I am trying to use the model of patching servers shown at:
http://virtrix.blogspot.com/2007/03/vmware-autopatching-your-esx-host.html
But am having issues and wonder if anyone could help me out.
My ESX server has the ports open and are running the fresh installed version of ESX 3.01 and is in maint mode.
My web server is Windows 2003 R2 SP2 with the firewall off.
My ESX servers can ping the web servers IP.
Shown below is the script:
#!/usr/bin/perl
\# patchESX.pl -- auto update esx perl script
\# by Vincent Vlieghe
\# Version 6/03/2007
use LWP::Simple;
$patchlist = get 'http://192.168.0.60:80/patchesList.txt';
@array = split(/\n/, $patchlist);
foreach $item (@array)
{
print $item;
$item = trim($item);
$cmdQuery = "esxupdate query | grep ESX-$item";
if(system($cmdQuery) == 0)
{
print "\n$item is already installed - skipping\n";
}
else
{
print "\n$item is not yet installed - installing\n";
$cmdUpdate = "esxupdate -n -r http://192.168.0.60:80/ESX-$item update";
system($cmdUpdate);
}
}
sub trim($)
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
}
Am I doing something wrong?
Thanks in advance
Auto patching ESX is a attractive option and yet can provide some unique challenges. Have you considered options like HP's RDP method? I know this is not automatic but do you really want something patching your server automatically?
Lets call it semi-automated then. I run the script and then the servers get patches.
I dont have the option for anything other that using IIS/FTP unless I do it manually.
RDP is what I use to push down the patches and scripts to install once it there. This has been working great for me
One thing i noticed in that script was a lack of error checking so be careful. We did things similar to what was referred to in that blog with a couple differences.
1 - we run it manually on a host (place host in maintenance mode first)
2- we maintain on the local host in the directory we run this a file called 'patchlist.txt'
This file contains the patches in the correct order to have them installed
3 - we install all patches even if they don't pertain to use due to bugs in the vmware esxupdate utility
4 - before running a patch we ensure we can verify the rpm using esxupdate
5 - we save the output (verbose level 20) for review if needed
6 - we halt the installation of patches if a patch fails
An email is sent in any case.
VMware is working on a better patch solution but until it is out just be careful.
hope this helps.
ps double check your ports to ensure they are open with TCP or UDP and it's outbound not inbound using esxcfg-firewall -q
What is the issue that you are having? I am using this same script, I also had a little issue with it. Maybe I can be of some assistance, just let me know exactly what issue your having.
Did you open up the correct firewall ports on your ESX hosts. We always had problems trying to get HTTP to work. When using FTP we had to edit the urlgrabber to get it to work. What kind of errors are you getting.
Hmm.. can you give some details on how you accomplish this?
I would be interested in the autopatching alternative.
