinname,installationdate,and
a40charactersummaryofthebulletin.Allbulletinsthatareinstalledarelisted.Bulletinsthatare
supersededbyanotherbulletinareconsideredobsoleteandarenotdisplayedinthisoutput.
Usetheesxupdateinfocommandtodisplayinformationonthecontentsofoneormorebulletins.
Theoutputincludesthebulletinname,releasedate,anddetailsaboutthemetadatafiles,including
theVIBpackagesthatarepartofthebulletin.
Youcanusetheinfocommandforbothinstalledanduninstalledbulletins.Formoreinformation,
seeRetrievingBulletinInformationonpage 12.
Scanmode.DetermineswhichbulletinsareapplicabletotheESX4.0hostbyqueryingthebulletinsinadepotandthebulletinsinstalledonthehostforbulletinandsystemdependencies.Usetheesxupdate
scancommandbeforeyouinstallbulletinstodeterminewhichonesareapplicabletothehost.Formore
information,seeScanningforApplicableBulletinsonpage 11.
Testmode.Enablesesxupdatetogothroughallinstallationoperationswithoutinstallingthespecifiedbulletins.Testmodedownloadstheappropriatefiles,preloadstheesxupdatedepotcacheforHTTPand
FTPservers,checksforRPMpackagedependencies,anddetermineswhichRPMstoinstall.Formore
information,seeStaginganInstallationonpage 13.
Updatemode.InstallsbulletinsonESX4.0hosts.Usetheesxupdateupdatecommandtoinstallindividualbulletins,abundlezip,oranonlinedepot.Updatemodescansthedepotfordependenciesand
handlesthem,ifpossible,beforeinstalling.Formoreinformation,seeInstallBulletinsonanESX4.0
Hostonpage 15.
Forinformationonesxupdatesyntaxandcommands,seeesxupdateOptionsandCommandsonpage 17
Patch Maintenance StrategyUsethefollowingguidelinestomanagepatchingforyourESX4.0hosts.
Keepyourenvironmentascurrentaspossible.Determinewhetheranybulletinsarenecessaryforyour
environmentandapplythosebulletins.Minimizethechangetoyoursoftwareenvironmentwhenever
possible.Formoreinformationondeterminingbulletinapplicability,seeScanningforApplicable
Bulletinsonpage 11.
Analyzetheriskfactorofapplyingthebulletin.Forexample,assessthevirtualmachineandESX4.0host
downtimerequirements.Thescancommandprovidestheinformationyouneedtoanalyzerisksand
serverdowntime.
Downloadandinstallrollupsratherthanindividualbulletins.Thismethodsavesyoudownloadtime
andensures,whendependenciesexist,thatyourdepotcontainsallnecessarybulletins.
Foramultihostenvironment,setuppatchdepotsonacentralizedserverthatisaccessiblebyallESXhosts.
CreateaseparatedepotforeachESXversioninyourenvironment.Althoughyoucanputdepotsonan
ESXhost,VMwaredoesnotrecommendit.
-
8/6/2019 ESX4 Patch Management Guide
9/24
VMware, Inc. 9
Chapter 1 About Patches and Updates
Customizing Your Patch Process
Youcanwritecustomscriptstoautomateyourpatchprocess.Forexample,youcancreateacronjobto
periodicallydownloadrollupstoadepot.Youcanwriteascripttoscanthedepotforapplicablebulletinsand
installallatonetime.Ifduringthescanoperation,esxupdatefindsabulletinthatrequiresvirtualmachines
tobepoweredoff,youcanwriteascriptthatputsthemintomaintenancemode.
IfyouusecustomscriptstoautomatetheESX3patchprocess,youmustupdatethemtoworkwithESX4.0.
Specifically,upgrade
your
scripts
to
use
the
esxupdate -m option
to
point
to
the
depot
and
to
install
multiple
bulletinsatonetime.
