If you have just installed the latest VMware vSphere 6 for example and want to patch, but you don’t know how? This guide is especially useful if your ESXi host is not connected to the internet. Many folks are waiting for VMware to “polish” the 6.0 release the latest patches which don’t break things, but that’s not always the case.

According to the latest KB2145667, you can safely go ahead and finally patch ESXi 6.0 host as the latest ESXi 6.0 patch don’t break anything. This patch is cumulative. Those of you who stepped in and runs vSphere 6.0, you might want to install latest ESXi VMware patch. Especially the one fixing the nasty CBT bug, where backing up a virtual machine with Change Block Tracking (CBT) enabled fails on ESXi 6.0.

So in today’s post we look at the patching process. Where to download the latest patches and how to apply them to the host. We will focus on simple CLI method today for environments with single ESXi host. This can be the case for branch office or a test environment or simply a site without the resources to purchase a license package that includes vCenter.

Step 1: The patch download portal first (you need VMware login – create a free account if you haven’t done yet).

Select the product you want to download patches (in our case ESXi 6.0)

Select patches you want to download. (they are cumulative).

Step 2: Download the ZIP file and upload it to a datastore (via vsphere C# client or via WinSCP for example) that is reachable for the host you want to patch (it can be local or shared datastore) > Bring the host into the maintenance mode > Connect with SSH (via Putty for example or through Firefox and FireSSH) to your ESXi host.

To enable SSH go and select your host > configuration > security profile > services > properties > SSH.

Then connect via SSH and run this command:

esxcli software vib install -d /vmfs/volumes/datastore1/patch-directory/

So in my case it was:

esxcli software vib install -d/vmfs/volumes/drobo/patches/

Reboot the host and leave the maintenance mode.

As a result, I have patched this host to the latest release…. See the before and after screenshot.

How to patch ESXi standalone via command line

You’re done. In case you have a vSphere cluster in place you can leverage VMware Update manager (VUM) which can orchestrate the patching across your cluster where it goes and puts the host in maintenance mode and evacuates VMs via vMotion automatically each time a host within cluster needs to be patched. So you just attach a baseline which include the latest patches > scans the cluster > remediate…. You will certainly not patch like I showed in this guide today. But today’s post is certainly useful for isolated, lab environments, or environments where VUM isn’t installed.

在VMware ESX中,补丁和更新只替换某些特定的文件,这些文件都是在原先版本的基础上被修改过的。而在ESXi中,每个补丁都完全替换管理程序镜像(hypervisor image)。在应用一个更新时,服务器就会载入一个新的防火墙镜像,而原来的镜像就会被作为备份保存起来。这些操作是在ESXi服务器运行的同时被执行的,而主机中的虚拟机则继续运行于老镜像之上,直到虚拟机重启之后才使用新镜像。 重启主机之后,新镜像会被载入。

验证 VIB 是否已安装成功:

# esxcli software vib list

# vim-cmd hostsvc/maintenance_mode_exit

•要安装或更新 .zip 文件,请使用 -d 选项。要安装或更新 .vib 文件,请使用 -v 选项。


•使用 install 命令会使用您正在安装的修补程序的内容覆盖系统中现有的软件包,包括安装新软件包和移除旧软件包。安装命令可能会降级系统中的软件包,应谨慎使用。如果需要,当设置了 --allow-downgrade 标记时,可使用安装命令降级系统(仅适用于图像配置文件)。

注意:安装方法可能会覆盖现有的驱动程序。如果使用第三方 ESXi 图像,VMware 建议使用更新方法避免出现无法引导状态。

