In a vSphere environment, VMware states that vSphere Update Manager (VUM) is the preferred method of upgrading and patching vSphere. Fortunately for PowerShell users, PowerCLI supports performing the functions of VUM.

Dan Franciscus

Dan Franciscus is a systems engineer and VMware Certified Professional (VCP) specializing in VMware, PowerShell, and other Microsoft-based technologies. You can reach Dan at his blog or his Twitter at @dan_franciscus.

Using VUM to upgrade ESXi hosts in a GUI is a relatively straightforward process, which Jim Jones shows on 4sysops here. Using PowerCLI, I will show you how to update a single ESXi host and an entire cluster. Please note I am using PowerShell v5.1, PowerCLI v6.3, and vSphere v6 in these examples.

Update Manager baselines ^

VUM uses baselines, which are a group of patches that you can "attach" to a template, virtual machine (VM), ESXi host, cluster, data center, folder, or virtual application (vApp). After attaching a baseline to one of these entities, you can scan to see if it is in compliance, meaning whether it is missing any patches that apply to it in the baseline. Below you can see how to retrieve compliance information about a host with the Get-Compliance cmdlet.

In this article, I will be using the "Critical Host Patches" baseline exclusively. This built-in baseline includes any critical patches for your ESXi hosts.

If you run the Get-BaseLine cmdlet for the critical baseline in PowerCLI, you can see that it is dynamic. This means it will add new critical patches as they are released and downloaded to this baseline. I have added important updates to this baseline as well. It is a good practice to have VUM download any new patches each day and notify you via email.

Output of Get Baseline

Output of Get Baseline

Patch a single ESXi host ^

This is the usual process I go through when patching ESXi hosts:

  • Update Manager alerts me via email that it has downloaded new patches.
  • I take one or more ESXi hosts, scan, stage, patch, and ensure the patch does not break any functionality.
  • I then run Update-Entity to deploy the patch to my hosts.

Here I will go through the process of installing patches on just one ESXi host with PowerCLI. The cmdlets used for this are all part of the PowerCLI PowerShell module.

First, I will connect to vCenter.

Next, I will put the ESXi host VMHost-1 into maintenance mode with the Set-VMHost command. Notice I specify ‑State Maintenance. Putting the host in maintenance mode automatically triggers a vMotion of all VMs the host is running to other hosts in the cluster.

Now I will place the critical host baseline into the $Baseline variable for use in future commands.

I ensure the baseline is attached to VMHost-1 with the Add-EntityBaseline command.

To test whether the host is in compliance, I will run Test-Compliance against VMHost-1, followed by Get-Compliance. As you can see, VMHost-1 is "NotCompliant" and needs to be patched.

To stage the patches to the host, I run Copy-Patch, which will simply copy the patches to the host for installation.

Finally, it is time to install the patches. Using Update-Entity while specifying the baseline and host will begin to install patches. Notice I use ‑RunAsync. This means that the command will not wait for the process to complete to take me back to the console. I use this mainly because PowerCLI usually throws a "time out" error when waiting for the remediation to complete.

Patch all ESXi hosts in a cluster ^

One of the great features of Update Manager is the capability to upgrade or patch an entire data center or cluster with one command. With Update-Entity I can automatically begin the process of patching or upgrading all the hosts in a cluster with the option of performing remediation in parallel. While performing remediation in parallel, vCenter will automatically calculate how many hosts it can remediate concurrently and load balance VMs using Distributed Resource Scheduler (DRS) on the hosts it is not remediating.

The process of patching a cluster is almost identical to performing a patch on an ESXi host. The main difference is that I am specifying the cluster in the -Entity parameter as well as some additional parameters in the Update-Entity command.

In this example I remediate "TestCluster" against the critical host baseline.

As you can see the ESXi hosts VMHost-1 and VMHost-2 are not compliant and can be patched. Now I can run Update-Entity specifying to disable distributed power management, high availability, and fault tolerance, which VMware recommends. I also specify in the command to perform remediation in parallel with ‑ClusterEnableParallelRemediation:$true.

Win the monthly 4sysops member prize for IT pros

Share
0

Related Posts

1 Comment
  1. Will 4 months ago

    This post is a huge help, thanks!

    1+

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account