Upload
peter-toth
View
233
Download
0
Embed Size (px)
Citation preview
8/3/2019 ESX 4 Patch Management Guide 4.0
1/26
ESX 4 Patch Management GuideESX 4.0
This document supports the version of each product listed and
supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of thisdocument, see http://www.vmware.com/support/pubs.
EN-000137-01
http://www.vmware.com/support/pubshttp://www.vmware.com/support/pubs8/3/2019 ESX 4 Patch Management Guide 4.0
2/26
VMware, Inc.
3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com
2 VMware, Inc.
ESX 4 Patch Management Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
Copyright 20092011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright andintellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents .VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marksand names mentioned herein may be trademarks of their respective companies.
http://www.vmware.com/supportmailto:[email protected]://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentsmailto:[email protected]://www.vmware.com/supporthttp://www.vmware.com/support/8/3/2019 ESX 4 Patch Management Guide 4.0
3/26
VMware, Inc. 3
Contents
About
This
Book 5
1 AboutPatchesandUpdates 7AbouttheesxupdateUtility 7
PatchMaintenanceStrategy 8
CustomizingYourPatchProcess 9
2 InstallingUpdates 11BundleZipFiles 11
ScanningforApplicableBulletins 11
RetrievingBulletinInformation 12
VerifyingDiskSpace 13
StaginganInstallation 13
InstallingBulletins 14
InstallBulletinsonanESX4.0Host 15
3 ReferenceInformation 17esxupdateOptionsandCommands 17
esxupdateCommands 18
esxupdateExitCodesandErrorMessages 19
FrequentlyAskedQuestions 20
4 ESXPatchManagementTools 21AboutVMwarevCenterUpdateManager 21
AboutvSphereHostUpdateUtility 21
AboutvihostupdatevSphereCLI 21
Index 23
8/3/2019 ESX 4 Patch Management Guide 4.0
4/26
ESX 4 Patch Management Guide
4 VMware, Inc.
8/3/2019 ESX 4 Patch Management Guide 4.0
5/26
VMware, Inc. 5
Thisbook,ESX4PatchManagementGuide,providesbackgroundinformationonprocessingpatchesforESX4.0hostsanddescribeshowtousetheesxupdateutilitytoapplysoftwareupdatesandtotracksoftware
installedonESX4.0hosts.
ThisbookprovidesinformationspecifictoESX4.0hostsandtheesxupdateutility.Itdoesnotdiscussthe
following:
HowtopatchESX4.0hostsautomaticallywiththeVMwareUpdateServiceandtheVMwarevCenter
UpdateManager.Forinformationonthesetools,seeESXPatchManagementToolsonpage 21.
HowtopatchESXi4.0hostswiththevihostupdatevSphereCommandLineInterface(CLI).For
informationonvihostupdate,seeESXPatchManagementToolsonpage 21.
HowtopatchversionsofESXreleasedpriortoversion4.0.Forinformationonthisprocess,seethePatchManagementforESXServerstechnoteandtheESXServer3PatchManagementGuide.
HowtoupgradeESXhosts.Forinformationonupgrading,seethevSphereUpgradeGuide.ForalistofVMwarereleasedefinitions,seetheVMwareUpgradeandUpdatePolicybygoingtohttp://www.vmware.com/support/policies/upgrade.html.
Intended Audience
ThismanualisintendedforanyonewhomustmanuallyapplypatchestoESX4.0hosts.Theinformationin
thismanualiswrittenforsystemadministratorswhouseaserviceconsoletomanageESXhosts.
Whats Changed from ESX 3.x
ThismanualhasbeenupdatedfromtheESXServer3PatchManagementGuidetoincludenewdefinitionsand
proceduresthatareuniquetoESX4.0.
Document Feedback
VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyour
feedbackto:
VMware vSphere Documentation
TheVMwarevSpheredocumentationconsistsofthecombinedvCenterServerandESXdocumentationset.
About This Book
http://www.vmware.com/support/policies/upgrade.htmlhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfmailto:[email protected]://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/support/policies/upgrade.htmlmailto:[email protected]8/3/2019 ESX 4 Patch Management Guide 4.0
6/26
ESX 4 Patch Management Guide
6 VMware, Inc.
Technical Support and Education Resources
Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Youcanaccessthemost
currentversionsofthismanualandotherbooksbygoingto:
http://www.vmware.com/support/pubs
Online and Telephone Support
Useonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and
registeryourproducts.Gotohttp://www.vmware.com/support.
Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseon
priority1issues.Gotohttp://www.vmware.com/support/phone_support.
Support Offerings
FindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Goto
http://www.vmware.com/support/services.
VMware Education Services
VMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerialsdesignedtobeused
asonthejobreferencetools.FormoreinformationaboutVMwareEducationServices,goto
http://mylearn1.vmware.com/mgrreg/index.cfm.
http://www.vmware.com/support/pubshttp://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/supporthttp://www.vmware.com/support/pubs8/3/2019 ESX 4 Patch Management Guide 4.0
7/26
VMware, Inc. 7
1
Softwarepatchesprovideimmediatefixesforoneormoresecurityissuesorcriticalfixesforaspecificareaof
theproduct.Forinformationaboutaspecificpatch,gototheVMwarevSphereDownloadCenterat
http://www.vmware.com/download/vi.
