As you all know, patching an ESX host is not exactly fun. VMware has promised to deliver a better patching system in their new version (ESX 3.1 and VC 2.1). In the meantime, we have to make sure that our ESX hosts are patched. In this post, I will use an IIS repository to deploy ESX patches from a central server (well, its not a push but rather a pull technology).
A special thanks goes out to Arne who wrote an article (in Dutch) on his excellent ictfreak blog on configuring IIS for ESX patches. I decided to use it and add a Perl script and a patchList to make the process more manageable.
First part: installing & configuring IIS
- Create a folder called VIPatches
- Download all patches from the VMware site
- Extract them to the VIPatches folder. It should look something like this:
- In the VIPatches, create a file called patchesList.txt with the relevant patch numbers IN THE CORRECT ORDER. Make sure no additional carriage returns are available after the final patch (in our case 3199476).
- Install IIS
- Go to IIS manager and create a new website. Call it VIPatches (or something similar)
- Change the port number to a free port (example: port 8082)
- Make sure to browse to the correct folder (in our case E:\VIPatches) and to activate Directory browsing
- On the directory security tab: make sure Anonymous logon is selected.
- On the HTTP Headers tab, MIME Types button: add .* and ‘application/octet-stream’
- Browse with your preferred internet browser to http://<servername>:8082/VI3Patches. You should be able to see all patches.
Second part: configuring & patching your ESX host
- Use the Service Console
- Open the appropriate firewall port by issuing the following command (depending on your configured port in IIS):
esxcfg-firewall -o 8082,tcp,out,httpClient - Create (touch) a script under /tmp called patchESX.pl (or create it on a central location so you can copy it to all your ESX hosts with WinSCP or FastSCP).
- Open with nano (or vim) and add the following content:
#!/usr/bin/perl
# patchESX.pl -- auto update esx perl script
# by Vincent Vlieghe
# Version 6/03/2007
use LWP::Simple;
$patchlist = get 'http://<yourservername>:8082/patchesList.txt';
@array = split(/\n/, $patchlist);
foreach $item (@array)
{
print $item;
$item = trim($item);
$cmdQuery = "esxupdate query | grep ESX-$item";
if(system($cmdQuery) == 0)
{
print "\n$item is already installed - skipping\n";
}
else
{
print "\n$item is not yet installed - installing\n";
$cmdUpdate = "esxupdate -n -r http://<yourservername>:8082/ESX-$item update";
system($cmdUpdate);
}
}
sub trim($)
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} - Replace <yourservername> with the IIS servername. Make sure the ESX host can contact it (check your DNS!).
- Make sure your ESX host is running in maintenance mode.
- Run the script by issuing perl patchESX.pl. Watch and enjoy!
- Reboot your ESX host when all updates are installed.
47 reacties:
Thanks for the script.
I was having some difficulty with line for detecting if a patch is installed or not. (i.e. $cmdQuery = "esxupdate query grep ESX-$item";
if(system($cmdQuery) == 0))
It was pulling everyone as already being installed as the grep was not effective. I believe you missed a pipe symbol "|" between query and grep.
Bowulf,
Yes you are correct! I didn't notice that my pipe was deleted when posting it with the blogger tool :(. I updated the script now! Tnx for the remark
Nice article and script. :)
I do have one question, though. You note in the article to "... Make sure no additional carriage returns are available after the final patch." Unfortunately, every text editor I've tried (nano and gedit, so far) to use on my Linux system adds a carriage return on the last line there wasn't one there.
Any recommendations? My guess would be to enhance the segment of code where the array is populated to only include numeric values, but my skills in Perl are lacking. ;)
Thanks for the script,
Added the firwall rule to the script enabling it and disabling it after install.
Near start
$cmdFirewallOn = "esxcfg-firewall -o 80,tcp,out,httpClient";
system($cmdFirewallOn);
Near end
$cmdFirewallOff = "esxcfg-firewall -c 80,tcp,out,httpClient";
system($cmdFirewallOff);
@ricky
You really should start nano -w
It won't wrap the lines. Maybe this helps.