-
8/6/2019 ESX4 Patch Management Guide
10/24
-
8/6/2019 ESX4 Patch Management Guide
11/24
-
8/6/2019 ESX4 Patch Management Guide
12/24
ESX 4 Patch Management Guide
12 VMware, Inc.
To scan for applicable bulletins
1 LogintotheserviceconsoleontheESX4.0hostasuserroot.
IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.
2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor
theserviceconsole.
esxcfg-firewall --allowOutgoing
3 Runtheesxupdatescancommand.
Toscanapplicablebulletinsinadepot:
esxupdate -m scan
Toscanforapplicablebulletinsinabundlezip:
esxupdate --bundle scan
Tolistallthebulletinsregardlessofapplicabilityorsoftwareplatform,addthe--all / -aoption.
4 Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity:
esxcfg-firewall --blockOutgoing
Forinformationonscanning,seeScanningforApplicableBulletinsonpage 11.Forinformationon
esxupdatesyntaxandcommands,seeesxupdate scanonpage 18.
Retrieving Bulletin Information
Theesxupdatequeryandesxupdateinfocommandsretrieveinformationaboutinstalledbulletinsand
bulletinsthatareinadepotorbundlezip.
To retrieve information about installed bulletins
1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot.
IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.
2 Runtheesxupdatequeryorinfocommand.
Toretrieveabriefsummaryofallinstalledbulletins:
esxupdate query
Thiscommandlistsallinstalledbulletinsinascendinginstallationorderandincludestheinstallation
dateandabriefsummaryforeachbulletin.
Toretrievedetailsaboutbulletinsreturnedbythequery:
esxupdate -b -b info
Forinformationonesxupdatesyntaxandcommands,seeesxupdate queryonpage 18andesxupdate
infoonpage 18.
ThefollowingExample12showstheinformationreturnedwhenyouruntheesxupdate querycommand
onanESX4.0host.
Example 2-2. Example 1-2. query Command Sample Output
Installed software bulletins
-----Bulletin ID---- --Installed-- --------Summary--------
bul_1 2008-07-08T19:55:04 This is the summary
Cisco Swordfish Drop 071420082008-07-19T05:03:22 Swordfish VIB for COS only
NOTE Youcannotrunesxupdateinthecurrentdirectorywithout-mor--bundle.
-
8/6/2019 ESX4 Patch Management Guide
13/24
VMware, Inc. 13
Chapter 2 Installing Updates
To retrieve information about bulletins in a depot or bundle zip
1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot.
IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.
2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor
theserviceconsole.
esxcfg-firewall --allowOutgoing
3 Runtheesxupdateinfocommand.
Toretrievedetailsofallbulletinsinametadatafile:
esxupdate -m info
Toretrievedetailsofspecificbulletinsinadepot:
esxupdate -m -b -b info
Toretrievedetailedinformationonallbulletinsinabundlezip:
esxupdate --bundle info
4 Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity.
esxcfg-firewall --blockOutgoing
Forinformationonesxupdatesyntaxandcommands,seeesxupdate infoonpage 18.
ThisExample13showstheinformationreturnedwhenyouruntheesxupdateinfocommandonasingle
installedbulletin.
Example 2-3. Example 1-3. info Command Sample Output
Id - Driver 2
Releasedate - Releasedate - 2008-11-17T11:28:42-07:00
Vendor - VMware, Inc.
Summary - Wonderful driver 2.1
Severity - critical
Category - storageInstalldate -
Description - Self-contained bulletin with one Vib
Kburl - http://kb.vmware.com/selfservice/microsites
Contact - [email protected]
List of constituent VIBs:
cross_driver_2.1-1
Verifying Disk Space
Checkthefollowingrequirementstomakesurethehostsystemhasenoughdiskspace.
The/partitiondirectoryhasatleast50MBoffreespace.
Thediskspaceallocatedtotheserviceconsolehasanamountoffreespacethatistwicethesizeofthe
bulletintobeinstalled.
Beforeinstallingpatches,usethestagecommand.SeeStaginganInstallationonpage 13.