Typesofsoftwareupdatesandrelatedterms:
Bulletin.A
grouping
of
one
or
more
VIBs
(vSphere
Installation
Bundle).
Bulletins
are
defined
within
metadata.
Depot.AlogicalgroupingofVIBsandassociatedmetadatathatispublishedonline.
Extension.AbulletinthatdefinesagroupofVIBsforaddinganoptionalcomponenttoanESXhost.An
extensionisusuallyprovidedbyathirdparty,asarepatchesorupdatestotheextension.
Metadata.Extradatathatdefinesdependencyinformation,textualdescriptions,systemrequirements
andbulletins.
OfflineBundlezip.AnarchivethatencapsulatesVIBsandcorrespondingmetadatainaselfcontained
depotthatisusefulforofflinepatching.
Patch.AbulletinthatgroupsoneormoreVIBstogethertoaddressaparticularissueorenhancement.
Rollup.Acollectionofpatchesthatisgroupedforeaseofdownloadanddeployment.
RPM.Binarypackagesthatincludeasetofcontrolscripts,whichprovideinformationfortheRPMabout
howtoinstallthepackageandanypostinstallationconfigurationthatisneeded.
Update.AperiodicreleaseofanESXimage,whichcontainsmultiplefixesandsupportfornewhardware.
VIB.AVIBisasinglesoftwarepackage.
Patchesdonothaveinstallationwizards.Youinstallthemwithapatchupdatetool.Thepatchupdatetoolfor
ESX4.0hostsisesxupdate.ForinformationaboutpatchupdatetoolsforotherESXversions,seeESXPatchManagementToolsonpage 21.
About the esxupdate Utility
Youusethepatchmaintenanceutility,esxupdate,toretrieveinformationaboutupdatesandextensionsfromVMwareandthirdparties,totrackinstalledsoftware,andtoapplysoftwarepackagestoESX4.0hosts.You
runesxupdatefromtheserviceconsolewhileyouareloggedontoanESX4.0hostasuserroot.Youcanrun
onlyoneinstanceatatimeonthesameESX4.0host.
Arecordofeachinstalledbulletiniswrittentothe/etc/vmware/esxupdatedirectoryonthehost.Therecord
includesthebulletinID,theinstallationtime,theVIBsinstalled,andotherdetails.Thisdirectoryactsasa
patchdatabaseandisusedbyesxupdatetoquerythepatchesinstalledonthehost.
About Patches and Updates 1
CAUTION Thisdirectoryisreadonly.Ifyouchangethecontents,whenesxupdateperformsanintegrity
check,itwillfailforthechangedfiles.Insuchcases,esxupdateexitswithanIntegrityErrormessage.Formore
information,seeesxupdateExitCodesandErrorMessagesonpage 19.
http://www.vmware.com/downloadhttp://www.vmware.com/download8/3/2019 ESX 4 Patch Management Guide 4.0
8/26
ESX 4 Patch Management Guide
8 VMware, Inc.
ForESX4.0hosts,therearefourbasicmodesofesxupdate:Inspectionmode,scanmode,testmode,and
updatemode.
Inspectionmode.Queriesyoursystemforbulletinsandbulletindetails.Youusetwocommandstoretrievebulletininformation:esxupdatequeryandesxupdateinfo.
UsetheesxupdatequerycommandtodisplayalistofbulletinsinstalledonESX4.0host.Theoutput
liststhebulletinsinascendinginstallationorderandincludesthebulletinname,installationdate,and
a40charactersummaryofthebulletin.Allbulletinsthatareinstalledarelisted.Bulletinsthatare
supersededbyanotherbulletinareconsideredobsoleteandarenotdisplayedinthisoutput.
Usetheesxupdateinfocommandtodisplayinformationonthecontentsofoneormorebulletins.
Theoutputincludesthebulletinname,releasedate,anddetailsaboutthemetadatafiles,including
theVIBpackagesthatarepartofthebulletin.
Youcanusetheinfocommandforbothinstalledanduninstalledbulletins.Formoreinformation,
seeRetrievingBulletinInformationonpage 12.
Scanmode.DetermineswhichbulletinsareapplicabletotheESX4.0hostbyqueryingthebulletinsinadepotandthebulletinsinstalledonthehostforbulletinandsystemdependencies.Usetheesxupdate
scancommandbeforeyouinstallbulletinstodeterminewhichonesareapplicabletothehost.Formore
information,seeScanningforApplicableBulletinsonpage 11.
Testmode.Enablesesxupdatetogothroughallinstallationoperationswithoutinstallingthespecifiedbulletins.Testmodedownloadstheappropriatefiles,preloadstheesxupdatedepotcacheforHTTPand
FTPservers,checksforRPMpackagedependencies,anddetermineswhichRPMstoinstall.Formore
information,seeStaginganInstallationonpage 13.
