ESX 4 Patch Management Guide 4.0

ESX 4 Patch Management Guide
ESX 4.0
This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
EN-000137-01
You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com
Copyright 20092011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com
VMware, Inc.
Contents
AboutThisBook
1 AboutPatchesandUpdates 7
AbouttheesxupdateUtility 7 PatchMaintenanceStrategy 8 CustomizingYourPatchProcess 9
2 InstallingUpdates 11
BundleZipFiles 11 ScanningforApplicableBulletins 11 RetrievingBulletinInformation 12 VerifyingDiskSpace 13 StaginganInstallation 13 InstallingBulletins 14 InstallBulletinsonanESX4.0Host 15
3 ReferenceInformation 17
esxupdateOptionsandCommands 17 esxupdateCommands 18 esxupdateExitCodesandErrorMessages 19 FrequentlyAskedQuestions 20
4 ESXPatchManagementTools 21
AboutVMwarevCenterUpdateManager 21 AboutvSphereHostUpdateUtility 21 AboutvihostupdatevSphereCLI 21
Index 23
VMware, Inc.
VMware, Inc.
About This Book
Thisbook,ESX4PatchManagementGuide,providesbackgroundinformationonprocessingpatchesforESX 4.0hostsanddescribeshowtousetheesxupdateutilitytoapplysoftwareupdatesandtotracksoftware installedonESX4.0hosts. ThisbookprovidesinformationspecifictoESX4.0hostsandtheesxupdateutility.Itdoesnotdiscussthe following:
HowtopatchESX4.0hostsautomaticallywiththeVMwareUpdateServiceandtheVMwarevCenter UpdateManager.Forinformationonthesetools,seeESXPatchManagementToolsonpage 21. HowtopatchESXi4.0hostswiththevihostupdatevSphereCommandLineInterface(CLI).For informationonvihostupdate,seeESXPatchManagementToolsonpage 21. HowtopatchversionsofESXreleasedpriortoversion4.0.Forinformationonthisprocess,seethePatch ManagementforESXServerstechnoteandtheESXServer3PatchManagementGuide. HowtoupgradeESXhosts.Forinformationonupgrading,seethevSphereUpgradeGuide.Foralistof VMwarereleasedefinitions,seetheVMwareUpgradeandUpdatePolicybygoingto http://www.vmware.com/support/policies/upgrade.html.
Intended Audience
ThismanualisintendedforanyonewhomustmanuallyapplypatchestoESX4.0hosts.Theinformationin thismanualiswrittenforsystemadministratorswhouseaserviceconsoletomanageESXhosts.
Whats Changed from ESX 3.x

ThismanualhasbeenupdatedfromtheESXServer3PatchManagementGuidetoincludenewdefinitionsand proceduresthatareuniquetoESX4.0.
Document Feedback
VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyour feedbackto: docfeedback@vmware.com
VMware vSphere Documentation

TheVMwarevSpheredocumentationconsistsofthecombinedvCenterServerandESXdocumentationset.
VMware, Inc.
Technical Support and Education Resources

Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Youcanaccessthemost currentversionsofthismanualandotherbooksbygoingto: http://www.vmware.com/support/pubs
Online and Telephone Support

Useonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and registeryourproducts.Gotohttp://www.vmware.com/support. Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseon priority1issues.Gotohttp://www.vmware.com/support/phone_support.
Support Offerings
FindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Goto http://www.vmware.com/support/services.
VMware Education Services

VMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerialsdesignedtobeused asonthejobreferencetools.FormoreinformationaboutVMwareEducationServices,goto http://mylearn1.vmware.com/mgrreg/index.cfm.
VMware, Inc.
About Patches and Updates
Softwarepatchesprovideimmediatefixesforoneormoresecurityissuesorcriticalfixesforaspecificareaof theproduct.Forinformationaboutaspecificpatch,gototheVMwarevSphereDownloadCenterat http://www.vmware.com/download/vi. Typesofsoftwareupdatesandrelatedterms:

