Since the release of the vCenter Update Manager PowerCLI cmdlets back in march last year. I was hoping to find some time to play with it. Now this weekend I had some spare time to finally play with these new cmdlets. So I downloaded the setup file from http://communities.vmware.com and installed it on my PC. Then I started to Google and searched for existing scripts. I a couple of good posts. One by @alanrenouf with a short introduction video and a post about staging the patches via the vCenter Update Manager PowerCLI cmdlets by Damian Karlson. But there are no copy-past-run scripts available to update a vSphere host. So I fired up PowerGUI script editor and started working on a function called Update-VMHost. This function performs the following steps during the update process of a vSphere host:
- Look for a baseline and attach it if necessary.
- Perform a scan of the host.
- Check for compliancy.
- If not compliant enter Maintenance mode.
- Show missing patches
- When the host is in Maintenance mode, start the remediation process.
- After the reboot of the host, exit Maintenance mode.
That’s pretty much it. If you want to use this function, you can copy it from the end of this post and paste it inside the PowerCLI screen.
After that, you can start the function by running the following one-liner with the following parameters:
Update-VMHost -vmHost "vesx1.ict-freak.local" -Baseline "VMHost Patches"
The output will look like this:
To demo the function, I created a short video running the function against a Virtual vSphere host called vesx1.ict-freak.local. The beauty of Virtual vSphere host is the power of Snapshots. So I can revert back to a basic install en run the function over and over again. So here you go:
The use this function to update all the hosts inside a cluster, you can use the following foreach loop:
Foreach($vmHost in (Get-Cluster -Name <Cluster> | Get-VMHost | Sort Name)){ Update-VMHost -vmHost $vmHost -Baseline "VMHost Patches" }
The function I talked about:
Function Update-VMHost{ <# .SYNOPSIS Update a VMHost via the Update Manager PowerCLI cmdlets .DESCRIPTION The function will update the specified VMHost with the updates from the specified baseline. .PARAMETER VMHost Search for the VMHost whose name matches the one specified on this parameter. .PARAMETER Baseline Search for the baseline whose name matches the one specified on this parameter. .NOTES Source: www.ict-freak.nl Authors: Arne Fokkema .EXAMPLE PS> Update-VMHost -vmHost vesx1.ict-freak.local -Baseline "VMHost Patches" #> param( [parameter(Mandatory = $true)] [string[]]$VMHost, [parameter(Mandatory = $true)] [string[]]$Baseline ) $esx = Get-VMHost $VMHost -ErrorAction SilentlyContinue if($esx -eq $null){ Write-Host "Please enter a valid VMHost name" return } $VUMBaseline = Get-Baseline | Where {$_.Name -eq $Baseline} -ErrorAction SilentlyContinue if($VUMBaseline -eq $null){ Write-Host "Please enter a valid Baseline" return } else{ if (($esx | Get-Baseline) -eq $null){Attach-Baseline -Entity $esx -Baseline $VUMBaseline} Scan-Inventory -Entity $esx $compliancy = Get-Compliance -Entity $esx -baseline $VUMBaseline -Detailed $missingUpdates = $compliancy.NotCompliantPatches | select Name, IdByVendor, Severity, ReleaseDate if($compliancy.Status -eq "NotCompliant"){ if($esx.ConnectionState -ne "Maintenance"){ $esx | Set-VMHost -State Maintenance -Confirm:$false | Out-Null $maintenancemode = $true } if($maintenancemode -eq $true){ Write-Host "Installing missing updates on $($esx.name)" -ForegroundColor Yellow $missingUpdates | ft -AutoSize $task = Remediate-Inventory -Entity $esx -Baseline $VUMBaseline -Confirm:$false Set-VMHost -VMHost $esx -State Connected -Confirm:$false | Out-Null } } } }
ICT-Freak.nl 
Hey thanks for creating this function very nice.. I do have a question if you are doing a cluster will it migrate all the guests off the host server then patch it. I figure it will but had to ask just in case. I do not always have a test cluster to run it on so I did not want to do it have a 150 guest just drop off line..
Thanks again..
Rich G