Updatemode.InstallsbulletinsonESX4.0hosts.Usetheesxupdateupdatecommandtoinstallindividualbulletins,abundlezip,oranonlinedepot.Updatemodescansthedepotfordependenciesand
handlesthem,ifpossible,beforeinstalling.Formoreinformation,seeInstallBulletinsonanESX4.0
Hostonpage 15.
Forinformationonesxupdatesyntaxandcommands,seeesxupdateOptionsandCommandsonpage 17
Patch Maintenance StrategyUsethefollowingguidelinestomanagepatchingforyourESX4.0hosts.
Keepyourenvironmentascurrentaspossible.Determinewhetheranybulletinsarenecessaryforyour
environmentandapplythosebulletins.Minimizethechangetoyoursoftwareenvironmentwhenever
possible.Formoreinformationondeterminingbulletinapplicability,seeScanningforApplicable
Bulletinsonpage 11.
Analyzetheriskfactorofapplyingthebulletin.Forexample,assessthevirtualmachineandESX4.0host
downtimerequirements.Thescancommandprovidestheinformationyouneedtoanalyzerisksand
serverdowntime.
Downloadandinstallrollupsratherthanindividualbulletins.Thismethodsavesyoudownloadtime
andensures,whendependenciesexist,thatyourdepotcontainsallnecessarybulletins.
Foramultihostenvironment,setuppatchdepotsonacentralizedserverthatisaccessiblebyallESXhosts.
CreateaseparatedepotforeachESXversioninyourenvironment.Althoughyoucanputdepotsonan
ESXhost,VMwaredoesnotrecommendit.
8/3/2019 ESX 4 Patch Management Guide 4.0
9/26
VMware, Inc. 9
Chapter 1 About Patches and Updates
Customizing Your Patch Process
Youcanwritecustomscriptstoautomateyourpatchprocess.Forexample,youcancreateacronjobto
periodicallydownloadrollupstoadepot.Youcanwriteascripttoscanthedepotforapplicablebulletinsand
installallatonetime.Ifduringthescanoperation,esxupdatefindsabulletinthatrequiresvirtualmachines
tobepoweredoff,youcanwriteascriptthatputsthemintomaintenancemode.
IfyouusecustomscriptstoautomatetheESX3patchprocess,youmustupdatethemtoworkwithESX4.0.
Specifically,upgrade
your
scripts
to
use
the
esxupdate -m option
to
point
to
the
depot
and
to
install
multiple
bulletinsatonetime.
8/3/2019 ESX 4 Patch Management Guide 4.0
10/26
ESX 4 Patch Management Guide
10 VMware, Inc.
8/3/2019 ESX 4 Patch Management Guide 4.0
11/26
VMware, Inc. 11
2
YoumustperformseveralprocedurestoupyourpatchenvironmentandinstallbulletinsonyourESX4.0
hosts.
Thischaptercontainsthefollowingsections:
BundleZipFilesonpage 11
ScanningforApplicableBulletinsonpage 11.
RetrievingBulletinInformationonpage 12.
VerifyingDiskSpaceonpage 13.
StaginganInstallationonpage 13.
VerifyingBulletinInstallationsonpage 16.
Bundle Zip Files
Abundlezipcontainsametadatazipwhichdefinesthebulletinsavailableforinstallationandalsocontains
oneormorepackages.EachpackageisaVIBfilethatistranslatedintooneRPMpackageduringthe
installationprocess.
Scanning for Applicable Bulletins
TodeterminewhichbulletinsinyourdepotareapplicabletoyourESX4.0host,usetheesxupdatescan
command.AbulletinisapplicableifatleastoneVIBpackageappliestotheESXplatformanditupdatesa
packageontheESXhost,orifitisanewpackage.Whenyouscanadepot,bydefaultthescancommandonly
displaysapplicablebulletinsthathaveupdatedornewpackages.The--alloptiondisplaysallofthebulletins
includinginapplicablebulletins.
Ifesxupdatecanhandlealldependenciesanddoesnotfindanyconflicts,itcaninstallthepatchesincluded
inthescan.Ifconflictsexist,theyarelistedinthescanoutput.
ThefollowingExample11showstheinformationreturnedfromanesxupdate scancommandonadepot.
Example 2-1. Example 1-1. scan Command Sample Output
Bulletin ID ---Date--- ----- Summary -----
bul_1 2008-11-12 This is the bul_1
bul_2 2008-11-12 This is the bul_2
Installing Updates 2
8/3/2019 ESX 4 Patch Management Guide 4.0
12/26
ESX 4 Patch Management Guide
12 VMware, Inc.
To scan for applicable bulletins
1 LogintotheserviceconsoleontheESX4.0hostasuserroot.
IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.
2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor
theserviceconsole.
esxcfg-firewall --allowOutgoing
3 Runtheesxupdatescancommand.
Toscanapplicablebulletinsinadepot:
esxupdate -m scan
Toscanforapplicablebulletinsinabundlezip:
esxupdate --bundle scan
Tolistallthebulletinsregardlessofapplicabilityorsoftwareplatform,addthe--all / -aoption.
