esx 4 patch management guide 4.0

8/3/2019 ESX 4 Patch Management Guide 4.0

1/26

ESX 4 Patch Management GuideESX 4.0

This document supports the version of each product listed and

supports all subsequent versions until the document is replaced

by a new edition. To check for more recent editions of thisdocument, see http://www.vmware.com/support/pubs.

EN-000137-01
http://www.vmware.com/support/pubshttp://www.vmware.com/support/pubs


2/26

VMware, Inc.

3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

2 VMware, Inc.

ESX 4 Patch Management Guide

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

[email protected]

Copyright 20092011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright andintellectual property laws. VMware products are covered by one or more patents listed at

http://www.vmware.com/go/patents .VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marksand names mentioned herein may be trademarks of their respective companies.
http://www.vmware.com/supportmailto:[email protected]://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentsmailto:[email protected]://www.vmware.com/supporthttp://www.vmware.com/support/


3/26

VMware, Inc. 3

Contents

About

This

Book 5

1 AboutPatchesandUpdates 7AbouttheesxupdateUtility 7

PatchMaintenanceStrategy 8

CustomizingYourPatchProcess 9

2 InstallingUpdates 11BundleZipFiles 11

ScanningforApplicableBulletins 11

RetrievingBulletinInformation 12

VerifyingDiskSpace 13

StaginganInstallation 13

InstallingBulletins 14

InstallBulletinsonanESX4.0Host 15

3 ReferenceInformation 17esxupdateOptionsandCommands 17

esxupdateCommands 18

esxupdateExitCodesandErrorMessages 19

FrequentlyAskedQuestions 20

4 ESXPatchManagementTools 21AboutVMwarevCenterUpdateManager 21

AboutvSphereHostUpdateUtility 21

AboutvihostupdatevSphereCLI 21

Index 23


4/26


4 VMware, Inc.


5/26

VMware, Inc. 5

Thisbook,ESX4PatchManagementGuide,providesbackgroundinformationonprocessingpatchesforESX4.0hostsanddescribeshowtousetheesxupdateutilitytoapplysoftwareupdatesandtotracksoftware

installedonESX4.0hosts.

ThisbookprovidesinformationspecifictoESX4.0hostsandtheesxupdateutility.Itdoesnotdiscussthe

following:

HowtopatchESX4.0hostsautomaticallywiththeVMwareUpdateServiceandtheVMwarevCenter

UpdateManager.Forinformationonthesetools,seeESXPatchManagementToolsonpage 21.

HowtopatchESXi4.0hostswiththevihostupdatevSphereCommandLineInterface(CLI).For

informationonvihostupdate,seeESXPatchManagementToolsonpage 21.

HowtopatchversionsofESXreleasedpriortoversion4.0.Forinformationonthisprocess,seethePatchManagementforESXServerstechnoteandtheESXServer3PatchManagementGuide.

HowtoupgradeESXhosts.Forinformationonupgrading,seethevSphereUpgradeGuide.ForalistofVMwarereleasedefinitions,seetheVMwareUpgradeandUpdatePolicybygoingtohttp://www.vmware.com/support/policies/upgrade.html.

Intended Audience

ThismanualisintendedforanyonewhomustmanuallyapplypatchestoESX4.0hosts.Theinformationin

thismanualiswrittenforsystemadministratorswhouseaserviceconsoletomanageESXhosts.

Whats Changed from ESX 3.x

ThismanualhasbeenupdatedfromtheESXServer3PatchManagementGuidetoincludenewdefinitionsand

proceduresthatareuniquetoESX4.0.

Document Feedback

VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyour

feedbackto:

[email protected]

VMware vSphere Documentation

TheVMwarevSpheredocumentationconsistsofthecombinedvCenterServerandESXdocumentationset.

About This Book
http://www.vmware.com/support/policies/upgrade.htmlhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfmailto:[email protected]://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/support/policies/upgrade.htmlmailto:[email protected]


6/26


6 VMware, Inc.

Technical Support and Education Resources

Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Youcanaccessthemost

currentversionsofthismanualandotherbooksbygoingto:

http://www.vmware.com/support/pubs

Online and Telephone Support

Useonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and

registeryourproducts.Gotohttp://www.vmware.com/support.

Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseon

priority1issues.Gotohttp://www.vmware.com/support/phone_support.

Support Offerings

FindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Goto

http://www.vmware.com/support/services.

VMware Education Services

VMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerialsdesignedtobeused

asonthejobreferencetools.FormoreinformationaboutVMwareEducationServices,goto

http://mylearn1.vmware.com/mgrreg/index.cfm.
http://www.vmware.com/support/pubshttp://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/supporthttp://www.vmware.com/support/pubs


7/26

VMware, Inc. 7

1

Softwarepatchesprovideimmediatefixesforoneormoresecurityissuesorcriticalfixesforaspecificareaof

theproduct.Forinformationaboutaspecificpatch,gototheVMwarevSphereDownloadCenterat

http://www.vmware.com/download/vi.

