Check your vSphere cluster hosts patch level with PowerCLI
November 24, 2011 8 Comments
It is a best practise to keep all the hosts of a VMware vSphere cluster at the same patch level. That means that all the hosts need to have the same patches installed. But how do you easily check if this is the case? This is where PowerCLI will help you.
The Get-VMHostPatch cmdlet
The PowerCLI Get-VMHostPatch cmdlet retrieves information of the host patches installed on the specified hosts. E.g. the following PowerCLI command will show you all the patches that are installed on the hosts of the cluster named “MyCluster”.
Get-Cluster -Name MyCluster | Get-VMHost | Get-VMHostPatch | ` Select-Object -Property VMHost,Id,InstallDate,Description | ` Format-Table -AutoSize
Listing 1. PowerCLI command to retrieve information of the host patches installed on the hosts of cluster MyCluster.
The command from listing 1 gives the following output.
VMHost Id InstallDate Description ------ -- ----------- ----------- esx1.rvdnieuwendijk.com 841.k1.16.2-1vmw 24-3-2011 14:06:59 qla2xxx: scsi driver for VMware ESX esx1.rvdnieuwendijk.com hp-nmi-driver-1.2.02 24-3-2011 14:09:12 HP NMI Sourcing Driver for VMware ESX/ESXi 4.1 esx1.rvdnieuwendijk.com EMU-be2net-2.104.277.3 8-8-2011 14:39:39 Emulex OneConnect NIC Driver esx1.rvdnieuwendijk.com ESXi410-Update02 31-10-2011 10:12:06 VMware ESXi 4.1 Complete Update 2 esx1.rvdnieuwendijk.com hpq-esxi4.1uX-bundle-1.2-25 23-11-2011 16:11:06 HP ESXi 4.1 Bundle 1.2-25 esx2.rvdnieuwendijk.com 841.k1.16.2-1vmw 24-3-2011 14:18:36 qla2xxx: scsi driver for VMware ESX esx2.rvdnieuwendijk.com hp-nmi-driver-1.2.02 24-3-2011 14:26:16 HP NMI Sourcing Driver for VMware ESX/ESXi 4.1 esx2.rvdnieuwendijk.com EMU-be2net-2.104.277.3 8-8-2011 15:16:29 Emulex OneConnect NIC Driver esx2.rvdnieuwendijk.com ESXi410-Update02 31-10-2011 10:22:08 VMware ESXi 4.1 Complete Update 2 esx2.rvdnieuwendijk.com hpq-esxi4.1uX-bundle-1.2-25 24-11-2011 11:32:45 HP ESXi 4.1 Bundle 1.2-25
Listing 2. Output of the command from listing 1.
Although this listing shows exact which patch is installed on which host, it is hard the check if all the hosts have the same patches installed. Specially when you have a large cluster.
The Group-Object cmdlet
This is where the PowerShell Group-Object cmdlet will help us. The Group-Object cmdlet displays objects in groups based on the value of a specified property. And it will show you how many elements are in a group.
If we group the output of the Get-VMHostPatch cmdlet by the Id property, we will see how many hosts have a certain patch installed. If all the patches are installed on all the hosts, then we are done.
Get-Cluster -Name MyCluster | Get-VMHost | Get-VMHostPatch | ` Select-Object -Property VMHost,Id | Group-Object -Property Id
Listing 3. PowerCLI command to count the number of hosts on which a patch is installed for cluster MyCluster.
Output for a cluster that doesn’t have the patches installed on all hosts
In the next listing I will show you the output of the PowerCLI command from listing 3 when not all hosts in a cluster have the same patches installed. You see that some patches are installed on all the sixteen nodes of the cluster. Other patches are installed on only eight nodes.
Count Name Group
----- ---- -----
16 hp-nmi-driver-1.2.02 {@{VMHost=esx3.rvdnieuwendijk.com; Id=hp-nmi-driver-1.2.02}, @{VMHost=esx4.rvdnieuwendijk.com; Id=hp-nmi-driver-1.2.02}, @{VMHost=sc...
16 hpq-esxi4.1uX-bundle-1.1 {@{VMHost=esx3.rvdnieuwendijk.com; Id=hpq-esxi4.1uX-bundle-1.1}, @{VMHost=esx4.rvdnieuwendijk.com; Id=hpq-esxi4.1uX-bundle-1.1}, @{V...
16 841.k1.16.2-1vmw {@{VMHost=esx3.rvdnieuwendijk.com; Id=841.k1.16.2-1vmw}, @{VMHost=esx4.rvdnieuwendijk.com; Id=841.k1.16.2-1vmw}, @{VMHost=scomp0641....
8 ESXi410-Update01 {@{VMHost=esx3.rvdnieuwendijk.com; Id=ESXi410-Update01}, @{VMHost=esx4.rvdnieuwendijk.com; Id=ESXi410-Update01}, @{VMHost=scomp0641....