Staging an Installation
Staginganinstallationallowsesxupdatetoperformthefollowingtaskswithoutinstallinganybulletins:
DownloadstheappropriatebulletinsandVIBpackagestothehosttoreducedowntimewhenalarge
numberofupdatesmustbeinstalled
ChecksforVIBsignature
-
8/6/2019 ESX4 Patch Management Guide
14/24
ESX 4 Patch Management Guide
14 VMware, Inc.
ChecksforVIBandRPMdependencies
Determinesthebulletinorder
DetermineswhichRPMsmustbeinstalled,butdoesnotinstallthem
ThiscommandalsopopulatestheesxupdatecachefortheHTTPandFTPdepotsaswellasbundlezips.Asa
result,whenyouruntheupdatecommand,thedownloadstepcanbeskipped.
To stage an installation1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot.
IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.
2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor
theserviceconsole.
esxcfg-firewall --allowOutgoing
3 Runtheesxupdate stagecommand.
Torunatestinstallationofallbulletinsinadepot:
esxupdate -m stage
Torunatestinstallationofmultiplebulletinsinadepot:
esxupdate -m -b -b stage
Torunatestinstallationofabundlezip:
esxupdate --bundle stage
4 Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity:
esxcfg-firewall --blockOutgoing
Installing Bulletins
You
use
the
esxupdate
update
command
to
install
bulletins.
You
can
install
any
number
of
bulletins
from
one
ormoredepots.Youcaninstalloneormorebundlezipfiles.Thebundlezipfilesareindependentfromany
depotandcanbelocatedonthelocalESXhost,aCDROMdrive,oranyremoteHTTP,NFS,orFTPserver.
Wheninstallingbulletins,keepinmindthefollowingesxupdatebehavior:
IfyoudonotspecifybulletinIDstoinstall,esxupdateinstallsallapplicablebulletinsinthedepot.
IfyouspecifyoneormorebulletinIDstoinstall,thefollowingcanhappen:
Ifnodependenciesexist,esxupdateinstallsonlythosebulletins.
Ifdependenciesexistandaspecifiedbulletinrequiresyoutoinstalloneormoreunspecified
bulletins,youaregiventheoptiontoinstalladditionalpackages.Thesepackagesareinstalledifyou
entery.
Thehost
system
should
have
the
following
space
available
to
ensure
space
for
the
installation:
Aminimumof24MBforthe/tmpand/boot directories.
Aminimumof100MBforthe/rootdirectory.
Ingeneral,theinstallationrequirestwicethesizeofthedownloadedbulletins.
Beforeyouinstallbulletinsorbundlezipfiles,youmustrunthestagecommandtodownloadallpackages,
validatesignatures,andcheckfordependenciesandconflicts.
Duringtheinstallationprocess,esxupdatevalidateseachVIBpackagebyusingasetofsignaturekeys.Ifany
VIBpackageinapatchcontainsamissingorinvalidsignature,esxupdatedoesnotinstallthebulletin.
-
8/6/2019 ESX4 Patch Management Guide
15/24
VMware, Inc. 15
Chapter 2 Installing Updates
Aftervalidatingthebulletins,esxupdateperformsthefollowingtasksduringtheinstall:
FiltersoutanypackagesthatdonotapplytothecurrentversionESX.
Checksforsoftwaredependenciesandprerequisites,forexample,ifthebulletinisthecorrectESXversion,
ifvirtualmachinesarepoweredoff,andsoon.
Verifiesthedigitalsignaturesofthepackagesineachbulletin.
Checksforadequatediskspace.
RemovesobsoletepackagesfromtheESX4.0host.
Installsthepackages.Packagesinstalledalreadyorsupersededbyanewerinstalledversionarenot
installed.
Updatestheinitrdimage,whichensuresupdateddriversareloadedonESXforthenextboot.
Duringtheinstallation,ifanesxupdatepatchisavailable,theutilityupdatesitself.Iftheinitrdanddriver
configurationsrequirechanges,thechangesaremadeafterallbulletinsareinstalled.