Typesofsoftwareupdatesandrelatedterms:

Bulletin.A

grouping

of

one

or

more

VIBs

(vSphere

Installation

Bundle).

Bulletins

are

defined

within

metadata.

Depot.AlogicalgroupingofVIBsandassociatedmetadatathatispublishedonline.

Extension.AbulletinthatdefinesagroupofVIBsforaddinganoptionalcomponenttoanESXhost.An

extensionisusuallyprovidedbyathirdparty,asarepatchesorupdatestotheextension.

Metadata.Extradatathatdefinesdependencyinformation,textualdescriptions,systemrequirements

andbulletins.

OfflineBundlezip.AnarchivethatencapsulatesVIBsandcorrespondingmetadatainaselfcontained

depotthatisusefulforofflinepatching.

Patch.AbulletinthatgroupsoneormoreVIBstogethertoaddressaparticularissueorenhancement.

Rollup.Acollectionofpatchesthatisgroupedforeaseofdownloadanddeployment.

RPM.Binarypackagesthatincludeasetofcontrolscripts,whichprovideinformationfortheRPMabout

howtoinstallthepackageandanypostinstallationconfigurationthatisneeded.

Update.AperiodicreleaseofanESXimage,whichcontainsmultiplefixesandsupportfornewhardware.

VIB.AVIBisasinglesoftwarepackage.

Patchesdonothaveinstallationwizards.Youinstallthemwithapatchupdatetool.Thepatchupdatetoolfor

ESX4.0hostsisesxupdate.ForinformationaboutpatchupdatetoolsforotherESXversions,seeESXPatchManagementToolsonpage 21.

About the esxupdate Utility

Youusethepatchmaintenanceutility,esxupdate,toretrieveinformationaboutupdatesandextensionsfromVMwareandthirdparties,totrackinstalledsoftware,andtoapplysoftwarepackagestoESX4.0hosts.You

runesxupdatefromtheserviceconsolewhileyouareloggedontoanESX4.0hostasuserroot.Youcanrun

onlyoneinstanceatatimeonthesameESX4.0host.

Arecordofeachinstalledbulletiniswrittentothe/etc/vmware/esxupdatedirectoryonthehost.Therecord

includesthebulletinID,theinstallationtime,theVIBsinstalled,andotherdetails.Thisdirectoryactsasa

patchdatabaseandisusedbyesxupdatetoquerythepatchesinstalledonthehost.

About Patches and Updates 1

CAUTION Thisdirectoryisreadonly.Ifyouchangethecontents,whenesxupdateperformsanintegrity

check,itwillfailforthechangedfiles.Insuchcases,esxupdateexitswithanIntegrityErrormessage.Formore

information,seeesxupdateExitCodesandErrorMessagesonpage 19.
http://www.vmware.com/downloadhttp://www.vmware.com/download


8/26


8 VMware, Inc.

ForESX4.0hosts,therearefourbasicmodesofesxupdate:Inspectionmode,scanmode,testmode,and

updatemode.

Inspectionmode.Queriesyoursystemforbulletinsandbulletindetails.Youusetwocommandstoretrievebulletininformation:esxupdatequeryandesxupdateinfo.

UsetheesxupdatequerycommandtodisplayalistofbulletinsinstalledonESX4.0host.Theoutput

liststhebulletinsinascendinginstallationorderandincludesthebulletinname,installationdate,and

a40charactersummaryofthebulletin.Allbulletinsthatareinstalledarelisted.Bulletinsthatare

supersededbyanotherbulletinareconsideredobsoleteandarenotdisplayedinthisoutput.

Usetheesxupdateinfocommandtodisplayinformationonthecontentsofoneormorebulletins.

Theoutputincludesthebulletinname,releasedate,anddetailsaboutthemetadatafiles,including

theVIBpackagesthatarepartofthebulletin.

Youcanusetheinfocommandforbothinstalledanduninstalledbulletins.Formoreinformation,

seeRetrievingBulletinInformationonpage 12.

Scanmode.DetermineswhichbulletinsareapplicabletotheESX4.0hostbyqueryingthebulletinsinadepotandthebulletinsinstalledonthehostforbulletinandsystemdependencies.Usetheesxupdate

scancommandbeforeyouinstallbulletinstodeterminewhichonesareapplicabletothehost.Formore

information,seeScanningforApplicableBulletinsonpage 11.

