Post on 08-Feb-2018
ESX 4 Patch Management GuideESX 4.0
This document supports the version of each product listed andsupports all subsequent versions until the document is replacedby a new edition. To check for more recent editions of thisdocument, see http://www.vmware.com/support/pubs.
EN-000137-01
http://www.vmware.com/support/pubs
VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com
2 VMware, Inc.
ESX 4 Patch Management Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright 20092011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
http://www.vmware.com/support/http://www.vmware.com/supportmailto:docfeedback@vmware.comhttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patents
VMware, Inc. 3
Contents
AboutThisBook 5
1 AboutPatchesandUpdates 7AbouttheesxupdateUtility 7PatchMaintenanceStrategy 8CustomizingYourPatchProcess 9
2 InstallingUpdates 11BundleZipFiles 11ScanningforApplicableBulletins 11RetrievingBulletinInformation 12VerifyingDiskSpace 13StaginganInstallation 13InstallingBulletins 14InstallBulletinsonanESX4.0Host 15
3 ReferenceInformation 17esxupdateOptionsandCommands 17esxupdateCommands 18esxupdateExitCodesandErrorMessages 19FrequentlyAskedQuestions 20
4 ESXPatchManagementTools 21AboutVMwarevCenterUpdateManager 21AboutvSphereHostUpdateUtility 21AboutvihostupdatevSphereCLI 21
Index 23
ESX 4 Patch Management Guide
4 VMware, Inc.
VMware, Inc. 5
Thisbook,ESX4PatchManagementGuide,providesbackgroundinformationonprocessingpatchesforESX4.0hostsanddescribeshowtousetheesxupdateutilitytoapplysoftwareupdatesandtotracksoftwareinstalledonESX4.0hosts.
ThisbookprovidesinformationspecifictoESX4.0hostsandtheesxupdateutility.Itdoesnotdiscussthefollowing:
HowtopatchESX4.0hostsautomaticallywiththeVMwareUpdateServiceandtheVMwarevCenterUpdateManager.Forinformationonthesetools,seeESXPatchManagementToolsonpage 21.
HowtopatchESXi4.0hostswiththevihostupdatevSphereCommandLineInterface(CLI).Forinformationonvihostupdate,seeESXPatchManagementToolsonpage 21.
HowtopatchversionsofESXreleasedpriortoversion4.0.Forinformationonthisprocess,seethePatchManagementforESXServerstechnoteandtheESXServer3PatchManagementGuide.
HowtoupgradeESXhosts.Forinformationonupgrading,seethevSphereUpgradeGuide.ForalistofVMwarereleasedefinitions,seetheVMwareUpgradeandUpdatePolicybygoingtohttp://www.vmware.com/support/policies/upgrade.html.
Intended AudienceThismanualisintendedforanyonewhomustmanuallyapplypatchestoESX4.0hosts.TheinformationinthismanualiswrittenforsystemadministratorswhouseaserviceconsoletomanageESXhosts.
Whats Changed from ESX 3.xThismanualhasbeenupdatedfromtheESXServer3PatchManagementGuidetoincludenewdefinitionsandproceduresthatareuniquetoESX4.0.
Document FeedbackVMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyourfeedbackto:
docfeedback@vmware.com
VMware vSphere DocumentationTheVMwarevSpheredocumentationconsistsofthecombinedvCenterServerandESXdocumentationset.
About This Book
mailto:docfeedback@vmware.comhttp://www.vmware.com/support/policies/upgrade.htmlhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdf
ESX 4 Patch Management Guide
6 VMware, Inc.
Technical Support and Education ResourcesThefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Youcanaccessthemostcurrentversionsofthismanualandotherbooksbygoingto:
http://www.vmware.com/support/pubs
Online and Telephone SupportUseonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,andregisteryourproducts.Gotohttp://www.vmware.com/support.
Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseonpriority1issues.Gotohttp://www.vmware.com/support/phone_support.
Support OfferingsFindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Gotohttp://www.vmware.com/support/services.
VMware Education ServicesVMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerialsdesignedtobeusedasonthejobreferencetools.FormoreinformationaboutVMwareEducationServices,gotohttp://mylearn1.vmware.com/mgrreg/index.cfm.
http://www.vmware.com/support/pubshttp://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfm
VMware, Inc. 7
1
Softwarepatchesprovideimmediatefixesforoneormoresecurityissuesorcriticalfixesforaspecificareaoftheproduct.Forinformationaboutaspecificpatch,gototheVMwarevSphereDownloadCenterathttp://www.vmware.com/download/vi.
Typesofsoftwareupdatesandrelatedterms:
Bulletin.AgroupingofoneormoreVIBs(vSphereInstallationBundle).Bulletinsaredefinedwithinmetadata.
Depot.AlogicalgroupingofVIBsandassociatedmetadatathatispublishedonline.
Extension.AbulletinthatdefinesagroupofVIBsforaddinganoptionalcomponenttoanESXhost.Anextensionisusuallyprovidedbyathirdparty,asarepatchesorupdatestotheextension.
