Virtualisation

vSphere patches install using VMware Update Manager

Here we are with the final steps about upgrading our homelab to the latest VMware release. In this stage we are going to install the latest vSphere patches. In the past we have previously seen the steps on how to do this using the command line with vSphere 6.0. In this case we are going to use VMware Update Manager now built into the VCSA 6.7 appliance. And everything is a lot easier.

So to do a quick recap of the previous steps to get to the latest VMware version here it is a quick list with links:

At this point we are ready to install latest VMware vSphere patches with VMware Update Manager. How does it work? Pretty simple. Similarly to what we have already seen for the vSphere Hosts upgrade, it’s a matter of creating a new Baseline for patches. By default the VMware Update Manager is already shipping with 2 default Baselines which cover both critical and non-critical patches. These are not customisable.

The idea is to create custom Baseline with specific vSphere patches. For example since we have already upgraded the Host to version 6.7 and considering the vSphere patches are cumulative there is no need to install all of them but just the latest ones. This is interesting because it is possible to create a Baseline Group which couples a specific Host version with the very latest vSphere patches.

In this article we are going to see this vSphere update  process including the changes to an existing custom Baseline.

 

 

How to install latest VMware vSphere patches

VMware Update Manager (VUM) is the module we’ll use to create the Baseline and remediate the vSphere Hosts with the latest patches. Let’s navigate to Home > Update Manager from the vSphere Client and choose a vSphere Host. From here we can review the current build installed. Let’s hit on Update Manager Home and create / review the Baselines.

domalab.com install vSphere Patches VUM

In the Home tab there is a view of information like Hosts, Non-compliant ones and attached Baselines.

domalab.com install vSphere Patches vmware update manager

Let’s move to the Baselines to review and eventually create new custom ones. In my example I have already created a couple of these to cover the vSphere patches and Host upgrades. At the time of writing the patch Baseline automatically includes 7 patch definitions showing in the lower part of the screen.

domalab.com install vSphere Patches baselines

Let’s edit this Baseline and review settings. Everything is wizard driven and all we need to do is to initially provide name and description. I would advise using a naming convention as the overall will look a lot cleaner especially in big environments with many Baselines for several purposes.

domalab.com install vSphere Patches baseline definition

In the automatic patches selection we can define the criteria for which downloaded patch definitions will be automatically added to the Baseline. It is one of the reason why constant internet access from the VUM is important in order to get the latest definitions. In particular the ones that are more frequent are the ones for vSAN environments. At the time of writing with the configuration as per screenshot below reveals 7 patches in total for VMware ESXi 6.7.0.

domalab.com install vSphere Patches baseline selection

In the next step we can also manually include other patches to the Baseline. I find this option useful when creating Baselines for Extensions instead as we can add for example patches to drivers and other VIBs installed on the vSphere Hosts.

domalab.com install vSphere Patches manual selection

And a final summary with the option to review and amend changes.

domalab.com install vSphere Patches baseline summary

At this point from the Updates tab for each definition we can also see the associated Baselines.

domalab.com install vSphere Patches baseline updates

From the Baseline tab we can associate a vSphere Host to start the staging and remediation process.

domalab.com install vSphere Patches attach baseline

When browsing the Host > Updates section we can see the associated Baselines. Ideally we can initiate the staging process and then remediate the Host.

domalab.com install vSphere Patches review baseline

Thing is this Baseline includes all patches (7) and knowing these are cumulative updates should we really need to install all of them? What we can do instead is to edit the custom Baseline to include only vSphere patches published on or after a specific date. In this case I’m choosing the date of 26th of July 2018 in order to get the latest cumulative updates only. The Baseline now shows 3 vSphere patches out of 7.

domalab.com install vSphere Patches edit baseline

Let’s start by staging locally the patches onto the vSphere Host.

domalab.com install vSphere Patches stage

The process will run in the background and visible from the recent tasks panel.

domalab.com install vSphere Patches staging

At this point we are ready to remediate the vSphere Host. In addition the wizard shows the remediation settings with default values:

Host Settings

  • Allow Quick Boot Yes
  • VM Power state –
  • Disable removable media devices that might prevent a host from entering maintenance mode No
  • Retry entering maintenance mode in case of failure Yes
  • Retry delay (minutes) 5
  • Number of retries 3
  • Allow installation of additional software on PXE booted hosts No

Cluster Settings

  • Disable Distributed Power Management (DPM) Yes
  • Disable High Availability Admission Control No
  • Disable Fault Tolerance (FT) No
  • Enable parallel remediation for hosts in cluster No
  • Migrate powered off and suspended VMs to other hosts in the cluster, if a host must enter maintenance mode

domalab.com install vSphere Patches remediate

According to the remediation settings the installation will:

  • Enter Host in maintenance mode
  • Install vSphere patches
  • Check patches
  • Initiate Host reboot
  • Exit maintenance mode

domalab.com install vSphere Patches baseline remediation

At this point we are now ready to install vSphere patches on the remaining Hosts and make them compliant as well.

domalab.com install vSphere Patches baseline compliance

About the author

Michele Domanico

Passionate about Virtualization, Storage, Data Availability and Software Defined Data Center technologies. The aim of Domalab.com is sharing with the Community the knowledge and experience gained with customers, industry leaders and like minded peers. Always open to constructive feedback and new challenges.

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Browse articles

November 2018
M T W T F S S
« Oct    
 1234
567891011
12131415161718
19202122232425
2627282930  

Articles by Category

Archives

%d bloggers like this: