Documente Academic
Documente Profesional
Documente Cultură
ESX 4.0
This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
EN-000137-01
You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com
Copyright 20092011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
Contents
AboutThisBook
1 AboutPatchesandUpdates 7
AbouttheesxupdateUtility 7 PatchMaintenanceStrategy 8 CustomizingYourPatchProcess 9
2 InstallingUpdates 11
BundleZipFiles 11 ScanningforApplicableBulletins 11 RetrievingBulletinInformation 12 VerifyingDiskSpace 13 StaginganInstallation 13 InstallingBulletins 14 InstallBulletinsonanESX4.0Host 15
3 ReferenceInformation 17
esxupdateOptionsandCommands 17 esxupdateCommands 18 esxupdateExitCodesandErrorMessages 19 FrequentlyAskedQuestions 20
4 ESXPatchManagementTools 21
AboutVMwarevCenterUpdateManager 21 AboutvSphereHostUpdateUtility 21 AboutvihostupdatevSphereCLI 21
Index 23
VMware, Inc.
VMware, Inc.
HowtopatchESX4.0hostsautomaticallywiththeVMwareUpdateServiceandtheVMwarevCenter UpdateManager.Forinformationonthesetools,seeESXPatchManagementToolsonpage 21. HowtopatchESXi4.0hostswiththevihostupdatevSphereCommandLineInterface(CLI).For informationonvihostupdate,seeESXPatchManagementToolsonpage 21. HowtopatchversionsofESXreleasedpriortoversion4.0.Forinformationonthisprocess,seethePatch ManagementforESXServerstechnoteandtheESXServer3PatchManagementGuide. HowtoupgradeESXhosts.Forinformationonupgrading,seethevSphereUpgradeGuide.Foralistof VMwarereleasedefinitions,seetheVMwareUpgradeandUpdatePolicybygoingto http://www.vmware.com/support/policies/upgrade.html.
Intended Audience
ThismanualisintendedforanyonewhomustmanuallyapplypatchestoESX4.0hosts.Theinformationin thismanualiswrittenforsystemadministratorswhouseaserviceconsoletomanageESXhosts.
Document Feedback
VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyour feedbackto: docfeedback@vmware.com
VMware, Inc.
Support Offerings
FindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Goto http://www.vmware.com/support/services.
VMware, Inc.
Bulletin.AgroupingofoneormoreVIBs(vSphereInstallationBundle).Bulletinsaredefinedwithinmetadata. Depot.AlogicalgroupingofVIBsandassociatedmetadatathatispublishedonline. Extension.AbulletinthatdefinesagroupofVIBsforaddinganoptionalcomponenttoanESXhost.An extensionisusuallyprovidedbyathirdparty,asarepatchesorupdatestotheextension. Metadata.Extradatathatdefinesdependencyinformation,textualdescriptions,systemrequirements andbulletins. OfflineBundlezip.AnarchivethatencapsulatesVIBsandcorrespondingmetadatainaselfcontained depotthatisusefulforofflinepatching. Patch.AbulletinthatgroupsoneormoreVIBstogethertoaddressaparticularissueorenhancement. Rollup.Acollectionofpatchesthatisgroupedforeaseofdownloadanddeployment. RPM.Binarypackagesthatincludeasetofcontrolscripts,whichprovideinformationfortheRPMabout howtoinstallthepackageandanypostinstallationconfigurationthatisneeded. Update.AperiodicreleaseofanESXimage,whichcontainsmultiplefixesandsupportfornewhardware. VIB.AVIBisasinglesoftwarepackage.
VMware, Inc.
ForESX4.0hosts,therearefourbasicmodesofesxupdate:Inspectionmode,scanmode,testmode,and updatemode.
Inspectionmode.Queriesyoursystemforbulletinsandbulletindetails.Youusetwocommandsto retrievebulletininformation:esxupdatequeryandesxupdateinfo.
UsetheesxupdatequerycommandtodisplayalistofbulletinsinstalledonESX4.0host.Theoutput liststhebulletinsinascendinginstallationorderandincludesthebulletinname,installationdate,and a40charactersummaryofthebulletin.Allbulletinsthatareinstalledarelisted.Bulletinsthatare supersededbyanotherbulletinareconsideredobsoleteandarenotdisplayedinthisoutput. Usetheesxupdateinfocommandtodisplayinformationonthecontentsofoneormorebulletins. Theoutputincludesthebulletinname,releasedate,anddetailsaboutthemetadatafiles,including theVIBpackagesthatarepartofthebulletin. Youcanusetheinfocommandforbothinstalledanduninstalledbulletins.Formoreinformation, seeRetrievingBulletinInformationonpage 12.