4 Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity:
esxcfg-firewall --blockOutgoing
Forinformationonscanning,seeScanningforApplicableBulletinsonpage 11.Forinformationon
esxupdatesyntaxandcommands,seeesxupdate scanonpage 18.
Retrieving Bulletin Information
Theesxupdatequeryandesxupdateinfocommandsretrieveinformationaboutinstalledbulletinsand
bulletinsthatareinadepotorbundlezip.
To retrieve information about installed bulletins
1 Fromthe
service
console,
log
on
to
the
ESX
4.0
host
as
user
root.
IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.
2 Runtheesxupdatequeryorinfocommand.
Toretrieveabriefsummaryofallinstalledbulletins:
esxupdate query
Thiscommandlistsallinstalledbulletinsinascendinginstallationorderandincludestheinstallation
dateandabriefsummaryforeachbulletin.
Toretrievedetailsaboutbulletinsreturnedbythequery:
esxupdate -b -b info
Forinformationonesxupdatesyntaxandcommands,seeesxupdate queryonpage 18andesxupdate
infoonpage 18.
ThefollowingExample12showstheinformationreturnedwhenyouruntheesxupdate querycommand
onanESX4.0host.
Example 2-2. Example 1-2. query Command Sample Output
Installed software bulletins
-----Bulletin ID---- --Installed-- --------Summary--------
bul_1 2008-07-08T19:55:04 This is the summary
Cisco Swordfish Drop 071420082008-07-19T05:03:22 Swordfish VIB for COS only
NOTE Youcannotrunesxupdateinthecurrentdirectorywithout-mor--bundle.
8/3/2019 ESX 4 Patch Management Guide 4.0
13/26
VMware, Inc. 13
Chapter 2 Installing Updates
To retrieve information about bulletins in a depot or bundle zip
1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot.
IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.
2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor
theserviceconsole.
esxcfg-firewall --allowOutgoing
3 Runtheesxupdateinfocommand.
Toretrievedetailsofallbulletinsinametadatafile:
esxupdate -m info
Toretrievedetailsofspecificbulletinsinadepot:
esxupdate -m -b -b info
Toretrievedetailedinformationonallbulletinsinabundlezip:
esxupdate --bundle info
4 Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity.
esxcfg-firewall --blockOutgoing
Forinformationonesxupdatesyntaxandcommands,seeesxupdate infoonpage 18.
ThisExample13showstheinformationreturnedwhenyouruntheesxupdateinfocommandonasingle
installedbulletin.
Example 2-3. Example 1-3. info Command Sample Output
Id - Driver 2
Releasedate - Releasedate - 2008-11-17T11:28:42-07:00
Vendor - VMware, Inc.
Summary - Wonderful driver 2.1
Severity - critical
Category - storageInstalldate -
Description - Self-contained bulletin with one Vib
Kburl - http://kb.vmware.com/selfservice/microsites
Contact - [email protected]
List of constituent VIBs:
cross_driver_2.1-1
Verifying Disk Space
Checkthefollowingrequirementstomakesurethehostsystemhasenoughdiskspace.(SEEUPDATE) The/partitiondirectoryhasatleast50MBoffreespace.
Thediskspaceallocatedtotheserviceconsolehasanamountoffreespacethatistwicethesizeofthe
bulletintobeinstalled.
Beforeinstallingpatches,usethestagecommand.SeeStaginganInstallationonpage 13.
Staging an Installation
Staginganinstallationallowsesxupdatetoperformthefollowingtaskswithoutinstallinganybulletins:
DownloadstheappropriatebulletinsandVIBpackagestothehosttoreducedowntimewhenalarge
numberofupdatesmustbeinstalled
ChecksforVIBsignature
8/3/2019 ESX 4 Patch Management Guide 4.0
14/26
ESX 4 Patch Management Guide
14 VMware, Inc.
ChecksforVIBandRPMdependencies
Determinesthebulletinorder
DetermineswhichRPMsmustbeinstalled,butdoesnotinstallthem
ThiscommandalsopopulatestheesxupdatecachefortheHTTPandFTPdepotsaswellasbundlezips.Asa
result,whenyouruntheupdatecommand,thedownloadstepcanbeskipped.
To stage an installation1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot.
IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.
2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor
theserviceconsole.
esxcfg-firewall --allowOutgoing
3 Runtheesxupdate stagecommand.
Torunatestinstallationofallbulletinsinadepot:
esxupdate -m stage
Torunatestinstallationofmultiplebulletinsinadepot:
esxupdate -m -b -b stage
Torunatestinstallationofabundlezip:
esxupdate --bundle stage
4 Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity:
esxcfg-firewall --blockOutgoing
Installing Bulletins
You
use
the
esxupdate
update
command
to
install
bulletins.
You
can
install
any
number
of
bulletins
from
one
ormoredepots.Youcaninstalloneormorebundlezipfiles.Thebundlezipfilesareindependentfromany
depotandcanbelocatedonthelocalESXhost,aCDROMdrive,oranyremoteHTTP,NFS,orFTPserver.