Greetings,
Duncan
The Netherlands
Also added some logging.
Lemme know if your interested.
P.S. Maybe not important but I got it running under Apache.
Grtz,
Duncan
Hi guys, it's almost working for me: 1) for each patch i am getting message "ESX-6856573 is not yet installed - installing", but the patch was already installed time ago. 2) And then when installing the patch: "ERROR: Invalid repository at http://czchowsint058.prg-dc.dhl.com:8082/ESX-ESX-6856573/: HTTP Error 404: Not Found" - it seems that for some reason it search "ESX-ESX-6856573" folder via IIS. any ideas?
thanks
Hi, just to let you know. problem was in "ESX-$item". I've shorted that to "$item" and it's working with no problem. thanks guys.
Hi Guys,
I'm glad it's working OK. Duncan: indeed, opening & closing the firewall port is a good addition to the script!
Got it working in a couple hours today.
A couple notes to save someone troubleshooting time. These may have been mentioned in other posts in different contexts, but I will mention them with my experience:
1. When entering Duncan's suggested firewall open/close entries, make sure to change the port to match what you assigned. (that one is obvious, but it took me a few minutes to spot my mistake).
2. When editing the script, make sure to use an editor that does not insert carriage returns. nano without opening with the -w option inserted a cr in my script between "esxupdate -n -r" and "http://[server]..." that caused No such file or directory errors.
Great script! This will save me hours.
With the following command, you can change the maintenance mode of an esx server from the command line:
vimsh -n -e /hostsvc/maintenance_mode_enter to enable maintenance mode
and
vimsh -n -e /hostsvc/maintenance_mode_exit to disable it.
maybe it's a nice addition to the script ;-)
Nice script, it worked the first time right out of the box(page).
Excellent script. Saved us a ton of time
I am VERY new to scripting. I keep getting an HTTP 404 error.
Can I copy and paste the script from the web page? Where are the carriage returns in the script? I am missing something simple. I will keep trying.
Looks like and excellent time saver once I get it to work.
I've used this procedure and it works great, but you have to be careful to handle batches with patches (like ESX-6431040, which contains 8 patches). When you extract this patch you get subfolders that you have to move to the root of your repository. Don't forget to add the extra patch numbers to your patcheslist.txt!! I've added them instead of the original patch number that contained the 8 patches.
I found that this script caused some problems when an error occurred during patching. So, to avoid applying patches out of order (known problems caused by this) we developed an error check. The main issue with our method is that we command out and you cannot see the patching in progress. You do get report of success. Also, you can check logs to verify installation.
I have posted the entire script with the error check addition here so you can see what was commented out and the script that replaced it. I also include the firewall open/close.
-----------------------
#!/usr/bin/perl
# patchESX.pl -- auto update esx perl script
# by Vincent Vlieghe
# 20070326 - added firewall open and close
# 20070327 - Added error check
$DEBUG=1;
use LWP::Simple;
# open esx firewall
$cmdFirewallOn = "esxcfg-firewall -o 0000,tcp,out,httpClient"; #(replace 0000 with the port you want to use)
system($cmdFirewallOn);
# List patches from patch list on web server - detect if they are installed - install if not
$patchlist = get 'http://server:port/patchesList.txt';
@array = split(/\n/, $patchlist);
foreach $item (@array)
{
print $item;
$item = trim($item);
$cmdQuery = "esxupdate query | grep ESX-$item";
if(system($cmdQuery) == 0)
{
print "\n$item is already installed - skipping\n";
}
else
{
print "\n$item is not yet installed - installing\n";
$cmdUpdate = "esxupdate -n -r http://servername:port#/ESX-$item update 2>&1";
# ORIGINAL that I replaced with ERROR CHECK below: system($cmdUpdate);
# Error check (added this section)
print "COMMAND: $cmdUpdate \n" if ($DEBUG > 0);
open (CMDOUT,"$cmdUpdate|");
for (< CMDOUT >) { # NOTE - there should not be spaces around CMDOUT - this html editor did not like the correct perl syntax, so I had to add spaces to get it to post.
