Using VMware vSphere Update Manager with PowerCLI

In a vSphere environment, VMware states that vSphere Update Manager (VUM) is the preferred method of upgrading and patching vSphere. Fortunately for PowerShell users, PowerCLI supports performing the functions of VUM.

Using VUM to upgrade ESXi hosts in a GUI is a relatively straightforward process, which Jim Jones shows on 4sysops here. Using PowerCLI, I will show you how to update a single ESXi host and an entire cluster. Please note I am using PowerShell v5.1, PowerCLI v6.3, and vSphere v6 in these examples.

Update Manager baselines ^

VUM uses baselines, which are a group of patches that you can "attach" to a template, virtual machine (VM), ESXi host, cluster, data center, folder, or virtual application (vApp). After attaching a baseline to one of these entities, you can scan to see if it is in compliance, meaning whether it is missing any patches that apply to it in the baseline. Below you can see how to retrieve compliance information about a host with the Get-Compliance cmdlet.

In this article, I will be using the "Critical Host Patches" baseline exclusively. This built-in baseline includes any critical patches for your ESXi hosts.

If you run the Get-BaseLine cmdlet for the critical baseline in PowerCLI, you can see that it is dynamic. This means it will add new critical patches as they are released and downloaded to this baseline. I have added important updates to this baseline as well. It is a good practice to have VUM download any new patches each day and notify you via email.

Output of Get Baseline

Output of Get Baseline

Patch a single ESXi host ^

This is the usual process I go through when patching ESXi hosts:

  • Update Manager alerts me via email that it has downloaded new patches.
  • I take one or more ESXi hosts, scan, stage, patch, and ensure the patch does not break any functionality.
  • I then run Update-Entity to deploy the patch to my hosts.

Here I will go through the process of installing patches on just one ESXi host with PowerCLI. The cmdlets used for this are all part of the PowerCLI PowerShell module.

First, I will connect to vCenter.

Next, I will put the ESXi host VMHost-1 into maintenance mode with the Set-VMHost command. Notice I specify ‑State Maintenance. Putting the host in maintenance mode automatically triggers a vMotion of all VMs the host is running to other hosts in the cluster.

Now I will place the critical host baseline into the $Baseline variable for use in future commands.

I ensure the baseline is attached to VMHost-1 with the Add-EntityBaseline command.

To test whether the host is in compliance, I will run Test-Compliance against VMHost-1, followed by Get-Compliance. As you can see, VMHost-1 is "NotCompliant" and needs to be patched.

To stage the patches to the host, I run Copy-Patch, which will simply copy the patches to the host for installation.

Finally, it is time to install the patches. Using Update-Entity while specifying the baseline and host will begin to install patches. Notice I use ‑RunAsync. This means that the command will not wait for the process to complete to take me back to the console. I use this mainly because PowerCLI usually throws a "time out" error when waiting for the remediation to complete.

Patch all ESXi hosts in a cluster ^

One of the great features of Update Manager is the capability to upgrade or patch an entire data center or cluster with one command. With Update-Entity I can automatically begin the process of patching or upgrading all the hosts in a cluster with the option of performing remediation in parallel. While performing remediation in parallel, vCenter will automatically calculate how many hosts it can remediate concurrently and load balance VMs using Distributed Resource Scheduler (DRS) on the hosts it is not remediating.

The process of patching a cluster is almost identical to performing a patch on an ESXi host. The main difference is that I am specifying the cluster in the -Entity parameter as well as some additional parameters in the Update-Entity command.

In this example I remediate "TestCluster" against the critical host baseline.

As you can see the ESXi hosts VMHost-1 and VMHost-2 are not compliant and can be patched. Now I can run Update-Entity specifying to disable distributed power management, high availability, and fault tolerance, which VMware recommends. I also specify in the command to perform remediation in parallel with ‑ClusterEnableParallelRemediation:$true.

Want to write for 4sysops? We are looking for new authors.

Read 4sysops without ads by becoming a member!

2+
Share
7 Comments
  1. Will 3 years ago

    This post is a huge help, thanks!

    3+

  2. Rishabh 1 year ago

    In patching all Esxi hosts in a cluster how do we put the hosts into Maintenance mode ? Does it go into maintenance mode itself ???

    1+

    • Shane 7 months ago

      Yes it does, so long as you do not have anything preventing the VMs from vMotioning.

      0

  3. Pete Foret 5 months ago

    I would suggest you run a script to detach and CDRom and unmount any VMWare tools install

    0

  4. Pete Foret 5 months ago

    Question about disabling alarms. So we are on the same page I am talking about when you right-click a host and left-click disable alarms. 

     

    I can't find a script that will allow me to disable the alarm and then enable the alarm on a per-host basis. Do you by chance have anything?

    0

  5. Pete Foret 5 months ago

    Another question'

     

    How would you combine baselines? For example, Critical Host Patches (Predefined) and Non-Critical Host Patches (Predefined)

    0

    • Matt 2 months ago

      Add them with commas

      $Baseline = Get-Basline -Name "Baseline Name 1", "Baseline Name 2"

      Great post, thanks.

      0

Leave a reply to Rishabh Click here to cancel the reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account