Bulletin.AgroupingofoneormoreVIBs(vSphereInstallationBundle).Bulletinsaredefinedwithinmetadata. Depot.AlogicalgroupingofVIBsandassociatedmetadatathatispublishedonline. Extension.AbulletinthatdefinesagroupofVIBsforaddinganoptionalcomponenttoanESXhost.An extensionisusuallyprovidedbyathirdparty,asarepatchesorupdatestotheextension. Metadata.Extradatathatdefinesdependencyinformation,textualdescriptions,systemrequirements andbulletins. OfflineBundlezip.AnarchivethatencapsulatesVIBsandcorrespondingmetadatainaselfcontained depotthatisusefulforofflinepatching. Patch.AbulletinthatgroupsoneormoreVIBstogethertoaddressaparticularissueorenhancement. Rollup.Acollectionofpatchesthatisgroupedforeaseofdownloadanddeployment. RPM.Binarypackagesthatincludeasetofcontrolscripts,whichprovideinformationfortheRPMabout howtoinstallthepackageandanypostinstallationconfigurationthatisneeded. Update.AperiodicreleaseofanESXimage,whichcontainsmultiplefixesandsupportfornewhardware. VIB.AVIBisasinglesoftwarepackage.
Patchesdonothaveinstallationwizards.Youinstallthemwithapatchupdatetool.Thepatchupdatetoolfor ESX4.0hostsisesxupdate.ForinformationaboutpatchupdatetoolsforotherESXversions,seeESXPatch ManagementToolsonpage 21.
About the esxupdate Utility

Youusethepatchmaintenanceutility,esxupdate,toretrieveinformationaboutupdatesandextensionsfrom VMwareandthirdparties,totrackinstalledsoftware,andtoapplysoftwarepackagestoESX4.0hosts.You runesxupdatefromtheserviceconsolewhileyouareloggedontoanESX4.0hostasuserroot.Youcanrun onlyoneinstanceatatimeonthesameESX4.0host. Arecordofeachinstalledbulletiniswrittentothe/etc/vmware/esxupdatedirectoryonthehost.Therecord includesthebulletinID,theinstallationtime,theVIBsinstalled,andotherdetails.Thisdirectoryactsasa patchdatabaseandisusedbyesxupdatetoquerythepatchesinstalledonthehost. CAUTIONThisdirectoryisreadonly.Ifyouchangethecontents,whenesxupdateperformsanintegrity check,itwillfailforthechangedfiles.Insuchcases,esxupdateexitswithanIntegrityErrormessage.Formore information,seeesxupdateExitCodesandErrorMessagesonpage 19.
VMware, Inc.
ForESX4.0hosts,therearefourbasicmodesofesxupdate:Inspectionmode,scanmode,testmode,and updatemode.
Inspectionmode.Queriesyoursystemforbulletinsandbulletindetails.Youusetwocommandsto retrievebulletininformation:esxupdatequeryandesxupdateinfo.
UsetheesxupdatequerycommandtodisplayalistofbulletinsinstalledonESX4.0host.Theoutput liststhebulletinsinascendinginstallationorderandincludesthebulletinname,installationdate,and a40charactersummaryofthebulletin.Allbulletinsthatareinstalledarelisted.Bulletinsthatare supersededbyanotherbulletinareconsideredobsoleteandarenotdisplayedinthisoutput. Usetheesxupdateinfocommandtodisplayinformationonthecontentsofoneormorebulletins. Theoutputincludesthebulletinname,releasedate,anddetailsaboutthemetadatafiles,including theVIBpackagesthatarepartofthebulletin. Youcanusetheinfocommandforbothinstalledanduninstalledbulletins.Formoreinformation, seeRetrievingBulletinInformationonpage 12.
Scanmode.DetermineswhichbulletinsareapplicabletotheESX4.0hostbyqueryingthebulletinsina depotandthebulletinsinstalledonthehostforbulletinandsystemdependencies.Usetheesxupdate scancommandbeforeyouinstallbulletinstodeterminewhichonesareapplicabletothehost.Formore information,seeScanningforApplicableBulletinsonpage 11. Testmode.Enablesesxupdatetogothroughallinstallationoperationswithoutinstallingthespecified bulletins.Testmodedownloadstheappropriatefiles,preloadstheesxupdatedepotcacheforHTTPand FTPservers,checksforRPMpackagedependencies,anddetermineswhichRPMstoinstall.Formore information,seeStaginganInstallationonpage 13. Updatemode.InstallsbulletinsonESX4.0hosts.Usetheesxupdateupdatecommandtoinstall individualbulletins,abundlezip,oranonlinedepot.Updatemodescansthedepotfordependenciesand handlesthem,ifpossible,beforeinstalling.Formoreinformation,seeInstallBulletinsonanESX4.0 Hostonpage 15.
Forinformationonesxupdatesyntaxandcommands,seeesxupdateOptionsandCommandsonpage 17
Patch Maintenance Strategy

