esxi_host_patch_update

ESXi host patch/update

출처 : http://blog.nullfree.kr/5

VMware ESXi 6.0 호스트의 보안패치를 포함한 각종 업데이트를 설치하는 방법을 정리해 보았다.

이번에 소개할 방법은 .vib나 .zip 형식의 이미지 파일을 PC에 다운로드 받아 Datastore에 업로드한 후 진행하는 방식이 아니라,
업데이트 프로그램이 직접 VMware Repository에서 필요한 파일을 다운로드 받도록 하는 좀더 간편한 방식이다.

  • ESXi 호스트에 SSH로 접속가능한 상태여야 한다.
  • ESXi 패치는 누적패치(Cumulative Patch) 이기 때문에 가장 최근 버전만 설치하면 된다.
  • 특별한 사유가 없는한 Image Profile Name이 “-standard”로 끝나는 프로필만 신경쓰도록 한다. “-no-tools”의 경우 VMTools가 제거된 버전이다

VMware 홈페이지에 로그인 후 패치정보를 검색할 수도 있으나 ESXi 패치이력을 추적해 주는 아래 사이트를 방문해서 확인할 수 있다.
VMware ESXi Patch Tracker: https://esxi-patches.v-front.de/

참고로 2016년 2월 27일 기준 가장 최신버전은 “ESXi-6.0.0-20160204001-standard”, Build 3568940 이다.

이후 단계에서는 SSH 클라이언트의 Shell 프롬프트에 명령을 입력하는 방식으로 진행한다.

vim-cmd /hostsvc/maintenance_mode_enter
esxcli network firewall ruleset set -e true -r httpClient
esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep ESXi-6.5
[root@node41:~] esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep ESXi-6.5
ESXi-6.5.0-20170301001s-standard  VMware, Inc.  PartnerSupported
ESXi-6.5.0-20170304001-no-tools   VMware, Inc.  PartnerSupported
ESXi-6.5.0-4564106-no-tools       VMware, Inc.  PartnerSupported
ESXi-6.5.0-20170404001-standard   VMware, Inc.  PartnerSupported
ESXi-6.5.0-20170104001-standard   VMware, Inc.  PartnerSupported
ESXi-6.5.0-20170301001s-no-tools  VMware, Inc.  PartnerSupported
ESXi-6.5.0-4564106-standard       VMware, Inc.  PartnerSupported
ESXi-6.5.0-20170104001-no-tools   VMware, Inc.  PartnerSupported
ESXi-6.5.0-20170304101-no-tools   VMware, Inc.  PartnerSupported
ESXi-6.5.0-20170304101-standard   VMware, Inc.  PartnerSupported
ESXi-6.5.0-20170404001-no-tools   VMware, Inc.  PartnerSupported
ESXi-6.5.0-20170304001-standard   VMware, Inc.  PartnerSupported

2번 단계에서 알아둔 Image Profile Name이 Repository상에 실제로 존재함을 확인한다.

esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p "Image Profile Name"

위의 명령줄에서 Image Profile Name 부분을 반드시 실제로 설치하고자 하는 패치의 Image Profile Name 으로 바꿔주어야 한다.

esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p "ESXi-6.5.0-20170404001-standard"

업데이트 진행중에는 특별한 Progress가 표시되지 않고 작업이 끝나야만 결과메시지가 나타나므로, 화면에 출력되는 내용이 없더라도 잠시 기다리도록 한다.
한편 명령줄 마지막에 –dry-run 옵션을 추가하면 실제 설치작업이 일어나지 않고 어떠한 변경작업들이 발생하는지 시뮬레이션을 수행해 볼 수도 있다.

정상적으로 완료되면 아래와 같이 출력된다.

