Updating your ESXi host using VMware vSphere 5 Auto deploy

In my previous post on VMware vSphere5 Auto deploy I explained how to setup an auto deploy environment. This is great for initial setup and to deploy your hosts, but what when an update is released by VMware? The easiest thing is to just delete the deploy rules and recreate them which is ok for a small environment but not in a large environment. In this post I will show you how to adjust your existing rules.

My series on VMware vSphere 5 Auto Deploy:

vSphere 5 – How to run ESXi stateless with vSphere Auto Deploy
vSphere 5 Auto Deploy PXE booting through Cisco ASA firewall
Updating your ESXi host using VMware vSphere 5 Auto deploy
My first Auto Deploy design for real production environment

Finding the new builds

There are two ways of getting the new builds for your ESXi image. The well known way is to go to the VMware download pages, logon, access your download for vSphere and download the zip image. However, there is an easier way. Logon to your vCenter where you have your Software Depot. Open the VMware PowerShell command line, connect to vCenter and add the VMware HostUpdate URL to the EsxSoftwareDepot. Then retrieve a list of the available images:

Connect-viserver –server w2k8-vc5.vanzanten.local
Add-EsxSoftwareDepot -DepotUrl https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

The result should look like this:

Name                           Vendor          Last Modified   Acceptance Level
----                           ------          -------------   ----------------
ESXi-5.0.0-20110904001-notools VMware, Inc.    8/26/2011 1:... PartnerSupported
ESXi-5.0.0-469512-no-tools     VMware, Inc.    8/19/2011 1:... PartnerSupported
ESXi-5.0.0-20110904001-stan... VMware, Inc.    8/26/2011 1:... PartnerSupported
ESXi-5.0.0-469512-standard     VMware, Inc.    8/19/2011 1:... PartnerSupported

To see if these are really newer than the existing images list the current deployrules and the images that are being deployed.

Name        : CL01-GA
PatternList : {ipv4=}
ItemList    : {ESXi-5.0.0-469512-standard, CL01, HostProfile001}

This will list all deploy rules created, not necisserally active rules. Looking at the result I see that the “ESXi-5.0.0-20110904001-standard” image is newer and I would like to deploy this to my hosts. To see what has changed between the existing image and the new image I want to deploy, I do a comparison:

Compare-EsxImageProfile ESXi-5.0.0-469512-standard ESXi-5.0.0-20110904001-standard

This shows that the modules VMware_locker_tools-light_5.0.0-0.3.474610 and VMware_bootbank_esx-base_5.0.0-0.3.474610 have changed between these two builds.

Adding the new build

I’ve determined that “ESXi-5.0.0-20110904001-standard” is the new build and I want to update my existing rule named “CL01-Beta”. This can be done through the following command:

Copy-DeployRule -DeployRule CL01-Beta -ReplaceItem "ESXi-5.0.0-20110904001-standard"

After running this command, you should see the start of the image download:

Downloading esx-base 5.0.0-0.3.474610
Download finished, uploading to AutoDeploy...
Upload finished.
Downloading tools-light 5.0.0-0.3.474610
Download finished, uploading to AutoDeploy...
Upload finished.

Even though the above looked good, I did get an error immediately after:

WARNING: The supplied Image Profile does not contain the "vmware-fdm" software package, which is required for the vSphere HA feature.  If this Image Profile is to be used with hosts in a vSphere HA cluster, you should add the vmware-fdm package to the image profile.  The vmware-fdm package can be retrieved from the software depot published by this vCenter Server at the following URL:
You can use the Add-ESXSoftwarePackage cmdlet to add the package to the image profile and then update any hosts or rules that were using the older version of the profile.

Panic !!! Well, luckily the VMware documentation offered a solution to this, although I still don’t know why this happens, but this is the way to solve it:

Add-EsxSoftwarePackage -ImageProfile "ESXi-5.0.0-20110904001-standard" -SoftwarePackage "vmware-fdm"

The module is added to the image profile now. Check what the deploy ruleset looks like now. First the deployrules available and next the active deployrules:


Should your rules still contain the old image, probably because you ran into the same error as I did, you might want to run the copy-command again:

Copy-DeployRule -DeployRule CL01-Beta -ReplaceItem "ESXi-5.0.0-20110904001-standard"

One last check that needs to be performed is to see if your hosts are still compliant. On initial boot the Auto Deploy server parses the host attributes against the rules engine to determine the Image Profile, Host Profile, and vCenter Cluster/Folder and saves this info. On subsequent reboots, it uses this saved info. When copying the rule and updating the Image Profile, the hosts of that rule are no longer compliant (compliance here is dealing with Auto Deploy and not the Host Profile compliance shown in vCenter) because the image listed in the rule no longer matches the image the Auto Deploy server has saved for the host. To fix this you need to run a Test/Repair for all hosts.

To check for compliance:

Get-VMHost * | Test-DeployRuleSetCompliance 

VMHost               ItemList
------               --------
autoesx02.vanzant... {}
autoesx03.vanzant... {}
autoesx01.vanzant... {Non-compliant: ESXi-5.0.0-441354-standard != E...

The results above show that host autoesx01 is not compliant. To fix this:

Get-VMHost * | Test-DeployRuleSetCompliance | Repair-DeployRuleSetCompliance

And of course check the result again by running the check again. If things look OK now, it is time to reboot the ESXi host to test the new image.

My series on VMware vSphere 5 Auto Deploy:
vSphere 5 – How to run ESXi stateless with vSphere Auto Deploy
vSphere 5 Auto Deploy PXE booting through Cisco ASA firewall
Updating your ESXi host using VMware vSphere 5 Auto deploy

3 thoughts on “Updating your ESXi host using VMware vSphere 5 Auto deploy

  1. Hi Gabrie

    event quite old, excellent post!
    what about update manager? does it still make sense?
    I mean: I have standard installation (hard disk based) and I use update manager to install patches on my hosts; now I would like to switch to autodeploy (pxe,tftp etc…) but after reading your article I’m asking to myself if I could dismiss update manager.
    Coud you please give me a clarification?


  2. You can do without auto deploy if you would only use auto deploy for ESXi updates. There are still some updates that you can apply on a running host (without rebooting), some security patches for example.

    Often Update Manager is also used for automated VM hardware level and VMware Tools updates. In our datacenter we don’t use it for data and therefore have no more need for update manager.

Comments are closed.