More ESX 3.0.1 03/05/07 Patches...... - Page 2

MJKNIGHT · ‎03-06-2007

Anyone dived in and applied the new patches yet.....

....patch adds support for Microsoft Clustering Server (MSCS) with Windows 2003 Service Pack 1 (SP1) and R2 Guest Operating Systems (KB 2021).....[/i]

ESX-3199476 Patch | 03/05/07 | Critical Patch

ESX-5031800 Patch | 03/05/07 | Security Patch

ESX-5885387 Patch | 03/05/07 | Security Patch

ESX-6050503 Patch | 03/05/07 | General Patch

ESX-6856573 Patch | 03/05/07 | Security Patch

ESX-9865995 Patch | 03/05/07 | General Patch

Please provide feedback below if you have any issues....

Cheers,

Michael.

oreeh · ‎03-14-2007

what OS do your VMs run ?

CWedge · ‎03-14-2007

All windowsXp, Windows Server 2000, Windows Server 2003

oreeh · ‎03-14-2007

Should be possible using any Windows deployment tool.

Tibmeister · ‎03-14-2007

CWedge, use VBScript to touch them all and execute the tools, after you extract them from the ISO

oreeh · ‎03-14-2007

I had perl in mind (I'm not a Windows guy) but VB should work too .

CWedge · ‎03-14-2007

CWedge, use VBScript to touch them all and execute
the tools, after you extract them from the ISO

Ahh I didn't even think of that!

What is the path on the iso they are located in?

CWedge · ‎03-14-2007

CWedge, use VBScript to touch them all and execute
the tools, after you extract them from the ISO

Ahh I didn't even think of that!
What is the path on the iso they are located in?

Also what I am dealing with now is I just applied the ESX patches and that says it has to have new VMtools installed on your VM's so where are those located?

Tibmeister · ‎03-14-2007

I would just do the VMTools install into your favorite VM and open the CDROM in Windows Explorer. Really simple. I would say VBScript just for ease, but .NET can certinatly make the same WMI calls to remotly execute a process.

As far as the patch script, as soon as my test subject wants to mount NFS shares, I will be able to fully validate it.

admin · ‎03-15-2007

Michael,

I can't thank you enough for your script. I painfully downloaded all 20 patches to my ESX 3.01 servers...and then ran your script on each one. The process probably took about 30 minutes to patch each server...but it was alot quicker than doing all of this manually.

I would have never patched my servers manually...and was really holding out for some sort of roll up patch....or 3.02....or something.

I had one of my clients use your script as well...and it worked great for them!

Thanks again...this was too easy. I will show my clients and students your methodology....at least until VMware comes out with something better.

You might have Mike Laverick post your solution on his RTFM site...so it can gain a lot more exposure.

Chris

MJKNIGHT · ‎03-15-2007

Chris,

Thanks for the feedback. I wrote the script out of frustration with the amount of patches we were having to deploy and thought others must be having the same pain.

I have spoken with our VMware TAM about the patching gripes we have.

I have suggested that customers have an option to download a prebundled set of patches, but also have the option to pick and choose patches as required.

That way, if its looks like you need all of them, then you have one download and MD5 check to peform and Vmware supply script to apply them.

I have also asked them to make it very [u]explict[/u][/b] , at the high level on the patch list, whether a patch requires a mandatory reboot i.e. you must reboot and must not suppress it .

In addition I have asked them to make it very clear if any of the patches will cause the VM tools to be out of date, so you can plan accordingly.

I'm assured the patching process will improve with future releases. In the interim we all[/b] need to keep the pressure on VMware to improve things and hopefully they may include our ideas in their future releases.

I have spoken already with Mike Laverick RTFM regarding hosting and he is very busy getting the new ESX VI3 book ready. I'll update him again.

Michael.

Tibmeister · ‎03-15-2007

So, here is the script with my modifications to it. It will mount your NFS share, do it's work, then dismount the share. Michael, maybe you could help me on one small part. The script needs to untar the files to the local system, possibly /tmp. This is because the NFS export on the remote system is RO, so this poses a small issue.

#!/bin/sh

#

\# ESX 3.0.1

#

\# Purpose: Script to apply ESX 3.x patches

\# Author : MichaelJKnight@gmail.com

\# Version: 1.1

\# Release: 09/03/2007

\# No warranty is provided with this script, test and use at your own risk

\# This script is freeware, please contact me with any bugs.

