esxupdate
This version is old, see Xesxupdate.pl v1.2
With VMware ESX 3.x, you now need to do patch management with the command line utility esxupdate. There are pluses and minuses to this. You no longer need to boot into uniproc mode to run the patch, but you still most likely need to reboot. esxupdate will reboot for you unless you tell it not to.
The most important negative to this is that patches are no longer cumulative. As of today, you need to apply 14 patches to esx3.0.1 to be up to date. No more applying just the most recent patch. Also, the patch installer will restart hostd for most of the patches – no big deal, but takes forever.
So, you could type in 14 different commands and get your system up to date. Or you could make a shell script with 14 different commands in it. I have found it handy to have a script that will install all patches with one command line.
This script assumes that all patches are already extracted, all to a single directory…meaning you have a directory with patch directories in it. See below.
It assumes a file in that main directory called updates.list. This is a text file with a patch directory name per line.
Example:
/path/to/updates
/path/to/updates/ESX-1271657
/path/to/updates/updates.list
So a sample extract of a single update would be:
cd /path/to/updates;tar zxf /tmp/ESX-1271657.tgz
Originally, this script would blindly install all patches in the specified directory. First checking if the object in the directory is a file using the ‘file’ command. Turns out the necessary “magic” required by “file” doesn’t exist until after first boot – making kickstart patching difficult. That’s OK, it is best to have an authorized patches list to make sure that some patches are not inadvertently installed. It might prevent in inconsistent cluster of esx hosts.
Running this script in %post of kickstart should work out for you, as well as just running on an already built host.
Here it is…
[bash]
#!/bin/sh
#Check Args
if [ $# -lt 1 ]
then
echo
echo “Invalid Arguments”
echo “Usage: $0 /path/to/esx/updates”
echo
echo “The path to updates should be point to a directory”
echo “with a bunch of directories in it, all named”
echo “ESX-#######. The vmware provided tgz files should”
echo “be extracted.”
echo
echo “Requires a file in the directory named updates.list.”
echo “This file should hold a list of all the updates directory”
echo “names.”
echo
exit
fi
maindir=${1%/} #Strip off trailing slash.
for i in `cat $maindir/updates.list`
do
patch=”${maindir}/${i}/”
echo “Installing ${patch}”
`/usr/sbin/esxupdate -r file:${patch} –noreboot update`
done
[/bash]
Nice script, have to try it out since I have 12 patches now to deploy
I had been using esxupdate -n (undocumented no reboot switch) to avoid the reboot at least…..
Make sure you put the patches in the correct order in updates.list. And since the patches throw alot of infomation logs, redirect STDERR somewhere so you can see what happened if a patch fails.