How To – Use VMware vSphere PowerCLI to patch hosts
Recently I had to patch some ESXi hosts that weren’t being managed via Update Manager. This means that the only way was to patch them manually. The best way I find to do this is via PowerCLI which is just PowerShell cmdlets for vSphere. I thought I would make a post about it in case anyone else needed to do the same…
To be able to run these commands you first need to install PowerCLI for ESXi on your client machine. You can find the install here:
- vSphere PowerCLI 5.0 – for managing vSphere 5 hosts
- vSphere PowerCLI 4.1 – for managing vSphere 4.1 hosts
- vSphere PowerCLI 4.0 – for managing vSphere 4.0 hosts
Once it has installed successfully you can launch it from the Start menu. This will launch a PowerShell like command-line interface. From here you can run all standard PowerShell cmdlets as well as the PowerCLI specific ones.
Now that you have installed vSphere PowerCLI and ran it successfully, lets get started:
1. Download the required patches (from the VMware website) and store them in a central location on your client machine. For this example we will use the
C:\Patches directory. Each patch from VMware will come in a
.zip. You will need to extract within the
C:\Patches directory. You should end up with a folder for each extracted patch all stored within
2. If you haven’t done so already, launch the VMware vSphere PowerCLI console from the Start menu
3. The first thing we need to do is connect to host you want to patch. To do this, run the following command (replacing
4. Next we will need to put the host in maintenance mode. You could do this via the vSphere client or you can just get fancy using the command below (Note: you will need to have all VMs powered off or migrated to another host before enabling maintenance mode):
| Set-VMHost -State Maintenance
5. Next we need to copy the patches onto one of the host’s datastores. To do this, you will need the name of the datastore you want to copy to. Simply replace the below with actual name (Note: you can use vSphere client to find this out):
$DSName = Get-VMHost
| Get-Datastore Copy-DatastoreItem C:\Patches\ $DSName.DatastoreBrowserPath –Recurse
6. Depending on the amount of patches you have and your network performance, step 5 might take a while. Once complete (and if you want to double check) you can use the vSphere client to browse the datastore and ensure all the files and folders have been copied across.
7. Now we get down to the exciting part…. installing the patches. You will need to run the following command for every patch that you have staged on host and you can only run it one at a time:
| Install-VMHostPatch -Hostpath "/vmfs/volumes/ / /metadata.zip"
8. Once the patch has installed successfully, you will see a message saying that it will not be applied until the host has been rebooted. Before rebooting, ensure all required patches have been installed. Once this is done you can either use the vSphere client to reboot or run the following command:
9. Once the machine has rebooted and is back up, connect to it via the VMware vSphere client and ensure the build number has been updated. You can now exit maintenance mode and clean-up the staged patch files from the datastore.
And that is how to patch a VMware vSphere host using PowerCLI… easy right? Also if you are interested in finding out what patches have been applied to a host then this article will help you.
Hope this helps you guys out
For those of you who couldn’t be stuffed reading everything but want the end result, here is the complete list of commands in the order they need to be run in…
Get-VMHost | Set-VMHost -State Maintenance $DSName = Get-VMHost | Get-Datastore Copy-DatastoreItem C:\Patches\ $DSName.DatastoreBrowserPath –Recurse Get-VMHost | Install-VMHostPatch -Hostpath "/vmfs/volumes/ / /metadata.zip" Restart-VMHost -RunAsync -Confirm