Install and Configure Update Manager PowerShell Library

The Update Manager PowerShell library adds a set of cmdlets to PowerCLI which allow you to interact with Update Manager. There are cmdlets that allow you to download patches, create baselines and scan and re-mediate hosts.

Installing Update Manager PowerCLI

The installation process is straight forward, however there are a few pre-requisites. These are:

  • .NET 2.0 SP1
  • Windows PowerShell 2.0 or later
  • PowerCLI 4.1 or later

I’ve previously written a post about installing PowerCLI. First of all you will need to download the installation package from here. As usual, double click the downloaded executable to begin the installation:

Click Next at the Welcome screen:

On the next screen, accept the license agreement, then click Next. On the summary screen, click Install:

Once the installation is complete, you can run PowerCLI as normal, but you will now have the VUM automation modules available:

 

Using Update Manager PowerCLI

Once you have all the pre-requisites installed, opened PowerCLI, and have established a connection to vCenter, you can use the new cmdlets to interact with update manager.

For example, to list the baselines you have configured, run:

PowerCLI C:\> get-baseline | select name

Name
----
VA Upgrade to Latest (Predefined)
VMware Tools Upgrade to Match Host (Predefined)
VM Hardware Upgrade to Match Host (Predefined)
Critical Host Patches (Predefined)
Non-Critical Host Patches (Predefined)
TestBaseline

The output above shows the predefined patch baselines, which are created when you install VUM, and one additional baseline called ‘testbaseline’. To list the patches that are part of a baseline, you can run:

PowerCLI C:\> get-baseline testbaseline | get-patch

Name                 Product         Release Date    Severity   Vendor Id
----                 -------         ------------    --------   ---------
Updates esx-base     {embeddedEsx... 24/10/2012 0... Important  ESXi510-2012...
Updates esx-base     {embeddedEsx... 20/12/2012 0... Moderate   ESXi510-2012...
Updates tools-light  {embeddedEsx... 20/12/2012 0... Moderate   ESXi510-2012...
Updates esx-base     {embeddedEsx... 20/12/2012 0... Important  ESXi510-2012...
Updates tools-light  {embeddedEsx... 20/12/2012 0... Important  ESXi510-2012...
Updates esx-base     {embeddedEsx... 07/03/2013 0... Important  ESXi510-2013...
Updates ESXi 5.1 ... {embeddedEsx... 25/04/2013 0... Important  ESXi510-2013...
Updates ESXi 5.1 ... {embeddedEsx... 25/04/2013 0... Important  ESXi510-2013...

You can create a new baseline with the following:

PowerCLI C:\> $patch = get-patch -Product "embedd*" -After "1 Jan 2014"

This will populate the $patch variable with all patches for ’embedded’ESX, otherwise known as ESXi. We can then use the $patch variable as the list of patches to be included in a new baseline:

PowerCLI C:\> New-PatchBaseline -Static -Name "NewBaseline" -IncludePatch $patch

WARNING: column "NumberOfPatches" does not fit into the display and was removed
.

Name                 Description          Id    Type  Targe LastUpdateTime
                                                      tType
----                 -----------          --    ----  ----- --------------
NewBaseline                               7     Patch Host  28/03/2014 14:43:39

We can now attach that new baseline to a host:

PowerCLI C:\> $newbaseline = Get-Baseline *newbaseline*
PowerCLI C:\> Attach-Baseline -Baseline $newbaseline -Entity esxi4.vmlab.loc

To scan the host after attaching the baseline, run:

PowerCLI C:\> Scan-Inventory -Entity esxi4.vmlab.loc

After scanning, you can check the compliance of the host:

PowerCLI C:\> get-compliance -Entity esxi4.vmlab.loc

Entity                         Baseline                            Status
------                         --------                            ------
esxi4.vmlab.loc                NewBaseline                         NotCompliant

We can see that the host isn’t compliant, so will require remediation. To list the patches that the host is missing run:

PowerCLI C:\> $compliance = get-compliance -Entity esxi4.vmlab.loc -detailed
PowerCLI C:\> $compliance.NotCompliantPatches

Name                 Product         Release Date    Severity   Vendor Id
----                 -------         ------------    --------   ---------
Updates ESXi 5.1 ... {embeddedEsx... 16/01/2014 0... Critical   ESXi510-2014...
Updates ESXi 5.1 ... {embeddedEsx... 16/01/2014 0... Important  ESXi510-2014...
Updates ESXi 5.1 ... {embeddedEsx... 16/01/2014 0... Moderate   ESXi510-2014...
Updates ESXi 5.1 ... {embeddedEsx... 16/01/2014 0... Critical   ESXi510-2014...
Updates ESXi 5.1 ... {embeddedEsx... 16/01/2014 0... Critical   ESXi510-2014...
Updates ESXi 5.1 ... {embeddedEsx... 16/01/2014 0... Important  ESXi510-2014...

To remediate the host, first create a variable which will include the baselines attached to the host:

PowerCLI C:\> $base = get-baseline -entity esxi4.vmlab.loc

Then start the remediation with:

PowerCLI C:\> Remediate-Inventory -Entity esxi4.vmlab.loc -Baseline $base -HostF
ailureAction Retry -HostNumberOfRetries 2 -HostDisableMediaDevices $true

Perform the operation?
Performing operation 'Remediate Inventory' on Inventory Items:
'esxi4.vmlab.loc' for Baselines: 'NewBaseline' and ExcludedPatches: ''
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is "Y"):y

The host update process will begin, with PowerCLI displaying a progress bar by default. Switching back to the vSphere client, we can see the update tasks being run:

Useful Links and Resources

https://pubs.vmware.com/vsphere-55/index.jsp#com.vmware.powercli.vum_inst.doc/vumps_admg_chapter.3.3.html?path=2_2_2_0_1_1#975949

Related posts

VMware vSphere Virtual Machine Snapshots Explained

How to Enable SSH on All ESXi Hosts using PowerCLI

How to Install VMware Tools on Debian 11

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More