UsethefollowingguidelinestomanagepatchingforyourESX4.0hosts.
Keepyourenvironmentascurrentaspossible.Determinewhetheranybulletinsarenecessaryforyour environmentandapplythosebulletins.Minimizethechangetoyoursoftwareenvironmentwhenever possible.Formoreinformationondeterminingbulletinapplicability,seeScanningforApplicable Bulletinsonpage 11. Analyzetheriskfactorofapplyingthebulletin.Forexample,assessthevirtualmachineandESX4.0host downtimerequirements.Thescancommandprovidestheinformationyouneedtoanalyzerisksand serverdowntime. Downloadandinstallrollupsratherthanindividualbulletins.Thismethodsavesyoudownloadtime andensures,whendependenciesexist,thatyourdepotcontainsallnecessarybulletins. Foramultihostenvironment,setuppatchdepotsonacentralizedserverthatisaccessiblebyallESXhosts. CreateaseparatedepotforeachESXversioninyourenvironment.Althoughyoucanputdepotsonan ESXhost,VMwaredoesnotrecommendit.
VMware, Inc.
Chapter 1 About Patches and Updates
Customizing Your Patch Process

Youcanwritecustomscriptstoautomateyourpatchprocess.Forexample,youcancreateacronjobto periodicallydownloadrollupstoadepot.Youcanwriteascripttoscanthedepotforapplicablebulletinsand installallatonetime.Ifduringthescanoperation,esxupdatefindsabulletinthatrequiresvirtualmachines tobepoweredoff,youcanwriteascriptthatputsthemintomaintenancemode. IfyouusecustomscriptstoautomatetheESX3patchprocess,youmustupdatethemtoworkwithESX4.0. Specifically,upgradeyourscriptstousetheesxupdate -m optiontopointtothedepotandtoinstallmultiple bulletinsatonetime.
VMware, Inc.
10
VMware, Inc.
Installing Updates
YoumustperformseveralprocedurestoupyourpatchenvironmentandinstallbulletinsonyourESX4.0 hosts. Thischaptercontainsthefollowingsections:

BundleZipFilesonpage 11 ScanningforApplicableBulletinsonpage 11. RetrievingBulletinInformationonpage 12. VerifyingDiskSpaceonpage 13. StaginganInstallationonpage 13. VerifyingBulletinInstallationsonpage 16.
Bundle Zip Files

Abundlezipcontainsametadatazipwhichdefinesthebulletinsavailableforinstallationandalsocontains oneormorepackages.EachpackageisaVIBfilethatistranslatedintooneRPMpackageduringthe installationprocess.
Scanning for Applicable Bulletins

TodeterminewhichbulletinsinyourdepotareapplicabletoyourESX4.0host,usetheesxupdatescan command.AbulletinisapplicableifatleastoneVIBpackageappliestotheESXplatformanditupdatesa packageontheESXhost,orifitisanewpackage.Whenyouscanadepot,bydefaultthescancommandonly displaysapplicablebulletinsthathaveupdatedornewpackages.The--alloptiondisplaysallofthebulletins includinginapplicablebulletins. Ifesxupdatecanhandlealldependenciesanddoesnotfindanyconflicts,itcaninstallthepatchesincluded inthescan.Ifconflictsexist,theyarelistedinthescanoutput. ThefollowingExample11showstheinformationreturnedfromanesxupdate scancommandonadepot. Example 2-1. Example 1-1. scan Command Sample Output
Bulletin ID bul_1 bul_2 ---Date--2008-11-12 2008-11-12 ----- Summary ----This is the bul_1 This is the bul_2
VMware, Inc.
11
To scan for applicable bulletins 1 LogintotheserviceconsoleontheESX4.0hostasuserroot. IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh. 2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor theserviceconsole.

esxcfg-firewall --allowOutgoing
Runtheesxupdatescancommand. NOTEYoucannotrunesxupdateinthecurrentdirectorywithout-mor--bundle.
Toscanapplicablebulletinsinadepot:
esxupdate -m <metadataURL> scan
Toscanforapplicablebulletinsinabundlezip:
esxupdate --bundle <bundleZipURL> scan
Tolistallthebulletinsregardlessofapplicabilityorsoftwareplatform,addthe--all / -aoption.
Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity:
esxcfg-firewall --blockOutgoing
Forinformationonscanning,seeScanningforApplicableBulletinsonpage 11.Forinformationon esxupdatesyntaxandcommands,seeesxupdate scanonpage 18.
Retrieving Bulletin Information