Forinformationoninstallingbulletins,seeInstallBulletinsonanESX4.0Hostonpage 15.Forinformation
oncheckingforpatchdependencies,seeScanningforApplicableBulletinsonpage 11.
Install Bulletins on an ESX 4.0 HostTheinstallationprocessisrecordedintheesxupdate.logfile.Bydefault,thisfileislocatedinthe
/var/log/vmwaredirectory.
To install bulletins on an ESX host
1 Verifythatthehosthasenoughdiskspacetoperformtheinstallation.
SeeVerifyingDiskSpaceonpage 13.
2 Fromtheserviceconsole,logontotheESX4.0hostasuserroot.
IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.
3 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor
theserviceconsole.
esxcfg-firewall --allowOutgoing
4 Scanthedesiredbulletinstodetermineiftheyareapplicable.
SeeToscanforapplicablebulletinsonpage 12.
5 Runesxupdateupdatecommand.
Toinstallallapplicablebulletinsinthedepot:
esxupdate -m update
Toinstallspecificbulletinsinthedepot:
esxupdate -m -b update
Toinstallallapplicablebulletinsinabundlezip:
esxupdate --bundle update
6 Ifnecessary,rebootthesystem.
NOTE Esxupdateneverrebootsyourhost.
-
8/6/2019 ESX4 Patch Management Guide
16/24
-
8/6/2019 ESX4 Patch Management Guide
17/24
VMware, Inc. 17
3
Thischaptercontainsthefollowingsections:
esxupdateOptionsandCommandsonpage 17.
esxupdateExitCodesandErrorMessagesonpage 19.
FrequentlyAskedQuestionsonpage 20.
esxupdate Options and Commands
TheesxupdateutilityisapatchmaintenancetoolforESX.Youuseittoreviewthecontentsofabulletin,
installsoftware,andtrackinstalledsoftware.
YourunesxupdatefromtheESXserviceconsolewhileloggedinasuserroot.Theactivityofthetoolis
recordedintheesxupdate.logfile.Bydefault,thisfileislocatedinthe/var/log/vmwaredirectory.
Toseehelpinformationforesxupdate,runtheutilitywithnoarguments.
Reference Information 3
Table 3-1. esxupdate Options
Option Flag Description
--meta -m Specifiesthelocationofmetadatafileinsideadepot.Canberepeated.AmetadataURLmaypointtoavendorswebsitedirectly,ifvendorsmaketheirupdatesavailableonline,ortoalocallymirroredcopy.Whenyouusethe-m flagwithoutthe-b flag,esxupdateselectsallthebulletinsinthemetadata.Forexample:
(HTTP): esxupdate -mhttp://downloads.vmware.com/vi4/update1-metadata.zip -m
http://updates.dvs.cisco.com/fake/esx4/metadata.zip
(HTTPS): esxupdate -mhttps://downloads.vmware.com/vi4/update1-metadata.zip -m
https://updates.dvs.cisco.com/fake/esx4/metadata.zip
(FTP): esxupdate -m ftp:///esx/vi4/metadata.zip-b VMW_ESX4_Patch1
(NFS):esxupdate -m file:///var/updates/esx4/metadata.zip
-b |
-b Specifiesoneormorebulletins.Ifnotspecified,allbulletinsarehandled.Mustbecombinedwiththe-mor--bundleoptions.Useone-bflagforeachbulletintoinstall.Forexample:
esxupdate m esxupdate -b ESX350-200802055-BG -b
ESX350-200803066-SG
--bundle
Specifiesthelocationofanofflinebundlezip. esxupdatedownloadsandunpacksthezip.Canbeusedwith-boptiontoselectbulletinswithinthebundlezip.Canberepeated.Usewiththescan,info,stage,updatecommands.Forexample:
esxupdate --bundle scan
--http_proxy
:
UseatforHTTPconnections.
