VMware’s ESX Server, like any system, needs to be updated regularly. To see what patches have been installed on your ESX server use the following command:
esxupdate -query
Once you know what updates have already been applied to your system it’s time to go find the updates that still need to be applied. You can download the updates that have not yet been run at http://support.vmware.com/selfsupport/download/. Here you will see a bevy of information about each patch and can determine whether you consider it an important patch to run. At a minimum, all security patches should be run as often as your change control environment allows. Once downloaded make sure you have enough free space to install the software you’ve just downloaded and then you will need to copy the patches to the server (using ssh, scp or whatever tool you prefer to use to copy files to your ESX host). Now extract the patches prior to running them. To do so use the tar command, as follows:
tar xvzf
.tgz
Once extracted, cd into the patch directory and then use the esxupdate command with the update flag and then the test flag, as follows:
esxupdate –test update
Provided that the update tests clean, run the update itself with the following command (still with a working directory inside the extracted tarball from a couple of steps ago):
esxupdate update
There are a couple of flags that can be used with esxupdate. Chief amongst them are -noreboot (which doesn’t reboot after a given update), -d, -b and -l (which are used for working with bundles and depots).
If esxupdate fails with an error code these can be cross referenced using the ESX Patch Management Guide.
You can also run patches without copying the updates to the server manually, although this will require you to know the URL of the patch. To do so, first locate the patch number that you would like to run. Then, open outgoing ports on the server as follows:
esxcfg-firewall -allowOutgoing
Next, issue the esxupdate command with the path embedded:
esxupdate –noreboot -r http://
update
Once you’ve looped through all the updates you are looking to run, lock down your ESX firewall again using the following command:
esxcfg-firewall -blockOutgoing
Tags: esx, esxcfg-firewall, esxupdate, noreboot, patch management, Test, vmware