[root@node41:~] esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p "ESXi-6.5.0-20170404001-standard"
Update Result
   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
   Reboot Required: true
   VIBs Installed: VMware_bootbank_esx-base_6.5.0-0.19.5310538, VMware_bootbank_esx-ui_1.18.0-5270848, VMware_bootbank_vsan_6.5.0-0.19.5310540, VMware_bootbank_vsanhealth_6.5.0-0.19.5310541
   VIBs Removed: VMware_bootbank_esx-base_6.5.0-0.15.5224529, VMware_bootbank_esx-ui_1.15.0-5069532, VMware_bootbank_vsan_6.5.0-0.15.5224529, VMware_bootbank_vsanhealth_6.5.0-0.15.5224529
   VIBs Skipped: VMW_bootbank_ata-libata-92_3.00.9.2-16vmw.650.0.0.4564106, VMW_bootbank_ata-pata-amd_0.3.10-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-atiixp_0.4.6-4vmw.650.0.0.4564106, VMW_bootbank_ata-pata-cmd64x_0.2.5-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-hpt3x2n_0.3.4-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-pdc2027x_1.0-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-serverworks_0.4.3-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-sil680_0.4.8-3vmw.650.0.0.4564106, VMW_bootbank_ata-pata-via_0.3.3-2vmw.650.0.0.4564106, VMW_bootbank_block-cciss_3.6.14-10vmw.650.0.0.4564106, VMW_bootbank_char-random_1.0-3vmw.650.0.0.4564106, VMW_bootbank_ehci-ehci-hcd_1.0-4vmw.650.0.14.5146846, VMW_bootbank_elxnet_11.1.91.0-1vmw.650.0.0.4564106, VMW_bootbank_hid-hid_1.0-3vmw.650.0.0.4564106, VMW_bootbank_i40en_1.1.0-1vmw.650.0.0.4564106, VMW_bootbank_igbn_0.1.0.0-12vmw.650.0.0.4564106, VMW_bootbank_ima-qla4xxx_2.02.18-1vmw.650.0.0.4564106, VMW_bootbank_ipmi-ipmi-devintf_39.1-4vmw.650.0.0.4564106, VMW_bootbank_ipmi-ipmi-msghandler_39.1-4vmw.650.0.0.4564106, VMW_bootbank_ipmi-ipmi-si-drv_39.1-4vmw.650.0.0.4564106, VMW_bootbank_ixgben_1.0.0.0-9vmw.650.0.14.5146846, VMW_bootbank_lpfc_11.1.0.6-1vmw.650.0.0.4564106, VMW_bootbank_lsi-mr3_6.910.18.00-1vmw.650.0.0.4564106, VMW_bootbank_lsi-msgpt2_20.00.01.00-3vmw.650.0.0.4564106, VMW_bootbank_lsi-msgpt3_12.00.02.00-11vmw.650.0.0.4564106, VMW_bootbank_misc-cnic-register_1.78.75.v60.7-1vmw.650.0.0.4564106, VMW_bootbank_misc-drivers_6.5.0-0.14.5146846, VMW_bootbank_mtip32xx-native_3.9.5-1vmw.650.0.0.4564106, VMW_bootbank_ne1000_0.8.0-11vmw.650.0.14.5146846, VMW_bootbank_nenic_1.0.0.2-1vmw.650.0.0.4564106, VMW_bootbank_net-bnx2_2.2.4f.v60.10-2vmw.650.0.0.4564106, VMW_bootbank_net-bnx2x_1.78.80.v60.12-1vmw.650.0.0.4564106, VMW_bootbank_net-cdc-ether_1.0-3vmw.650.0.0.4564106, VMW_bootbank_net-cnic_1.78.76.v60.13-2vmw.650.0.0.4564106, VMW_bootbank_net-e1000_8.0.3.1-5vmw.650.0.0.4564106, VMW_bootbank_net-e1000e_3.2.2.1-2vmw.650.0.0.4564106, VMW_bootbank_net-enic_2.1.2.38-2vmw.650.0.0.4564106, VMW_bootbank_net-fcoe_1.0.29.9.3-7vmw.650.0.0.4564106, VMW_bootbank_net-forcedeth_0.61-2vmw.650.0.0.4564106, VMW_bootbank_net-igb_5.0.5.1.1-5vmw.650.0.0.4564106, VMW_bootbank_net-ixgbe_3.7.13.7.14iov-20vmw.650.0.0.4564106, VMW_bootbank_net-libfcoe-92_1.0.24.9.4-8vmw.650.0.0.4564106, VMW_bootbank_net-mlx4-core_1.9.7.0-1vmw.650.0.0.4564106, VMW_bootbank_net-mlx4-en_1.9.7.0-1vmw.650.0.0.4564106, VMW_bootbank_net-nx-nic_5.0.621-5vmw.650.0.0.4564106, VMW_bootbank_net-tg3_3.131d.v60.4-2vmw.650.0.0.4564106, VMW_bootbank_net-usbnet_1.0-3vmw.650.0.0.4564106, VMW_bootbank_net-vmxnet3_1.1.3.0-3vmw.650.0.0.4564106, VMW_bootbank_nhpsa_2.0.6-3vmw.650.0.0.4564106, VMW_bootbank_nmlx4-core_3.16.0.0-1vmw.650.0.0.4564106, VMW_bootbank_nmlx4-en_3.16.0.0-1vmw.650.0.0.4564106, VMW_bootbank_nmlx4-rdma_3.16.0.0-1vmw.650.0.0.4564106, VMW_bootbank_nmlx5-core_4.16.0.0-1vmw.650.0.0.4564106, VMW_bootbank_ntg3_4.1.0.0-1vmw.650.0.0.4564106, VMW_bootbank_nvme_1.2.0.32-2vmw.650