Theesxupdatequeryandesxupdateinfocommandsretrieveinformationaboutinstalledbulletinsand bulletinsthatareinadepotorbundlezip. To retrieve information about installed bulletins 1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot. IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh. 2 Runtheesxupdatequeryorinfocommand.
Toretrieveabriefsummaryofallinstalledbulletins:
esxupdate query
Thiscommandlistsallinstalledbulletinsinascendinginstallationorderandincludestheinstallation dateandabriefsummaryforeachbulletin.
Toretrievedetailsaboutbulletinsreturnedbythequery:
esxupdate -b <bulletin1> -b <bulletin2> info
Forinformationonesxupdatesyntaxandcommands,seeesxupdate queryonpage 18andesxupdate infoonpage 18. ThefollowingExample12showstheinformationreturnedwhenyouruntheesxupdate querycommand onanESX4.0host. Example 2-2. Example 1-2. query Command Sample Output
Installed software bulletins -----Bulletin ID-----Installed-bul_1 2008-07-08T19:55:04 Cisco Swordfish Drop 07142008 2008-07-19T05:03:22 --------Summary-------This is the summary Swordfish VIB for COS only
12
VMware, Inc.
Chapter 2 Installing Updates
To retrieve information about bulletins in a depot or bundle zip 1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot. IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh. 2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor theserviceconsole.
Runtheesxupdateinfocommand.
Toretrievedetailsofallbulletinsinametadatafile:
esxupdate -m <metadataURL> info
Toretrievedetailsofspecificbulletinsinadepot:
esxupdate -m <metadataURL> -b <BulletinID1> -b <BulletinID2> info
Toretrievedetailedinformationonallbulletinsinabundlezip:
esxupdate --bundle <bundleZipUrl> info
Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity.
Forinformationonesxupdatesyntaxandcommands,seeesxupdate infoonpage 18. ThisExample13showstheinformationreturnedwhenyouruntheesxupdateinfocommandonasingle installedbulletin. Example 2-3. Example 1-3. info Command Sample Output
Id - Driver 2 Releasedate - Releasedate - 2008-11-17T11:28:42-07:00 Vendor - VMware, Inc. Summary - Wonderful driver 2.1 Severity - critical Category - storage Installdate Description - Self-contained bulletin with one Vib Kburl - http://kb.vmware.com/selfservice/microsites Contact - support@vmware.com List of constituent VIBs: cross_driver_2.1-1
Verifying Disk Space

Checkthefollowingrequirementstomakesurethehostsystemhasenoughdiskspace.(SEEUPDATE)

The/partitiondirectoryhasatleast50MBoffreespace. Thediskspaceallocatedtotheserviceconsolehasanamountoffreespacethatistwicethesizeofthe bulletintobeinstalled. Beforeinstallingpatches,usethestagecommand.SeeStaginganInstallationonpage 13.
Staging an Installation
Staginganinstallationallowsesxupdatetoperformthefollowingtaskswithoutinstallinganybulletins:
DownloadstheappropriatebulletinsandVIBpackagestothehosttoreducedowntimewhenalarge numberofupdatesmustbeinstalled ChecksforVIBsignature
VMware, Inc.
13
ChecksforVIBandRPMdependencies Determinesthebulletinorder DetermineswhichRPMsmustbeinstalled,butdoesnotinstallthem
ThiscommandalsopopulatestheesxupdatecachefortheHTTPandFTPdepotsaswellasbundlezips.Asa result,whenyouruntheupdatecommand,thedownloadstepcanbeskipped. To stage an installation 1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot. IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh. 2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor theserviceconsole.

Runtheesxupdate stagecommand.
Torunatestinstallationofallbulletinsinadepot:
esxupdate -m <metadataURL> stage
Torunatestinstallationofmultiplebulletinsinadepot:
esxupdate -m <metadataURL> -b <BulletinID> -b <BulletinID> stage
Torunatestinstallationofabundlezip:
esxupdate --bundle <bundleZipUrl> stage
Installing Bulletins
Youusetheesxupdateupdatecommandtoinstallbulletins.Youcaninstallanynumberofbulletinsfromone ormoredepots.Youcaninstalloneormorebundlezipfiles.Thebundlezipfilesareindependentfromany depotandcanbelocatedonthelocalESXhost,aCDROMdrive,oranyremoteHTTP,NFS,orFTPserver. Wheninstallingbulletins,keepinmindthefollowingesxupdatebehavior:

IfyoudonotspecifybulletinIDstoinstall,esxupdateinstallsallapplicablebulletinsinthedepot. IfyouspecifyoneormorebulletinIDstoinstall,thefollowingcanhappen:

