VMware ESXi 4.1 brought changes to the patching process. Previously, the Host Update utility -- an application included with the vSphere Client -- could patch ESXi 4.0 hosts. VMware removed Host Update from ESXi 4.1, presumably to encourage users to upgrade to paid versions that are managed and patched with vCenter Server's Update Manager. As a result, the only method left to patch the free version of VMware ESXi Installable is with the vihostupdate command-line utility, which is included in the vSphere Command-Line Interface (CLI).
Before using this method, it's important to understand how the VMware ESXi Installable patches work and where to find them.
The mechanics of VMware ESXi 4.1 patching
Unlike VMware ESX, where patches and updates replace specific files that have been modified since the previous version, every VMware ESXi patch replaces the hypervisor image. When you apply an update, a new firmware image is uploaded to the server, and the old image is kept as a backup. This process occurs while the ESXi server runs, with the hosts and virtual machines (VMs) continuing to run the old image until the hosts are rebooted. Once you reboot the host, the new image is loaded.
VMware ESXi Installable patches are delivered as full-image updates and they are broken into two categories:
- firmware updates, which contain the core hypervisor files and drivers; and
- VMware Tools updates, which are files necessary to install the various versions of VMware Tools.
A complete ESXi 4.1 update is approximately 215 MB, and it includes both the firmware (90 MB) and VMware Tools (125 MB) packaged into a ZIP file. But updates do not always target both. They can contain either the firmware or VMware Tools.
You can download ESXi updates from the Support & Download section of VMware's website. After selecting your version of ESXi, you will see all of the updates available. Because ESXi patches are full updates, you need to install only the latest one, which includes the earlier versions. If you attempt to install an earlier version after applying the latest update, an error will say that it's already installed. But if an update doesn't contain both the firmware and VMware Tools, you may need to install multiple updates to have the latest versions of both.
VMware ESXi Installable patching: Start to finish
Before patching with vihostupdate, install vSphere CLI on a Windows or Linux workstation or use the vSphere Management Assistant. (You can download both from VMware's website.)
The vSphere CLI is a collection of Perl scripts that connect to an ESXi host by using application programming interfaces to execute commands. When you install the vSphere CLI for Windows, it also installs the Active Perl application, which is necessary to execute the Perl scripts that can't run natively in Windows. This method also requires you to manually download the updates and place them in a directory that the vihostupdate utility can access.
Once you install the vSphere CLI, you can access it though the Start menu or go to the command prompt and the vSphere CLI directory. After entering the directory, switch to the bin subdirectory. If you run the dir command, you can see a list of all the Perl files that you can use.
Next, download the .zip file that you want to install from the VMware ESXi update page. Most updates require that the VMs are shut down and the host is placed in maintenance mode. Usually, updates also require that the host is rebooted afterward. (The System Impact information on VMware's website will tell you what each patch specifically requires.)
To place a host in maintenance mode in the vSphere Client, select it and choose Enter Maintenance Mode. Alternately, you can use the following command in the vSphere CLI:
vicfg-hostops -server [server name or ip] -username [root or other user] -operation enter
When the host is in maintenance mode, run the following command to update it:
vihostupdate.pl -server [server name or ip] -username [root or other user] -password [user password] -i -b [update filename]
The -i parameter installs a patch bundle, and the -b parameter specifies the bundle file name. Including the username and password in the script is optional. But if you omit one or both, you are prompted to enter them before the script runs.
First, the script will unpack the ZIP file and copy it to the ESXi host for installation. You will see a message to reboot the host after the installation.
Next, reboot the host with the vSphere Client or the ESXi console. You can also enter the following command in the vSphere CLI:
vicfg-hostops -server [server name or ip] -username [root or other user] -operation reboot
After the host reboots, exit maintenance mode so you can power on and move back VMs to the host. You can use the vSphere Client or enter the following command in the vSphere CLI:
vicfg-hostops -server [server name or ip] -username [root or other user] -operation exit
You can check the host's new build number at the console screen.
You can also see which patch bundles are installed by entering the following command in the vSphere CLI:
vihostupdate.pl --server [server name or ip] -username [root or other user] --q
Reverting to a previous VMware ESXi Installable version
When applying any update to VMware ESXi, the previously version moves to a backup partition. You can revert to old version if you experience issues with the new update. To do this, reboot the ESXi host. When the white bar is displayed across the screen during the boot process, hold down the Shift and R keys.
Then, you'll see a warning that the hypervisor image will be replaced with an older build. Press Y to continue. At the next screen, press Enter to boot the older build. If you press Escape, a log message will display that the failback hypervisor was successfully restored. Now, VMware ESXi Installable will use the older build until it's updated to a later version.