ThinkBox
PostsTagsCategories|
ThinkBox

Updating and Rolling Back ESXi

Aleks   included in Vsphere
  about 720 words  4 min 

Contents

Updating ESXi

For this example I will be updating ESXi build 8169922 to ESXi build 13981272 . You can check the current build of an ESXi box by running the following command:

1
2
3

[root@testesxi:~] vmware -v
VMware ESXi 6.7.0 build-8169922
[root@testesxi:~]

Updates come in the form of ZIP files, this ZIP file is usually downloaded from VMWare website .

After an update file is retrieved check that the hash of the file matches. This example is using the update for 13981272, so the information about this update can be found here .

1
2

[root@testesxi:/vmfs/volumes/5d55cc58-c3a568dd-8737-000c296293e4] sha1sum ESXi670-201906002.zip
47acd159abb65b43f08ce40d4eabeff821fb61d1  ESXi670-201906002.zip

Within an single update there are different profiles, each profile will update a different set of VIB (this is a vSphere installation bundle) files. For example, below there is a standard profile and a no-tools profile. The only difference is that the tools-light VIB will not be included, which contains the VMWare tools files ISOs.

Sometimes there is a profile that will only allow an administrator to install security updates.

1
2
3
4
5
6
7

[root@testesxi:/vmfs/volumes/5d55cc58-c3a568dd-8737-000c296293e4] esxcli software sources profile list -d /vmfs/volumes/5d55cc58-c3a568dd-8737-000c296293e4/E
SXi670-201906002.zip
Name                             Vendor        Acceptance Level  Creation Time        Modification Time
-------------------------------  ------------  ----------------  -------------------  -------------------
ESXi-6.7.0-20190604001-standard  VMware, Inc.  PartnerSupported  2019-06-20T14:52:12  2019-06-20T14:52:12
ESXi-6.7.0-20190604001-no-tools  VMware, Inc.  PartnerSupported  2019-06-20T14:52:12  2019-06-20T14:52:12
[root@testesxi:/vmfs/volumes/5d55cc58-c3a568dd-8737-000c296293e4]

The following command will perform a dry run of an update. It will show which VIBs will be updated and skipped.

In order to perform the real update omit the --dry-run parameter from the command, then after it is finished reboot the server.

1
2

esxcli software profile update -p ESXi-6.7.0-20190604001-standard -d /vmfs/volumes/5d55cc58-c3a568dd-8737-000c296293e4/ESXi67
0-201906002.zip --dry-run

Rolling Back an Update

It is possible to roll back to the previous version that was in place before the update.

There is a directory named /bootbank which keeps the core files used by ESXi to setup the system, when an update occurs it is the files here that are updated. Before an update begins all the contents in /bootbank are copied to /altbootbank. This allows for the possibility to roll back to the previous version by copying the contents of /altbootbank back into /bootbank.

In order to do this follow these instrctions:

  1. Boot up ESXi.

  2. Press SHIFT+R during boot menu in order to enter recovery menu.

  3. The recovery menu looks as follows, press Y to perform the roll back.

After performing these steps ESXi will boot into the version that was present before the update.

Deeper Look at Update Procedure

Inside Update File

The update file is a ZIP that contains a set of files that are used during the update, the following is a description of a few of them.

  • index.xml: Information about the vendor and patch.

  • vendor-index.xml: Information about where metadata can be found, which points to the metadata.zip file.

  • metadata.zip: Contains metadata information, including profiles present in update and metadata about each VIB.

Furthermore, the vib20 folder contains all the VIB files that the update includes. This snippet below only shows 1 VIB files because there where so many.

1
2
3
4
5
6
7
8

[user@laptop update]$ unzip -l ESXi670-201906002.zip 
Archive:  ESXi670-201906002.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
      324  2019-06-20 07:52   index.xml
      207  2019-06-20 07:52   vendor-index.xml
   197629  2019-06-20 07:52   metadata.zip
  3888630  2019-05-09 20:37   vib20/esx-ui/VMware_bootbank_esx-ui_1.33.3-13454473.vib

Inside VIB File

VIB, or vSphere Installation Bundle, is a file similar to a ZIP archive that is used to distribute software packages for ESXi.

A few other VIB files may contain some other files, however, most will look like the UI VIB. This is the VIB that is responsible for the HTML5 web interface.

There are three files here. The descriptor.xml contains information about the VIB and the files it extracts into the system. The sig.pkcs7 contains a signature for the VIB file.

The most interesting file is esx-ui, this is a TAR archive compressed with GZIP. Inside this archive there are files for the web interface functionality. The thing to understand here is that the file esx-ui in the VIB is the same file that is placed into the /bootbank/esx_ui.v00 on the ESXi system. When ESXi boots it extracts the contents of the file.

1
2
3
4
5

[user@laptop esx-ui]$ ar tv VMware_bootbank_esx-ui_1.33.3-13454473.vib 
rwxrwxrwx 201/201  65009 Apr 23 11:45 2019 descriptor.xml
rw-r--r-- 201/201   5500 Apr 23 11:46 2019 sig.pkcs7
--------- 0/0 3817931 Dec 31 19:00 1969 esx-ui
The article was updated on 2019-08-16
 ESXi
Back | Home