Wheninstallingbulletins,keepinmindthefollowingesxupdatebehavior:
IfyoudonotspecifybulletinIDstoinstall,esxupdateinstallsallapplicablebulletinsinthedepot.
IfyouspecifyoneormorebulletinIDstoinstall,thefollowingcanhappen:
Ifnodependenciesexist,esxupdateinstallsonlythosebulletins.
Ifdependenciesexistandaspecifiedbulletinrequiresyoutoinstalloneormoreunspecified
bulletins,youaregiventheoptiontoinstalladditionalpackages.Thesepackagesareinstalledifyou
entery.
Thehost
system
should
have
the
following
space
available
to
ensure
space
for
the
installation:
Aminimumof24MBforthe/tmpand/boot directories.
Aminimumof100MBforthe/rootdirectory.
Ingeneral,theinstallationrequirestwicethesizeofthedownloadedbulletins.
Beforeyouinstallbulletinsorbundlezipfiles,youmustrunthestagecommandtodownloadallpackages,
validatesignatures,andcheckfordependenciesandconflicts.
Duringtheinstallationprocess,esxupdatevalidateseachVIBpackagebyusingasetofsignaturekeys.Ifany
VIBpackageinapatchcontainsamissingorinvalidsignature,esxupdatedoesnotinstallthebulletin.
8/3/2019 ESX 4 Patch Management Guide 4.0
15/26
VMware, Inc. 15
Chapter 2 Installing Updates
Aftervalidatingthebulletins,esxupdateperformsthefollowingtasksduringtheinstall:
FiltersoutanypackagesthatdonotapplytothecurrentversionESX.
Checksforsoftwaredependenciesandprerequisites,forexample,ifthebulletinisthecorrectESXversion,
ifvirtualmachinesarepoweredoff,andsoon.
Verifiesthedigitalsignaturesofthepackagesineachbulletin.
Checksforadequatediskspace.
RemovesobsoletepackagesfromtheESX4.0host.
Installsthepackages.Packagesinstalledalreadyorsupersededbyanewerinstalledversionarenot
installed.
Updatestheinitrdimage,whichensuresupdateddriversareloadedonESXforthenextboot.
Duringtheinstallation,ifanesxupdatepatchisavailable,theutilityupdatesitself.Iftheinitrdanddriver
configurationsrequirechanges,thechangesaremadeafterallbulletinsareinstalled.
Forinformationoninstallingbulletins,seeInstallBulletinsonanESX4.0Hostonpage 15.Forinformation
oncheckingforpatchdependencies,seeScanningforApplicableBulletinsonpage 11.
Install Bulletins on an ESX 4.0 HostTheinstallationprocessisrecordedintheesxupdate.logfile.Bydefault,thisfileislocatedinthe
/var/log/vmwaredirectory.
To install bulletins on an ESX host
1 Verifythatthehosthasenoughdiskspacetoperformtheinstallation.
SeeVerifyingDiskSpaceonpage 13.
2 Fromtheserviceconsole,logontotheESX4.0hostasuserroot.
IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.
3 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor
theserviceconsole.
esxcfg-firewall --allowOutgoing
4 Scanthedesiredbulletinstodetermineiftheyareapplicable.
SeeToscanforapplicablebulletinsonpage 12.
5 Runesxupdateupdatecommand.
Toinstallallapplicablebulletinsinthedepot:
esxupdate -m update
Toinstallspecificbulletinsinthedepot:
esxupdate -m -b update
Toinstallallapplicablebulletinsinabundlezip:
esxupdate --bundle update
6 Ifnecessary,rebootthesystem.
NOTE esxupdateneverrebootsyourhost.
8/3/2019 ESX 4 Patch Management Guide 4.0
16/26
ESX 4 Patch Management Guide
16 VMware, Inc.
7 Runtheesxupdatequerycommandtoverifytheinstallationwasasuccess.
SeeVerifyingBulletinInstallationsonpage 16.
8 Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity:
esxcfg-firewall --blockOutgoing
Verifying Bulletin Installations
Thiscommandletsyouverifyallinstalledbulletinswereinstalledcorrectly,thatnoneweremissingorhadthewrongversionnumber.
1 Ifnecessary,logontotheESX4.0hostasuserroot.
IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.
2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor
theserviceconsole.
esxcfg-firewall --allowOutgoing
3 Runtheesxupdatequerycommand.
esxupdate query
Verifythebulletinyouinstalledisinthereturnlist.
8/3/2019 ESX 4 Patch Management Guide 4.0
17/26
VMware, Inc. 17
3
Thischaptercontainsthefollowingsections:
esxupdateOptionsandCommandsonpage 17.
esxupdateExitCodesandErrorMessagesonpage 19.
FrequentlyAskedQuestionsonpage 20.
esxupdate Options and Commands
TheesxupdateutilityisapatchmaintenancetoolforESX.Youuseittoreviewthecontentsofabulletin,
installsoftware,andtrackinstalledsoftware.
