Working with standalone ESXi 5 hosts presents unique patch management challenges, especially when dealing with vendor-specific builds like HP's customized ESXi images. The core question revolves around whether patches are truly cumulative and what the safest update path looks like.
VMware's patch system operates on a VIB (vSphere Installation Bundle) level. Each patch contains updated VIBs for specific components. While individual VIB updates within a patch are cumulative for their respective components, the entire patch bundle isn't necessarily cumulative across all previously released patches.
# Example of checking installed VIBs on ESXi
esxcli software vib list | grep esxi-base
esxcli software vib list | grep hp
For HP ProLiant servers running build #474610, here's the recommended approach:
- First verify your current build version:
vmware -v
- Download the HP-specific ESXi 5.0 Update 2 bundle (build #914586) rather than individual patches
- Apply using the following command:
esxcli software profile update \
-d /vmfs/volumes/datastore1/HP-ESXi-5.0.0-201204001.zip \
-p HP-ESXi-5.0.0-201204001-standard
In cases where full image updates aren't feasible (due to bandwidth constraints or change control requirements), you can apply critical patches individually. For example, to patch just the esxi-base VIB:
esxcli software vib install -v /path/to/ESXi500-201301001/metadata.zip \
--no-sig-check --maintenance-mode
After patching, verify all required VIB versions:
esxcli software vib get -n esxi-base
esxcli software vib get -n hp-ams
esxcli software vib get -n hp-smx-provider
Cross-reference these with VMware's KB articles for the specific build you're targeting. HP maintains a separate patch repository for their customized components.
For environments with multiple standalone hosts, consider this PowerShell snippet to automate patch verification:
$hosts = Get-VMHost | Where {$_.Version -like "5.0*"}
foreach ($vmhost in $hosts) {
$session = New-SSHSession -ComputerName $vmhost.Name
$output = Invoke-SSHCommand -SSHSession $session
-Command "esxcli software vib list | grep -E 'esxi-base|hp'"
[PSCustomObject]@{
Host = $vmhost.Name
ESXiBase = ($output.Output -match "esxi-base").Split(" ")[1]
HPAMS = ($output.Output -match "hp-ams").Split(" ")[1]
}
}
HP's ESXi builds include additional drivers and CIM providers. When patching:
- Always check HP's SPP (Service Pack for ProLiant) release notes
- Monitor for firmware dependencies - some VIB updates require specific iLO or BIOS versions
- HP components may follow a different update cadence than VMware's base ESXi patches
VMware ESXi 5 patches follow a semi-cumulative model, which often causes confusion. This means:
- When a patch updates specific VIBs (vSphere Installation Bundles), it includes all previous fixes for those components
- Patches don't automatically include updates for unrelated VIBs that weren't modified in that release
For HP-specific ESXi builds (like your #474610 starting point), follow this approach:
# First check current ESXi version
esxcli system version get
# Sample output:
# Product: VMware ESXi
# Version: 5.0.0
# Build: Releasebuild-474610
# Update: 0
Key considerations when patching:
- Vendor customizations: HP bundles include hardware-specific drivers (hpacucli, hp-smx-provider)
- Build dependencies: Some updates require intermediate patches for dependency resolution
For your scenario (474610 → 702118):
- Download the HP Customized ESXi 5.0 Update 2 bundle (build 702118)
- Verify checksum before installation
# Example patch installation command
esxcli software vib install -d /vmfs/volumes/datastore1/update-from-esxi5.0-5.0_update02.zip
# Verify installation
esxcli software vib list | grep esxi-base
For limited bandwidth situations:
- Use the offline bundle download option (smaller than ISO)
- Consider using the
--dry-runflag first to validate requirements
# Dry-run example
esxcli software vib install -d /path/to/update.zip --dry-run
After updating to build 702118:
# Check all security bulletins are addressed
esxcli software vib get -n esx-base
# Compare against VMware's KB:
# https://kb.vmware.com/s/article/2143832
Remember that HP maintains its own patch repository for customized builds. Always cross-reference:
- VMware's Patch Portal
- HP's ESXi Download Page