What if you can’t upgrade ESXi via VMware Upgrade Manager or Lifecycle Manager and you can’t access the OOB? What do you do? What options do you have? Well, you are in luck you can upgrade ESXi from the ESXCLI. Here is how to do it!
You have options:
- Online Upgrade: Good for hosts that have access to the Internet
- If you have a Vanilla version of ESXi. meaning its just plain old VMware ESX
- Offline Upgrade: Good for hosts that don’t have access to the Internet
- If you are using customized images, like DELL, HP, LENOVO, CISCO, ETC
- You can use this for a Vanilla version of ESXi
Read the WHOLE post before you start, so you can pick the right option for you.
Option 1: Online Upgrades
Step 1: Maintenance Mode
Before you start any upgrade put your host in maintenance mode. Right-click the host you want to place in maintenance mode, go to Maintenance Mode, then Enter Maintenance Mode.
Step 2: Get a Profile
You will need SSH and ESXi Shell enabled on the host, if you don’t have those enabled, go to the host, then Configure, Services under System, select SSH and click start, repeat for ESXi Shell
SSH into your ESXi host and run:
esxcli software profile get
For example, I am using: (Updated) ESXi-7.0U3c-19193900-standard
Step 3: Allow HTTP (If blocked)
While SSH’ed into your host, enable the firewall to allow HTTP traffic, we are just going to assume it’s blocked and run the below command, you only need to do this once and only for Online Upgrades
esxcli network firewall ruleset set -e true -r httpClientStep 4: List Profiles
esxcli software sources profile list --depot=https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xmlThis will list every profile VMware has in the depot, to get the profile you want, you can grep the command, like this:
esxcli software sources profile list --depot=https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep -i ESXi-7.0
Step 5: Install Chosen Profile
esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-7.0U3l-21424296-standardStep 6: Disable HTTP Rule
esxcli network firewall ruleset set -e false -r httpClientStep 7: Reboot
Wait a few minutes for the update to finish and once it has been completed, scroll up to just after you started the upgrade, and check to see if the upgrade was successful.
If successful, reboot the host for the upgrade to take effect, this can be done via the CLI with the below command or from vCenter
rebootOption 2: Offline Upgrades
Step 1: Maintenance Mode
Before you start any upgrade put your host in maintenance mode. Right-click the host you want to place in maintenance mode, go to Maintenance Mode, then Enter Maintenance Mode.
Step 2: List Profiles
Get your custom image from the VMware website or from the vendor, then upload it to a datastore, any datastore the host has access to, then run the below command to confirm you uploaded it.
ls /vmfs/volumes/<datastore>/Show the profile list/name by running
esxcli software sources profile list --depot=/vmfs/volumes/<Datastore>/VMware-ESXi-7.0U3l-21424296-depot.zip
Replace <Datastore> with your datastore, you can even put it in a folder if you want.
Step 3: Install Chosen Profile
esxcli software profile update --depot=/vmfs/volumes/<Datastore>/VMware-ESXi-7.0U3l-21424296-depot.zip --profile=ESXi-7.0U3sl-21422485-standardStep 4: Reboot
Wait a few minutes for the update to finish and once it has been completed, scroll up to just after you started the upgrade, and check to see if the upgrade was successful.
If successful, reboot the host for the upgrade to take effect, this can be done via the CLI with the below command or from vCenter
rebootWhen it comes to installing the upgrade with “esxcli software profile” you have a few switches you can use, some are required and others are optional.
99% of the time you would use update, one of these is required–
- install : Installs or applies an image profile from a depot to this host. This command completely replaces the installed image with the image defined by the new image profile, and may result in the loss of installed VIBs. The common vibs between host and image profile will be skipped. To preserve installed VIBs, use profile update instead. WARNING: If your installation requires a reboot, you need to disable HA first.
- update : Updates the host with VIBs from an image profile in a depot. Installed VIBs may be upgraded (or downgraded if –allow-downgrades is specified), but they will not be removed. Any VIBs in the image profile which are not related to any installed VIBs will be added to the host. WARNING: If your installation requires a reboot, you need to disable HA first.
These are used 100% of the time-
- -d or –depot=[ <str> … ] : Specifies full remote URLs of the depot index.xml or server file path pointing to an offline bundle .zip file. (required)
- -p or –profile=<str> : Specifies the name of the image profile to update the host with. (required)
Here are a few more switches that are less commonly used-
- –allow-downgrades : If this option is specified, then the VIBs from the image profile which update, downgrade, or are new to the host will be installed. If the option is not specified, then the VIBs which update or are new to the host will be installed.
- –dry-run : Performs a dry-run only. Report the VIB-level operations that would be performed, but do not change anything in the system.
- -f or –force : Bypasses checks for package dependencies, conflicts, obsolescence, and acceptance levels. Really not recommended unless you know what you are doing. Use of this option will result in a warning being displayed in vSphere Web Client. Use this option only when instructed to do so by VMware Technical Support.
- –maintenance-mode : Pretends that maintenance mode is in effect. Otherwise, installation will stop for live installs that require maintenance mode. This flag has no effect for reboot required remediations.
- –no-hardware-warning : Allows the transaction to proceed when hardware precheck returns a warning. A hardware error will continue to be shown with this option. Use of this option may result in device not functioning normally.
- –no-live-install : Forces an install to /altbootbank even if the VIBs are eligible for live installation or removal. Will cause installation to be skipped on PXE-booted hosts.
- –no-sig-check : Bypasses acceptance level verification, including signing. Use of this option poses a large security risk and will result in a SECURITY ALERT warning being displayed in vSphere Web Client.
- –proxy=<str> : Specifies a proxy server to use for HTTP, FTP, and HTTPS connections. The format is proxy-url:port.
Is this something you are interested in? Did I miss something?
Feel free to leave a comment and let me know what you think!