Testmode.Enablesesxupdatetogothroughallinstallationoperationswithoutinstallingthespecifiedbulletins.Testmodedownloadstheappropriatefiles,preloadstheesxupdatedepotcacheforHTTPand

FTPservers,checksforRPMpackagedependencies,anddetermineswhichRPMstoinstall.Formore

information,seeStaginganInstallationonpage 13.

Updatemode.InstallsbulletinsonESX4.0hosts.Usetheesxupdateupdatecommandtoinstallindividualbulletins,abundlezip,oranonlinedepot.Updatemodescansthedepotfordependenciesand

handlesthem,ifpossible,beforeinstalling.Formoreinformation,seeInstallBulletinsonanESX4.0

Hostonpage 15.

Forinformationonesxupdatesyntaxandcommands,seeesxupdateOptionsandCommandsonpage 17

Patch Maintenance StrategyUsethefollowingguidelinestomanagepatchingforyourESX4.0hosts.

Keepyourenvironmentascurrentaspossible.Determinewhetheranybulletinsarenecessaryforyour

environmentandapplythosebulletins.Minimizethechangetoyoursoftwareenvironmentwhenever

possible.Formoreinformationondeterminingbulletinapplicability,seeScanningforApplicable

Bulletinsonpage 11.

Analyzetheriskfactorofapplyingthebulletin.Forexample,assessthevirtualmachineandESX4.0host

downtimerequirements.Thescancommandprovidestheinformationyouneedtoanalyzerisksand

serverdowntime.

Downloadandinstallrollupsratherthanindividualbulletins.Thismethodsavesyoudownloadtime

andensures,whendependenciesexist,thatyourdepotcontainsallnecessarybulletins.

Foramultihostenvironment,setuppatchdepotsonacentralizedserverthatisaccessiblebyallESXhosts.

CreateaseparatedepotforeachESXversioninyourenvironment.Althoughyoucanputdepotsonan

ESXhost,VMwaredoesnotrecommendit.


9/26

VMware, Inc. 9

Chapter 1 About Patches and Updates

Customizing Your Patch Process

Youcanwritecustomscriptstoautomateyourpatchprocess.Forexample,youcancreateacronjobto

periodicallydownloadrollupstoadepot.Youcanwriteascripttoscanthedepotforapplicablebulletinsand

installallatonetime.Ifduringthescanoperation,esxupdatefindsabulletinthatrequiresvirtualmachines

tobepoweredoff,youcanwriteascriptthatputsthemintomaintenancemode.

IfyouusecustomscriptstoautomatetheESX3patchprocess,youmustupdatethemtoworkwithESX4.0.

Specifically,upgrade

your

scripts

to

use

the

esxupdate -m option

to

point

to

the

depot

and

to

install

multiple

bulletinsatonetime.


10/26


10 VMware, Inc.


11/26

VMware, Inc. 11

2

YoumustperformseveralprocedurestoupyourpatchenvironmentandinstallbulletinsonyourESX4.0

hosts.

Thischaptercontainsthefollowingsections:

BundleZipFilesonpage 11

ScanningforApplicableBulletinsonpage 11.

RetrievingBulletinInformationonpage 12.

VerifyingDiskSpaceonpage 13.

StaginganInstallationonpage 13.

VerifyingBulletinInstallationsonpage 16.

Bundle Zip Files

Abundlezipcontainsametadatazipwhichdefinesthebulletinsavailableforinstallationandalsocontains

oneormorepackages.EachpackageisaVIBfilethatistranslatedintooneRPMpackageduringthe

installationprocess.

Scanning for Applicable Bulletins

TodeterminewhichbulletinsinyourdepotareapplicabletoyourESX4.0host,usetheesxupdatescan

command.AbulletinisapplicableifatleastoneVIBpackageappliestotheESXplatformanditupdatesa

packageontheESXhost,orifitisanewpackage.Whenyouscanadepot,bydefaultthescancommandonly

displaysapplicablebulletinsthathaveupdatedornewpackages.The--alloptiondisplaysallofthebulletins

includinginapplicablebulletins.

Ifesxupdatecanhandlealldependenciesanddoesnotfindanyconflicts,itcaninstallthepatchesincluded

inthescan.Ifconflictsexist,theyarelistedinthescanoutput.

ThefollowingExample11showstheinformationreturnedfromanesxupdate scancommandonadepot.

Example 2-1. Example 1-1. scan Command Sample Output

Bulletin ID ---Date--- ----- Summary -----

bul_1 2008-11-12 This is the bul_1

bul_2 2008-11-12 This is the bul_2

Installing Updates 2


12/26


12 VMware, Inc.

To scan for applicable bulletins

1 LogintotheserviceconsoleontheESX4.0hostasuserroot.

IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.