-
8/6/2019 ESX4 Patch Management Guide
18/24
ESX 4 Patch Management Guide
18 VMware, Inc.
esxupdate Commands
--all Listsallthebulletinsinmetadataorbundlezips,insteadofjusttheapplicableones.Usethisoptionwiththeesxupdatescancommand.
--loglevel
Changesthelevelofdetailwrittentotheesxupdate.logfile.Possiblevaluesareasfollows:
orDEBUGDebugginginformation
orINFODetailedInformation orWARNINGWarning
orERRORError
--nocache TheesxupdateupdatecommandusesitscacheofalreadydownloadedVIBsifpossible,buttherearetimeswhenthecachecanbecomestale.Usethe--nocacheoptiontoforceesxupdateupdatetoalwaysdownloadallVIBs.
--retry SpecifiesthenumberoftimestoretryaconnectiontoanHTTP,HTTPSorFTPserver.Thedefaultvalueisdefinedinthe[defaults]sectionofesxupdate.conf.Ifyouenteraspecificvaluethedefaultvalue5isoverridden.Forexample,ifyouenter7,itsupersedes5andesxupdatetriestoreconnecttoanHTTP,HTTPSorFTPserverseventimesincaseofabrokenconnection.
--timeout SpecifiestheamountoftimetowaitwhenconnectingtoorreadingfromanHTTP,HTTPS,FTPserverorproxy.
Table 3-1. esxupdate Options (Continued)
Option Flag Description
Table 3-2. esxupdate Commands
Command Description
esxupdate info Displaysinformationaboutbulletins,includingabriefsummary,andbuildandinstalltimes.ThiscommandretrievesthebulletindefinitionsfromthemetadataorthepatchdatabaseontheESXhost(/etc/vmware/esxupdate).SeeRetrievingBulletinInformationonpage 12.
Syntax for bulletins in a depot:
esxupdate -m meta1URL -b bulletinID [-b bulletin2 ...] info
esxupdate --bundle bundleZipURL [-b bulletinID [-b bulletin2 ...]] info
Syntax for bulletins in the patch database:esxupdate -b installed-bulletinID info
esxupdate query Returnsalist,ininstallorder,ofallbulletinsinstalledontheESXhost.SeeToretrieveinformationaboutinstalledbulletinsonpage 12.
Syntax
esxupdate query
esxupdate scan Returnsalistoftheapplicablebulletinsinadepotmetadataorinabundlezip.Usewith--alloptiontoreturnalistofallbulletins.SeeScanningforApplicableBulletinsonpage 11.Syntax
esxupdate [--meta ] [--bundle ] [--all]] scan
esxupdate stage DownloadstheappropriateVIBsfortheselectedbulletins,preloadstheesxupdatedepotcacheforHTTPandFTPservers,andchecksforVIBandRPMdependencies.Forexample:
esxupdate -m stageSeeStaginganInstallationonpage 13.
esxupdate update Checksthespecifiedbulletinsfordependencies,checkstheESXhostfordependencies,determineswhichbulletinstoinstall,andinstallsthemontheESXhost.SeeInstallBulletinsonanESX4.0Hostonpage 15.
Syntax
esxupdate -m https://meta1.zip [-m https://meta2.zip ... ] [-b bulletinID1
[-b bulletinID2 ... ]] update
esxupdate --bundle https://offline-bundle.zip [-b bulletin1 [-b bulletin2
... ]] update
-
8/6/2019 ESX4 Patch Management Guide
19/24
VMware, Inc. 19
Chapter 3 Reference Information
esxupdate Exit Codes and Error Messages
Table 3-3. esxupdate Error Codes and Error Messages
Exit Code Error Message Explanation and Workaround
0 Commandcompletedsuccessfully.
1 Notroot.esxupdatemustbeenteredastherootuser.
2 Invalidcommand
line
syntax
or
arguments.