Metadata.Extradatathatdefinesdependencyinformation,textualdescriptions,systemrequirementsandbulletins.
OfflineBundlezip.AnarchivethatencapsulatesVIBsandcorrespondingmetadatainaselfcontaineddepotthatisusefulforofflinepatching.
Patch.AbulletinthatgroupsoneormoreVIBstogethertoaddressaparticularissueorenhancement.
Rollup.Acollectionofpatchesthatisgroupedforeaseofdownloadanddeployment.
RPM.Binarypackagesthatincludeasetofcontrolscripts,whichprovideinformationfortheRPMabouthowtoinstallthepackageandanypostinstallationconfigurationthatisneeded.
Update.AperiodicreleaseofanESXimage,whichcontainsmultiplefixesandsupportfornewhardware.
VIB.AVIBisasinglesoftwarepackage.
Patchesdonothaveinstallationwizards.Youinstallthemwithapatchupdatetool.ThepatchupdatetoolforESX4.0hostsisesxupdate.ForinformationaboutpatchupdatetoolsforotherESXversions,seeESXPatchManagementToolsonpage 21.
About the esxupdate UtilityYouusethepatchmaintenanceutility,esxupdate,toretrieveinformationaboutupdatesandextensionsfromVMwareandthirdparties,totrackinstalledsoftware,andtoapplysoftwarepackagestoESX4.0hosts.YourunesxupdatefromtheserviceconsolewhileyouareloggedontoanESX4.0hostasuserroot.YoucanrunonlyoneinstanceatatimeonthesameESX4.0host.
Arecordofeachinstalledbulletiniswrittentothe/etc/vmware/esxupdatedirectoryonthehost.TherecordincludesthebulletinID,theinstallationtime,theVIBsinstalled,andotherdetails.Thisdirectoryactsasapatchdatabaseandisusedbyesxupdatetoquerythepatchesinstalledonthehost.
About Patches and Updates 1
CAUTIONThisdirectoryisreadonly.Ifyouchangethecontents,whenesxupdateperformsanintegritycheck,itwillfailforthechangedfiles.Insuchcases,esxupdateexitswithanIntegrityErrormessage.Formoreinformation,seeesxupdateExitCodesandErrorMessagesonpage 19.
http://www.vmware.com/download
ESX 4 Patch Management Guide
8 VMware, Inc.
ForESX4.0hosts,therearefourbasicmodesofesxupdate:Inspectionmode,scanmode,testmode,andupdatemode.
Inspectionmode.Queriesyoursystemforbulletinsandbulletindetails.Youusetwocommandstoretrievebulletininformation:esxupdatequeryandesxupdateinfo.
UsetheesxupdatequerycommandtodisplayalistofbulletinsinstalledonESX4.0host.Theoutputliststhebulletinsinascendinginstallationorderandincludesthebulletinname,installationdate,anda40charactersummaryofthebulletin.Allbulletinsthatareinstalledarelisted.Bulletinsthataresupersededbyanotherbulletinareconsideredobsoleteandarenotdisplayedinthisoutput.
Usetheesxupdateinfocommandtodisplayinformationonthecontentsofoneormorebulletins.Theoutputincludesthebulletinname,releasedate,anddetailsaboutthemetadatafiles,includingtheVIBpackagesthatarepartofthebulletin.
Youcanusetheinfocommandforbothinstalledanduninstalledbulletins.Formoreinformation,seeRetrievingBulletinInformationonpage 12.
Scanmode.DetermineswhichbulletinsareapplicabletotheESX4.0hostbyqueryingthebulletinsinadepotandthebulletinsinstalledonthehostforbulletinandsystemdependencies.Usetheesxupdatescancommandbeforeyouinstallbulletinstodeterminewhichonesareapplicabletothehost.Formoreinformation,seeScanningforApplicableBulletinsonpage 11.
Testmode.Enablesesxupdatetogothroughallinstallationoperationswithoutinstallingthespecifiedbulletins.Testmodedownloadstheappropriatefiles,preloadstheesxupdatedepotcacheforHTTPandFTPservers,checksforRPMpackagedependencies,anddetermineswhichRPMstoinstall.Formoreinformation,seeStaginganInstallationonpage 13.
Updatemode.InstallsbulletinsonESX4.0hosts.Usetheesxupdateupdatecommandtoinstallindividualbulletins,abundlezip,oranonlinedepot.Updatemodescansthedepotfordependenciesandhandlesthem,ifpossible,beforeinstalling.Formoreinformation,seeInstallBulletinsonanESX4.0Hostonpage 15.
Forinformationonesxupdatesyntaxandcommands,seeesxupdateOptionsandCommandsonpage 17
Patch Maintenance StrategyUsethefollowingguidelinestomanagepatchingforyourESX4.0hosts.
Keepyourenvironmentascurrentaspossible.Determinewhetheranybulletinsarenecessaryforyourenvironmentandapplythosebulletins.Minimizethechangetoyoursoftwareenvironmentwheneverpossi