Virtual Geek

Tales from real IT system administrators world and non-production environment

VMware LifeCycle Manager import updates bundle and patch ESXi server

With VMware vCenter version 7 Lifecyle Management is greatly improved as with new name lifecycle manager with new features (formerly VUM [VMware Update manager]). The new innovations for lifecycle management in vSphere 7 make it easy for customers to have consistent and up-to-date systems. The major lifecycle management improvements in vSphere 7 are vCenter Server Profiles, Update Planner and vSphere Lifecycle Manager (vLCM).

In this article I will use VMware LifeCycle Manager (formerly VUM [VMware Update Manager]) to import ESXi offline patch bundle depot and update it on ESXi server. Log in to the vCenter, on vSphere HTML5 Client >> on the dropdown list of Menu >> Select LifeCycle Manager >> From the Actions drop down >> Choose Import Updates

vmware vsphere esxi vcenter lifecycle manager Import updates  sync updates sync hcl hosts and clusters vmware update manager vum vsphere html client patches bundle.png

I have downloaded ESXi server offline bundle depot zip file from VMware repository website. Browse and select the the bundle zip file, once you click open VMware starts importing zip file.

vmware vsphere vcenter esxi lifecycle manager vmware update manager planner import updates vmware esxi bundle depot manual zip url sync updates build patching esxi browse.png

Patch bundle depot is listed under Image Depot, you can view what components (Vib packages with version) it has.

vmware vsphere esxi vcenter lifecycle manager patcing image depot esxi versions vendor addons componets baselines imported isos updates actions auto deploy administration vsphere client tasks.png

Next create a New Baseline on Baselines tab. Under Create Baseline wizard provide it a name, content is a Patch, Click next.

vmware vsphere vcenter esxi lifecyle manager vmware update manager vum esxi offline bundle patch security critical patch cve-2020-3992 cve.png

On the next screen Select Patches Automatically, Under Matched tab, browse through all the pages and de-select all patches, on the last page select the imported Patch from the list. Note the Selected patch count is only 1. Click Next.

vmware vsphere esxi vcenter lifecycle manager vmware update manager vum create baseline select patches automatically esxi install upgrade component bundle patch matched excludeed criteria selected.png

In the Select Patches Manually is blank and nothing to do, Click Next.

vmware vsphere esxi vcenter lifecycle manager html5 client create baseline select patches manually add patches manually esxi patch offline bundle depot.png

In the Summary page review your setting selections before finishing the wizard, and click Finish button.

vmware vsphere esxi vcenter create baseline select patches automatically select patches manually baseline esxi depot vendor crietria patch bundle vib.png

New Baseline is listed under Baselines and Baseline Groups.

VMware vsphere vcenter lifecycle manager new baseline install upgrade patches esxi bundle depot baseline and baseline groups duplicate imported ISOs.png

Go to the Cluster or ESXi server, Select Updates tab, note down the Build number of ESXi server, Click Attach from drop down select Attach Baseline or Baseline Group. Click check box on newly created Baseline and click Attach.

vmware vsphere vcenter baseline attached baselines and baseline groups hardware compatiblity stage patches remediation pre-check esxi patch bundle depot zip profile.png

Select the attached Baseline and click Remediate. (If you are running standalone host make sure your VMs are shutdown). 

Staging lets you download the patches and extensions from the vSphere Lifecycle Manager repository to ESXi hosts, without applying the patches and extensions immediately. Staging patches and extensions speeds up the remediation process, because the patches and extensions are already available locally on the hosts.

I am directly going with remediation process.

vmware vsphere esxi lifecycle manager update planner attach baseline groups detach stage remediate check compliance schedule patching pre-check redmediation complaint unknown bundle.png

Choose the ESXi host to remediate.   

vmware vsphere remediate esxi server with lifecycle manager vmware update manager vum pre-check scheduling option remediation settings export patch bundle.png

This starts the process, you can view the status under Recent Tasks. It takes 10 to 15 min to update patch on ESXi, during this process ESXi host is restarted.

vmware vsphere esxi lifecycle manager recent task remediate entity vmware update manager vum administrator@vsphere.local patching bundle esxi server depot zip.png

Once Server is up, view the status of Esxi server under updates tab, check the build number and status of Baseline it shows Compliant. Esxi server is successfully patched with imported patch bundle.

vmware vsphere esxi vcenter lifecycle manager baslines installed version host complaince non-complaint complaint pre-check remediate stage attach detach baseline groups patches bundle depot.png

Useful Articles
VMware LifeCycle Manager There are conflicts from the patches selected for staging or remediation
How to update a patch on an ESXi host via command line
ESXi 6.0 update offline bundle via esxcli commandline: DependencyError VIB bootbank requires VSAN ImageProfile
ESXi 6.5 upgrade bundle via command line: No Space Left On Device Error
Registering HPE ILO amplifier pack (Hardware support manager) with vCenter 7 Lifecycle manager

Go Back


Blog Search

Page Views


Follow me on Blogarama