Anyone dived in and applied the new patches yet.....
....patch adds support for Microsoft Clustering Server (MSCS) with Windows 2003 Service Pack 1 (SP1) and R2 Guest Operating Systems (KB 2021).....[/i]
ESX-3199476 Patch | 03/05/07 | Critical Patch
ESX-5031800 Patch | 03/05/07 | Security Patch
ESX-5885387 Patch | 03/05/07 | Security Patch
ESX-6050503 Patch | 03/05/07 | General Patch
ESX-6856573 Patch | 03/05/07 | Security Patch
ESX-9865995 Patch | 03/05/07 | General Patch
Please provide feedback below if you have any issues....
Cheers,
Michael.
what OS do your VMs run ?
All windowsXp, Windows Server 2000, Windows Server 2003
Should be possible using any Windows deployment tool.
CWedge, use VBScript to touch them all and execute the tools, after you extract them from the ISO
I had perl in mind (I'm not a Windows guy) but VB should work too .
CWedge, use VBScript to touch them all and execute
the tools, after you extract them from the ISO
Ahh I didn't even think of that!
What is the path on the iso they are located in?
CWedge, use VBScript to touch them all and execute
the tools, after you extract them from the ISO
Ahh I didn't even think of that!
What is the path on the iso they are located in?
Also what I am dealing with now is I just applied the ESX patches and that says it has to have new VMtools installed on your VM's so where are those located?
I would just do the VMTools install into your favorite VM and open the CDROM in Windows Explorer. Really simple. I would say VBScript just for ease, but .NET can certinatly make the same WMI calls to remotly execute a process.
As far as the patch script, as soon as my test subject wants to mount NFS shares, I will be able to fully validate it.
Michael,
I can't thank you enough for your script. I painfully downloaded all 20 patches to my ESX 3.01 servers...and then ran your script on each one. The process probably took about 30 minutes to patch each server...but it was alot quicker than doing all of this manually.
I would have never patched my servers manually...and was really holding out for some sort of roll up patch....or 3.02....or something.
I had one of my clients use your script as well...and it worked great for them!
Thanks again...this was too easy. I will show my clients and students your methodology....at least until VMware comes out with something better.
You might have Mike Laverick post your solution on his RTFM site...so it can gain a lot more exposure.
Chris
Chris,
Thanks for the feedback. I wrote the script out of frustration with the amount of patches we were having to deploy and thought others must be having the same pain.
I have spoken with our VMware TAM about the patching gripes we have.
I have suggested that customers have an option to download a prebundled set of patches, but also have the option to pick and choose patches as required.
That way, if its looks like you need all of them, then you have one download and MD5 check to peform and Vmware supply script to apply them.
I have also asked them to make it very [u]explict[/u][/b] , at the high level on the patch list, whether a patch requires a mandatory reboot i.e. you must reboot and must not suppress it .
In addition I have asked them to make it very clear if any of the patches will cause the VM tools to be out of date, so you can plan accordingly.
I'm assured the patching process will improve with future releases. In the interim we all[/b] need to keep the pressure on VMware to improve things and hopefully they may include our ideas in their future releases.
I have spoken already with Mike Laverick RTFM regarding hosting and he is very busy getting the new ESX VI3 book ready. I'll update him again.
Michael.
So, here is the script with my modifications to it. It will mount your NFS share, do it's work, then dismount the share. Michael, maybe you could help me on one small part. The script needs to untar the files to the local system, possibly /tmp. This is because the NFS export on the remote system is RO, so this poses a small issue.
#!/bin/sh
#
\# ESX 3.0.1
#
\# Purpose: Script to apply ESX 3.x patches
\# Author : MichaelJKnight@gmail.com
\# Version: 1.1
\# Release: 09/03/2007
\# No warranty is provided with this script, test and use at your own risk
\# This script is freeware, please contact me with any bugs.
#
\# Modified 3/15/07 to include mounting of NFS share
#
nasinstall=\{local mount point}
nasremoteserver=\{remote server}
nasremoteshare=\{remote share}
if \[`vmware -v | grep -i "Server 3." | wc -l` -eq 0 ]
then
echo
echo This script requires an ESX 3.x platform, this server is on
echo
vmware -v
echo
echo Exiting.
echo
exit
fi
\# Mount NFS Share
retval=`/usr/sbin/esxcfg-nas -a -o "$nasremoteserver" -s "$nasremoteshare" "$nasinstall" 2>/dev/null | wc -l`
if \[ $retval -eq 2 ]
then
esxpatches=`ls /vmfs/volumes/"$nasinstall"/ESX*.tgz 2>/dev/null | wc -l`
echo
echo Found $esxpatches ESX patches in /vmfs/volumes/"$nasinstall"/
echo
if \[ $esxpatches -ne "0" ]
then
pcount=0
cd /vmfs/volumes/"$nasinstall"/
Start creation of patch bundle script....