Scanmode.DetermineswhichbulletinsareapplicabletotheESX4.0hostbyqueryingthebulletinsina depotandthebulletinsinstalledonthehostforbulletinandsystemdependencies.Usetheesxupdate scancommandbeforeyouinstallbulletinstodeterminewhichonesareapplicabletothehost.Formore information,seeScanningforApplicableBulletinsonpage 11. Testmode.Enablesesxupdatetogothroughallinstallationoperationswithoutinstallingthespecified bulletins.Testmodedownloadstheappropriatefiles,preloadstheesxupdatedepotcacheforHTTPand FTPservers,checksforRPMpackagedependencies,anddetermineswhichRPMstoinstall.Formore information,seeStaginganInstallationonpage 13. Updatemode.InstallsbulletinsonESX4.0hosts.Usetheesxupdateupdatecommandtoinstall individualbulletins,abundlezip,oranonlinedepot.Updatemodescansthedepotfordependenciesand handlesthem,ifpossible,beforeinstalling.Formoreinformation,seeInstallBulletinsonanESX4.0 Hostonpage 15.
Forinformationonesxupdatesyntaxandcommands,seeesxupdateOptionsandCommandsonpage 17
Keepyourenvironmentascurrentaspossible.Determinewhetheranybulletinsarenecessaryforyour environmentandapplythosebulletins.Minimizethechangetoyoursoftwareenvironmentwhenever possible.Formoreinformationondeterminingbulletinapplicability,seeScanningforApplicable Bulletinsonpage 11. Analyzetheriskfactorofapplyingthebulletin.Forexample,assessthevirtualmachineandESX4.0host downtimerequirements.Thescancommandprovidestheinformationyouneedtoanalyzerisksand serverdowntime. Downloadandinstallrollupsratherthanindividualbulletins.Thismethodsavesyoudownloadtime andensures,whendependenciesexist,thatyourdepotcontainsallnecessarybulletins. Foramultihostenvironment,setuppatchdepotsonacentralizedserverthatisaccessiblebyallESXhosts. CreateaseparatedepotforeachESXversioninyourenvironment.Althoughyoucanputdepotsonan ESXhost,VMwaredoesnotrecommendit.
VMware, Inc.
VMware, Inc.
10
VMware, Inc.
Installing Updates
BundleZipFilesonpage 11 ScanningforApplicableBulletinsonpage 11. RetrievingBulletinInformationonpage 12. VerifyingDiskSpaceonpage 13. StaginganInstallationonpage 13. VerifyingBulletinInstallationsonpage 16.
VMware, Inc.
11
Runtheesxupdatescancommand. NOTEYoucannotrunesxupdateinthecurrentdirectorywithout-mor--bundle.
Toscanapplicablebulletinsinadepot:
esxupdate -m <metadataURL> scan
Toscanforapplicablebulletinsinabundlezip:
esxupdate --bundle <bundleZipURL> scan
Tolistallthebulletinsregardlessofapplicabilityorsoftwareplatform,addthe--all / -aoption.
Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity:
esxcfg-firewall --blockOutgoing
Toretrieveabriefsummaryofallinstalledbulletins:
esxupdate query
Thiscommandlistsallinstalledbulletinsinascendinginstallationorderandincludestheinstallation dateandabriefsummaryforeachbulletin.
Toretrievedetailsaboutbulletinsreturnedbythequery:
esxupdate -b <bulletin1> -b <bulletin2> info
Forinformationonesxupdatesyntaxandcommands,seeesxupdate queryonpage 18andesxupdate infoonpage 18. ThefollowingExample12showstheinformationreturnedwhenyouruntheesxupdate querycommand onanESX4.0host. Example 2-2. Example 1-2. query Command Sample Output
Installed software bulletins -----Bulletin ID-----Installed-bul_1 2008-07-08T19:55:04 Cisco Swordfish Drop 07142008 2008-07-19T05:03:22 --------Summary-------This is the summary Swordfish VIB for COS only
12
VMware, Inc.
To retrieve information about bulletins in a depot or bundle zip 1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot. IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh. 2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor theserviceconsole.
esxcfg-firewall --allowOutgoing
Runtheesxupdateinfocommand.
