- SolarWinds Server Performance and Configuration Bundle - Tue, Jun 18 2019
- SolarWinds Patch Manager: Updating Windows and third-party software - Tue, Apr 30 2019
- Monitor file changes in Windows with PowerShell and pswatch - Fri, Feb 1 2019
Using VUM to upgrade ESXi hosts in a GUI is a relatively straightforward process, which Jim Jones shows on 4sysops here. Using PowerCLI, I will show you how to update a single ESXi host and an entire cluster. Please note I am using PowerShell v5.1, PowerCLI v6.3, and vSphere v6 in these examples.
Update Manager baselines ^
VUM uses baselines, which are a group of patches that you can "attach" to a template, virtual machine (VM), ESXi host, cluster, data center, folder, or virtual application (vApp). After attaching a baseline to one of these entities, you can scan to see if it is in compliance, meaning whether it is missing any patches that apply to it in the baseline. Below you can see how to retrieve compliance information about a host with the Get-Compliance cmdlet.
$Baseline = Get-Baseline -Name 'Critical Host Patches (Predefined)' C:\> Get-Compliance -Entity VMHost-1 -Baseline $Baseline Entity Baseline Status ------ -------- ------ VMHost-1 Critical Host Patches (Predefined) Compliant
In this article, I will be using the "Critical Host Patches" baseline exclusively. This built-in baseline includes any critical patches for your ESXi hosts.
If you run the Get-BaseLine cmdlet for the critical baseline in PowerCLI, you can see that it is dynamic. This means it will add new critical patches as they are released and downloaded to this baseline. I have added important updates to this baseline as well. It is a good practice to have VUM download any new patches each day and notify you via email.
Patch a single ESXi host ^
This is the usual process I go through when patching ESXi hosts:
- Update Manager alerts me via email that it has downloaded new patches.
- I take one or more ESXi hosts, scan, stage, patch, and ensure the patch does not break any functionality.
- I then run Update-Entity to deploy the patch to my hosts.
Here I will go through the process of installing patches on just one ESXi host with PowerCLI. The cmdlets used for this are all part of the PowerCLI PowerShell module.
First, I will connect to vCenter.
C:\> Connect-VIServer vcenter Name Port User ---- ---- ---- vcenter 443 DOMAIN\Dan
Next, I will put the ESXi host VMHost-1 into maintenance mode with the Set-VMHost command. Notice I specify ‑State Maintenance. Putting the host in maintenance mode automatically triggers a vMotion of all VMs the host is running to other hosts in the cluster.
C:\> Set-VMHost -VMHost VMHost-1 -State Maintenance
Now I will place the critical host baseline into the $Baseline variable for use in future commands.
C:\> $Baseline = Get-Baseline -Name 'Critical Host Patches (Predefined)'
I ensure the baseline is attached to VMHost-1 with the Add-EntityBaseline command.
C:\> Add-EntityBaseline -Entity VMHost-1 -Baseline $Baseline
To test whether the host is in compliance, I will run Test-Compliance against VMHost-1, followed by Get-Compliance. As you can see, VMHost-1 is "NotCompliant" and needs to be patched.
C:\> Test-Compliance -Entity VMHost-1 C:\> Get-Compliance -Entity VMHost-1 -Baseline $Baseline Entity Baseline Status ------ -------- ------ VMHost-1 Critical Host Patches (Predefined) NotCompliant
To stage the patches to the host, I run Copy-Patch, which will simply copy the patches to the host for installation.
C:\> Copy-Patch -Entity VMHost-1
Finally, it is time to install the patches. Using Update-Entity while specifying the baseline and host will begin to install patches. Notice I use ‑RunAsync. This means that the command will not wait for the process to complete to take me back to the console. I use this mainly because PowerCLI usually throws a "time out" error when waiting for the remediation to complete.
C:\> Update-Entity -Baseline $baseline -Entity VMHost-1 -RunAsync -Confirm:$False Name State % Complete Start Time Finish Time ---- ----- ---------- ---------- ----------- Remediate entity Running 0 03:51:04 PM
Patch all ESXi hosts in a cluster ^
One of the great features of Update Manager is the capability to upgrade or patch an entire data center or cluster with one command. With Update-Entity I can automatically begin the process of patching or upgrading all the hosts in a cluster with the option of performing remediation in parallel. While performing remediation in parallel, vCenter will automatically calculate how many hosts it can remediate concurrently and load balance VMs using Distributed Resource Scheduler (DRS) on the hosts it is not remediating.
The process of patching a cluster is almost identical to performing a patch on an ESXi host. The main difference is that I am specifying the cluster in the -Entity parameter as well as some additional parameters in the Update-Entity command.
In this example I remediate "TestCluster" against the critical host baseline.
C:\> Connect-VIServer -Server vcenter Name Port User ---- ---- ---- vcenter 443 DOMAIN\Dan C:\> $Cluster = Get-Cluster -Name 'TestCluster' C:\> $Baseline = Get-Baseline -Name 'Critical Host Patches (Predefined)' C:\> Add-EntityBaseline -Entity $Cluster -Baseline $Baseline C:\> Test-Compliance -Entity $Cluster C:\> Get-Compliance -Entity $Cluster -Baseline $Baseline Entity Baseline Status ------ -------- ------ VMHost-1 Critical Host Patches (Predefined) NotCompliant VmHost-2 Critical Host Patches (Predefined) NotCompliant C:\> Copy-Patch -Entity $Cluster -Baseline $Baseline
As you can see the ESXi hosts VMHost-1 and VMHost-2 are not compliant and can be patched. Now I can run Update-Entity specifying to disable distributed power management, high availability, and fault tolerance, which VMware recommends. I also specify in the command to perform remediation in parallel with ‑ClusterEnableParallelRemediation:$true.
Subscribe to 4sysops newsletter!
C:\> Update-Entity -Entity $Cluster -Baseline $Baseline ‑ClusterDisableDistributedPowerManagement:$true ‑ClusterDisableHighAvailability:$true ‑ClusterDisableFaultTolerance:$true ‑ClusterEnableParallelRemediation:$true ‑RunAsync ‑Confirm:$False Name State % Complete Start Time Finish Time ---- ----- ---------- ---------- ----------- Remediate entity Running 0 09:37:37 AM