2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor

theserviceconsole.

esxcfg-firewall --allowOutgoing

3 Runtheesxupdatescancommand.

Toscanapplicablebulletinsinadepot:

esxupdate -m scan

Toscanforapplicablebulletinsinabundlezip:

esxupdate --bundle scan

Tolistallthebulletinsregardlessofapplicabilityorsoftwareplatform,addthe--all / -aoption.

4 Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity:

esxcfg-firewall --blockOutgoing

Forinformationonscanning,seeScanningforApplicableBulletinsonpage 11.Forinformationon

esxupdatesyntaxandcommands,seeesxupdate scanonpage 18.

Retrieving Bulletin Information

Theesxupdatequeryandesxupdateinfocommandsretrieveinformationaboutinstalledbulletinsand

bulletinsthatareinadepotorbundlezip.

To retrieve information about installed bulletins

1 Fromthe

service

console,

log

on

to

the

ESX

4.0

host

as

user

root.


2 Runtheesxupdatequeryorinfocommand.

Toretrieveabriefsummaryofallinstalledbulletins:

esxupdate query

Thiscommandlistsallinstalledbulletinsinascendinginstallationorderandincludestheinstallation

dateandabriefsummaryforeachbulletin.

Toretrievedetailsaboutbulletinsreturnedbythequery:

esxupdate -b -b info

Forinformationonesxupdatesyntaxandcommands,seeesxupdate queryonpage 18andesxupdate

infoonpage 18.

ThefollowingExample12showstheinformationreturnedwhenyouruntheesxupdate querycommand

onanESX4.0host.

Example 2-2. Example 1-2. query Command Sample Output

Installed software bulletins

-----Bulletin ID---- --Installed-- --------Summary--------

bul_1 2008-07-08T19:55:04 This is the summary

Cisco Swordfish Drop 071420082008-07-19T05:03:22 Swordfish VIB for COS only

NOTE Youcannotrunesxupdateinthecurrentdirectorywithout-mor--bundle.


13/26

VMware, Inc. 13

Chapter 2 Installing Updates

To retrieve information about bulletins in a depot or bundle zip

1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot.



theserviceconsole.


3 Runtheesxupdateinfocommand.

Toretrievedetailsofallbulletinsinametadatafile:

esxupdate -m info

Toretrievedetailsofspecificbulletinsinadepot:

esxupdate -m -b -b info

Toretrievedetailedinformationonallbulletinsinabundlezip:

esxupdate --bundle info

4 Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity.


Forinformationonesxupdatesyntaxandcommands,seeesxupdate infoonpage 18.

ThisExample13showstheinformationreturnedwhenyouruntheesxupdateinfocommandonasingle

installedbulletin.

Example 2-3. Example 1-3. info Command Sample Output

Id - Driver 2

Releasedate - Releasedate - 2008-11-17T11:28:42-07:00

Vendor - VMware, Inc.

Summary - Wonderful driver 2.1

Severity - critical

Category - storageInstalldate -

Description - Self-contained bulletin with one Vib

Kburl - http://kb.vmware.com/selfservice/microsites

Contact - [email protected]

List of constituent VIBs:

cross_driver_2.1-1

Verifying Disk Space

Checkthefollowingrequirementstomakesurethehostsystemhasenoughdiskspace.(SEEUPDATE) The/partitiondirectoryhasatleast50MBoffreespace.

Thediskspaceallocatedtotheserviceconsolehasanamountoffreespacethatistwicethesizeofthe

bulletintobeinstalled.

Beforeinstallingpatches,usethestagecommand.SeeStaginganInstallationonpage 13.

Staging an Installation

Staginganinstallationallowsesxupdatetoperformthefollowingtaskswithoutinstallinganybulletins:

DownloadstheappropriatebulletinsandVIBpackagestothehosttoreducedowntimewhenalarge

numberofupdatesmustbeinstalled

ChecksforVIBsignature


14/26


14 VMware, Inc.

ChecksforVIBandRPMdependencies

Determinesthebulletinorder

DetermineswhichRPMsmustbeinstalled,butdoesnotinstallthem

ThiscommandalsopopulatestheesxupdatecachefortheHTTPandFTPdepotsaswellasbundlezips.Asa

result,whenyouruntheupdatecommand,thedownloadstepcanbeskipped.

To stage an installation1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot.



theserviceconsole.


3 Runtheesxupdate stagecommand.

Torunatestinstallationofallbulletinsinadepot:

esxupdate -m stage

Torunatestinstallationofmultiplebulletinsinadepot:

esxupdate -m -b -b stage

Torunatestinstallationofabundlezip:

esxupdate --bundle stage



Installing Bulletins

You

use

the

esxupdate

update

command

to

install

bulletins.

You

can

install

any

number

of

bulletins

from

one

ormoredepots.Youcaninstalloneormorebundlezipfiles.Thebundlezipfilesareindependentfromany

depotandcanbelocatedonthelocalESXhost,aCDROMdrive,oranyremoteHTTP,NFS,orFTPserver.