echo "#!/bin/bash" > /tmp/patchbundle.sh
echo "# Start of patch bundle of $esxpatches ESX Patches " >> /tmp/patchbundle.sh
for i in `ls -l ESX*.tgz 2>/dev/null | awk '\{ print $9} '`
do
Now expand each patch found into its corresponding folder
let "pcount = $pcount + 1"
echo
echo Found patch $pcount / $esxpatches $i
echo Now Expanding....$i
echo
tar -xvzf "$i"
done
chmod +x /tmp/patchbundle.sh
rm -rf /vmfs/volumes/"$nasinstall"/ESX*.tgz
Cycle through patches and determine release date and then set datestamp on patch directory to ensure patch sequence is in release date order.
cd /vmfs/volumes/"$nasinstall"/
for i in `ls -ltr 2>/dev/null | awk '\{ print $9} '`
do
tstamp=`cat /vmfs/volumes/"$nasinstall"/$i/descriptor.xml | grep "" | cut -f1 -d"<"`
echo
echo Patch $i release date is $tstamp
echo
touch /vmfs/volumes/"$nasinstall"/$i -d"$tstamp"
done
Update patch bundle script with patches now in release date equence....
pcount=1
echo
for i in `ls -ltr 2>/dev/null | awk '\{ print $9} '`
do
echo Sequencing $i into patch bundle script
echo cd /vmfs/volumes/"$nasinstall"/`echo $i |cut -f1 -d. `>> /tmp/patchbundle.sh
echo echo ' `date +%e/%m/%y" "%H:%M:%S` ' "Patch `echo $i |cut -f1 -d. ` ` echo $pcount of $esxpatches ` Installation Started " >> /tmp/patchbundle.sh
echo "esxupdate -v 20 -n update" >> /tmp/patchbundle.sh
echo echo ' `date +%e/%m/%y" "%H:%M:%S` ' "Patch `echo $i |cut -f1 -d. ` Installation Completed " >> /tmp/patchbundle.sh
let "pcount = $pcount + 1"
done
echo "# End of patch bundle" >> /tmp/patchbundle.sh
echo
echo Applying patches, please wait....
echo
/tmp/patchbundle.sh
Tidy up post installs
rm -rf /tmp/patchbundle.sh
rm -rf /vmfs/volumes/"$nasinstall"/ESX*
echo
echo All $esxpatches patches applied. Schedule reboot asap..
echo
else
echo No ESX Patches to be applied...
fi
Dismount NFS Share
retval=`/usr/sbin/esxcfg-nas -d "$nasinstall" 2>/dev/null | wc -l`
if \[ $retval -eq 1 ]
then
echo "$nasinstall" dismounted
else
echo "$nasinstall" could not be dismounted
fi
else
echo Could not mount the NFS share...
fi
Hi Michael,
I've tested a lot with your script and it doesn't seem to work completely.
What happens?
I've got 20 patches in the directory, 19 patches get installed.
Patch number 16 --> ESX1410076 gives an error saying that 3 packages need to be downgraded.
Have you experienced issues with this patch? (releasedate of the patch is set to 22 feb 19:38 2007)
Hi,
Ive just extracted the patch and it reports a release date of
Sun Nov 5 17:25:47 PST 2006 ?
Still checking....
Michael.
Hmmm.. VMware download site mentions this specifically to the patch:
Note: As of 03/05/2007, this patch has been repackaged to reflect the correct patch description. If you have already installed this patch, there is no need to re-install it. The fixes being included in this patch were not changed.
Apparently they changed the patch description AND the release date causing it not to work with your script...
I guess I have to manually change the releasedate in the script in order for it to work correctly.
When it says that it has to downgrade a patch, that's because they were applied out of sequence. It's kinda goofy. Something to look at for the script Michael?
I've got the NFS stuff working, so now I have to modify it to make it dynamic, ie allow one to use a local point, or NFS point. It will copy the patches locally if it uses an NFS point, less network roundtrips that way. As soon as I get that modified, I'll let everyone know.
Thanks for posting this script. I will be testing it in the lab later today or early tomorrow. Will post back.
sweet script, thanks.
Thanks!
Being unfamiliar with linux, how do I run the script?
I've saved it to a file called update.sh - now what?
Thanks,
Rasmus
from a shell, make the file executable:
\# chmod o+x update.sh
then run the script:
\# ./update.sh
Run both commands from the directory in which the file is located.
Make it executable:
chmod 750 update.sh
then execute it:
./update.sh