As you all know, patching an ESX host is not exactly fun. VMware has promised to deliver a better patching system in their new version (ESX 3.1 and VC 2.1). In the meantime, we have to make sure that our ESX hosts are patched. In this post, I will use an IIS repository to deploy ESX patches from a central server (well, its not a push but rather a pull technology).
A special thanks goes out to Arne who wrote an article (in Dutch) on his excellent ictfreak blog on configuring IIS for ESX patches. I decided to use it and add a Perl script and a patchList to make the process more manageable.
First part: installing & configuring IIS
- Create a folder called VIPatches
- Download all patches from the VMware site
- Extract them to the VIPatches folder. It should look something like this:
- In the VIPatches, create a file called patchesList.txt with the relevant patch numbers IN THE CORRECT ORDER. Make sure no additional carriage returns are available after the final patch (in our case 3199476).
- Install IIS
- Go to IIS manager and create a new website. Call it VIPatches (or something similar)
- Change the port number to a free port (example: port 8082)
- Make sure to browse to the correct folder (in our case E:\VIPatches) and to activate Directory browsing
- On the directory security tab: make sure Anonymous logon is selected.
- On the HTTP Headers tab, MIME Types button: add .* and ‘application/octet-stream’
- Browse with your preferred internet browser to http://<servername>:8082/VI3Patches. You should be able to see all patches.
Second part: configuring & patching your ESX host
- Use the Service Console
- Open the appropriate firewall port by issuing the following command (depending on your configured port in IIS):
esxcfg-firewall -o 8082,tcp,out,httpClient
- Create (touch) a script under /tmp called patchESX.pl (or create it on a central location so you can copy it to all your ESX hosts with WinSCP or FastSCP).
- Open with nano (or vim) and add the following content:
# patchESX.pl -- auto update esx perl script
# by Vincent Vlieghe
# Version 6/03/2007
$patchlist = get 'http://<yourservername>:8082/patchesList.txt';
@array = split(/\n/, $patchlist);
foreach $item (@array)
$item = trim($item);
$cmdQuery = "esxupdate query | grep ESX-$item";
if(system($cmdQuery) == 0)
print "\n$item is already installed - skipping\n";
print "\n$item is not yet installed - installing\n";
$cmdUpdate = "esxupdate -n -r http://<yourservername>:8082/ESX-$item update";
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
- Replace <yourservername> with the IIS servername. Make sure the ESX host can contact it (check your DNS!).
- Make sure your ESX host is running in maintenance mode.
- Run the script by issuing perl patchESX.pl. Watch and enjoy!
- Reboot your ESX host when all updates are installed.