Wheninstallingbulletins,keepinmindthefollowingesxupdatebehavior:

IfyoudonotspecifybulletinIDstoinstall,esxupdateinstallsallapplicablebulletinsinthedepot.

IfyouspecifyoneormorebulletinIDstoinstall,thefollowingcanhappen:

Ifnodependenciesexist,esxupdateinstallsonlythosebulletins.

Ifdependenciesexistandaspecifiedbulletinrequiresyoutoinstalloneormoreunspecified

bulletins,youaregiventheoptiontoinstalladditionalpackages.Thesepackagesareinstalledifyou

entery.

Thehost

system

should

have

the

following

space

available

to

ensure

space

for

the

installation:

Aminimumof24MBforthe/tmpand/boot directories.

Aminimumof100MBforthe/rootdirectory.

Ingeneral,theinstallationrequirestwicethesizeofthedownloadedbulletins.

Beforeyouinstallbulletinsorbundlezipfiles,youmustrunthestagecommandtodownloadallpackages,

validatesignatures,andcheckfordependenciesandconflicts.

Duringtheinstallationprocess,esxupdatevalidateseachVIBpackagebyusingasetofsignaturekeys.Ifany

VIBpackageinapatchcontainsamissingorinvalidsignature,esxupdatedoesnotinstallthebulletin.


15/26

VMware, Inc. 15

Chapter 2 Installing Updates

Aftervalidatingthebulletins,esxupdateperformsthefollowingtasksduringtheinstall:

FiltersoutanypackagesthatdonotapplytothecurrentversionESX.

Checksforsoftwaredependenciesandprerequisites,forexample,ifthebulletinisthecorrectESXversion,

ifvirtualmachinesarepoweredoff,andsoon.

Verifiesthedigitalsignaturesofthepackagesineachbulletin.

Checksforadequatediskspace.

RemovesobsoletepackagesfromtheESX4.0host.

Installsthepackages.Packagesinstalledalreadyorsupersededbyanewerinstalledversionarenot

installed.

Updatestheinitrdimage,whichensuresupdateddriversareloadedonESXforthenextboot.

Duringtheinstallation,ifanesxupdatepatchisavailable,theutilityupdatesitself.Iftheinitrdanddriver

configurationsrequirechanges,thechangesaremadeafterallbulletinsareinstalled.

Forinformationoninstallingbulletins,seeInstallBulletinsonanESX4.0Hostonpage 15.Forinformation

oncheckingforpatchdependencies,seeScanningforApplicableBulletinsonpage 11.

Install Bulletins on an ESX 4.0 HostTheinstallationprocessisrecordedintheesxupdate.logfile.Bydefault,thisfileislocatedinthe

/var/log/vmwaredirectory.

To install bulletins on an ESX host

1 Verifythatthehosthasenoughdiskspacetoperformtheinstallation.

SeeVerifyingDiskSpaceonpage 13.

2 Fromtheserviceconsole,logontotheESX4.0hostasuserroot.



theserviceconsole.


4 Scanthedesiredbulletinstodetermineiftheyareapplicable.

SeeToscanforapplicablebulletinsonpage 12.

5 Runesxupdateupdatecommand.

Toinstallallapplicablebulletinsinthedepot:

esxupdate -m update

Toinstallspecificbulletinsinthedepot:

esxupdate -m -b update

Toinstallallapplicablebulletinsinabundlezip:

esxupdate --bundle update

6 Ifnecessary,rebootthesystem.

NOTE esxupdateneverrebootsyourhost.


16/26


16 VMware, Inc.

7 Runtheesxupdatequerycommandtoverifytheinstallationwasasuccess.

SeeVerifyingBulletinInstallationsonpage 16.



Verifying Bulletin Installations

Thiscommandletsyouverifyallinstalledbulletinswereinstalledcorrectly,thatnoneweremissingorhadthewrongversionnumber.

1 Ifnecessary,logontotheESX4.0hostasuserroot.



theserviceconsole.


3 Runtheesxupdatequerycommand.

esxupdate query

Verifythebulletinyouinstalledisinthereturnlist.


17/26

VMware, Inc. 17

3

Thischaptercontainsthefollowingsections:

esxupdateOptionsandCommandsonpage 17.

esxupdateExitCodesandErrorMessagesonpage 19.

FrequentlyAskedQuestionsonpage 20.

esxupdate Options and Commands

TheesxupdateutilityisapatchmaintenancetoolforESX.Youuseittoreviewthecontentsofabulletin,

installsoftware,andtrackinstalledsoftware.

YourunesxupdatefromtheESXserviceconsolewhileloggedinasuserroot.Theactivityofthetoolis

recordedintheesxupdate.logfile.Bydefault,thisfileislocatedinthe/var/log/vmwaredirectory.

