Re: ESX UpDates in a special order - important? - Page 2

jmcclymont · ‎04-06-2007

hello all,

sometimes we get a bulk of new updates and up to now i update the esx boxes in the same order like the patches shown on the patch-website, from the bottom up.

Is that necessary or could i update disorganized?

thanks and greeting from germany

jeff

ANSA · ‎04-18-2007

VMWare's official response to my service-request
about this was to apply all patches in release
order. Spend the small amount of extra time
applying the stuff in order now, and save headaches
later if problems pop up.

My sentiments exactly! This is what I have always recommended because it seems logical to me. I have never had any issues with this procedure.

frost-byte · ‎04-23-2007

Patches are not cumulative, and should be installed in the order they were released (by date). It is important to install all updates marked Critical or Security, and install only the General patches that might apply to your environment

To view what updates have been applied to your ESX server, log in to the console, and use this command:

esxupdate -l query

pizaro · ‎04-29-2007

VMware has recently published a KB to address this issue temporary -

http://kb.vmware.com/kb/10230

TComp · ‎05-02-2007

After reading page after page of Patching issues, Im getting more and more confused.

Release date, Patch #, RPM version......

I will be installing over 40 new ESX's in the next months, and not looking forward to the patch job(s).

Why cant VMware create a NEW ESX ISO containing all patches?

The current ISO is soon 1 year old !

(or at least, a (1) package containing all previous patches).

I agree that applying 1 -2 patches is not a big issue, but needing to install 25 for a newly deployed server is getting a little .... time consuming.

Tor

aleph0 · ‎05-04-2007

First of all: I apply the patches in release order[/b]

However, from TSX Nice 2007:

Patches are fine-grain, addresses individual bug or security issue so that customers can choose a specific patch to apply[/i]

Categorized individually as: security, critical, or general to allow customers to comply with their service level agreements

Patch # refers to KB article number that describes the patch[/i]

Patches are installed using esxupdate (a script can be written to install all patches in one shot using the –n “no reboot option”)

Patches within a maintenance release can be installed out of order* (dependency checks will be taken care of by esxupdate)[/i]

\* [u]If you use the undocumented -f option of esxupdate, you have compromised this option, the -f option skips the dependency check[/u][/b]

\aleph0 ____________________________ http://virtualaleph.blogspot.com/ ############### If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!

Cova · ‎05-04-2007

It's not quite what I had in mind - but that KB article at: http://kb.vmware.com/kb/10230 can be said to support what fdouma and I have done.

The KB article is instructing people to apply the ESX update, using the -x option to skip individual RPMs that are included in that patch.

What I did was verify that the ESX update contained ONLY RPMs that the KB article would have me skip - and so I skipped the entire ESX update.

I am a little curious what would happen if I tried to apply an ESX update, and used -x to exclude every single RPM that it contains. Not curious enough to try it on my production boxes though.

natedev · ‎07-31-2007

I just downloaded and installed VMTS Patch Manager today. UI is pretty good - works like Windows Update and can patch large numbers of servers. It's already saved me a lot of time. Plus, it's a shareware product.

http://www.vmts.net/VMTSPatchManager.htm

All

ESX UpDates in a special order - important?