ESX 4 Patch Management GuideESX 4.0

This document supports the version of each product listed andsupports all subsequent versions until the document is replacedby a new edition. To check for more recent editions of thisdocument, see http://www.vmware.com/support/pubs.

EN-000137-01

http://www.vmware.com/support/pubs

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

2 VMware, Inc.

ESX 4 Patch Management Guide

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright 20092011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

http://www.vmware.com/support/http://www.vmware.com/supportmailto:docfeedback@vmware.comhttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patents

VMware, Inc. 3

Contents

AboutThisBook 5

1 AboutPatchesandUpdates 7AbouttheesxupdateUtility 7PatchMaintenanceStrategy 8CustomizingYourPatchProcess 9

2 InstallingUpdates 11BundleZipFiles 11ScanningforApplicableBulletins 11RetrievingBulletinInformation 12VerifyingDiskSpace 13StaginganInstallation 13InstallingBulletins 14InstallBulletinsonanESX4.0Host 15

3 ReferenceInformation 17esxupdateOptionsandCommands 17esxupdateCommands 18esxupdateExitCodesandErrorMessages 19FrequentlyAskedQuestions 20

4 ESXPatchManagementTools 21AboutVMwarevCenterUpdateManager 21AboutvSphereHostUpdateUtility 21AboutvihostupdatevSphereCLI 21

Index 23

ESX 4 Patch Management Guide

4 VMware, Inc.

VMware, Inc. 5

Thisbook,ESX4PatchManagementGuide,providesbackgroundinformationonprocessingpatchesforESX4.0hostsanddescribeshowtousetheesxupdateutilitytoapplysoftwareupdatesandtotracksoftwareinstalledonESX4.0hosts.

ThisbookprovidesinformationspecifictoESX4.0hostsandtheesxupdateutility.Itdoesnotdiscussthefollowing:

HowtopatchESX4.0hostsautomaticallywiththeVMwareUpdateServiceandtheVMwarevCenterUpdateManager.Forinformationonthesetools,seeESXPatchManagementToolsonpage 21.

HowtopatchESXi4.0hostswiththevihostupdatevSphereCommandLineInterface(CLI).Forinformationonvihostupdate,seeESXPatchManagementToolsonpage 21.

HowtopatchversionsofESXreleasedpriortoversion4.0.Forinformationonthisprocess,seethePatchManagementforESXServerstechnoteandtheESXServer3PatchManagementGuide.

HowtoupgradeESXhosts.Forinformationonupgrading,seethevSphereUpgradeGuide.ForalistofVMwarereleasedefinitions,seetheVMwareUpgradeandUpdatePolicybygoingtohttp://www.vmware.com/support/policies/upgrade.html.

Intended AudienceThismanualisintendedforanyonewhomustmanuallyapplypatchestoESX4.0hosts.TheinformationinthismanualiswrittenforsystemadministratorswhouseaserviceconsoletomanageESXhosts.

Whats Changed from ESX 3.xThismanualhasbeenupdatedfromtheESXServer3PatchManagementGuidetoincludenewdefinitionsandproceduresthatareuniquetoESX4.0.

Document FeedbackVMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyourfeedbackto:

docfeedback@vmware.com

VMware vSphere DocumentationTheVMwarevSpheredocumentationconsistsofthecombinedvCenterServerandESXdocumentationset.

About This Book

mailto:docfeedback@vmware.comhttp://www.vmware.com/support/policies/upgrade.htmlhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdf

ESX 4 Patch Management Guide

6 VMware, Inc.

Technical Support and Education ResourcesThefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Youcanaccessthemostcurrentversionsofthismanualandotherbooksbygoingto:

http://www.vmware.com/support/pubs

Online and Telephone SupportUseonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,andregisteryourproducts.Gotohttp://www.vmware.com/support.

Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseonpriority1issues.Gotohttp://www.vmware.com/support/phone_support.

Support OfferingsFindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Gotohttp://www.vmware.com/support/services.

VMware Education ServicesVMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerialsdesignedtobeusedasonthejobreferencetools.FormoreinformationaboutVMwareEducationServices,gotohttp://mylearn1.vmware.com/mgrreg/index.cfm.

http://www.vmware.com/support/pubshttp://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfm

VMware, Inc. 7

1

Softwarepatchesprovideimmediatefixesforoneormoresecurityissuesorcriticalfixesforaspecificareaoftheproduct.Forinformationaboutaspecificpatch,gototheVMwarevSphereDownloadCenterathttp://www.vmware.com/download/vi.

Typesofsoftwareupdatesandrelatedterms:

Bulletin.AgroupingofoneormoreVIBs(vSphereInstallationBundle).Bulletinsaredefinedwithinmetadata.

Depot.AlogicalgroupingofVIBsandassociatedmetadatathatispublishedonline.

Extension.AbulletinthatdefinesagroupofVIBsforaddinganoptionalcomponenttoanESXhost.Anextensionisusuallyprovidedbyathirdparty,asarepatchesorupdatestotheextension.