print "$_ \n" if ($DEBUG);
if ($_ =~ /ERROR/i ) {
print "Error has occurred: '$_' \n";
exit 1;
}
}
close CMDOUT;
}
}
sub trim($)
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
}
# close esx firewall
$cmdFirewallOff = "esxcfg-firewall -c 0000,tcp,out,httpClient"; #(replace 0000 with your port again)
system($cmdFirewallOff);
I ran across this script and incorporated the firewall piece into it. It worked beautifully!!! I don't know who you guys are but I did want to thank you all for saving me a lot of time patching VMware servers. Thanks again!
Most Exelent Uber fast way to simply update your esx servers.
I just ran the script, how can you tell if the updates ran and installed? Because it runs straight through with no wait between install of patches.
Thanks very much, this has helped me a lot.
Apart from a few mistakes my end, this worked very easily. I would like a tutorial about patching from the local ESX host if you are bored!!
Many thanks again
Thanks for the nice post!
Free PS3
That is cool. Thanks!
More would be great!
Web Hosting Video Tutorial
A web hosting is the company that is responsible for displaying your website on the world wide web for everyone to see. They’re basically selling you space for your site to be displayed along with many other options. They usually will provide you with email accounts for your site, website statistics, a basic website builder program, customer support and many other tools.
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.
Alena
www.smallbusinessavenues.com
Hi Vincent
Stumbled across your excellent Vitrix site en heb met veel plezier het patchESX.pl script overgenomen. Nu er tegenwoordig depots bestaan heb ik het een beetje veranderd om daar gebruik van the maken. In addition I changed it around to simply pull an index of available update folders and extract the patch IDs from their names so a separate text file with patch numbers is no longer needed.
Let me know if you'd like me to send you a copy of this updated version,
Bij voorbaat hartelijke dank,
- PaulW
A study last yearnike tn, the author in the essay read NIKE , a reporter at the Shanghai headquarters in an interview, nike chaussuressee a pr in high school to read a league plans, employees interviewed told reporters in Beijing's streets, they children to interview, the children said, "truly understand them." tn chaussures These words, if the author touches product function, brand spirit and culture is to become part of the consumer of two basic methods
There are cheap columbia jackets 10 pcs of excellent Ralph Lauren multi-colored stripe big pony spyder jackets. These products are more soft and comfortable for being made of breathable and durable mesh cotton . lacoste sweaterthere are lots of colors and sizes for your choice, just pick up one you like ,it is absolutely value for money.
Lacoste Polo Shirts, ralph Lauren polo shirts , Burberry Polo Shirts.wholesale Lacoste polo shirts and polo ralph laurenwith great price. clothingol.com offers lot of 10 lacoste polo shirts and lot of 20 cheap polo shirts. clothingol.com offers classic fit polo shirts. polo clothing
Bon March¨¦ chaussures pumaChaussure Sports Shop:baskets pumaChaussure Puma Femme,Chaussure Puma Homme,Chaussure Nike Femme,Chaussure Nike homme,nike shoxChaussure Sport et plus. Livraison Rapide.
Thank you so much!!polo shirt men'ssweate,Burberry Polo Shirts lacoste sweater, ralph lauren Columbia Jackets,ski clothing. Free Shipping, PayPal Payment. Enjoy your shopping experience on mensclothingus.com.You can find the father who desire fashionable, intellectual mens clothing simultaneously.
Awesome!!!Best wishes for you !!cheap polo shirts is the father of the summer should be prepared to most commonly used item, it has both style and shape of Ralph Lauren Polo, and vest with a random function, so that in the short-sleeved apply to both on many occasions, the pink and black color men's polo shirts brought into effect, lightweight cotton, linen texture to demonstrate masculine temperament and sense of fashion exhaustively.
