This seems basic, but I'm confused about the patching strategy involved with manually updating standalone VMware ESXi hosts. The VMware vSphere blog attempts to explain this, but the actual process is still not clear to me.
From the blog:
Say Patch01 includes updates for the following VIBs: "esxi-base", "driver10" and "driver 44". And then later Patch02 comes out with updates to "esxi-base", "driver20" and "driver 44".
P2 is cumulative in that the "esxi-base" and "driver44" VIBs will include the updates in Patch01. However, it's important to note that Patch02 not include the "driver 10" VIB as that module was not updated.
This VMware Communities post gives a different answer. This one contradicts the other.
Many of the ESXi installations I encounter are standalone and do not utilize Update Manager. It is possible to update an individual host using the patches make available through the VMWare patch download portal. The process is quite simple, so that part makes sense.
The bigger issue is determining what exactly to actually download and install. In my case, I have a good number of HP-specific ESXi builds that incorporate sensors and management for HP ProLiant hardware.
- Let's say that those servers start with an ESXi build #474610 from 9/2011.
- Looking at the patch portal screenshot below, there is a patch for ESXi update01, build #623860. There are also patches for builds #653509 and #702118.
- Coming an old version of ESXi (e.g. vendor-specific build), what is the proper approach to bring the system fully up-to-date? Which patches are cumulative and which need to be applied sequentially? Is installing the newest build the right approach, or do I need to step back and patch incrementally?
- Another consideration is the large size of the patch downloads. At sites with limited bandwidth, downloading of multiple ~300mb patches is difficult.
ESXi patches are cumulative. I just went from Build Number: 623860 to Build Number: 721882 skipping several patches. No problems.
VMware Employee Kyle Gleed says "Patches are cumulative. We typically release patch bundles every 3 months. A new patch bulletin will include all the updates/fixes from any earlier bulletins."
http://blogs.vmware.com/vsphere/2012/02/understanding-esxi-patches-finding-patches.html
There is a new blog post from VMware
The relevant summary is:
...
So, yes. They are cumulative as long as you install them properly.
The patches appear to be cumulative, assuming you start with the most recent installable (.ISO-based) package as a foundation.
So my most recent example was pulling the ESXi 5.1 .ISO (build #799733) down and installing it onto my physical servers. From there, I had an option of build #838463 or #914609. Close analysis of the changelogs and knowledgebase entries showed that the #914609 build included everything from #838463. So I was able to go directly to that revision level, starting from the base install (#799733).
Given the complexity of their patching system, I would install the latest build and update from there if that is possible in your environment.
Store all of you downloads in one location, renaming them if necessary/possible so that you know the order to patch on your other systems with limited bandwidth. Put those files on a large USB and take it with you to your other locations.
Trying to figure out that goofy patch structure looks maddening.
ewwhite, You may have already come across this article but I had it bookmarked awhile back:
http://blogs.vmware.com/vsphere/2012/02/understanding-esxi-patches-finding-patches.html
Hopefully this helps