vSphere ESXi 6.x – Easy update for standalone servers

vmware

To upgrade a vSphere host using this method you need access the keyboard of your server or use SSH to perform the commands. By default, remote command execution is disabled on an ESXi host, and you cannot log in to the host by using a remote shell. You can enable remote command execution from the direct console or from the vSphere Web Client.

Enable SSH on vSphere 6.5 host

Upgrading ESXi with esxcli commands requires an understanding of VIBs, image profiles, and software depots.

VIB

A VIB is an ESXi software package. VIBs are available in software depots.

Image Profile

An image profile defines an ESXi image and consists of VIBs. An image profile always includes a base VIB, and might include more VIBs.

Software Depot

A software depot is a collection of VIBs and image profiles. The software depot is a hierarchy of files and folders and can be available through an HTTP URL (online depot) or a ZIP file (offline depot).

Note

If you press Ctrl+C while an esxcli command is running, the command-line interface exits to a new prompt without displaying a message. However, the command continues to run to completion.

Access the Remote ESXi Shell with SSH

If SSH is enabled on your ESXi host, you can run commands on that shell by using an SSH client like PuTTY.

Lets get started by logging in to your server.

  • Optional

    • You can use the software profile get command to display the currently installed image profile
      • esxcli software profile get

Change Firewall Rules

To minimize the risk of an attack through the management interface, ESXi includes a firewall between the management interface and the network.

To ensure the integrity of the host, only a small number of firewall ports are open by default. To update the host you have to temporarily enable some ports for traffic.

To ENABLE the httpClient:

 

esxcli network firewall ruleset set -e true -r httpClient

Get the latest profile from vmware.com

You can upgrade or update a host with image profiles stored in a software depot that is accessible through a URL or in an offline ZIP depot. The online depot methode will be described in this blog. You can use the esxcli software profile update command to upgrade or update an ESXi host.

Get the name of a profile:

esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep 6.5.0-2017

Notice the | grep 6.5.0-2017 at the end of the line. VMware uses the name convention productversion.version.versionyearmonthdaynnntype for their profiles. The latest profile as of today is ESXi-6.5.0-20170404001-standard

  • Optional

    • Check the image profile in a depot for a detailed description
      • esxcli software sources profile get -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.5.0-20170404001-standard

 

Update the image profile from a depot

esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.5.0-20170404001-standard

This will download and install the update. It might take a while depending on your network and hardware capabilities. The host probably will need a reboot after the patches are installed to be applied. After this it’s recommended to tighten the firewall again so you’re vSphere server remains less vulnerable.

Close the Firewall

To DISABLE the httpClient:

esxcli network firewall ruleset set -e false -r httpClient

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s