#

\# Modified 3/15/07 to include mounting of NFS share

#

nasinstall=\{local mount point}

nasremoteserver=\{remote server}

nasremoteshare=\{remote share}

if \[`vmware -v | grep -i "Server 3." | wc -l` -eq 0 ]

then

echo

echo This script requires an ESX 3.x platform, this server is on

echo

vmware -v

echo

echo Exiting.

echo

exit

fi

\# Mount NFS Share

retval=`/usr/sbin/esxcfg-nas -a -o "$nasremoteserver" -s "$nasremoteshare" "$nasinstall" 2>/dev/null | wc -l`

if \[ $retval -eq 2 ]

then

esxpatches=`ls /vmfs/volumes/"$nasinstall"/ESX*.tgz 2>/dev/null | wc -l`

echo

echo Found $esxpatches ESX patches in /vmfs/volumes/"$nasinstall"/

echo

if \[ $esxpatches -ne "0" ]

then

pcount=0

cd /vmfs/volumes/"$nasinstall"/

Start creation of patch bundle script....

echo "#!/bin/bash" > /tmp/patchbundle.sh

echo "# Start of patch bundle of $esxpatches ESX Patches " >> /tmp/patchbundle.sh

for i in `ls -l ESX*.tgz 2>/dev/null | awk '\{ print $9} '`

do

Now expand each patch found into its corresponding folder

let "pcount = $pcount + 1"

echo

echo Found patch $pcount / $esxpatches $i

echo Now Expanding....$i

echo

tar -xvzf "$i"

done

chmod +x /tmp/patchbundle.sh

rm -rf /vmfs/volumes/"$nasinstall"/ESX*.tgz

Cycle through patches and determine release date and then set datestamp on patch directory to ensure patch sequence is in release date order.

cd /vmfs/volumes/"$nasinstall"/

for i in `ls -ltr 2>/dev/null | awk '\{ print $9} '`

do

tstamp=`cat /vmfs/volumes/"$nasinstall"/$i/descriptor.xml | grep "" | cut -f1 -d"<"`

echo

echo Patch $i release date is $tstamp

echo

touch /vmfs/volumes/"$nasinstall"/$i -d"$tstamp"

done

Update patch bundle script with patches now in release date equence....

pcount=1

echo

for i in `ls -ltr 2>/dev/null | awk '\{ print $9} '`

do

echo Sequencing $i into patch bundle script

echo cd /vmfs/volumes/"$nasinstall"/`echo $i |cut -f1 -d. `>> /tmp/patchbundle.sh

echo echo ' `date +%e/%m/%y" "%H:%M:%S` ' "Patch `echo $i |cut -f1 -d. ` ` echo $pcount of $esxpatches ` Installation Started " >> /tmp/patchbundle.sh

echo "esxupdate -v 20 -n update" >> /tmp/patchbundle.sh

echo echo ' `date +%e/%m/%y" "%H:%M:%S` ' "Patch `echo $i |cut -f1 -d. ` Installation Completed " >> /tmp/patchbundle.sh

let "pcount = $pcount + 1"

done

echo "# End of patch bundle" >> /tmp/patchbundle.sh

echo

echo Applying patches, please wait....

echo

/tmp/patchbundle.sh

Tidy up post installs

rm -rf /tmp/patchbundle.sh

rm -rf /vmfs/volumes/"$nasinstall"/ESX*

echo

echo All $esxpatches patches applied. Schedule reboot asap..

echo

else

echo No ESX Patches to be applied...

fi

Dismount NFS Share

retval=`/usr/sbin/esxcfg-nas -d "$nasinstall" 2>/dev/null | wc -l`

if \[ $retval -eq 1 ]

then

echo "$nasinstall" dismounted

else

echo "$nasinstall" could not be dismounted

fi

else

echo Could not mount the NFS share...

fi

VirtualKenneth · ‎03-15-2007

Hi Michael,

I've tested a lot with your script and it doesn't seem to work completely.

What happens?

I've got 20 patches in the directory, 19 patches get installed.

Patch number 16 --> ESX1410076 gives an error saying that 3 packages need to be downgraded.

Have you experienced issues with this patch? (releasedate of the patch is set to 22 feb 19:38 2007)

MJKNIGHT · ‎03-15-2007

Hi,

Ive just extracted the patch and it reports a release date of

Sun Nov 5 17:25:47 PST 2006 ?

Still checking....

Michael.

VirtualKenneth · ‎03-15-2007

Hmmm.. VMware download site mentions this specifically to the patch:

Note: As of 03/05/2007, this patch has been repackaged to reflect the correct patch description. If you have already installed this patch, there is no need to re-install it. The fixes being included in this patch were not changed.

Apparently they changed the patch description AND the release date causing it not to work with your script...

I guess I have to manually change the releasedate in the script in order for it to work correctly.

Tibmeister · ‎03-15-2007

When it says that it has to downgrade a patch, that's because they were applied out of sequence. It's kinda goofy. Something to look at for the script Michael?

I've got the NFS stuff working, so now I have to modify it to make it dynamic, ie allow one to use a local point, or NFS point. It will copy the patches locally if it uses an NFS point, less network roundtrips that way. As soon as I get that modified, I'll let everyone know.

stollefson · ‎03-15-2007

Thanks for posting this script. I will be testing it in the lab later today or early tomorrow. Will post back.

conradsia · ‎03-15-2007

sweet script, thanks.

bovc · ‎03-16-2007

Thanks!

Being unfamiliar with linux, how do I run the script?

I've saved it to a file called update.sh - now what?

Thanks,

Rasmus

jparnell · ‎03-16-2007

from a shell, make the file executable:

\# chmod o+x update.sh

then run the script:

\# ./update.sh

Run both commands from the directory in which the file is located.

christianZ · ‎03-16-2007

Make it executable:

chmod 750 update.sh

then execute it:

./update.sh