My only question is the issue regarding whether or not to apply all patches or just the one's necessary to your environment. I have been told several times by VMWare Support to go ahead and apply all patches. Here's there reasoning.

For the scenario of adding new equipment, if you had that new piece hardware you would have to patch (in chrono order)to the necessary update for that new piece of equipment.

For the scenario of mixed environment...if you have multiple pieces of hardware, loss of patch order or incorrect order of patching.

I currently patch from iis...tried nfs but did not like it. It's real easy to patch once you get the hang of it.

I just take the mind set to apply all patches...if there is an vulnerability in a patch and you didnt patch it regardless if it pertains particularly to your environment...you have your bases covered.

To each there own

Agreed, to each there own. I could see maybe if the patch had to do with a certain network or FC card that you potentially could be adding to the server at a later date. But for patches that have to do with specfic processors I would not bother with, there is no chance of someone adding a AMD processor into a Intel server. I'm always worried a patch will potentially break something else.

Have been trying to use ./esx-autopatch.pl but having problems downloading the patchlist file. Have tried using both http and ftp with the same error;

could not open file:

./patchlist.txt.

Any ideas or come across this before...?

Do you have a copy of the script you are running?

Look at my links a couple posts up...

I'm sorry I was speaking to andrew pheonix. He was having problems.

Message was edited by:

derekn

Yes,

I am using the same script published to this thread above, and patchlist also from the links above for ESX v3.0.1. Initially I had problems as characters <> && etc... where being transformed, but got around this. I know the script runs as it creates the updates folder in /var/ it just gets stuck on;

ftp: it logs into ftp host and traverses to the 3.0.1 directory

$ftp->get('patchlist.txt');

http: I believe it is connecting to the http service but can't guarantee it

getstore ("$url/$version/patchlist.txt",'./patchlist.txt');

______________________________________________________

\# Download The patchlist.txt for the matching version number

if ( $ftp ){

$ftp = Net::FTP->new($ftp_host);

print "Logging in to host $ftp_host\n";

$ftp->login($ftp_user,$ftp_password) or die "Could not establish FTP connection with $ftp_host\n";

print "Changing directory to $version\n";

$ftp->cwd($version);

$ftp->binary;

$ftp->get('patchlist.txt');

}

if ( $http ){

if ( !defined $url ){

die "No url specified either on the command line or in the script... exiting\n";

}

print "Downloading updates from $url/$version\n";

getstore ("$url/$version/patchlist.txt",'./patchlist.txt');

}

Are you opening service console firewall for the ports ftp and http? It might be that.

I can access the ftp site without any problems from the command line of esx. However I have discovered that I didn't have access to the 3.0.1 sub-folder, all sorted now. Although my next problem is that the MD5SUM generated by the script is not matching those defined in the patchlist.