More ESX 3.0.1 03/05/07 Patches...... - Page 4

MJKNIGHT · ‎03-06-2007

Anyone dived in and applied the new patches yet.....

....patch adds support for Microsoft Clustering Server (MSCS) with Windows 2003 Service Pack 1 (SP1) and R2 Guest Operating Systems (KB 2021).....[/i]

ESX-3199476 Patch | 03/05/07 | Critical Patch

ESX-5031800 Patch | 03/05/07 | Security Patch

ESX-5885387 Patch | 03/05/07 | Security Patch

ESX-6050503 Patch | 03/05/07 | General Patch

ESX-6856573 Patch | 03/05/07 | Security Patch

ESX-9865995 Patch | 03/05/07 | General Patch

Please provide feedback below if you have any issues....

Cheers,

Michael.

rabittom · ‎04-02-2007

ESX-6431040 does not work with this script because it's a patch-bundle with multiple patches inside. Don't know why VMware has changed the way - i've had no problems with the older "mulit-patches".

regards

gernot

wila · ‎04-02-2007

A half baked solution.. that - i guess - was supposed to make it easier to apply the patch, instead the people that had automated the scripts now have a non working automated deploy.

Thanks vmware.. (sounds more cynical as i feel about it... although it is about time we get decent automated patching, this is more and more like patching red hat 6... by hand)

The solution seems to be to unwrap the new bundle and make separate .tgz bundles yourself and then apply them once again. Not tested this here myself yet as i've not had the time.

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

dominic7 · ‎04-02-2007

I updated the script that I posted above to deal with the changes. There is a patch for ESX 3.0.0 that also contains more patches inside.

letoatrads · ‎04-02-2007

Thanks Dominic, I'm trying the new script out on one of my test 3.0.1 servers now. Seriously appreciate the work you put in to make this available!

dominic7 · ‎04-02-2007

The only problem that I have with the patch format is that there is no way to tell if patch ESX-6431040 is applied to your system. I have to download it ( everytime ) unpack it and then see if the subpatches have already been applied. For other patches the script is smart enough to see if it's already been installed and then not download it.

It also doesn't make any sense. If VMware is going to roll up 8 patches into a single patch, why didn't they roll up all 12 of them and turn it into one ginormous monthly patch? Or better yet, release a quarterly patch.

jdvcp · ‎04-02-2007

Where can we get the new script you worked on? Thx for this!

dominic7 · ‎04-02-2007

\^^^ look up about 7-8 posts.

letoatrads · ‎04-02-2007

Dominic's script worked like a champ for me with 2 caveat's.

1 - Not his script's fault, had to redownload ESX-1410076 Patch, since it was re-packed my old version didn't match the MD5 sum.

2- Had to run "esxcfg-firewall --allowOutgoing" just enabling the ftpclient didn't seem to do it.

dominic7 · ‎04-02-2007

What type of FTP server are you using?

letoatrads · ‎04-02-2007

Tried 3 different ones....vsftpd, goldenFTP, and our corporate FTP server. All of them would fail on the get command from an ESX host ( though testing that portion of the script worked fine from just a straight linux host).

forbes · ‎04-02-2007

If you are using MichaelJKnight bash script, and want to use sudo, then you need to change the following line (near the end):

echo "esxupdate -v 20 -n update" >> /tmp/patchbundle.sh[/b]

to this:

echo "/usr/sbin/esxupdate -v 20 -n update" >> /tmp/patchbundle.sh[/b]

When you use sudo, it doesn't reflect root's path settings so can't find the esxupdate command. Other than that it all runs fine under sudo.

Anyone got an update to the script for the ESX-6431040 bundle?

Forbes Guthrie http://www.vReference.com vExpert

forbes · ‎04-02-2007

Just discovered that if you untar this one bundled patch and copy the patch folders into your updates folder manually, and then run the bash script, then it does install the individual updates.

i.e. something like this

$ cp ESX-6431040.tgz /tmp/patches

$ cd /tmp/patches

$ tar -xvzf ESX-6431040.tgz

$ cd ESX-6431040

$ cp -r ESX* /tmp/patches

$ sudo ./install.sh[/b]

N.B. I use /tmp/patches instead of /var/updates

The script runs and installs the patches. Whilst running it incorrectly reports the number of patches to install, so it echos something like " installing patch 24 of 16", but still installs them.

When running sudo /usr/sbin/esxupdate query[/b], it lists all the individual packages, not ESX-6431040. Not sure if this is different.

This means I can just keep a copy of all the patches and these untarred ones on my usb stick, and I'm ready to go

Forbes Guthrie http://www.vReference.com vExpert

CWedge · ‎04-05-2007

So does this mean if we used the original script, we didn't actually install that bundled patch?

einstein-a-go-g · ‎04-05-2007

yes. The bundled-patch extracts the patches, into seperate directories. underneath ESX-6431040, so the script doesn't see them.

tar ball them up, and copy into \var\updates, then it will find all 32 patches and install them.

But check because I have a few funnies, where I've done this and it hasn't installed them, check the patches installed with esxupdate -l query and your vmware version (vmware -v) (don't rely on VC to get this right!)

sbeaver · ‎04-05-2007

I believe Dominics script has been changed to address this. I am testing it out now

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**

dominic7 · ‎04-05-2007

I also added http install support, reboot after install support and an option to temporarily open the firewall. I'll get that posted tomorrow morning.

CWedge · ‎04-05-2007

I also added http install support, reboot after
install support and an option to temporarily open the
firewall. I'll get that posted tomorrow morning.

what about just adding in the script, depending on what it's doing, ie, ftp, http. etc, have the script open the ports on the esx firewall, then when it's done, close it back up, like you did for http?

Message was edited by:

CWedge@Amsa

dominic7 · ‎04-05-2007

I like the idea, and some of it is simple and some of it is not. When working with just ftp, the "esxcfg-firewall --enableService ftpClient" should work, but it doesn't always seem to work, I don't know if it has to do with passive FTP or not. With the http, I could unblock outbound to destination port 80 tcp, but I think there are a number of people with webservers on other ports. Allowing all outbound connections is a sort of shotgun approach, but requires less configuration to get it up and running.

CWedge · ‎04-05-2007

What can i possibly be doing wrong to get this
error?
\[root@testesx updates]# chmod o+x esxscript.sh
\[root@testesx updates]# . ./esxscript.sh
: command not found
: command not found
bash: ./esxscript.sh: line 26: syntax error near
unexpected token `fi'
'ash: ./esxscript.sh: line 26: `fi
\[root@testesx updates]#
Any help would be appreciated
DREi

I figured out the problem.

It seams when you copy it in WINSCP you \*MUST* select TEXT mode copy, then it works...If you choose automatic or Binary it bombs with that error.

vedeht · ‎04-10-2007

Man your not kidding. I was getting the same error. If you copy it with the default mode it won't work. I finally copied it in text mode and poof it started to work.

Try our VMWare View Demo on www.virtualdojo.com