Using HTTP as a Transport Protocol for Patching vSphere Hosts
When it comes to patching vSphere hosts, I prefer to use HTTP as the transport protocol. It’s easy to use and is immediately available over most networks. To make vMA work as an HTTP server, we need to start the Apache HTTP daemon. In this blog post, we will explore how to set up a local repository for patches using vMA and Apache HTTP.
Creating a Local Repository for Patches
To create a local repository for patches, we first need to log on to vMA with our favorite SSH client and run the following command to start the Apache HTTP daemon:
Ignore any error messages that may display, as they are not an issue for our purposes. By default, the files served by Apache are located in /var/www/html, so we’ll head over there to create a new directory. We’ve now created the repo directory inside the Apache docroot.
Downloading Patches
To download patches into the new repository directory, we can use the wget command. For example, to download the update-from-esxi4.1-4.1_update01 patch bundle from vmware.com, we can run the following command:
This downloads the patch bundle to the current directory. To make sure the downloaded patch bundle is available via the web server, open /repo/ in your web browser. You should see the directory contents listed. Your browser should display something similar to this:
Before patching a host, it’s important to power off or migrate any virtual machines that are running on the host and place the host into maintenance mode. While the update runs, you can also follow its progress in the vSphere Client.
When the patch has completed, and the host has been rebooted, you can run the scan command again to make sure all of the patches are installed and no longer required.
Using a Local Repository for Patches
While downloading patches this way for each vMA instance you have (especially if you have several remote sites) is not very effective, there are other options available. One such option is to place a central repository at a central site and use that as your central update repository. In that scenario, you might as well just use the VMware vCenter Update Manager and not have to manage your updates via vMA at all.
However, in some cases, you would want to have the remote hosts install their updates from a local repository. One such case might be if you have remote locations with low bandwidth/high latency links that you don’t want to stress with the update downloads. In that case, we can use vMA to host our local repository and distribute patches to the remote sites.
Restarting vMA
When restarting vMA, the http service will be stopped again. If you want it to autostart each time vMA boots, issue the following command:
This brings up a screen where you can choose which daemons should start at boot time inside of vMA. Find httpd, select it, and hit the OK button. The next time vMA boots, the Apache web server will start with it.
Conclusion
In this blog post, we have explored how to set up a local repository for patches using vMA and Apache HTTP. We have also discussed some of the benefits and limitations of using a local repository for patches. While downloading patches this way for each vMA instance you have is not very effective, it can be useful in certain scenarios, such as remote sites with low bandwidth/high latency links. By autostarting the Apache web server each time vMA boots, we can make it easy to manage updates for our vSphere hosts.