This blog is a high-level guide to creating an ISO for VCF with a new patch release as a example, So lets just say a new patch has been released due to a security vulnerability 7u3i for esxi so you have to combine the patch with the vendor add-on to create a new ISO. Then use the async tool and the custom iso to patch your esxi host. I will use HPE as a example.
VMware Reference – Creating a custom ISO
https://docs.vmware.com/en/VMware-Cloud-Foundation/4.4/vcf-admin/GUID-2674DA5A-8DF7-4212-A4A9-88CD798DC303.html
Requirements
ESXi Patch from VMware website a zip file
oem-add-on from the VMware website
Matching SPP/firmware for oem-add-on from vendor website – https://www.vmware.com/resources/compatibility/search.php
Or
Vendor/ ISO exactly matching patch version
Matching SPP/firmware for ISO
STEP 1
Determine which esxi version you need from VMware security advisory web page and Download esxi patch
Example – https://www.vmware.com/security/advisories/VMSA-2022-0030.html
Vcf patch list – https://kb.vmware.com/s/article/88287
Esxi release notes for patch version to get the build number – https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3i-release-notes.html
Esxi patch download – https://customerconnect.vmware.com/patch#search
STEP 2
Determine latest or matching version from vendor ISO or ESXI add-on and download it (you might need to contact the vendor and ask them which on one to use)
List of HPE esxi images and matching SPP – http://vibsdepot.hpe.com/mapping/SPP-HPE_Custom-Image-vibsdepot-mapping-Gen9-later.pdf
Esxi OEM-addons –https://customerconnect.vmware.com/en/downloads/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/7_0#addons
ESXi Vendor ISO’s (optional if any matching the patch released version) –https://customerconnect.vmware.com/en/downloads/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/7_0#custom_iso
STEP 3
Create iso using lifecycle manager in vCenter, import ESXi patch and OEM-admin to vCenter lifestyle manager, create new cluster with new image option, select patch and oem-addon, then export ISO and deleting cluster after exported ISO – https://docs.vmware.com/en/VMware-Cloud-Foundation/4.4/vcf-admin/GUID-1B9AAE1E-7C55-4A7A-A921-9F84F248AF68.html
STEP 4
Use the async tool to download patch and upload to sddc manager, then setup the custom iso like you would like a upgrade pointing that .json spec to the async patch in sddc, then upgrade to patch version
Upgrade an Async Patched Version of VMware Cloud Foundation in Offline Mode – https://docs.vmware.com/en/VMware-Cloud-Foundation/services/ap-tool/GUID-EB10811D-CE90-4A16-B070-EFF3EDF2A73C.html
Upgrade ESXi with Custom ISOs – https://docs.vmware.com/en/VMware-Cloud-Foundation/4.4/vcf-lifecycle/GUID-B639896D-B4F0-4758-A02B-AA94FA6FEF1F.html
Ray