Ifnodependenciesexist,esxupdateinstallsonlythosebulletins. Ifdependenciesexistandaspecifiedbulletinrequiresyoutoinstalloneormoreunspecified bulletins,youaregiventheoptiontoinstalladditionalpackages.Thesepackagesareinstalledifyou entery.
Thehostsystemshouldhavethefollowingspaceavailabletoensurespacefortheinstallation:

Aminimumof24MBforthe/tmpand/boot directories. Aminimumof100MBforthe/rootdirectory. Ingeneral,theinstallationrequirestwicethesizeofthedownloadedbulletins.
Beforeyouinstallbulletinsorbundlezipfiles,youmustrunthestagecommandtodownloadallpackages, validatesignatures,andcheckfordependenciesandconflicts. Duringtheinstallationprocess,esxupdatevalidateseachVIBpackagebyusingasetofsignaturekeys.Ifany VIBpackageinapatchcontainsamissingorinvalidsignature,esxupdatedoesnotinstallthebulletin.
14
VMware, Inc.
Chapter 2 Installing Updates
Aftervalidatingthebulletins,esxupdateperformsthefollowingtasksduringtheinstall:

FiltersoutanypackagesthatdonotapplytothecurrentversionESX. Checksforsoftwaredependenciesandprerequisites,forexample,ifthebulletinisthecorrectESXversion, ifvirtualmachinesarepoweredoff,andsoon. Verifiesthedigitalsignaturesofthepackagesineachbulletin. Checksforadequatediskspace. RemovesobsoletepackagesfromtheESX4.0host. Installsthepackages.Packagesinstalledalreadyorsupersededbyanewerinstalledversionarenot installed. Updatestheinitrdimage,whichensuresupdateddriversareloadedonESXforthenextboot.
Duringtheinstallation,ifanesxupdatepatchisavailable,theutilityupdatesitself.Iftheinitrdanddriver configurationsrequirechanges,thechangesaremadeafterallbulletinsareinstalled. Forinformationoninstallingbulletins,seeInstallBulletinsonanESX4.0Hostonpage 15.Forinformation oncheckingforpatchdependencies,seeScanningforApplicableBulletinsonpage 11.
Install Bulletins on an ESX 4.0 Host

Theinstallationprocessisrecordedintheesxupdate.logfile.Bydefault,thisfileislocatedinthe /var/log/vmwaredirectory. To install bulletins on an ESX host 1 Verifythatthehosthasenoughdiskspacetoperformtheinstallation. SeeVerifyingDiskSpaceonpage 13. 2 Fromtheserviceconsole,logontotheESX4.0hostasuserroot. IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh. 3 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor theserviceconsole.
Scanthedesiredbulletinstodetermineiftheyareapplicable. SeeToscanforapplicablebulletinsonpage 12. NOTEesxupdateneverrebootsyourhost.
Runesxupdateupdatecommand.
Toinstallallapplicablebulletinsinthedepot:
esxupdate -m <metadataURL> update
Toinstallspecificbulletinsinthedepot:
esxupdate -m <metadataURL> -b <Bulletin1> update
Toinstallallapplicablebulletinsinabundlezip:
esxupdate --bundle <rollupBundleZipURL> update
Ifnecessary,rebootthesystem.
VMware, Inc.
15
Runtheesxupdatequerycommandtoverifytheinstallationwasasuccess. SeeVerifyingBulletinInstallationsonpage 16.
Verifying Bulletin Installations Thiscommandletsyouverifyallinstalledbulletinswereinstalledcorrectly,thatnoneweremissingorhad thewrongversionnumber. 1 Ifnecessary,logontotheESX4.0hostasuserroot. IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh. 2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor theserviceconsole.

Runtheesxupdatequerycommand.
esxupdate query
Verifythebulletinyouinstalledisinthereturnlist.
16
VMware, Inc.
Reference Information
Thischaptercontainsthefollowingsections:

esxupdateOptionsandCommandsonpage 17. esxupdateExitCodesandErrorMessagesonpage 19. FrequentlyAskedQuestionsonpage 20.
esxupdate Options and Commands