.0.0.4564106, VMW_bootbank_nvmxnet3_2.0.0.22-1vmw.650.0.0.4564106, VMW_bootbank_ohci-usb-ohci_1.0-3vmw.650.0.0.4564106, VMW_bootbank_pvscsi_0.1-1vmw.650.0.0.4564106, VMW_bootbank_qedentv_2.0.3.29-1vmw.650.0.0.4564106, VMW_bootbank_qfle3_1.0.2.7-1vmw.650.0.0.4564106, VMW_bootbank_qflge_1.1.0.3-1vmw.650.0.0.4564106, VMW_bootbank_qlnativefc_2.1.30.0-11vmw.650.0.0.4564106, VMW_bootbank_sata-ahci_3.0-22vmw.650.0.0.4564106, VMW_bootbank_sata-ata-piix_2.12-10vmw.650.0.0.4564106, VMW_bootbank_sata-sata-nv_3.5-4vmw.650.0.0.4564106, VMW_bootbank_sata-sata-promise_2.12-3vmw.650.0.0.4564106, VMW_bootbank_sata-sata-sil24_1.1-1vmw.650.0.0.4564106, VMW_bootbank_sata-sata-sil_2.3-4vmw.650.0.0.4564106, VMW_bootbank_sata-sata-svw_2.3-3vmw.650.0.0.4564106, VMW_bootbank_scsi-aacraid_1.1.5.1-9vmw.650.0.0.4564106, VMW_bootbank_scsi-adp94xx_1.0.8.12-6vmw.650.0.0.4564106, VMW_bootbank_scsi-aic79xx_3.1-5vmw.650.0.0.4564106, VMW_bootbank_scsi-bnx2fc_1.78.78.v60.8-1vmw.650.0.0.4564106, VMW_bootbank_scsi-bnx2i_2.78.76.v60.8-1vmw.650.0.0.4564106, VMW_bootbank_scsi-fnic_1.5.0.45-3vmw.650.0.0.4564106, VMW_bootbank_scsi-hpsa_6.0.0.84-1vmw.650.0.0.4564106, VMW_bootbank_scsi-ips_7.12.05-4vmw.650.0.0.4564106, VMW_bootbank_scsi-iscsi-linux-92_1.0.0.2-3vmw.650.0.0.4564106, VMW_bootbank_scsi-libfc-92_1.0.40.9.3-5vmw.650.0.0.4564106, VMW_bootbank_scsi-megaraid-mbox_2.20.5.1-6vmw.650.0.0.4564106, VMW_bootbank_scsi-megaraid-sas_6.603.55.00-2vmw.650.0.0.4564106, VMW_bootbank_scsi-megaraid2_2.00.4-9vmw.650.0.0.4564106, VMW_bootbank_scsi-mpt2sas_19.00.00.00-1vmw.650.0.0.4564106, VMW_bootbank_scsi-mptsas_4.23.01.00-10vmw.650.0.0.4564106, VMW_bootbank_scsi-mptspi_4.23.01.00-10vmw.650.0.0.4564106, VMW_bootbank_scsi-qla4xxx_5.01.03.2-7vmw.650.0.0.4564106, VMW_bootbank_shim-iscsi-linux-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-iscsi-linux-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libata-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libata-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libfc-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libfc-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libfcoe-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-libfcoe-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-vmklinux-9-2-1-0_6.5.0-0.0.4564106, VMW_bootbank_shim-vmklinux-9-2-2-0_6.5.0-0.0.4564106, VMW_bootbank_shim-vmklinux-9-2-3-0_6.5.0-0.0.4564106, VMW_bootbank_uhci-usb-uhci_1.0-3vmw.650.0.0.4564106, VMW_bootbank_usb-storage-usb-storage_1.0-3vmw.650.0.0.4564106, VMW_bootbank_usbcore-usb_1.0-3vmw.650.0.0.4564106, VMW_bootbank_vmkata_0.1-1vmw.650.0.0.4564106, VMW_bootbank_vmkplexer-vmkplexer_6.5.0-0.0.4564106, VMW_bootbank_vmkusb_0.1-1vmw.650.0.14.5146846, VMW_bootbank_vmw-ahci_1.0.0-34vmw.650.0.14.5146846, VMW_bootbank_xhci-xhci_1.0-3vmw.650.0.0.4564106, VMware_bootbank_cpu-microcode_6.5.0-0.0.4564106, VMware_bootbank_emulex-esx-elxnetcli_11.1.28.0-0.0.4564106, VMware_bootbank_esx-dvfilter-generic-fastpath_6.5.0-0.0.4564106, VMware_bootbank_esx-tboot_6.5.0-0.0.4564106, VMware_bootbank_esx-xserver_6.5.0-0.0.4564106, VMware_bootbank_lsu-hp-hpsa-plugin_2.0.0-3vmw.650.0.0.4564106, VMware_bootbank_lsu-lsi-lsi-mr3-plugin_1.0.0-7vmw.650.0.0.4564106, VMware_bootbank_lsu-lsi-lsi-msgpt3-plugin_1.0.0-6vmw.650.0.0.4564106, VMware_bootbank_lsu-lsi-megaraid-sas-plugin_1.0.0-7vmw.650.0.0.4564106, VMware_bootbank_lsu-lsi-mpt2sas-plugin_2.0.0-5vmw.650.0.0.4564106, VMware_bootbank_native-misc-drivers_6.5.0-0.0.4564106, VMware_bootbank_rste_2.0.2.0088-4vmw.650.0.0.4564106, VMware_bootbank_vmware-esx-esxcli-nvme-plugin_1.2.0.10-0.0.4564106, VMware_locker_tools-light_6.5.0-0.0.4564106
reboot