3 LockingError Cannotacquirelock.Anotheresxupdateisrunning.
4 MetadataDownloadError Downloadingorextractionofdatafailed.VerifythatthecorrectURLwasspecified,andisreachable.Useesxcfg-firewalltoopenadditionalports.IfthetargetURLorfilehasbeencopiedfromanothersource,verifythatithasbeencopiedcorrectly.
5 MetadataFormatError
7 VibDownloadError
26 BundleDownloadError
27 BundleFormatError
8 VibFormatError NotaVIBarchive,missingfiles,filesinwrongorder,descriptor.xmlinvalid.
9 VibIOError Indicatesanerrorreadingorwritingfilestoorfromlocal
storage.Verify
that
adequate
free
space
exists
on
mounted
filesystems.10 FileIOError
11 DatabaseFormatError vibs.xmlnotavalidXMLfile.Bulletinszipnotaziparchive.Invalidstructureineitherfile.
13 NoMatchError VIBorBulletinIDnotinmetadata,orrequestedVIBsorbulletindonotapplytohostplatform(stage,updateonly).
14 DependencyError esxupdatewasunabletoresolvedependencies.ThisconditionisduetoconflictsbetweenanyoftherequestedVIBs,requireddependenciesandthehost,packagesonthehostobsoletingreqestedVIBsortheirrequirements,orduetooneormorerequirementsnotbeingfoundinthemetadata(stage,updateonly).ThisconditionisdifferentfromUnsatisfiedDependencies.
15 PackageManagerError RPMoripkgtransactionfailed.
18 MaintenanceModeError ESXhostisnotinmaintenancemodewhenitmustbe,orhostdisdown.Maintenancemodecannotbedetermined.
19 PostScriptError Apostscriptexitedwithanonzerostatus.
20 VibSigMissingError OneormoreVIBscontaininvalidoruntrustedsignaturedata. Ifthedatahasbeencopiedfromanothersource,verifythatithasbeencopiedcorrectly.Verifythatthehostdateissetcorrectly. Ifproblemspersist,contactVMwareSupport.
21 VibSigVersionError
22 VibSigFormatError
23 VibSigInvalidError
24 VibSigDigestError
25 UnsatisfiedDependencies AdditionalVIBsarerequiredforinstallation,andtheuser
declinedtoinstallthem.ThisconditionisspecificallydifferentfromDependencyError. Whiledependenciesweresuccessfullyresolved,theycouldnotbeautomaticallyinstalledduetouserinput(CLI)orfailureofthecallertospecifyrequiredVIBsonthecommandline(HAorCLI).
80 Notanerror.Thesystemmustberebootedtocompletetheupdate.
-
8/6/2019 ESX4 Patch Management Guide
20/24
ESX 4 Patch Management Guide
20 VMware, Inc.
Frequently Asked Questions
WhenanRPMonmyESXhosthasaLinuxequivalent,canIusetheLinuxRPMtoupdatemysystem?
No.VMwarerecommendsthatyouupdateyourESX4.0hostwithRPMssuppliedbyVMware.
CanIremoveinstalledVMwarepatchesfrommyESXhost?
No.Patchescannotberemovedaftertheyareinstalled.
ShouldthebuildnumberoftheESXhostchangeafterIapplyapatch?
ItisnormalforsomeportionsoftheESX4.0softwareinstallationtochangebuildnumberswhenpatchesare
applied.ForinformationondeterminingthebuildnumberforeachofthecomponentsofyourESX
installation,seetheVMwareknowledgebasearticle,KB1001179.
http://kb.vmware.com/kb/1001179http://kb.vmware.com/kb/1001179http://kb.vmware.com/kb/1001179http://kb.vmware.com/kb/1001179 -
8/6/2019 ESX4 Patch Management Guide
21/24
VMware, Inc. 21
4
ThissectiondescribesthreepatchmanagementtoolsthatVMwareprovidesinadditiontotheesxupdate
utility:
AboutVMwarevCenterUpdateManager
AboutvSphereHostUpdateUtility
AboutvihostupdatevSphereCLI
Youcanaccessthemostcurrentversionsofthedocumentationforeachtoolbygoingto
http://www.vmware.com/support/pubs.