TheesxupdateutilityisapatchmaintenancetoolforESX.Youuseittoreviewthecontentsofabulletin, installsoftware,andtrackinstalledsoftware. YourunesxupdatefromtheESXserviceconsolewhileloggedinasuserroot.Theactivityofthetoolis recordedintheesxupdate.logfile.Bydefault,thisfileislocatedinthe/var/log/vmwaredirectory. Toseehelpinformationforesxupdate,runtheutilitywithnoarguments. Table 3-1. esxupdate Options
Option --meta <metadataURL> Flag -m Description Specifiesthelocationofmetadatafileinsideadepot.Canberepeated.Ametadata URLmaypointtoavendorswebsitedirectly,ifvendorsmaketheirupdates availableonline,ortoalocallymirroredcopy.Whenyouusethe-m flagwithoutthe -b flag,esxupdateselectsallthebulletinsinthemetadata.Forexample: (HTTP): esxupdate -m http://downloads.vmware.com/vi4/update1-metadata.zip http://updates.dvs.cisco.com/fake/esx4/metadata.zip (HTTPS): esxupdate -m https://downloads.vmware.com/vi4/update1-metadata.zip https://updates.dvs.cisco.com/fake/esx4/metadata.zip -m
-m
(FTP): esxupdate -m ftp://<FTP_Server_Hostname>/esx/vi4/metadata.zip -b VMW_ESX4_Patch1 (NFS):esxupdate -m file:///var/updates/esx4/metadata.zip -b <BulletinID> | <*> -b Specifiesoneormorebulletins.Ifnotspecified,allbulletinsarehandled.Mustbe combinedwiththe-mor--bundleoptions.Useone-bflagforeachbulletinto install.Forexample: esxupdate m <metadataURL> esxupdate -b ESX350-200802055-BG -b ESX350-200803066-SG --bundle <bundlezipURL> Specifiesthelocationofanofflinebundlezip.esxupdatedownloadsandunpacks thezip.Canbeusedwith-boptiontoselectbulletinswithinthebundlezip.Canbe repeated.Usewiththescan,info,stage,updatecommands.Forexample: esxupdate --bundle <bundleZipURL> scan --http_proxy <proxy_server>: <port> Use<proxy_server>at<port>forHTTPconnections.
VMware, Inc.
17
Table 3-1. esxupdate Options (Continued)

Option --all --loglevel <number or level name> Flag Description Listsallthebulletinsinmetadataorbundlezips,insteadofjusttheapplicableones. Usethisoptionwiththeesxupdatescancommand. Changesthelevelofdetailwrittentotheesxupdate.logfile.Possiblevaluesareas follows:

orDEBUGDebugginginformation orINFODetailedInformation orWARNINGWarning orERRORError
--nocache
TheesxupdateupdatecommandusesitscacheofalreadydownloadedVIBsif possible,buttherearetimeswhenthecachecanbecomestale.Usethe--nocache optiontoforceesxupdateupdatetoalwaysdownloadallVIBs. SpecifiesthenumberoftimestoretryaconnectiontoanHTTP,HTTPSorFTPserver. Thedefaultvalueisdefinedinthe[defaults]sectionofesxupdate.conf.Ifyouenter aspecificvaluethedefaultvalue5isoverridden.Forexample,ifyouenter7,it supersedes5andesxupdatetriestoreconnecttoanHTTP,HTTPSorFTPserver seventimesincaseofabrokenconnection. SpecifiestheamountoftimetowaitwhenconnectingtoorreadingfromanHTTP, HTTPS,FTPserverorproxy.
--retry
--timeout
esxupdate Commands
Table 3-2. esxupdate Commands
Command esxupdate info Description Displaysinformationaboutbulletins,includingabriefsummary,andbuildandinstalltimes. Thiscommandretrievesthebulletindefinitionsfromthemetadataorthepatchdatabaseonthe ESXhost(/etc/vmware/esxupdate).SeeRetrievingBulletinInformationonpage 12. Syntax for bulletins in a depot: esxupdate -m meta1URL -b bulletinID [-b bulletin2 ...] info esxupdate --bundle bundleZipURL [-b bulletinID [-b bulletin2 ...]] info Syntax for bulletins in the patch database: esxupdate -b installed-bulletinID info esxupdate query Returnsalist,ininstallorder,ofallbulletinsinstalledontheESXhost.SeeToretrieve informationaboutinstalledbulletinsonpage 12. Syntax esxupdate query esxupdate scan Returnsalistoftheapplicablebulletinsinadepotmetadataorinabundlezip.Usewith--all optiontoreturnalistofallbulletins.SeeScanningforApplicableBulletinsonpage 11. Syntax esxupdate [--meta <metadataURL>] [--bundle <bundle-zip-URL>] [--all]] scan esxupdate stage DownloadstheappropriateVIBsfortheselectedbulletins,preloadstheesxupdatedepotcache forHTTPandFTPservers,andchecksforVIBandRPMdependencies.Forexample: esxupdate -m <metadataURL> stage SeeStaginganInstallationonpage 13. esxupdate update Checksthespecifiedbulletinsfordependencies,checkstheESXhostfordependencies, determineswhichbulletinstoinstall,andinstallsthemontheESXhost.SeeInstallBulletinson anESX4.0Hostonpage 15. Syntax esxupdate -m https://meta1.zip [-m https://meta2.zip ... ] [-b bulletinID1 [-b bulletinID2 ... ]] update esxupdate --bundle https://offline-bundle.zip [-b bulletin1 [-b bulletin2 ... ]] update
18
VMware, Inc.
Chapter 3 Reference Information
esxupdate Exit Codes and Error Messages