재부팅 과정에서 SSH 연결이 끊어지므로, 재부팅이 완료되면 SSH를 재접속해야 한다.

[root@node41:~] esxcli software vib list | grep esx-base
esx-base                       6.5.0-0.19.5310538                    VMware   VMwareCertified     2017-07-04  

2단계에서 알아둔 빌드번호와 일치하는지 확인해 본다.

vim-cmd /hostsvc/maintenance_mode_exit
[root@esxi:~] esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.7.0-20180704001-standard
 [InstallationError]
 Failed updating the bootloader: Execution of command /usr/lib/vmware/bootloader-installer/install-bootloader failed: non-zero code returned
 return code: 1
 output: ERROR: ld.so: object '/lib/libMallocArenaFix.so' from LD_PRELOAD cannot be preloaded: ignored.
 Traceback (most recent call last):
   File "/usr/lib/vmware/bootloader-installer/install-bootloader", line 31, in <module>
     import vmkctl
 MemoryError
       vibs = VMware_bootbank_esx-base_6.7.0-0.17.9214924
 Please refer to the log file for more details.
[root@esxi:~] esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p "ESXi-6.7.0-20181004001-standard"
 [InstallationError]
 [Errno 28] No space left on device
       vibs = VMware_locker_tools-light_10.2.1.8267844-8941472
 Please refer to the log file for more details.

위와같은 에러 발생시. 호스트 (관리> 스왑> 데이터 저장소) 에서 스왑 활성화 하면 해결됨. (메모리 부족)

  • 스왑 사용
  • 데이터스토어 선택
  • 호스트 캐시 사용
  • 로컬 스왑 사용

만약 스왑을 활성화 했는데도 동일한 오류가 아래처럼 발생하는경우

[root@esxi:~] esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p "ESXi-6.7.0-20191204001-standard"
 [InstallationError]
 [Errno 28] No space left on device
       vibs = VMware_locker_tools-light_11.0.1.14773994-15160134
 Please refer to the log file for more details.
[root@esxi:~] 

이런경우 ESXi-6.7.0-20191204001-no-tools 커널로 업데이트를 하고 위에서 오류가 발생된 vib VMware_locker_tools-light_11.0.1.14773994-15160134를 수동으로 설치하면 된다.

또는 반대로 문제가 된 vib 를 먼저 설치후 standard 커널을 설치하면 된다.

[root@esxi:~] esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p "ESXi-6.7.0-20191204001-no-tools"

[root@esxi:~] esxcli software vib install -v https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/esx/vmw/vib20/tools-light/VMware_locker_tools-light_11.0.1.14773994-15160134.vib

홈페이지에서 번들 파일을 내려받아 업데이트 하는 방법에 대한 설명
번들파일을 데이터스토어에 업로드한 후 해당 파일로 업데이트

esxcli software vib install -d "/vmfs/volumes/Datastore/DirectoryName/PatchName.zip"
로그인하면 댓글을 남길 수 있습니다.
  • esxi_host_patch_update.txt
  • 마지막으로 수정됨: 2020/01/31 11:13
  • 저자 koov