YourunesxupdatefromtheESXserviceconsolewhileloggedinasuserroot.Theactivityofthetoolis
recordedintheesxupdate.logfile.Bydefault,thisfileislocatedinthe/var/log/vmwaredirectory.
Toseehelpinformationforesxupdate,runtheutilitywithnoarguments.
Reference Information 3
Table 3-1. esxupdate Options
Option Flag Description
--meta -m Specifiesthelocationofmetadatafileinsideadepot.Canberepeated.AmetadataURLmaypointtoavendorswebsitedirectly,ifvendorsmaketheirupdatesavailableonline,ortoalocallymirroredcopy.Whenyouusethe-m flagwithoutthe-b flag,esxupdateselectsallthebulletinsinthemetadata.Forexample:
(HTTP): esxupdate -mhttp://downloads.vmware.com/vi4/update1-metadata.zip -m
http://updates.dvs.cisco.com/fake/esx4/metadata.zip
(HTTPS): esxupdate -mhttps://downloads.vmware.com/vi4/update1-metadata.zip -m
https://updates.dvs.cisco.com/fake/esx4/metadata.zip
(FTP): esxupdate -m ftp:///esx/vi4/metadata.zip-b VMW_ESX4_Patch1
(NFS):esxupdate -m file:///var/updates/esx4/metadata.zip
-b |
-b Specifiesone
or
more
bulletins.
If
not
specified,
all
bulletins
are
handled.
Must
be
combinedwiththe-mor--bundleoptions.Useone-bflagforeachbulletintoinstall.Forexample:
esxupdate m esxupdate -b ESX350-200802055-BG -b
ESX350-200803066-SG
--bundle
Specifiesthelocationofanofflinebundlezip. esxupdatedownloadsandunpacksthezip.Canbeusedwith-boptiontoselectbulletinswithinthebundlezip.Canberepeated.Usewiththescan,info,stage,updatecommands.Forexample:
esxupdate --bundle scan
--http_proxy
:
UseatforHTTPconnections.
8/3/2019 ESX 4 Patch Management Guide 4.0
18/26
ESX 4 Patch Management Guide
18 VMware, Inc.
esxupdate Commands
--all Listsallthebulletinsinmetadataorbundlezips,insteadofjusttheapplicableones.Usethisoptionwiththeesxupdatescancommand.
--loglevel
Changesthelevelofdetailwrittentotheesxupdate.logfile.Possiblevaluesareasfollows:
orDEBUGDebugginginformation
orINFODetailedInformation orWARNINGWarning
orERRORError
--nocache TheesxupdateupdatecommandusesitscacheofalreadydownloadedVIBsifpossible,buttherearetimeswhenthecachecanbecomestale.Usethe--nocacheoptiontoforceesxupdateupdatetoalwaysdownloadallVIBs.
--retry SpecifiesthenumberoftimestoretryaconnectiontoanHTTP,HTTPSorFTPserver.Thedefaultvalueisdefinedinthe[defaults]sectionofesxupdate.conf.Ifyouenteraspecificvaluethedefaultvalue5isoverridden.Forexample,ifyouenter7,itsupersedes5andesxupdatetriestoreconnecttoanHTTP,HTTPSorFTPserverseventimesincaseofabrokenconnection.
--timeout SpecifiestheamountoftimetowaitwhenconnectingtoorreadingfromanHTTP,HTTPS,FTPserverorproxy.
Table 3-1. esxupdate Options (Continued)
Option Flag Description
Table 3-2. esxupdate Commands
Command Description
esxupdate info Displaysinformationaboutbulletins,includingabriefsummary,andbuildandinstalltimes.ThiscommandretrievesthebulletindefinitionsfromthemetadataorthepatchdatabaseontheESXhost(/etc/vmware/esxupdate).SeeRetrievingBulletinInformationonpage 12.
Syntax for bulletins in a depot:
esxupdate -m meta1URL -b bulletinID [-b bulletin2 ...] info
esxupdate --bundle bundleZipURL [-b bulletinID [-b bulletin2 ...]] info
Syntax for bulletins in the patch database:esxupdate -b installed-bulletinID info
esxupdate query Returnsalist,ininstallorder,ofallbulletinsinstalledontheESXhost.SeeToretrieveinformationaboutinstalledbulletinsonpage 12.
Syntax
esxupdate query
esxupdate scan Returnsalistoftheapplicablebulletinsinadepotmetadataorinabundlezip.Usewith--alloptiontoreturnalistofallbulletins.SeeScanningforApplicableBulletinsonpage 11.Syntax
esxupdate [--meta ] [--bundle ] [--all]] scan
esxupdate stage DownloadstheappropriateVIBsfortheselectedbulletins,preloadstheesxupdatedepotcacheforHTTPandFTPservers,andchecksforVIBandRPMdependencies.Forexample:
esxupdate -m stageSeeStaginganInstallationonpage 13.
esxupdate update Checksthespecifiedbulletinsfordependencies,checkstheESXhostfordependencies,determineswhichbulletinstoinstall,andinstallsthemontheESXhost.SeeInstallBulletinsonanESX4.0Hostonpage 15.