8 ESXi410-201107401-BG {@{VMHost=esx3.rvdnieuwendijk.com; Id=ESXi410-201107401-BG}, @{VMHost=esx4.rvdnieuwendijk.com; Id=ESXi410-201107401-BG}, @{VMHost=sc...
8 ESXi410-201107402-BG {@{VMHost=esx3.rvdnieuwendijk.com; Id=ESXi410-201107402-BG}, @{VMHost=esx4.rvdnieuwendijk.com; Id=ESXi410-201107402-BG}, @{VMHost=sc...
16 EMU-be2net-2.104.277.3 {@{VMHost=esx3.rvdnieuwendijk.com; Id=EMU-be2net-2.104.277.3}, @{VMHost=esx4.rvdnieuwendijk.com; Id=EMU-be2net-2.104.277.3}, @{VMHos...
8 ESXi410-Update02 {@{VMHost=esx5.rvdnieuwendijk.com; Id=ESXi410-Update02}, @{VMHost=esx6.rvdnieuwendijk.com; Id=ESXi410-Update02}, @{VMHost=scomp0776....
Listing 4. Output of the PowerCLI command from listing 3 for a sixteen node cluster that does not have the patches installed on all the hosts.
For this blogpost I actually combined the hosts of two eight node clusters. One cluster is on vSphere version 4.1 U1. And the other cluster is on version 4.1 U2.
Output for a cluster that has all the patches installed on all hosts
The PowerCLI command from listing 3 will give output similar to listing 5 when all the hosts of the cluster have the same number of patches.
Count Name Group
----- ---- -----
2 841.k1.16.2-1vmw {@{VMHost=esx1.rvdnieuwendijk.com; Id=841.k1.16.2-1vmw}, @{VMHost=esx2.rvdnieuwendijk.com; Id=841.k1.16.2-1vmw}}
2 hp-nmi-driver-1.2.02 {@{VMHost=esx1.rvdnieuwendijk.com; Id=hp-nmi-driver-1.2.02}, @{VMHost=esx2.rvdnieuwendijk.com; Id=hp-nmi-driver-1.2.02}}
2 EMU-be2net-2.104.277.3 {@{VMHost=esx1.rvdnieuwendijk.com; Id=EMU-be2net-2.104.277.3}, @{VMHost=esx2.rvdnieuwendijk.com; Id=EMU-be2net-2.104.277.3}}
2 ESXi410-Update02 {@{VMHost=esx1.rvdnieuwendijk.com; Id=ESXi410-Update02}, @{VMHost=esx2.rvdnieuwendijk.com; Id=ESXi410-Update02}}
2 hpq-esxi4.1uX-bundle-1... {@{VMHost=esx1.rvdnieuwendijk.com; Id=hpq-esxi4.1uX-bundle-1.2-25}, @{VMHost=esx2.rvdnieuwendijk.com; Id=hpq-esxi4.1uX-bundle-1.2-25}}
Listing 5. Output of the PowerCLI command from listing 3.
In listing 5 you see that all the patches are installed on all two hosts of the cluster. That means that all the hosts have the same patches installed. And you are done!
About Robert van den Nieuwendijk
Robert van den Nieuwendijk's Blog 
Hi,
great article. But i have some trouble get this work on esxi 5
If i wan´t to check the patchlevel the list is empty using the command get-vmhostpatch
Hi Frank,
Thanks that you like my article.
I have tested this script only with vSphere 4.1. The only vSphere 5 environment I have is my home lab. So I have to wait untill this evening, to test the Get-VMHostPatch cmdlet against ESXi 5. I will let you know what my results are.
Regards, Robert
In my home lab the Get-VMHostPatch cmdlet also returns nothing. But that might be because the ESXi 5.0 installation is not patched. In vSphere 4.1 I use the vCLI vihostupdate.pl script to patch my hosts. But that doesn’t work anymore with vSphere 5. You now have to use the esxcli command. I first have to figure out how to do this and patch a host. Then I will test the Get-VMhostPatch cmdlet again. I will come back to this question later this week.
Thank you very much.
My ESXi 5 is at the latest Patch Level.
Frank
Hi guys, I have the same issue, the get-vmhostpatch only seams to work with ESX 4.x hosts.
When I run the script on a enviroment with EXS 4.x and 5.x versions, the results only displays information for ESX 4.x version.
I don´t seeam to be the only one with issues, see the link below for feedback.
http://communities.vmware.com/thread/432708?start=0&tstart=0
Also I tried a to change the script a little bit, but still the same issue.
get-vmhostpatch -vmhost (Get-VMHost) | select VMhost, Id, InstallDate, Description | export-csv E:\temp\patch-report.csv -notype
Hi Paolo,
Thanks for your reply. You are for sure not the only one with this issue. As you can see I was the one who started the thread in the VMware Communities that you mentioned. The PowerCLI team is aware of this bug. So hopefully it will be solved in a future PowerCLI release.
Wow, that’s what I was exploring for, what a
data! present here at this blog, thanks admin of this web page.
Pingback: PowerCLI to Check Patch Version – Phasmid LLC