Toseehelpinformationforesxupdate,runtheutilitywithnoarguments.

Reference Information 3

Table 3-1. esxupdate Options

Option Flag Description

--meta -m Specifiesthelocationofmetadatafileinsideadepot.Canberepeated.AmetadataURLmaypointtoavendorswebsitedirectly,ifvendorsmaketheirupdatesavailableonline,ortoalocallymirroredcopy.Whenyouusethe-m flagwithoutthe-b flag,esxupdateselectsallthebulletinsinthemetadata.Forexample:

(HTTP): esxupdate -mhttp://downloads.vmware.com/vi4/update1-metadata.zip -m

http://updates.dvs.cisco.com/fake/esx4/metadata.zip

(HTTPS): esxupdate -mhttps://downloads.vmware.com/vi4/update1-metadata.zip -m

https://updates.dvs.cisco.com/fake/esx4/metadata.zip

(FTP): esxupdate -m ftp:///esx/vi4/metadata.zip-b VMW_ESX4_Patch1

(NFS):esxupdate -m file:///var/updates/esx4/metadata.zip

-b |

-b Specifiesone

or

more

bulletins.

If

not

specified,

all

bulletins

are

handled.

Must

be

combinedwiththe-mor--bundleoptions.Useone-bflagforeachbulletintoinstall.Forexample:

esxupdate m esxupdate -b ESX350-200802055-BG -b

ESX350-200803066-SG

--bundle

Specifiesthelocationofanofflinebundlezip. esxupdatedownloadsandunpacksthezip.Canbeusedwith-boptiontoselectbulletinswithinthebundlezip.Canberepeated.Usewiththescan,info,stage,updatecommands.Forexample:

esxupdate --bundle scan

--http_proxy

:

UseatforHTTPconnections.


18/26


18 VMware, Inc.

esxupdate Commands

--all Listsallthebulletinsinmetadataorbundlezips,insteadofjusttheapplicableones.Usethisoptionwiththeesxupdatescancommand.

--loglevel

Changesthelevelofdetailwrittentotheesxupdate.logfile.Possiblevaluesareasfollows:

orDEBUGDebugginginformation

orINFODetailedInformation orWARNINGWarning

orERRORError

--nocache TheesxupdateupdatecommandusesitscacheofalreadydownloadedVIBsifpossible,buttherearetimeswhenthecachecanbecomestale.Usethe--nocacheoptiontoforceesxupdateupdatetoalwaysdownloadallVIBs.

--retry SpecifiesthenumberoftimestoretryaconnectiontoanHTTP,HTTPSorFTPserver.Thedefaultvalueisdefinedinthe[defaults]sectionofesxupdate.conf.Ifyouenteraspecificvaluethedefaultvalue5isoverridden.Forexample,ifyouenter7,itsupersedes5andesxupdatetriestoreconnecttoanHTTP,HTTPSorFTPserverseventimesincaseofabrokenconnection.

--timeout SpecifiestheamountoftimetowaitwhenconnectingtoorreadingfromanHTTP,HTTPS,FTPserverorproxy.

Table 3-1. esxupdate Options (Continued)

Option Flag Description

Table 3-2. esxupdate Commands

Command Description

esxupdate info Displaysinformationaboutbulletins,includingabriefsummary,andbuildandinstalltimes.ThiscommandretrievesthebulletindefinitionsfromthemetadataorthepatchdatabaseontheESXhost(/etc/vmware/esxupdate).SeeRetrievingBulletinInformationonpage 12.

Syntax for bulletins in a depot:

esxupdate -m meta1URL -b bulletinID [-b bulletin2 ...] info

esxupdate --bundle bundleZipURL [-b bulletinID [-b bulletin2 ...]] info

Syntax for bulletins in the patch database:esxupdate -b installed-bulletinID info

esxupdate query Returnsalist,ininstallorder,ofallbulletinsinstalledontheESXhost.SeeToretrieveinformationaboutinstalledbulletinsonpage 12.

Syntax

esxupdate query

esxupdate scan Returnsalistoftheapplicablebulletinsinadepotmetadataorinabundlezip.Usewith--alloptiontoreturnalistofallbulletins.SeeScanningforApplicableBulletinsonpage 11.Syntax

esxupdate [--meta ] [--bundle ] [--all]] scan

esxupdate stage DownloadstheappropriateVIBsfortheselectedbulletins,preloadstheesxupdatedepotcacheforHTTPandFTPservers,andchecksforVIBandRPMdependencies.Forexample:

esxupdate -m stageSeeStaginganInstallationonpage 13.

esxupdate update Checksthespecifiedbulletinsfordependencies,checkstheESXhostfordependencies,determineswhichbulletinstoinstall,andinstallsthemontheESXhost.SeeInstallBulletinsonanESX4.0Hostonpage 15.