Syntax
esxupdate -m https://meta1.zip [-m https://meta2.zip ... ] [-b bulletinID1
[-b bulletinID2 ... ]] update
esxupdate --bundle https://offline-bundle.zip [-b bulletin1 [-b bulletin2
... ]] update
8/3/2019 ESX 4 Patch Management Guide 4.0
19/26
VMware, Inc. 19
Chapter 3 Reference Information
esxupdate Exit Codes and Error Messages
Table 3-3. esxupdate Error Codes and Error Messages
Exit Code Error Message Explanation and Workaround
0 Commandcompletedsuccessfully.
1 Notroot.esxupdatemustbeenteredastherootuser.
2 Invalidcommand
line
syntax
or
arguments.
3 LockingError Cannotacquirelock.Anotheresxupdateisrunning.
4 MetadataDownloadError Downloadingorextractionofdatafailed.VerifythatthecorrectURLwasspecified,andisreachable.Useesxcfg-firewalltoopenadditionalports.IfthetargetURLorfilehasbeencopiedfromanothersource,verifythatithasbeencopiedcorrectly.
5 MetadataFormatError
7 VibDownloadError
26 BundleDownloadError
27 BundleFormatError
8 VibFormatError NotaVIBarchive,missingfiles,filesinwrongorder,descriptor.xmlinvalid.
9 VibIOError Indicatesanerrorreadingorwritingfilestoorfromlocal
storage.Verify
that
adequate
free
space
exists
on
mounted
filesystems.10 FileIOError
11 DatabaseFormatError vibs.xmlnotavalidXMLfile.Bulletinszipnotaziparchive.Invalidstructureineitherfile.
13 NoMatchError VIBorBulletinIDnotinmetadata,orrequestedVIBsorbulletindonotapplytohostplatform(stage,updateonly).
14 DependencyError esxupdatewasunabletoresolvedependencies.ThisconditionisduetoconflictsbetweenanyoftherequestedVIBs,requireddependenciesandthehost,packagesonthehostobsoletingreqestedVIBsortheirrequirements,orduetooneormorerequirementsnotbeingfoundinthemetadata(stage,updateonly).ThisconditionisdifferentfromUnsatisfiedDependencies.
15 PackageManagerError RPMoripkgtransactionfailed.
18 MaintenanceModeError ESXhostisnotinmaintenancemodewhenitmustbe,orhostdisdown.Maintenancemodecannotbedetermined.
19 PostScriptError Apostscriptexitedwithanonzerostatus.
20 VibSigMissingError OneormoreVIBscontaininvalidoruntrustedsignaturedata. Ifthedatahasbeencopiedfromanothersource,verifythatithasbeencopiedcorrectly.Verifythatthehostdateissetcorrectly. Ifproblemspersist,contactVMwareSupport.
21 VibSigVersionError
22 VibSigFormatError
23 VibSigInvalidError
24 VibSigDigestError
25 UnsatisfiedDependencies AdditionalVIBsarerequiredforinstallation,andtheuser
declinedtoinstallthem.ThisconditionisspecificallydifferentfromDependencyError. Whiledependenciesweresuccessfullyresolved,theycouldnotbeautomaticallyinstalledduetouserinput(CLI)orfailureofthecallertospecifyrequiredVIBsonthecommandline(HAorCLI).
80 Notanerror.Thesystemmustberebootedtocompletetheupdate.
8/3/2019 ESX 4 Patch Management Guide 4.0
20/26
ESX 4 Patch Management Guide
20 VMware, Inc.
Frequently Asked Questions
WhenanRPMonmyESXhosthasaLinuxequivalent,canIusetheLinuxRPMtoupdatemysystem?
No.VMwarerecommendsthatyouupdateyourESX4.0hostwithRPMssuppliedbyVMware.
CanIremoveinstalledVMwarepatchesfrommyESXhost?
No.Patchescannotberemovedaftertheyareinstalled.
Shouldthe
build
number
of
the
ESX
host
change
after
Iapply
apatch?
ItisnormalforsomeportionsoftheESX4.0softwareinstallationtochangebuildnumberswhenpatchesare
applied.ForinformationondeterminingthebuildnumberforeachofthecomponentsofyourESX
installation,seetheVMwareknowledgebasearticle,KB1001179.
http://kb.vmware.com/kb/1001179http://kb.vmware.com/kb/1001179http://kb.vmware.com/kb/1001179http://kb.vmware.com/kb/10011798/3/2019 ESX 4 Patch Management Guide 4.0
21/26
VMware, Inc. 21
4
ThissectiondescribesthreepatchmanagementtoolsthatVMwareprovidesinadditiontotheesxupdate
utility:
AboutVMwarevCenterUpdateManager
AboutvSphereHostUpdateUtility
AboutvihostupdatevSphereCLI
Youcanaccessthemostcurrentversionsofthedocumentationforeachtoolbygoingto
http://www.vmware.com/support/pubs.
