Manually installing updates on VMware vSphere 5.x using esxcli

I recently had a situation where i needed to manually update a VMware vSphere 5.0 U1 host rather than using update manager in vCenter. To do this I performed the following steps:

Firstly, put the host into maintenance mode, by either shutting down or moving VMs off the host first, and then right clicking the host and choosing ‘Enter Maintenance Mode’.

Next, temporarily enable SSH on the host. To do this you need to start the SSH service, which can be found under ‘Configuration’, then ‘Security Profile’. Once on the ‘Security Profile’ screen, click properties under ‘Services’

Modify the SSH service properties under 'Security Profile'

Modify the SSH service properties under ‘Security Profile’

On the Service Properties screen highlight the SSH service and click the ‘Options’ button:

Start the SSH service on your ESXi 5 host

Start the SSH service on your ESXi 5 host

Click ‘Start’ to start the SSH service. On the ‘Options’ screen you can also choose whether to have the SSH service start and stop automatically with the host. This may be more convenient, but is not a great idea from a security perspective, so it is better to start and stop the service manually when you need it.

warning

Note that when the SSH service is running a warning logo will appear against your host in vCenter to alert administrators to this fact. Once SSH is running you will need to use WinSCP to upload the patch you wish to install to one of the datastores on your host. If you don’t already have it installed on your workstation download and install WinSCP. Then log in to your host using WinSCP and and creating a folder on one of your datastores called ‘Patches’. Next, download the relevant patch from the VMware downloads web page, and then copy the patch to the newly created ‘Patches’ folder on your host.

Create a folder and upload patches using WinSCP

Create a folder and upload patches using WinSCP

Close WinSCP, and fire up an SSH session to your host using Putty. Log in, and then run the following command where YOUR_DATASTORE is the name of the datastore where you stored the patches, and PATCH_NAME.zip is the name of the patch that you want to install

esxcli software vib install -d /vmfs/volumes/YOUR_DATASTORE/Patches/PATCH_NAME.zip

PLEASE NOTE: If your host is installed using custom drivers for either your storage controller or network cards you need to use the ‘update’ command rather than the ‘install’ command to prevent your custom drivers being overwritten. Failure to do this may temporarily cause you problems on your first reboot after installing the patch. On the second reboot of your host the patch will be uninstalled revert to your originally installed VMware version. For more info see here. This was relevant in my case as I was using a custom install of ESXi 5.0 U1 with an Adaptec 6805E RAID card.

esxcli software vib update -d /vmfs/volumes/YOUR_DATASTORE/Patches/PATCH_NAME.zip

Here is a screenshot of the update process before:

Running the esxcli software vib update command

Running the esxcli software vib update command

And after. Note that using the update command will show you which VIBs have been updated, which have been removed, and which have been skipped:

Patch installation result

Patch installation result

Once the patch is installed simply issue the reboot command to reboot the host

reboot

Once your host has rebooted verify the new version number in vCenter. Your update is complete.

References:

esxcli software command reference

Advertisements

Create a 32bit DSN for VMware Update Manager

If you are installing a VMware Update Manager database onto an existing 64bit SQL server, you will need to add a 32bit DSN in order for the VMware Update Manager installer to find the database that you wish install to. Firstly create a new empty database for VMware Update Manager using SQL Management Studio:

Adding a new database in SQL Management Studio

Next locate and run odbcad32.exe which can be found c:\Windows\SysWow64, and add a new system DSN on the system tab. Then, choose the relevant driver for your DSN, in my case ‘SQL Server Native Client 10.0’, as shown below.

Choose the relevant SQL Server Driver version for the DSN

Assign a name to the DSN, and then specify the SQL instance that hosts the database:

Assign a name to your new 32bit DSN

Then specify the database that you are creating the DSN for under the ‘Change the default database to:’ section. Finally click next, and finish to complete creating the new DSN:

Specify the database that you are creating the DSN for

Now, when you run the VMware Update Manager installation you should be able to select the appropriate database in the ‘Use an existing supported database’ section and continue with your installation:

Select your 32bit DSN in the VMware Update Manager installation

Enabling root SSH access on an ESX host over the network

This post explains how to enable root SSH access on an VMware ESX host over the network, when you don’t have physical access to the server console. Root SSH access is disabled by default. Before enabling root SSH access please assess any security implications of this action in your environment.

Firstly, use the vSphere client to access the host directly. i.e. connect directly to the IP address or hostname of the host rather than logging in to vCenter. Log in using the root account. Once logged in highlight the ESX host in the left pane of the screen, and then click on the local users and groups tab in the right hand pane of the screen, as shown below:

local users and groups

Right click anywhere in the list of users and choose ‘Add’. Enter the details for your new user account as shown below, making sure that you tick the ‘Grant shell access to this user’ check box. You will also need to specify a password of more than 8 characters:

Add a local user to an ESX host

You can use an SSH client like Putty to connect to your ESX host. You may find that when you initally try to connect to the ESX host via SSH that you are still unable to connect and recieve an ‘Access Denied’ message. If this is the case, you need to give Administrator access to the host to your newly created user. In the vSphere client click on the ‘Permissions’ tab, in the right hand pane of the screen as shown here:

ESX host permissions

Right click in the list of users and choose ‘Add Permission’. Select the user you created and assign Administrator permissions, as shown:

Add local user permissions

Now you should find you can use your SSH client client to successfully log in to the ESX host. Once you are logged in using this user account you can use the su command to elevate your privileges to the root user.

Logging in using SSH

Now you have root access edit the /etc/ssh/sshd_config file by issuing the following command:

nano /etc/ssh/sshd_config

Find the line in the file which says:

PermitRootLogin no

and change it to:

PermitRootLogin yes

Press Ctrl-O, and then press Enter to save the file, and then press Ctrl-X to exit the file. Restart the sshd service by issuing the following command:

/etc/init.d/sshd restart

Quit your SSH session and start a new one , this time logging in as the root user. Root SSH access is now enabled.

Log in as root

You may want to delete the user account (in this example ‘testuser’) you created earlier at this stage, as it is no longer required.

References:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=8375637

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1024235