Syntax

esxupdate -m https://meta1.zip [-m https://meta2.zip ... ] [-b bulletinID1

[-b bulletinID2 ... ]] update

esxupdate --bundle https://offline-bundle.zip [-b bulletin1 [-b bulletin2

... ]] update


19/26

VMware, Inc. 19

Chapter 3 Reference Information

esxupdate Exit Codes and Error Messages

Table 3-3. esxupdate Error Codes and Error Messages

Exit Code Error Message Explanation and Workaround

0 Commandcompletedsuccessfully.

1 Notroot.esxupdatemustbeenteredastherootuser.

2 Invalidcommand

line

syntax

or

arguments.

3 LockingError Cannotacquirelock.Anotheresxupdateisrunning.

4 MetadataDownloadError Downloadingorextractionofdatafailed.VerifythatthecorrectURLwasspecified,andisreachable.Useesxcfg-firewalltoopenadditionalports.IfthetargetURLorfilehasbeencopiedfromanothersource,verifythatithasbeencopiedcorrectly.

5 MetadataFormatError

7 VibDownloadError

26 BundleDownloadError

27 BundleFormatError

8 VibFormatError NotaVIBarchive,missingfiles,filesinwrongorder,descriptor.xmlinvalid.

9 VibIOError Indicatesanerrorreadingorwritingfilestoorfromlocal

storage.Verify

that

adequate

free

space

exists

on

mounted

filesystems.10 FileIOError

11 DatabaseFormatError vibs.xmlnotavalidXMLfile.Bulletinszipnotaziparchive.Invalidstructureineitherfile.

13 NoMatchError VIBorBulletinIDnotinmetadata,orrequestedVIBsorbulletindonotapplytohostplatform(stage,updateonly).

14 DependencyError esxupdatewasunabletoresolvedependencies.ThisconditionisduetoconflictsbetweenanyoftherequestedVIBs,requireddependenciesandthehost,packagesonthehostobsoletingreqestedVIBsortheirrequirements,orduetooneormorerequirementsnotbeingfoundinthemetadata(stage,updateonly).ThisconditionisdifferentfromUnsatisfiedDependencies.

15 PackageManagerError RPMoripkgtransactionfailed.

18 MaintenanceModeError ESXhostisnotinmaintenancemodewhenitmustbe,orhostdisdown.Maintenancemodecannotbedetermined.

19 PostScriptError Apostscriptexitedwithanonzerostatus.

20 VibSigMissingError OneormoreVIBscontaininvalidoruntrustedsignaturedata. Ifthedatahasbeencopiedfromanothersource,verifythatithasbeencopiedcorrectly.Verifythatthehostdateissetcorrectly. Ifproblemspersist,contactVMwareSupport.

21 VibSigVersionError

22 VibSigFormatError

23 VibSigInvalidError

24 VibSigDigestError

25 UnsatisfiedDependencies AdditionalVIBsarerequiredforinstallation,andtheuser

declinedtoinstallthem.ThisconditionisspecificallydifferentfromDependencyError. Whiledependenciesweresuccessfullyresolved,theycouldnotbeautomaticallyinstalledduetouserinput(CLI)orfailureofthecallertospecifyrequiredVIBsonthecommandline(HAorCLI).

80 Notanerror.Thesystemmustberebootedtocompletetheupdate.


20/26


20 VMware, Inc.

Frequently Asked Questions

WhenanRPMonmyESXhosthasaLinuxequivalent,canIusetheLinuxRPMtoupdatemysystem?

No.VMwarerecommendsthatyouupdateyourESX4.0hostwithRPMssuppliedbyVMware.

CanIremoveinstalledVMwarepatchesfrommyESXhost?

No.Patchescannotberemovedaftertheyareinstalled.

Shouldthe

build

number

of

the

ESX

host

change

after

Iapply

apatch?

ItisnormalforsomeportionsoftheESX4.0softwareinstallationtochangebuildnumberswhenpatchesare

applied.ForinformationondeterminingthebuildnumberforeachofthecomponentsofyourESX

installation,seetheVMwareknowledgebasearticle,KB1001179.
http://kb.vmware.com/kb/1001179http://kb.vmware.com/kb/1001179http://kb.vmware.com/kb/1001179http://kb.vmware.com/kb/1001179


21/26

VMware, Inc. 21

4

ThissectiondescribesthreepatchmanagementtoolsthatVMwareprovidesinadditiontotheesxupdate

utility:

AboutVMwarevCenterUpdateManager

AboutvSphereHostUpdateUtility

AboutvihostupdatevSphereCLI

Youcanaccessthemostcurrentversionsofthedocumentationforeachtoolbygoingto

http://www.vmware.com/support/pubs.

