Keep your ESXi Hosts Up to Date

update.JPGHow can you keep your ESXi hosts up to date with the latest hot-fixes and patches? Is there an easy way to compare your ESXi running build with the latest VMware released patches?

On my lab, I like to keep all my Virtual infrastructure up to date; from time to time, I will check the VMware Patch Tracker website to compare the latest builds with the those running on each of my ESXi hosts.

This weekend, I decided to use the VMware PowerCLI to automate the build checking task to speed up the process.

The PowerCLI scripts I deployed to help me check each of my ESXi hosts running build are shown below. This works by connecting to my virtual centre and comparing my builds with those on the Patch Tracker website. Let’s take a look at the scripts I used:

#Install the VMware PoweCLI plugin
Install-Module -Name VMware.PowerCLI

#Disable the SSL error
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

#Connect to the vCentre
connect-viserver [vCentre FQDN]

#Build Number taken from the Patch website
$ref = "13644319"

foreach($esxi in (get-view -ViewType HostSystem -Property Name, Config.Product | select Name,{$_.Config.Product.Build}))
{
    if($esxi.'$_.Config.Product.Build' -eq $ref)
        {
            Write-Host "$($esxi.Name) Running Build $($esxi.'$_.Config.Product.Build') Which Does Match the Reference build $ref " -ForegroundColor Green
        }
            else
                {
                     write-host "$($esxi.Name) Running Build $($esxi.'$_.Config.Product.Build') Which Doesn't Match the Reference Build $ref" -ForegroundColor Red
                }
                    
}

Run the scripts

With those scripts we have just seen above, you can see that if your ESXi Host is running a build that does not match the reference build on the Patch Tracker website, the script will return a red message: “<Hostname running build> Which Doesn’t Match the reference Build”. However, if the reference build is already applied to your ESXi host, you will get a green message: “<Hostname running build>Which Does Match the reference build”:

To fully automate the updating process, I added the line shown below to the scripts above to automatically update those out of date Hosts with new patches from the Patch Tracker website:

echo yes | c:\plink.exe “root@$esxi” -pw “<Password>” -m “c:\esxiupgrade.txt”

The script line will use the “plink” command. You must copy this command from the Putty folder, and then prepare the “esxiupgrade.txt” file with the commands listed below so that they are executed at each host requiring an update:

esxcli network firewall ruleset set -e true -r httpClient
esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-<Build Numebr>-standard –no-hardware-warning
esxcli network firewall ruleset set -e false -r httpClient
reboot

Note: Ensure that SSH is enabled on each of your hosts, and that Putty is installed on your server before running the scripts.

Summary

Using those scripts I have shown you in this blog post, I was able to easily keep my ESXi hosts up to date with all the latest VMware hotfixes and patches. The only hard part is to get the build numbers, and to run the scripts when they are needed. I hope this blog post will help you keep your virtual environment up to date as easily as I did with mine.

Leave a Reply