YoucanfindinformationabouttheVMwareUpgradeandUpdatePolicybygoingtohttp://www.vmware.com/support/policies/upgrade.html.
About VMware vCenter Update Manager
VMwarevCenterUpdateManagerisanoptionalmoduleforvCenterServerthatperiodicallydownloads
patchinformationfromtheInternet.UpdateManagerperformsuserdefinedscanoperationsonESX4.0and
ESXi4.0hostsforpatchcompliance.Ifitdeterminesapatchisrequired,VMwarevCenterUpdateManager
downloadsthe
patch
and
installs
it
based
on
user
defined
configurations.
VMware
vCenter
Update
Manager
canperformscanandinstallationoperationswithlatestpatchesinanairgaporsemiairgapenvironmentthat
hasnoInternetaccess,byusingasharedrepository.TheUpdateManagerpluginisanoptionalfeaturethat
requiresvSphereClient.
TheVMwarevCenterUpdateManagerdocumentationconsistsofreleasenotes,anadministrationguide,and
onlinehelpintegratedwiththeVMwarevCenterUpdateManagervSphereClientplugin.
About vSphere Host Update Utility
YoucanusevSphereHostUpdateUtilitytopatchESXi4.0hosts.vSphereHostUpdateUtilityfindsapplicable
patchesandenablesyoutoinstallthem.YouhavetheoptiontoinstallvSphereHostUpdateUtilitywhenyou
installthevSphereClient. Bydefault,theutilityisnotinstalled.
ThevSphereHostUpdateUtilityisdocumentedinthevSphereUpgradeGuide.About vihostupdate vSphere CLI
ThevihostupdatevSphereCLIcommandcanscanESX/ESXihostsforinstalledpatches,enforcesoftware
updatepolicies,andinstallsoftwarepatches.ItcanperformsoftwareupdatestoESX/ESXiimagesandinstall
andupdateESX/ESXiextensionssuchasVMkernelmodules,drivers,andCIMproviders.ForESX/ESXi4.0
hosts,runvihostupdate.ForESX/ESXi3.5hosts,runvihostupdate35.
SeethevSphereCLIInstallationandReferenceGuideandthevSphereUpgradeGuide.
ESX Patch Management Tools 4
http://www.vmware.com/support/policies/upgrade.htmlhttp://www.vmware.com/support/policies/upgrade.html8/3/2019 ESX 4 Patch Management Guide 4.0
22/26
ESX 4 Patch Management Guide
22 VMware, Inc.
8/3/2019 ESX 4 Patch Management Guide 4.0
23/26
VMware, Inc. 23
Index
Bbulletinsabout extracting 11
about installing 14
installing 15
querying bulletins in a depot 13
querying installed bulletins 12
retrieving RPM details 13
scanning 11, 12
test install 13
verifying installation 16
Ccustomizing patching, about 9
D
depots
querying bulletins 13
disk space
requirements 13
E
error messages 19
esxupdate
--all option 18
-b option 17
exit codes and error messages 19
info operation 18
--loglevel option 18
query operation 18
scan operation 18
stage operation 18
update operation 18
esxupdate utility
about 7
commands 17, 18options 17
Exit codes 19
F
frequently asked questions 20
I
info command
about 18
sample output 13
installation
disk space 13
verifying 16
installed bulletins
listing 12
P
patching
customizing 9
strategy 8
patching tools
vihostupdate vSphere CLI 21
VMware vCenter Update 21
vSphere Host Update Utility 21
Q
query command
about 18
sample output 12
R
roll-ups
about installing 14
installing 15
RPM packages
retrieving details 13
S
scan command
sample output 11
scanning bulletins 12
about 11
T
test install, running 13
U
update command
about 18
V
vihostupdate vSphere CLI 21
VMware vCenter Update 21
vSphere Host Update Utility 21
8/3/2019 ESX 4 Patch Management Guide 4.0
24/26
ESX 4 Patch Management Guide
24 VMware, Inc.
8/3/2019 ESX 4 Patch Management Guide 4.0
25/26
VMware, Inc. Update25
Updates for the ESX 4 Patch Management Guide
LastUpdated:February17,2010
ThisdocumentprovidesupdatestotheESX4.0versionoftheESX4PatchManagementGuide.Updated
descriptions,procedures,andgraphicsareorganizedbypagenumbersothatyoucaneasilylocatetheareas
oftheguidethathavechanges.Ifthechangespansmultiplesequentialpages,thisdocumentprovidesthe
startingpagenumberonly.
ThefollowingisanupdatetotheESX4PatchManagementGuide:
UpdatestotheVerifyingDiskSpacesectiononPage 13
Updates to the Verifying Disk Space section on Page 13
IntheVerifyingDiskSpacesection,thefirstandsecondlistitemshouldbe:
The/ partitionhasatleast50MBoffreespace.
Thediskspaceallocatedtotheserviceconsolehasanamountoffreespacethatisthricethesizeofthe
bulletintobeinstalled
8/3/2019 ESX 4 Patch Management Guide 4.0
26/26