Toretrievedetailsofallbulletinsinametadatafile:
esxupdate -m <metadataURL> info
Toretrievedetailsofspecificbulletinsinadepot:
esxupdate -m <metadataURL> -b <BulletinID1> -b <BulletinID2> info
Toretrievedetailedinformationonallbulletinsinabundlezip:
esxupdate --bundle <bundleZipUrl> info
Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity.
esxcfg-firewall --blockOutgoing
Forinformationonesxupdatesyntaxandcommands,seeesxupdate infoonpage 18. ThisExample13showstheinformationreturnedwhenyouruntheesxupdateinfocommandonasingle installedbulletin. Example 2-3. Example 1-3. info Command Sample Output
Id - Driver 2 Releasedate - Releasedate - 2008-11-17T11:28:42-07:00 Vendor - VMware, Inc. Summary - Wonderful driver 2.1 Severity - critical Category - storage Installdate Description - Self-contained bulletin with one Vib Kburl - http://kb.vmware.com/selfservice/microsites Contact - support@vmware.com List of constituent VIBs: cross_driver_2.1-1
Staging an Installation
Staginganinstallationallowsesxupdatetoperformthefollowingtaskswithoutinstallinganybulletins:
VMware, Inc.
13
Runtheesxupdate stagecommand.
Torunatestinstallationofallbulletinsinadepot:
esxupdate -m <metadataURL> stage
Torunatestinstallationofmultiplebulletinsinadepot:
esxupdate -m <metadataURL> -b <BulletinID> -b <BulletinID> stage
Torunatestinstallationofabundlezip:
esxupdate --bundle <bundleZipUrl> stage
Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity:
esxcfg-firewall --blockOutgoing
Installing Bulletins
Youusetheesxupdateupdatecommandtoinstallbulletins.Youcaninstallanynumberofbulletinsfromone ormoredepots.Youcaninstalloneormorebundlezipfiles.Thebundlezipfilesareindependentfromany depotandcanbelocatedonthelocalESXhost,aCDROMdrive,oranyremoteHTTP,NFS,orFTPserver. Wheninstallingbulletins,keepinmindthefollowingesxupdatebehavior:
IfyoudonotspecifybulletinIDstoinstall,esxupdateinstallsallapplicablebulletinsinthedepot. IfyouspecifyoneormorebulletinIDstoinstall,thefollowingcanhappen:
Thehostsystemshouldhavethefollowingspaceavailabletoensurespacefortheinstallation:
14
VMware, Inc.
Aftervalidatingthebulletins,esxupdateperformsthefollowingtasksduringtheinstall:
Runesxupdateupdatecommand.
Toinstallallapplicablebulletinsinthedepot:
esxupdate -m <metadataURL> update
Toinstallspecificbulletinsinthedepot:
esxupdate -m <metadataURL> -b <Bulletin1> update
Toinstallallapplicablebulletinsinabundlezip:
esxupdate --bundle <rollupBundleZipURL> update
Ifnecessary,rebootthesystem.
VMware, Inc.
15
Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity:
esxcfg-firewall --blockOutgoing
Runtheesxupdatequerycommand.
esxupdate query
Verifythebulletinyouinstalledisinthereturnlist.
16
VMware, Inc.
Reference Information
Thischaptercontainsthefollowingsections:
-m
(FTP): esxupdate -m ftp://<FTP_Server_Hostname>/esx/vi4/metadata.zip -b VMW_ESX4_Patch1 (NFS):esxupdate -m file:///var/updates/esx4/metadata.zip -b <BulletinID> | <*> -b Specifiesoneormorebulletins.Ifnotspecified,allbulletinsarehandled.Mustbe combinedwiththe-mor--bundleoptions.Useone-bflagforeachbulletinto install.Forexample: esxupdate m <metadataURL> esxupdate -b ESX350-200802055-BG -b ESX350-200803066-SG --bundle <bundlezipURL> Specifiesthelocationofanofflinebundlezip.esxupdatedownloadsandunpacks thezip.Canbeusedwith-boptiontoselectbulletinswithinthebundlezip.Canbe repeated.Usewiththescan,info,stage,updatecommands.Forexample: esxupdate --bundle <bundleZipURL> scan --http_proxy <proxy_server>: <port> Use<proxy_server>at<port>forHTTPconnections.
VMware, Inc.
