NAME esxupdate - VMware patch management utility SYNOPSIS esxupdate [--loglevel=level] [--http_proxy=proxy-url] [command-options...] {query|info|update|stage|scan|check} DESCRIPTION esxupdate is a utility for updating VMware systems. It uses VMware's meta-data and packaging formats to provide information on updates and patches, install updated packages to a host system, and provide information on which updates and patches have been installed. The following concepts are useful in understanding how esxupdate manages patches and updates. vSphere Installation Bundle (VIB) A VIB is an encapsulation of a lower-level package format, such as RPM or Debian. A VIB abstracts the lower-level package format into a common format across VMware platforms. It also contains additional data describing VMware-specific attributes, such as locale, which VMware platforms and versions it can be installed on, and whether it requires the VMware management agent to be restarted or the host to be rebooted. Bulletin A Bulletin is a grouping one or more VIBs, along with additional information. The additional information may include a description of the patch or update, a summary of any problems it addresses, a reference to a knowledge base article, a release date, severity and category data, and vendor and contact information for the publisher. Meta-data Meta-data is a URL or file with data defining VIBs and their locations, and correlating VIBs to one or more Bulletins. The data also includes lower-level package manager data used to verify and resolve dependency, conflict and versioning information of VIBs. Offline Bundle ZIP A format encapsulating a set of meta-data and VIBs in a single file, which can be used to install patches and updates without a VUM host or a mirror of VMware's patch repository. Package Manager The underlying package manager used on the host: rpm or ipkg. Esxupdate Database A local database maintained by esxupdate which tracks VIB and Bulletin installation data. OPTIONS GLOBAL OPTIONS --loglevel=level Sets the log level for messages written to the esxupdate log. level may be either an integer between 1 and 50, or one of DEBUG, INFO, WARNING, ERROR or CRITICAL (corresponding to 10, 20, 30, 40 and 50, respectively). Any messages with a log level higher than level will be logged. For example, if level is INFO, then messages designated as WARNING, ERROR or CRITICAL will also be logged. --http_proxy=proxy-url Enables use of a proxy for retrieving FTP and HTTP data. proxy-url should be specified as [scheme://]host:port. The default is to use the http_proxy and ftp_proxy environment variables, or to use no proxy if they are not set. --timeout=timeout Specifies the timeout for network connections to HTTP, HTTPS and FTP servers, including access via proxy. The default value is defined in the [defaults] section of esxupdate.conf. --retry=retry Specifies the number of times to retry a connection to an HTTP, HTTPS or FTP server. The default value is defined in the [defaults] section of esxupdate.conf. COMMAND OPTIONS -m meta-url|--meta=meta-url Specifies the full URL or path of meta-data (usually named metadata.zip). This option may be specified multiple times for commands that support it. -b bulletin-id Specifies a Bulletin ID. This option may be used multiple times for commands that support it. --bundle=bundle-url Specifies the location of an offline bundle ZIP. This option may be specified more than once for commands that support it, but may not be combined with -m|--meta-url. --nocache Causes esxupdate to ignore any data in its cache, and re-download VIBs and meta-data from the specified URL. -a|--all Instructs esxupdate to display all bulletins. The default is to display only those which are applicable to the host. COMMANDS One of the following commands must be specified to esxupdate: QUERY esxupdate query The query command displays a list of installed bulletin IDs, the time and date that they were installed, and each bulletin's summary text. INFO esxupdate info [-m meta-url|--meta=meta-url] [-b bulletin-id] [--bundle=bundle-url] The info command displays information on one or more bulletins. If no -m|--meta or --bundle argument is specified, the command prints information from the esxupdate database. -m|--meta and --bundle cause information to be displayed from either meta-data or an offline bundle ZIP, respectively. One or more -b arguments restricts the information displayed to the specified bulletin IDs. The command displays the ID, release date, vendor, summary, severity, category, installation date, description, knowledge base URL, contact, and list of constituent VIBs for each bulletin. UPDATE esxupdate update [-m meta-url|--meta=meta-url] [-b bulletin-id] [--bundle=bundle-url] [--nocache] The update command installs selected bulletins and VIBs on the host. The command requires at least one of the -m|--meta option or the --bundle option. If specified with -m|--meta or --bundle, the