Metadata.Extradatathatdefinesdependencyinformation,textualdescriptions,systemrequirementsandbulletins.

OfflineBundlezip.AnarchivethatencapsulatesVIBsandcorrespondingmetadatainaselfcontaineddepotthatisusefulforofflinepatching.

Patch.AbulletinthatgroupsoneormoreVIBstogethertoaddressaparticularissueorenhancement.

Rollup.Acollectionofpatchesthatisgroupedforeaseofdownloadanddeployment.

RPM.Binarypackagesthatincludeasetofcontrolscripts,whichprovideinformationfortheRPMabouthowtoinstallthepackageandanypostinstallationconfigurationthatisneeded.

Update.AperiodicreleaseofanESXimage,whichcontainsmultiplefixesandsupportfornewhardware.

VIB.AVIBisasinglesoftwarepackage.

Patchesdonothaveinstallationwizards.Youinstallthemwithapatchupdatetool.ThepatchupdatetoolforESX4.0hostsisesxupdate.ForinformationaboutpatchupdatetoolsforotherESXversions,seeESXPatchManagementToolsonpage 21.

About the esxupdate UtilityYouusethepatchmaintenanceutility,esxupdate,toretrieveinformationaboutupdatesandextensionsfromVMwareandthirdparties,totrackinstalledsoftware,andtoapplysoftwarepackagestoESX4.0hosts.YourunesxupdatefromtheserviceconsolewhileyouareloggedontoanESX4.0hostasuserroot.YoucanrunonlyoneinstanceatatimeonthesameESX4.0host.

Arecordofeachinstalledbulletiniswrittentothe/etc/vmware/esxupdatedirectoryonthehost.TherecordincludesthebulletinID,theinstallationtime,theVIBsinstalled,andotherdetails.Thisdirectoryactsasapatchdatabaseandisusedbyesxupdatetoquerythepatchesinstalledonthehost.

About Patches and Updates 1

CAUTIONThisdirectoryisreadonly.Ifyouchangethecontents,whenesxupdateperformsanintegritycheck,itwillfailforthechangedfiles.Insuchcases,esxupdateexitswithanIntegrityErrormessage.Formoreinformation,seeesxupdateExitCodesandErrorMessagesonpage 19.

http://www.vmware.com/download

ESX 4 Patch Management Guide

8 VMware, Inc.

ForESX4.0hosts,therearefourbasicmodesofesxupdate:Inspectionmode,scanmode,testmode,andupdatemode.

Inspectionmode.Queriesyoursystemforbulletinsandbulletindetails.Youusetwocommandstoretrievebulletininformation:esxupdatequeryandesxupdateinfo.

UsetheesxupdatequerycommandtodisplayalistofbulletinsinstalledonESX4.0host.Theoutputliststhebulletinsinascendinginstallationorderandincludesthebulletinname,installationdate,anda40charactersummaryofthebulletin.Allbulletinsthatareinstalledarelisted.Bulletinsthataresupersededbyanotherbulletinareconsideredobsoleteandarenotdisplayedinthisoutput.

Usetheesxupdateinfocommandtodisplayinformationonthecontentsofoneormorebulletins.Theoutputincludesthebulletinname,releasedate,anddetailsaboutthemetadatafiles,includingtheVIBpackagesthatarepartofthebulletin.

Youcanusetheinfocommandforbothinstalledanduninstalledbulletins.Formoreinformation,seeRetrievingBulletinInformationonpage 12.

Scanmode.DetermineswhichbulletinsareapplicabletotheESX4.0hostbyqueryingthebulletinsinadepotandthebulletinsinstalledonthehostforbulletinandsystemdependencies.Usetheesxupdatescancommandbeforeyouinstallbulletinstodeterminewhichonesareapplicabletothehost.Formoreinformation,seeScanningforApplicableBulletinsonpage 11.

Testmode.Enablesesxupdatetogothroughallinstallationoperationswithoutinstallingthespecifiedbulletins.Testmodedownloadstheappropriatefiles,preloadstheesxupdatedepotcacheforHTTPandFTPservers,checksforRPMpackagedependencies,anddetermineswhichRPMstoinstall.Formoreinformation,seeStaginganInstallationonpage 13.

Updatemode.InstallsbulletinsonESX4.0hosts.Usetheesxupdateupdatecommandtoinstallindividualbulletins,abundlezip,oranonlinedepot.Updatemodescansthedepotfordependenciesandhandlesthem,ifpossible,beforeinstalling.Formoreinformation,seeInstallBulletinsonanESX4.0Hostonpage 15.

Forinformationonesxupdatesyntaxandcommands,seeesxupdateOptionsandCommandsonpage 17

Patch Maintenance StrategyUsethefollowingguidelinestomanagepatchingforyourESX4.0hosts.

Keepyourenvironmentascurrentaspossible.Determinewhetheranybulletinsarenecessaryforyourenvironmentandapplythosebulletins.Minimizethechangetoyoursoftwareenvironmentwheneverpossi