17
--nocache
TheesxupdateupdatecommandusesitscacheofalreadydownloadedVIBsif possible,buttherearetimeswhenthecachecanbecomestale.Usethe--nocache optiontoforceesxupdateupdatetoalwaysdownloadallVIBs. SpecifiesthenumberoftimestoretryaconnectiontoanHTTP,HTTPSorFTPserver. Thedefaultvalueisdefinedinthe[defaults]sectionofesxupdate.conf.Ifyouenter aspecificvaluethedefaultvalue5isoverridden.Forexample,ifyouenter7,it supersedes5andesxupdatetriestoreconnecttoanHTTP,HTTPSorFTPserver seventimesincaseofabrokenconnection. SpecifiestheamountoftimetowaitwhenconnectingtoorreadingfromanHTTP, HTTPS,FTPserverorproxy.
--retry
--timeout
esxupdate Commands
Table 3-2. esxupdate Commands
Command esxupdate info Description Displaysinformationaboutbulletins,includingabriefsummary,andbuildandinstalltimes. Thiscommandretrievesthebulletindefinitionsfromthemetadataorthepatchdatabaseonthe ESXhost(/etc/vmware/esxupdate).SeeRetrievingBulletinInformationonpage 12. Syntax for bulletins in a depot: esxupdate -m meta1URL -b bulletinID [-b bulletin2 ...] info esxupdate --bundle bundleZipURL [-b bulletinID [-b bulletin2 ...]] info Syntax for bulletins in the patch database: esxupdate -b installed-bulletinID info esxupdate query Returnsalist,ininstallorder,ofallbulletinsinstalledontheESXhost.SeeToretrieve informationaboutinstalledbulletinsonpage 12. Syntax esxupdate query esxupdate scan Returnsalistoftheapplicablebulletinsinadepotmetadataorinabundlezip.Usewith--all optiontoreturnalistofallbulletins.SeeScanningforApplicableBulletinsonpage 11. Syntax esxupdate [--meta <metadataURL>] [--bundle <bundle-zip-URL>] [--all]] scan esxupdate stage DownloadstheappropriateVIBsfortheselectedbulletins,preloadstheesxupdatedepotcache forHTTPandFTPservers,andchecksforVIBandRPMdependencies.Forexample: esxupdate -m <metadataURL> stage SeeStaginganInstallationonpage 13. esxupdate update Checksthespecifiedbulletinsfordependencies,checkstheESXhostfordependencies, determineswhichbulletinstoinstall,andinstallsthemontheESXhost.SeeInstallBulletinson anESX4.0Hostonpage 15. Syntax esxupdate -m https://meta1.zip [-m https://meta2.zip ... ] [-b bulletinID1 [-b bulletinID2 ... ]] update esxupdate --bundle https://offline-bundle.zip [-b bulletin1 [-b bulletin2 ... ]] update
18
VMware, Inc.
15 18 19 20 21 22 23 24 25
80
VMware, Inc.
19
20
VMware, Inc.
ThissectiondescribesthreepatchmanagementtoolsthatVMwareprovidesinadditiontotheesxupdate utility:
VMware, Inc.
21
22
VMware, Inc.
Index
B
bulletins about extracting 11 about installing 14 installing 15 querying bulletins in a depot 13 querying installed bulletins 12 retrieving RPM details 13 scanning 11, 12 test install 13 verifying installation 16
P
patching customizing 9 strategy 8 patching tools vihostupdate vSphere CLI 21 VMware vCenter Update 21 vSphere Host Update Utility 21
C
customizing patching, about 9
Q
query command about 18 sample output 12
D
depots querying bulletins 13 disk space requirements 13
R
roll-ups about installing 14 installing 15 RPM packages retrieving details 13
E
error messages 19 esxupdate --all option 18 -b option 17 exit codes and error messages 19 info operation 18 --loglevel option 18 query operation 18 scan operation 18 stage operation 18 update operation 18 esxupdate utility about 7 commands 17, 18 options 17 Exit codes 19
S
scan command sample output 11 scanning bulletins 12 about 11
T
test install, running 13
U
update command about 18
F
frequently asked questions 20
V
vihostupdate vSphere CLI 21 VMware vCenter Update 21 vSphere Host Update Utility 21
I
info command about 18 sample output 13 installation
VMware, Inc.
23
24
VMware, Inc.
VMware, Inc.
Update25
Update26
VMware, Inc.