Using vSphere Lifecycle Manager (vLCM) API to patch group of ESXi hosts

An interesting vSphere Lifecycle Manager (vLCM) question that has already come up a few times in the past two weeks is whether vLCM can remediate (patch/upgrade) a specific group of ESXi host(s)?

Today, there are two ways in which vLCM can remediate ESXi hosts within a vSphere Cluster. The first is to simply remediate all ESXi hosts within a vSphere Cluster using the Remediate All option.

If a user wishes to exclude specific ESXi host(s) from being remediated, then the only other option is to manually remediate each individual host. To do so, select an ESXi host from the list and then use the Remediate option in the Actions menu as shown in the screenshot below.

For a small environment, manual remediation might be okay for those willing to click through the vSphere UI but it is certainly less than ideal and you are also not taking advantage of the automation and orchestration that vLCM provides in the first place.

Luckily, there is a third option which is to use the vLCM REST API to specify the desired list of ESXi host(s) that want to patch/upgrade and best of all, this is fully automated!

The vLCM Apply Clusters Software Task API is what the vLCM UI calls when remediating all or a specific ESXi host within a vSphere Cluster. The API payload accepts a list of ESXi host Managed Object Reference (MoRef) IDs, so you can see how this API can be used to selectively choose which set of ESXi hosts to remediate.

Note: While you can specify a list of ESXi hosts to patch/update, in vSphere 7.x, the remediation is still performed sequentially with one host at a time. In vSphere 8.x, parallel remediation will be supported and can be configured from 1 to 96. From my limited testing, it also seems the order of ESXi MoRef ID is also the order in which vLCM starts the remediation.

To demonstrate how this vLCM API works, below are examples using the vCenter REST API via cURL and PowerCLI.

cURL

# Get VMware API Session ID
curl -X POST -H "Authorization: Basic ${BASIC_AUTH_TOKEN}" https://vcsa.primp-industries.local/api/session

# Patch specific ESXi hosts
curl -X POST -H "vmware-api-session-id: ${VMWARE_SESSION_ID}" -H "Content-Type: application/json" \
    -d '{"accept_eula":true,"hosts":["host-84028"]}'\
    "https://vcsa.primp-industries.local/api/esx/settings/clusters/${CLUSTER_ID}/software?action=apply&vmw-task=true"

PowerCLI

Step 1 - Connect using both the Connect-VIServer and Connect-CISServer cmdlet. The next section will store the desired name of the vSphere Cluster you wish to perform the vLCM operation on and retrieve the vSphere Cluster Managed Object Reference (MoRef) ID which will be needed in Step 3.

$CLUSTER_NAME="vLCM-Cluster"
$CLUSTER_ID=(Get-Cluster -Name $CLUSTER_NAME).Id.replace("ClusterComputeResource-","")

Step 2 - Retrieve the the desired ESXi Managed Object Reference (MoRef) IDs that you wish to patch using vLCM.

(Get-Cluster -Name $CLUSTER_NAME | Get-VMHost) | select Name,Id

Step 3 - Create a $hostIds variable which is an array containing the desired ESXi MoRef IDs from the previous step. After that, the next section creates the vLCM apply spec and then performs the apply/patch operation.

# List of ESXi host (MoRef ID) to patch from Step 2
$hostIds = @("host-84025")

# Create vLCM Apply Spec
$esxClusterSoftwareService = Get-CisService -Name com.vmware.esx.settings.clusters.software
$spec = $esxClusterSoftwareService.Help.'apply$task'.spec.Create()
$spec.accept_eula = $true
$spec.hosts = $hostIds

# Run vLCM Apply/Patch operation
$esxClusterSoftwareService.'apply$task'($CLUSTER_ID, $spec)

I think a nice enhancement for the vLCM UI in the future is to offer a menu that automatically selects all ESXi hosts to remediate, but allowing a user to override and uncheck or select specific hosts to remediate. For now, the vLCM API is the best option over manually remediating each host which can be extremely time consuming with management of maintenance mode enter/exit, reboot, etc.