Monday, May 9, 2016

virtualization - Are VMware ESXi 5 patches cumulative?



This seems basic, but I'm confused about the patching strategy involved with manually updating standalone VMware ESXi hosts. The VMware vSphere blog attempts to explain this, but the actual process is still not clear to me.



From the blog:
Say Patch01 includes updates for the following VIBs: "esxi-base", "driver10" and "driver 44". And then later Patch02 comes out with updates to "esxi-base", "driver20" and "driver 44".
P2 is cumulative in that the "esxi-base" and "driver44" VIBs will include the updates in Patch01. However, it's important to note that Patch02 not include the "driver 10" VIB as that module was not updated.



This VMware Communities post gives a different answer. This one contradicts the other.




Many of the ESXi installations I encounter are standalone and do not utilize Update Manager. It is possible to update an individual host using the patches make available through the VMWare patch download portal. The process is quite simple, so that part makes sense.



The bigger issue is determining what exactly to actually download and install. In my case, I have a good number of HP-specific ESXi builds that incorporate sensors and management for HP ProLiant hardware.




  • Let's say that those servers start with an ESXi build #474610 from 9/2011.

  • Looking at the patch portal screenshot below, there is a patch for ESXi update01, build #623860. There are also patches for builds #653509 and #702118.

  • Coming an old version of ESXi (e.g. vendor-specific build), what is the proper approach to bring the system fully up-to-date? Which patches are cumulative and which need to be applied sequentially? Is installing the newest build the right approach, or do I need to step back and patch incrementally?

  • Another consideration is the large size of the patch downloads. At sites with limited bandwidth, downloading of multiple ~300mb patches is difficult.




enter image description here


Answer



The patches appear to be cumulative, assuming you start with the most recent installable (.ISO-based) package as a foundation.



So my most recent example was pulling the ESXi 5.1 .ISO (build #799733) down and installing it onto my physical servers. From there, I had an option of build #838463 or #914609. Close analysis of the changelogs and knowledgebase entries showed that the #914609 build included everything from #838463. So I was able to go directly to that revision level, starting from the base install (#799733).



enter image description here


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...