God bless you!I really agree with your opinions.Also,there are some new fashion things here,gillette razor blades.gillette mach3 razor bladesfor men.As for ladies,gillette venus razor blades must the best gift for you in summer,gillette fusion blades are all the best choice for you.
Perfect!!You are a outstanding person!Have you ever wore chaussures puma,Here are the most popular puma CAT,Puma shoes store gives some preview of puma speed cat,and casual but no sweat puma basket.
Do not mean bad.Thank you so much!I just want to show some fashion things to all of you.I like puma speed, puma femmes and other puma shoes. These puma sport items are at store recently and available for anyone.
fantastic!God bless you!Meanwhile,you can visit my China Wholesale,we have the highest quality but the lowest price fashion products wholesale from China.Here are the most popular China Wholesale products for all of you.Also the polo clothing is a great choice for you.
real life
chaussures puma zone
chaussures puma online
7http://pumafamouseshoes.cocolog-nifty.com
http://actiblog.com/mycoolshoes/
http://kurumaro.com/myshoescollection/
http://blog.qlep.com/blog.php/famouseshoes
http://mybrandshoes.jugem.jp/
There are ed hardy shirts
,pretty ed hardy shirt for men,
ed hardy womens in the ed hardy online store
designed by ed hardy ,
many cheap ed hardy shirt ,glasses,caps,trouers ed hardy shirts on sale ,
You can go to edhardyshirts.com to have a look ,you may find one of ed hardy clothing fit for you
Top qualitymen's jacket,
These cheap jacket are on sale now,you can find
north face jackets inmage on our web
Ralph Lauren Polo Shirts,buberry polo shirts
Do you wannaghd hair straighteners for you own , we have many
cheap ghd hair straightenersin style and great,you can choose one from these
hair straighteners
Authentic chaussure puma
chaussure sport
And chaussure nike shoes
Come here to have a look of our Wholesale Jeans
Many fashionMens Jeans ,eye-catching
Womens Jeans ,and special out standing
Blue Jeans ,you can spend less money on our
Discount Jeans but gain really fine jeans, absolutely a great bargain.
www.crazypurchase.com
China Wholesale
wholesale from china
buy products wholesale
China Wholesalers
http://www.weddingdressseason.com
Burberry polo shirt the steady, solid, so many young girls also love it. Speaking of people of a ralph lauren polo, think it a sign of nobility elegant waving in the horse club.spyder jacket in the cold in your winter activities can be easily.columbia jacket it is expensive, but here you do not need to consider the price of it. the north face jacket one of my favorite money, I do not know how many in this world of its fans.
ed hardy clothing
ed hardy clothes
ed hardy shirts
ed hardy t-shirts
ed hardy sunglasses
ed hardy mens
ed hardy womens
Burberry polo shirt the steady, solid, so many young girls also love it. Speaking of people of a ralph lauren polo, think it a sign of nobility elegant waving in the horse club.spyder jacket in the cold in your winter activities can be easily.columbia jacket it is expensive, but here you do not need to consider the price of it. the north face jacket one of my favorite money, I do not know how many in this world of its fans.
ed hardy clothing
ed hardy clothes
ed hardy shirts
ed hardy t-shirts
ed hardy sunglasses
ed hardy mens
ed hardy womens
Bon March¨¦ Chaussure PumaChaussure Sports Shop:baskets pumaChaussure Puma Femme,Chaussure Puma Homme,Chaussure Nike Femme,Chaussure Nike homme,nike shoxChaussure Sport et plus. Livraison Rapide
Cheap Brand Jeans ShopMen Jeans - True Religion Jeans, Women JeansGUCCI Jeans, Levi's Jeans, D&G Jeans, RED MONKEY Jeans, Cheap JeansArmani Jeans, Diesel Jeans, Ed hardy Jeans, Evisu Jeans, Jack&Jones Jeans...
Een reactie plaatsen