Skip to content
 

Patching ESXi through SSH

Sometimes it might be necessary to patch an ESXi host through SSH for various reasons, some of which might include:

  1. You are using the free edition of ESXi and don’t want to download the vSphere CLI package
  2. You need to update a remote ESXi host and only have access to SSH through VPN
  3. The host you want to patch is running a virtual vCenter server that contains your Update Manager

For me, I recently ran into a combination of all 3, whereby the server was the only server I had access to in a remote data center.  It was running a virtual “management” machine that simply had the vSphere client.  This allowed me to download the patch and upload to the ESXi host.  Finally, from across the VPN, I SSH’d in and manually updated the server.  Let me detail this below.

Step 1: Enable SSH on ESXi host

By default, SSH is disabled on ESXi by design, as it is considered by VMware to be a security vulnerability and only to be used for troubleshooting.  In ESXi 4.0, enabling SSH had to be done via a secret “support mode” key combination on the console.  Thankfully it’s a lot easier now and can be done either via the console, or via the vSphere Client.  In this case, I will enable via the vSphere Client:

  1. Launch the vSphere Client
  2. Select the host in the tree-view on the left hand side
  3. Select the “Configuration” tab
  4.  Under the “Software” menu, select “Security Profile”
  5. Click the “Properties” link which will open up the “Services Properties” window (see below)
  6.  Select the “Remote Tech Support (SSH)” service and then click the “Options” button
  7. Set the “Startup Policy” to “Start automatically” and click “Start”
  8. Click “OK” and “OK” again

SSH will now be started.

Step 2: Download patch to an available datastore

You can find the latest patches at VMware’s Patch Database.  Here you can search and download the latest patches available for any ESX/ESXi version from 3.0.3 and later.  In this case we’re going to be patching an ESXi 4.1 host.

  1. Using your web browser download the patch file from the VMware Patch Database.  In this case, the file is “ESXi410-201107001.zip
  2. In the vSphere Console, right click on one of the datastores available on the ESXi host, and click “Browse Datastore”
  3. In the “Datastore Browser” select the folder you want to upload the patch to.  I usually create a “Patches” folder
  4. Click the “Upload” button and select “Upload file”
  5. Locate your file and select “Open”

Your file will now be uploaded to the datastore

Step 3: Place the ESXi host into Maintenance mode

In order to install any patch, an ESXi host must be in maintenance mode.

  1. Power down or migrate all virtual machines.  If this is a standalone host (as was in my case), your only option is to power down all vm’s.
  2. Right click on the host in the vSphere Console and select “Enter Maintenance Mode”

You can also enter maintenance mode via SSH using the following command:

vim-cmd /hostsvc/maintenance_mode_enter

Step 4: Apply patch via SSH

SSH to your ESXi host using your favourite SSH client.  In my case I use PuTTY. From here, browse to the directory where your patch is located, and run the esxupdate utility.a

  1. SSH to the ESXi host
  2. Browse to the datastore location where your patch file is.  If your datastore is called “datastore1″ it should be located at /vmfs/volumes/datastore1
  3. run the esxupdate command with your filename (see below)
  4. Reboot the host
  5. Exit maintenance mode through the vSphere Console

The command to update is as follows:

esxupdate --bundle=ESXi410-201107001.zip update

The output should look something like this:

/vmfs/volumes/4be1f209-78ae1314-33c5-001b213d3c53/Patches # esxupdate --bundle=ESXi410-201107001.zip update
Unpacking deb_vmware-esx-tools-light_4.1.0-1.8.433742                         ################# [100%]
Unpacking deb_vmware-esx-firmware_4.1.0-1.8.433742                            ################# [100%]
Removing packages :vmware-esx-tools-light                                     ################# [100%]
Installing packages :deb_vmware-esx-firmware_4.1.0-1.8.433742                 ################# [100%]
Installing packages :deb_vmware-esx-tools-light_4.1.0-1.8.433742              ################# [100%]

The update completed successfully, but the system needs to be rebooted for the
changes to be effective.

Once the patch has completed installing execute the reboot command to reboot the host.

There you have it.  Your host will now be updated.  You can verify by checking the build number on the console, or the vSphere Console.

2 Comments

  1. Austin says:

    Thanks! This was very useful step-by-step instructions that I couldn’t really find elsewhere.

  2. Sami says:

    Thanks for the great HOWTO.

    For ESXi5, instead of using esxupdate ( I guess esxupdate is deprecated ), use esxcli :

    esxcli software vib install -d /vmfs/volumes/4be1f209-78ae1314-33c5-001b213d3c53/patches/ESXi500-2012813.zip

Leave a Reply