Product Announcements

Patching ESXi from the Command Line

VMware released the first patch to ESXi 5.0 this week so I figured I'd make today "patch Friday".  Now I normally install all my ESXi updates using Update Manager but this time I decided to use the vCLI in order to check out some of the new 5.0 ESXCLI capabilities.  All-in-all it went very well.

First, a quick review of my environment.  I have my vCenter 5.0 server running on Windows managing a four-node ESXi 5.0 cluster hosting a number of VMs.  To install the patch I'm using vMA 5.0 to connect directly to each host one at a time to install the update. 

Step 1:  Backups

Before doing any updates it's always a good idea to backup the host configuration.  To do this form the vCLI use the "vicfg-cfgbackup" command:


The "vicfg-cfgbackup" command creates a tarball of all the host's configuration files.  I ran a separate backup for all four hosts.

Step 2:  Stage the update

Next I needed to stage the update file that I downloaded from onto a datastore that was accessible by all the hosts in my cluster.  I did this using the "browse datastore" feature in the vSphere client.  I browsed to the shared datastore where I wanted to stage the update, created a directory, and uploaded the ZIP file onto the datastore:


Step 3:  Identify the update profile name

Next I needed to determine the names of the image profiles that are included with the update.  To do this I ran the "esxcli <conn_options> software sources profile list <path to ZIP>" command.


As I want the profile that includes VMware Tools I will use the "ESXi-5.0.0-20110904001-standard" profile. 

Step 4:  Place host into maintenance mode

With the update staged and with the name of the new profile I'm ready to do the upgrade.  First I put the host into maintenance mode using the "vicfg-hostops <conn_options> –operations enter" command.  Because I run DRS in fully automated mode any running VMs will be vMotioned off the host when it is put into maintenance mode.


Step 5:  Update the host

Next, I had to chose how to do the update.  It looks like the update file that I downloaded contains a full ISO image so I was tempted to just do a full install, replacing the entire image.  I noticed there is a "dry run" option to the "esxcli <conn_options> software profile install" command so I ran it. 


As you can see the dry run came back with a warning about the "vmware-fdm-5.0.0-380461" package and how it will be removed when I install the new profile.  I'm not really concerned about this package because I know when I take the host out of maintenance mode vCenter will install it onto the host.  However, the message did raise a good point.  If I did have any 3rd party VIBs installed, using the install option and overwriting the image would result in them being removed.  This got me thinking maybe I should do an update instead, so I did a second dry-run using the "esxcli <conn_options> software profile update" command.


The screen shot above is just the first part of the output from the "esxcli <conn_options> software profile update" command.  There was a lot of output as the command listed all the VIBs that would be installed followed by all the VIBs that would be removed.  As the patch includes VIBs for pretty much the entire image this was a lot of VIBs.  With an understanding of the difference between doing an "install" vs. an "update" I decided it would be best to do an update because I don't want to inadvertently remove any packages that aren't being updated, and besides the update seems a little less intrusive. 

At this point I was ready to proceed with the upgrade so I ran he update command again without the "dry-run" option.  At first I wasn't sure if it was doing anything as my command prompt seemed to hang, but after approximately ~15 seconds the update results came back showing that the update completed successfuly and that I needed to reboot the host. 


Step 6:  Reboot

I rebooted the host by running "vicfg-hostops <conn_options> –operations reboot".  The host rebooted using the updated image and reconnected to vCenter where I was able to verify the host was running of the new build.


Step 7:  Exit maintenance mode

I then took the host out of maintenance mode by running "vicfg-hostops –server –operation exit"  and proceeded to upgrade the remaining three hosts.


All-in-all, pretty quick and painless.  Below is a summary of the ESXCLI commands I used.  The more I work with the ESXCLI command the more I find that I'm really liking it.  At first the commands can look a bit long and intimating, but I've learned that I don't need to memorize any crazy syntax as once I got my head around the nested namespace convention used by the ESXCLI command it's very intuitive and really easy to use. 

Summary of vCLI commands used do do the upgrade:

Backup the host configuration:
# vicfg-cfgbackup –server –save –username root esx18a-09162011.tgz

List image profiles in the patch:
# esxcli -s –username root software sources profile list –depot=<path-to-zip>/

Place host into maintenance mode:
# vicfg-hostops –server –username root –operation enter

Install with dry-run option:
# esxcli -s –username root software profile install –depot=<path-to-zip>/ –dry-run –profile=ESXi-5.0.0-20110904001-standard

Update with dry-run option:
# esxcli -s –username root  software profile update –depot=<path-to-zip>/ –dry-run –profile=ESXi-5.0.0-20110904001-standard

Perform the update:
# esxcli -s –username root  software profile update –depot=<path-to-zip>/ –profile=ESXi-5.0.0-20110904001-standard

Reboot the host:
# vicfg-hostops –server –operation reboot

Take host out of maintenance mode:
# vicfg-hostops –server –operation exit