command installs all bulletins within the meta-data or offline bundle ZIP that are applicable to the host. (A bulletin is applicable if it contains one or more applicable VIBs; a VIB is applicable if it matches the host's platform, version and locale.) The update command automatically downloads VIBs from a remote location if necessary, unless they have been previously downloaded using the stage command. Installing a bulletin results in the VIBs contained in the bulletin being installed, unless they are obsoleted or already installed. If all of the VIBs in a bulletin are already installed or obsoleted by other VIBs installed on the host, the bulletin is marked as installed in the esxupdate database without any additional installation of VIBs. The -b option may be combined with -m|--meta or --bundle to restrict installation to specific bulletins. The update command will attempt to resolve any missing dependencies, and prompt for their installation. REMOVE esxupdate remove [-b bulletin-id] The remove command removes a selected bulletin from the host, by removing the VIBs contained in it. It is designed for removing extensions which were added after the initial install, but not for removing ESX patch and update bulletins. The remove command does not roll back patches, rather it completely removes VIB packages from the system. A bulletin can not be removed if any of the VIBs in the bulletin are obsoleted by another bulletin installed on the host. A bulletin can also not be removed if the removal would break any dependencies for other VIBs or packages installed on the host. STAGE esxupdate stage [-m meta-url|--meta=meta-url] [--bundle=bundle-url] [-b bulletin-id] [--nocache] The stage command downloads and prepares selected VIBs and bulletins for installation. It performs all of the functions of update, except that it does not call the underlying package manager (RPM or ipkg) to install VIBs on the host system. The stage command can be used to download VIBs and meta-data or offline bundle ZIPs, and to check for dependency, conflict or obsoletion before attempting to run the update command. SCAN esxupdate scan [-m meta-url|--meta=meta-url] [--bundle=bundle-url] [-a|--all] The scan command reads meta-data or an offline bundle ZIP and displays information on the bulletins they contain. The command produces a list of bulletin IDs, their release dates, and their summaries. The scan command can be used to determine what bulletins are available in a given meta-data or offline bundle ZIP, as well as which bulletins the host does not comply with. EXIT VALUES In addition to error messages and logging, esxupdate uses various exit values to denote different error conditions: 0 Success. No error. 2 The command-line syntax was not valid. 3 esxupdate could not get an exclusive lock on its lock file. Another instance of esxupdate is running. 4 esxupdate failed to download meta-data. 5 The meta-data format could not be un-archived or could not be parsed. The meta-data format is invalid. 7 One or more VIBs could not be downloaded or copied. 8 The VIB could not be un-archived, or the VIB XML data could not be parsed. The format of the VIB is invalid. 9 An error occurred reading or writing VIB data. 10 A general error occurred reading or writing to or from a file. 11 The esxupdate database could not be parsed. The database format is invalid. 12 An error occurred reading or writing to the esxupdate database. 13 The requested bulletin (specified with -b) could not be found in the meta-data, or no bulletin exists in the meta-data that matches this platform, version, and locale. 14 An error occurred checking dependencies. One or more VIBs can not be installed due to a conflict, obsoletion, or because it requires another VIB that could not be located in meta-data or on the host. 15 The underlying package manager returned an error. 16 esxupdate was unable to parse its configuration file. 18 One or more VIBs require the host to be in maintenance mode, but the host is not currently in maintenance mode. 19 One or more post-installation scripts (specified in esxupdate.conf) failed to complete successfully. 20 A VIB did not contain signed hash data. 21 A VIB contained signed hash data with an unrecognized or unsupported version. 22 A VIB contained invalid signed hash data. 23 The VIB's hash data was signed with an expired or untrusted key. 24 The VIB's signed hash does not match the hash calculated from VIB data. 25 Additional dependencies are available in the meta-data, and must be specified in order to resolve requirements. 26 The offline bundle could not be downloaded. 27 The offline bundle could not be un-archived, or contained invalid data. 80 One or more updated VIBs require the host to be rebooted (not an indication of failure). 81 One or more updated VIBs require the mgmt-vmware service (hostd) to be restarted (using the command "service mgmt-vmware restart"). This exit value does not indicate an error.