Just like any other server OS or application, VMware ESX Servers also need patches and updates periodically. Some users assume that ESX doesn’t require patching, however that is simply not true. While there may be better tools in the future, currently, esxupdate is the most popular tool used today. In this article, you will learn how to apply patches using esxupdate.
Basics of Patching ESX Server
ESX Server patches offer not only security fixes but also system enhancements and new drivers. Typically, users can pick the specific patches that they want to deploy. Sometimes you have to reboot the system but other times you do not. After you register your ESX Server license, you will get email notifications of new patches. If you haven’t been notified about patches, you can check the ESX Patch update site to get the latest patch info.
Patches will be either for security reasons, critical bug fix issues, or general system bugs. Of course, security and critical bug fix patches should be applies as soon as possible. Many of the ESX Server patches are actually for the service console (based on Red Hat Enterprise Linux). Although, don’t try to apply Red Hat patches to the service console as you will find out that they don’t work.
On the ESX Patch update site you will see the name of the patch, patch number, size, description, system impact, type of patch, and what this patch supersedes.
If you are on ESX version 3.0.2 or later, the order of the patches installed isn’t important. Prior to that, you should install your patches based on the date they were released.
It is recommended that you download all patches you will deploy and store them on a single machine that is used as your central patch repository. You can then tell esxupdate to retrieve all patches from that source, over the network.
The Future of Patching VMware ESX Server
With VMware ESX Server 3.5, it has been announced there there will be a n “update manager” that will make patch management easier. Here is what VMware says it will offer:
- Automates patch and update management for ESX Server hosts and select Microsoft and Linux virtual machines
- Addresses one of the most significant pain points for every IT department – tracking patch levels and manually applying the latest security/bug fixes
- Integrates with DRS to ensure zero-downtime ESX Server host patching capabilities
- Enforces higher levels of compliance to patch standards than physical environments by securely patching offline virtual machines
There is a promo video that covers update manager at the VMware VI “whats new” website. The release date for VMware ESX 3.5 is not available yet.
Third-party Alternatives to esxupdate
The only existing 3rd party ESX patch application program I have seen is VMTS Patch Manager. This application downloads patches from the VMware website, integrates with Virtual Center, and provides its own web server to deliver the patches. Although, will this application be unnecessary when VMware comes out with ESX 3.5 and the Update Manager? I suspect so but that is yet to be determined.
How to Apply VMware ESX Server Patches with esxupdate
Applying patches with esxupdate is not difficult. It has a lot of command options and switches as well.
In its simplest form, the basic steps to apply ESX Server patches are:
- Review the patches that are available and determine which patches to install, based on your own patching methodology
- download the patches and copy/move them to the server
- untar the patch
- install the patch using esxupdate
All the esxupdate activity will be recorded in this log file: /var/log/vmware/esxupdate.log.
Here is a sample of how I installed a patch on my ESX Server:
* warning – only install patches on servers that are offline as installing patches may result in reboots.
- Downloaded the patch / patches from the VMware Patch website
- Connect to the server using Putty
- Make a directory with mkdir /var/updates and chmod 777 on /var/updates
- Used WinSCP to copy the patches to my ESX Server
- After changing into the /var/updates folder, I Untared the patch with tar xvzf ESX-1002085.tgz
- I then changed directory into that folder with cd ESX-1002085
- Then installed the patch with esxupdate update
Yes, I agree, there must be better ways than to install patches one at a time and to have to reboot after every patch. You are right, and there are ways. In fact, here is a link to a script that will deploy multiple ESX patches without having to tar them all and perform multiple reboots – good stuff.
Applying patches to VMware ESX Server is just another necessary part of any ESX Admin’s job. In this article, we covered how to install a single ESX Server patch using esxupdate. Esxupdate can do much more than that and has a lot of options. I recommend that you checkout the VMware ESX Server esxupdate documentation for more information. Also, we can all look forward to the new ESX 3.5 Update Manager GUI patch installation application. I will certainly let you know when that is available!
Got a question? Post it on our VMware Forums!