YoucanfindinformationabouttheVMwareUpgradeandUpdatePolicybygoingtohttp://www.vmware.com/support/policies/upgrade.html.
About VMware vCenter Update Manager
VMwarevCenterUpdateManagerisanoptionalmoduleforvCenterServerthatperiodicallydownloads
patchinformationfromtheInternet.UpdateManagerperformsuserdefinedscanoperationsonESX4.0and
ESXi4.0hostsforpatchcompliance.Ifitdeterminesapatchisrequired,VMwarevCenterUpdateManager
downloadsthepatchandinstallsitbasedonuserdefinedconfigurations.VMwarevCenterUpdateManagercanperformscanandinstallationoperationswithlatestpatchesinanairgaporsemiairgapenvironmentthat
hasnoInternetaccess,byusingasharedrepository.TheUpdateManagerpluginisanoptionalfeaturethat
requiresvSphereClient.
TheVMwarevCenterUpdateManagerdocumentationconsistsofreleasenotes,anadministrationguide,and
onlinehelpintegratedwiththeVMwarevCenterUpdateManagervSphereClientplugin.
About vSphere Host Update Utility
YoucanusevSphereHostUpdateUtilitytopatchESXi4.0hosts.vSphereHostUpdateUtilityfindsapplicable
patchesandenablesyoutoinstallthem.YouhavetheoptiontoinstallvSphereHostUpdateUtilitywhenyou
installthevSphereClient. Bydefault,theutilityisnotinstalled.
ThevSphereHostUpdateUtilityisdocumentedinthevSphereUpgradeGuide.About vihostupdate vSphere CLI
ThevihostupdatevSphereCLIcommandcanscanESX/ESXihostsforinstalledpatches,enforcesoftware
updatepolicies,andinstallsoftwarepatches.ItcanperformsoftwareupdatestoESX/ESXiimagesandinstall
andupdateESX/ESXiextensionssuchasVMkernelmodules,drivers,andCIMproviders.ForESX/ESXi4.0
hosts,runvihostupdate.ForESX/ESXi3.5hosts,runvihostupdate35.
SeethevSphereCLIInstallationandReferenceGuideandthevSphereUpgradeGuide.
ESX Patch Management Tools 4
http://www.vmware.com/support/policies/upgrade.htmlhttp://www.vmware.com/support/policies/upgrade.html -
8/6/2019 ESX4 Patch Management Guide
22/24
ESX 4 Patch Management Guide
22 VMware, Inc.
-
8/6/2019 ESX4 Patch Management Guide
23/24
VMware, Inc. 23
Index
Bbulletinsabout extracting 11
about installing 14
installing 15
querying bulletins in a depot 13
querying installed bulletins 12
retrieving RPM details 13
scanning 11, 12
test install 13
verifying installation 16
Ccustomizing patching, about 9
D
depots
querying bulletins 13
disk space
requirements 13
E
error messages 19
esxupdate
--all option 18
-b option 17
exit codes and error messages 19
info operation 18
--loglevel option 18
query operation 18
scan operation 18
stage operation 18
update operation 18
esxupdate utility
about 7
commands 17, 18options 17
Exit codes 19
F
frequently asked questions 20
I
info command
about 18
sample output 13
installation
disk space 13
verifying 16
installed bulletins
listing 12
P
patching
customizing 9
strategy 8
patching tools
vihostupdate vSphere CLI 21
VMware vCenter Update 21
vSphere Host Update Utility 21
Q
query command
about 18
sample output 12
R
roll-ups
about installing 14
installing 15
RPM packages
retrieving details 13
S
scan command
sample output 11
scanning bulletins 12
about 11
T
test install, running 13
U
update command
about 18
V
vihostupdate vSphere CLI 21
VMware vCenter Update 21
vSphere Host Update Utility 21
-
8/6/2019 ESX4 Patch Management Guide
24/24
ESX 4 Patch Management Guide