Deploying VMWare Patches to ESX 3.x Servers
Recently, VMware released their Update Manager to handle patch management of ESX servers.
For those of you who haven't implemented it, here's a setup of reasonably robust scripts to do the patching via the Deployment console.
Use the ESX-100xxxx patch number as the job name.
1. Check to see if the patch is installed
#Check to see if this patch is already installed #!/bin/sh esxupdate query | grep %JOBNAME%
Set this job to STOP on a "Success" (exit code zero), and Continue (sucessfully) on exit code 1.
grep will return exit code 0 if the text is found (ie patch is installed), 1 if it is not.
2. Check that the host is in maintenance mode
#Check maintenance mode status
#!/bin/sh
#There needs to be a 2 minute delay, just in case this is running straight after another patch which caused a reboot
sleep 120
test `vimsh -n -e hostsvc/runtimeinfo | grep 'inMaintenanceMode' |awk '{print $3}' | sed 's/,//'` = true
For this task, have the job continue on error code 0 and stop on error code 1.
3. Create patch directory
#Create patch directory #!/bin/sh mkdir -p /var/updates
4. Download Patch
#Download patch #!/bin/sh cd /var/updates esxcfg-firewall -e smbClient smbclient --user=username //%SITE%/eXpress "password" -c 'cd "\path\to\ESX\patches"; get %JOBNAME%.tgz' smbclient --user=username //%SITE%/eXpress "password" -c 'cd "\path\to\ESX\patches"; get %JOBNAME%.tgz.md5' esxcfg-firewall -d smbClient
To ensure the file transfer works, have both the patch file and an MD5 has in your depot. This is checked in Step 5.
5. Verify MD5 hash
#Verify MD5 sum #!/bin/sh cd /var/updates/ md5sum --status --check %JOBNAME%.tgz.md5
Once again, the return code for md5sum will determine whether or not the job is successful. 0 is good, 1 is bad.
6. Decompress and install patch
#Decompress and install patch #!/bin/sh cd /var/updates gzip -d %JOBNAME%.tgz tar -xf %JOBNAME%.tar cd %JOBNAME% esxupdate update
7. Clean up after install
#Clean up after install #!/bin/sh cd /var/updates rm -rf %JOBNAME% rm -f %JOBNAME%.tar rm -f %JOBNAME%.tgz.md5
Always leave the camp site in the same or better condition!
It is possible to add a script to bring the server out of maintenance mode after clean-up, but that's not all that useful if you're deploying a number of patches. So, I recommend leaving it as a manual process.
About Endpoint Management and Virtualization Community Blog
The Endpoint Management & Virtualization Community Blog is the perfect place to share short, timely insights including product tips, news and other information relevant to the Endpoint Management & Virtualization community. Any authenticated Connect member can contribute to this blog.
I've not implemented the
I've not implemented the VMware update manager yet, but I see in your post some good and helpful scripts for this task. Thanks!
Just for clarification,
Just for clarification, these scripts aren't for use with Update Manager. They're "instead of", if you don't want to or can't implement update manager in your environment.
Good post
This is a very valuable post, and states that even in VMWare environments a solution like DS is necessary to maintain patches and various.
Regards
Erik
www.dvs4sbc.nl
Regards
Erik
www.DinamiQs.com
Dinamiqs is the home of VirtualStorm (www.virtualstorm.org)
Have to try this one, good
Have to try this one, good post.
Patch ESX with NS Software Delivery
This is a great post. Thanks for the step-by-step using DS. I will be putting this to use.
Just wanted to add to the topic with how to patch ESX with NS. I wrote a step-by-step whitepaper (http://dell.altiris.com/portals/0/wp_patchingesxwi...) on how to use Software Delivery for Unix/Linux to do this very thing.
Would you like to reply?
Login or Register to post your comment.