Table 3-3. esxupdate Error Codes and Error Messages
Exit Code 0 1 2 3 4 5 7 26 27 8 9 10 11 13 14 LockingError MetadataDownloadError MetadataFormatError VibDownloadError BundleDownloadError BundleFormatError VibFormatError VibIOError FileIOError DatabaseFormatError NoMatchError DependencyError NotaVIBarchive,missingfiles,filesinwrongorder, descriptor.xmlinvalid. Indicatesanerrorreadingorwritingfilestoorfromlocal storage.Verifythatadequatefreespaceexistsonmounted filesystems. vibs.xmlnotavalidXMLfile.Bulletinszipnotazip archive.Invalidstructureineitherfile. VIBorBulletinIDnotinmetadata,orrequestedVIBsor bulletindonotapplytohostplatform(stage,updateonly). esxupdatewasunabletoresolvedependencies.This conditionisduetoconflictsbetweenanyoftherequested VIBs,requireddependenciesandthehost,packagesonthe hostobsoletingreqestedVIBsortheirrequirements,ordue tooneormorerequirementsnotbeingfoundinthe metadata(stage,updateonly).Thisconditionisdifferent fromUnsatisfiedDependencies. RPMoripkgtransactionfailed. ESXhostisnotinmaintenancemodewhenitmustbe,or hostdisdown.Maintenancemodecannotbedetermined. Apostscriptexitedwithanonzerostatus. OneormoreVIBscontaininvalidoruntrustedsignature data.Ifthedatahasbeencopiedfromanothersource,verify thatithasbeencopiedcorrectly.Verifythatthehostdateis setcorrectly.Ifproblemspersist,contactVMwareSupport. Error Message Explanation and Workaround Commandcompletedsuccessfully. Notroot.esxupdatemustbeenteredastherootuser. Invalidcommandlinesyntaxorarguments. Cannotacquirelock.Anotheresxupdateisrunning. Downloadingorextractionofdatafailed.Verifythatthe correctURLwasspecified,andisreachable.Use esxcfg-firewalltoopenadditionalports.Ifthetarget URLorfilehasbeencopiedfromanothersource,verifythat ithasbeencopiedcorrectly.
15 18 19 20 21 22 23 24 25
PackageManagerError MaintenanceModeError PostScriptError VibSigMissingError VibSigVersionError VibSigFormatError VibSigInvalidError VibSigDigestError UnsatisfiedDependencies
AdditionalVIBsarerequiredforinstallation,andtheuser declinedtoinstallthem.Thisconditionisspecifically differentfromDependencyError.Whiledependencieswere successfullyresolved,theycouldnotbeautomatically installedduetouserinput(CLI)orfailureofthecallerto specifyrequiredVIBsonthecommandline(HAorCLI). Notanerror.Thesystemmustberebootedtocompletethe update.
80
VMware, Inc.
19
Frequently Asked Questions

WhenanRPMonmyESXhosthasaLinuxequivalent,canIusetheLinuxRPMtoupdatemysystem? No.VMwarerecommendsthatyouupdateyourESX4.0hostwithRPMssuppliedbyVMware. CanIremoveinstalledVMwarepatchesfrommyESXhost? No.Patchescannotberemovedaftertheyareinstalled. ShouldthebuildnumberoftheESXhostchangeafterIapplyapatch? ItisnormalforsomeportionsoftheESX4.0softwareinstallationtochangebuildnumberswhenpatchesare applied.ForinformationondeterminingthebuildnumberforeachofthecomponentsofyourESX installation,seetheVMwareknowledgebasearticle,KB1001179.
20
VMware, Inc.
ESX Patch Management Tools
ThissectiondescribesthreepatchmanagementtoolsthatVMwareprovidesinadditiontotheesxupdate utility:

AboutVMwarevCenterUpdateManager AboutvSphereHostUpdateUtility AboutvihostupdatevSphereCLI
Youcanaccessthemostcurrentversionsofthedocumentationforeachtoolbygoingto http://www.vmware.com/support/pubs. YoucanfindinformationabouttheVMwareUpgradeandUpdatePolicybygoingto http://www.vmware.com/support/policies/upgrade.html.
About VMware vCenter Update Manager

