Say you have a homelab and, like me, you don’t have the space for a 42U rack and an enterprise vSphere license. Your options are Hyper-V, Xen, Proxmox or… a standalone ESXi machine on a free license.
Every now and then VMware releases updates for it, but there is no way to get them automatically on a standalone ESXi host. Thankfully, it’s not too hard to do by hand and here is a step-by-step that I wrote down for my own purposes.
Outdated ESXi hosts also may or may not be one of the most common findings in network security tests.
Check the patch tracker
There is a great patch tracker for VMware here. See if the build version is newer than yours:
In this case, I am up to date, but if you are not, your build on the host will be older than the latest one in the patch tracker.
Install the update
Technically, there is an option to perform an online update from the CLI. Just click on the image profile link in the patch tracker for the command to run. However, in my experience offline updates are more straightforward and reliable.
Your first step is to enter maintenance mode and enable SSH access. Both can be done from the actions menu on the main page:
To enter maintenance mode, you will need to stop all your running VMs first. This is where your downtime begins.
Case A: version bump for a vendor customized image
Version bumps, e.g. from 6.5 to 6.7 can introduce hardware compatibility issues and are otherwise considered more risky. It is also an imageprofile update and non-customized bundles may refuse to install if you are already on a vendor profile.
Go to VMware download portal and search for %VendorName% Custom Image for ESXi %VersionNumber% Install CD. Download the offline bundle:
Upload this file to any of your datastores. I have one specifically for ISOs, updates and alike, you probably have something similar.
In this case, the filename is VMware-ESXi-6.7.0-10302608-Fujitsu-v460-1-offline_bundle.zip, where you need to take note of the profile version identifier: 10302608-Fujitsu-v460-1.
Now check what your current profile name is:
Given the profile name and version identifier above, the update command will be:
esxcli software profile update -p Fujitsu-VMvisor-Installer-6.7-10302608-v460-1 -d /vmfs/volumes/your_datastore/VMware-ESXi-6.7.0-10302608-Fujitsu-v460-1-offline_bundle.zip
Yours is going to be slightly different, according to your profile.
Case B: security and bug fixes
Minor updates will generally not be released by your hardware vendor. There is a separate page on VMware portal for this. Just select “ESXi (Embedded and Installable)” and your hypervisor version to get a full list of updates, then click “Download” against the ones you need.
Here you don’t need to worry about the profile name. Just upload the zip file to any of your datastores. I have one specifically for ISOs, updates and alike, you probably have something similar. The update command will be simply:
esxcli software vib update -d /vmfs/volumes/your_datastore/ESXi670-201811001.zip
Monitor update progress
There is no --verbose option in esxcli and your only indicators will be vague and scarce messages at the beginning and at the very end of the process. To get a better understanding of what is going on, you can monitor the update progress by checking /var/log/esxupdate.log in another console:
tail -f /var/log/esxupdate.log
Finish the update
Once you have finished installing all the zip files and/or updating the image profile, you just need to disable maintenance mode and reboot your ESXi host. If you have autostart configured, this is it - no further action is required after booting back up.