YoucanfindinformationabouttheVMwareUpgradeandUpdatePolicybygoingtohttp://www.vmware.com/support/policies/upgrade.html.

About VMware vCenter Update Manager

VMwarevCenterUpdateManagerisanoptionalmoduleforvCenterServerthatperiodicallydownloads

patchinformationfromtheInternet.UpdateManagerperformsuserdefinedscanoperationsonESX4.0and

ESXi4.0hostsforpatchcompliance.Ifitdeterminesapatchisrequired,VMwarevCenterUpdateManager

downloadsthe

patch

and

installs

it

based

on

user

defined

configurations.

VMware

vCenter

Update

Manager

canperformscanandinstallationoperationswithlatestpatchesinanairgaporsemiairgapenvironmentthat

hasnoInternetaccess,byusingasharedrepository.TheUpdateManagerpluginisanoptionalfeaturethat

requiresvSphereClient.

TheVMwarevCenterUpdateManagerdocumentationconsistsofreleasenotes,anadministrationguide,and

onlinehelpintegratedwiththeVMwarevCenterUpdateManagervSphereClientplugin.

About vSphere Host Update Utility

YoucanusevSphereHostUpdateUtilitytopatchESXi4.0hosts.vSphereHostUpdateUtilityfindsapplicable

patchesandenablesyoutoinstallthem.YouhavetheoptiontoinstallvSphereHostUpdateUtilitywhenyou

installthevSphereClient. Bydefault,theutilityisnotinstalled.

ThevSphereHostUpdateUtilityisdocumentedinthevSphereUpgradeGuide.About vihostupdate vSphere CLI

ThevihostupdatevSphereCLIcommandcanscanESX/ESXihostsforinstalledpatches,enforcesoftware

updatepolicies,andinstallsoftwarepatches.ItcanperformsoftwareupdatestoESX/ESXiimagesandinstall

andupdateESX/ESXiextensionssuchasVMkernelmodules,drivers,andCIMproviders.ForESX/ESXi4.0

hosts,runvihostupdate.ForESX/ESXi3.5hosts,runvihostupdate35.

SeethevSphereCLIInstallationandReferenceGuideandthevSphereUpgradeGuide.

ESX Patch Management Tools 4
http://www.vmware.com/support/policies/upgrade.htmlhttp://www.vmware.com/support/policies/upgrade.html


22/26


22 VMware, Inc.


23/26

VMware, Inc. 23

Index

Bbulletinsabout extracting 11

about installing 14

installing 15

querying bulletins in a depot 13

querying installed bulletins 12

retrieving RPM details 13

scanning 11, 12

test install 13

verifying installation 16

Ccustomizing patching, about 9

D

depots

querying bulletins 13

disk space

requirements 13

E

error messages 19

esxupdate

--all option 18

-b option 17

exit codes and error messages 19

info operation 18

--loglevel option 18

query operation 18

scan operation 18

stage operation 18

update operation 18

esxupdate utility

about 7

commands 17, 18options 17

Exit codes 19

F

frequently asked questions 20

I

info command

about 18

sample output 13

installation

disk space 13

verifying 16

installed bulletins

listing 12

P

patching

customizing 9

strategy 8

patching tools

vihostupdate vSphere CLI 21

VMware vCenter Update 21

vSphere Host Update Utility 21

Q

query command

about 18

sample output 12

R

roll-ups

about installing 14

installing 15

RPM packages

retrieving details 13

S

scan command

sample output 11

scanning bulletins 12

about 11

T

test install, running 13

U

update command

about 18

V

vihostupdate vSphere CLI 21

VMware vCenter Update 21

vSphere Host Update Utility 21


24/26


24 VMware, Inc.


25/26

VMware, Inc. Update25

Updates for the ESX 4 Patch Management Guide

LastUpdated:February17,2010

ThisdocumentprovidesupdatestotheESX4.0versionoftheESX4PatchManagementGuide.Updated

descriptions,procedures,andgraphicsareorganizedbypagenumbersothatyoucaneasilylocatetheareas

oftheguidethathavechanges.Ifthechangespansmultiplesequentialpages,thisdocumentprovidesthe

startingpagenumberonly.

ThefollowingisanupdatetotheESX4PatchManagementGuide:

UpdatestotheVerifyingDiskSpacesectiononPage 13

Updates to the Verifying Disk Space section on Page 13

IntheVerifyingDiskSpacesection,thefirstandsecondlistitemshouldbe:

The/ partitionhasatleast50MBoffreespace.

Thediskspaceallocatedtotheserviceconsolehasanamountoffreespacethatisthricethesizeofthe

bulletintobeinstalled


26/26

esx 4 patch management guide 4.0

Documents