VMwarevCenterUpdateManagerisanoptionalmoduleforvCenterServerthatperiodicallydownloads patchinformationfromtheInternet.UpdateManagerperformsuserdefinedscanoperationsonESX4.0and ESXi4.0hostsforpatchcompliance.Ifitdeterminesapatchisrequired,VMwarevCenterUpdateManager downloadsthepatchandinstallsitbasedonuserdefinedconfigurations.VMwarevCenterUpdateManager canperformscanandinstallationoperationswithlatestpatchesinanairgaporsemiairgapenvironmentthat hasnoInternetaccess,byusingasharedrepository.TheUpdateManagerpluginisanoptionalfeaturethat requiresvSphereClient. TheVMwarevCenterUpdateManagerdocumentationconsistsofreleasenotes,anadministrationguide,and onlinehelpintegratedwiththeVMwarevCenterUpdateManagervSphereClientplugin.
About vSphere Host Update Utility

YoucanusevSphereHostUpdateUtilitytopatchESXi4.0hosts.vSphereHostUpdateUtilityfindsapplicable patchesandenablesyoutoinstallthem.YouhavetheoptiontoinstallvSphereHostUpdateUtilitywhenyou installthevSphereClient.Bydefault,theutilityisnotinstalled. ThevSphereHostUpdateUtilityisdocumentedinthevSphereUpgradeGuide.
About vihostupdate vSphere CLI

ThevihostupdatevSphereCLIcommandcanscanESX/ESXihostsforinstalledpatches,enforcesoftware updatepolicies,andinstallsoftwarepatches.ItcanperformsoftwareupdatestoESX/ESXiimagesandinstall andupdateESX/ESXiextensionssuchasVMkernelmodules,drivers,andCIMproviders.ForESX/ESXi4.0 hosts,runvihostupdate.ForESX/ESXi3.5hosts,runvihostupdate35. SeethevSphereCLIInstallationandReferenceGuideandthevSphereUpgradeGuide.
VMware, Inc.
21
22
VMware, Inc.
Index
B
bulletins about extracting 11 about installing 14 installing 15 querying bulletins in a depot 13 querying installed bulletins 12 retrieving RPM details 13 scanning 11, 12 test install 13 verifying installation 16
disk space 13 verifying 16 installed bulletins listing 12
P
patching customizing 9 strategy 8 patching tools vihostupdate vSphere CLI 21 VMware vCenter Update 21 vSphere Host Update Utility 21
C
customizing patching, about 9
Q
query command about 18 sample output 12
D
depots querying bulletins 13 disk space requirements 13
R
roll-ups about installing 14 installing 15 RPM packages retrieving details 13
E
error messages 19 esxupdate --all option 18 -b option 17 exit codes and error messages 19 info operation 18 --loglevel option 18 query operation 18 scan operation 18 stage operation 18 update operation 18 esxupdate utility about 7 commands 17, 18 options 17 Exit codes 19
S
scan command sample output 11 scanning bulletins 12 about 11
T
test install, running 13
U
update command about 18
F
frequently asked questions 20
V
vihostupdate vSphere CLI 21 VMware vCenter Update 21 vSphere Host Update Utility 21
I
info command about 18 sample output 13 installation
VMware, Inc.
23
24
VMware, Inc.
Updates for the ESX 4 Patch Management Guide
LastUpdated:February17,2010 ThisdocumentprovidesupdatestotheESX4.0versionoftheESX4PatchManagementGuide.Updated descriptions,procedures,andgraphicsareorganizedbypagenumbersothatyoucaneasilylocatetheareas oftheguidethathavechanges.Ifthechangespansmultiplesequentialpages,thisdocumentprovidesthe startingpagenumberonly. ThefollowingisanupdatetotheESX4PatchManagementGuide: UpdatestotheVerifyingDiskSpacesectiononPage 13
Updates to the Verifying Disk Space section on Page 13

IntheVerifyingDiskSpacesection,thefirstandsecondlistitemshouldbe:

The/ partitionhasatleast50MBoffreespace. Thediskspaceallocatedtotheserviceconsolehasanamountoffreespacethatisthricethesizeofthe bulletintobeinstalled
VMware, Inc.
Update25
Update26
VMware, Inc.

ESX 4 Patch Management Guide 4.0

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

ESX 4 Patch Management Guide 4.0

Încărcat de

Drepturi de autor:

Formate disponibile

ESX 4 Patch Management Guide