Patch your ESXi Hosts from the command line easily and quickly

In many situations it is desirable to patch your ESXi host(s) prior to being able to install or use VMware vSphere® Update Manager™.

UPDATED 4/18/2016: HP has a new URL for HP Customized VMware ISO’s and VIB’s

For example:

  • Prior to installing vCenter in a new cluster
  • Standalone ESXi installations without a vCenter Server
  • Hardware replacement where you have ESXi Configurations backed-up with vicfg-cfgbackup.pl, but the rest of the hosts in the cluster are running a higher build number than the latest ISO available
  • It is just convenient on a new ESXi host, when internet connectivity is available!
  • Non-Windows environments that do not to intend to create a Windows instance just for patching ESXi

Furthermore, HP indexes vendor-specific updates in a “latest”-type folder structure, which allows us to automatically apply all of the most recent HP updates to our servers. In Truth, I imagine Dell does this too, but I can’t find the link.

  1. Begin by running: vim-cmd hostsvc/maintenance_mode_enter
  2. Now open the ESXi firewall for HTTP: esxcli network firewall ruleset set -e true -r httpClient
  3. View the current available bundles by running: esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
    1. The output from the previous command will generate a list of the latest build number for all supported versions of ESXi. Locate the latest ESXi-6.X.X-XXXXXXXXXXXX-standard version and write down or copy the version
  4. Now patch/update your ESXi host with the command, be sure to replace the version with the information you wrote/copied earlier: esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.0.0-20150504001-standard
    1. Let this run for several minutes with no response or feedback
    2. The output should liik like (you may have to scroll up a bit to find the successful status):
  5. Now apply HP-specific updates with the commands (updated: vibsdepot.hpe.com):
    1. esxcli software vib install -d http://vibsdepot.hpe.com/hpq/latest/index-drv.xml
      1. Expected output:
    2. esxcli software vib install -d http://vibsdepot.hpe.com/hpq/latest/index.xml
      1. Expected output:
  6. Now reset the firewall with: esxcli network firewall ruleset set -e false -r httpClient
  7. And finally, reboot: reboot

John Borhek

John Borhek (VCP 3-6.5) is the IT Director and Lead Solutions Architect at VMsources Group Inc. and an active consultant specializing in VMware vSphere, Linux, Networking and Infrastructure Design.

10 Replies to “Patch your ESXi Hosts from the command line easily and quickly”

  1. Hi,

    Seems that this get only old drivers,
    is there a new Link for HPE & ESXi 6.0.0 ?

    Maybe they changed from hpq to hpe ?
    But then the comand will not work

    by
    Boris

  2. Hi, thanks for excellent post. I’m having issue at step 5.
    esxcli software vib install -d http://vibsdepot.hpe.com/hpq/latest/index-drv.xml

    I’ve got ESXi 5.5 but for some reason, at this step esxcli wants to install drivers for version 6.0. Obviously it fails due to lack of dependencies.

    How do I specify I want 5.5 drivers without installing each vib one by one?

    Thanks so much.
    Jan @ Czech republic

    1. Sorry for the late reply! I have had occasional trouble with the HPE repository. It could be that HPE is no longer supporting ESXi 5.5. I am unaware of any way to delimit HPE results to a specific version as you can with the VMware repository. Possible other readers would comment?

  3. Thanks for taking the time to do this write-up ! Does installing the HP patches after the vmware patches overwrite drivers that may be installed as part of the vmware patch ? I have run into problems installing vmware patches that include updated inbox storage drivers and the system not booting.

    1. Not sure what you mean “inbox storage”, but yes. HP specific patches should take prescience over VMware patches for the same device.

      1. Thanks ! I’m going to try this method next time and see how it works for us. I have half a dozen stand-alone hosts. Applying the latest vmware security patch over-wrote the HP storage drivers causing loss of access to the datastores. “inbox drivers” , meaning vmware supplied.

Leave a Reply

Your email address will not be published. Required fields are marked *