2,187
edits
Difference between revisions of "ESX Patching (xTF)"
Jump to navigation
Jump to search
m
Added NOINDEX
m (1 revision: Import VMware pages from bud2 (No4)) |
m (Added NOINDEX) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
__NOINDEX__ | |||
= ESX Baseline Roll-outs = | = ESX Baseline Roll-outs = | ||
Ad-hoc (probably bi-yearly) rollouts of all applicable updates to ESX's. Baselines are used to ensure a uniform rollout to test and production. | Ad-hoc (probably bi-yearly) rollouts of all applicable updates to ESX's. Baselines are used to ensure a uniform rollout to test and production. | ||
# Before any rollout, create | # Before any rollout, create a baseline called something like ''ESX baseline (dd Mmm yy)''. | ||
# Attach the baseline to the root ''Hosts and Clusters'' folder in VI Client. | # Attach the baseline to the root ''Hosts and Clusters'' folder in VI Client. | ||
# Use a scheduled task to Scan against all ESX's. | # Use a scheduled task to Scan against all ESX's. | ||
# Roll-out to | # Roll-out to test ESX's at the earliest opportunity to test the roll-out | ||
# Roll-out to all other non-Production ESX's on a convenient weekend | # Roll-out to all other non-Production ESX's on a convenient weekend | ||
# Roll-out to Production ESX's in a staggered fashion once happy with updates | # Roll-out to Production ESX's in a staggered fashion once happy with updates | ||
| Line 26: | Line 28: | ||
== Patch Depot == | == Patch Depot == | ||
Manual alternative to Update Manager, see [http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdf vi3_35_25_esxupdate.pdf] | Manual alternative to Update Manager, see [http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdf vi3_35_25_esxupdate.pdf] | ||
# '''Download all required patches to FTP server folder on | # '''Download all required patches to FTP server folder on vcentre''' | ||
## Download zip's from [http://support.vmware.com/selfsupport/download/ VMware patch download] | ## Download zip's from [http://support.vmware.com/selfsupport/download/ VMware patch download] | ||
## Verify zips are valid | ## Verify zips are valid | ||
| Line 34: | Line 36: | ||
## Verify the patches from a test ESX | ## Verify the patches from a test ESX | ||
##* Enable firewall <code> esxcfg-firewall -e ftpClient </code> | ##* Enable firewall <code> esxcfg-firewall -e ftpClient </code> | ||
##* Run test <code> esxupdate -d ftp:// | ##* Run test <code> esxupdate -d ftp://vcentre/esx350-Jun08 --test update </code> | ||
##* Disable firewall <code> esxcfg-firewall -d ftpClient </code> | ##* Disable firewall <code> esxcfg-firewall -d ftpClient </code> | ||
# '''Apply patches to ESX server''' | # '''Apply patches to ESX server''' | ||
| Line 41: | Line 43: | ||
##* <code> esxcfg-firewall -e ftpClient </code> | ##* <code> esxcfg-firewall -e ftpClient </code> | ||
## Use esxupdate to apply all patches from the depot | ## Use esxupdate to apply all patches from the depot | ||
##* For example <code> esxupdate -d ftp:// | ##* For example <code> esxupdate -d ftp://vcentre/esx350-Jun08 </code> | ||
# '''Final clear up''' | # '''Final clear up''' | ||
## Disable FTP client access | ## Disable FTP client access | ||
##* <code> esxcfg-firewall -d ftpClient </code> | ##* <code> esxcfg-firewall -d ftpClient </code> | ||
## Flush the local ESX FTP cache | ## Flush the local ESX FTP cache | ||
## For example <code> esxupdate -d ftp:// | ## For example <code> esxupdate -d ftp://vcentre/esx350-Jun08 --flushcache scan </code> | ||
= ESX v3.5 prior = | = ESX v3.5 prior = | ||
| Line 53: | Line 55: | ||
== Automated Script Patch Deployment == | == Automated Script Patch Deployment == | ||
Patches are applied to the ESX by running a script. This script connects to an FTP server on | Patches are applied to the ESX by running a script. This script connects to an FTP server on vCentre and installs the patches for the relevant ESX version, as dictated by the contents of the patchlist.txt file in the relevant directory (eg C:\inetpub\ftproot\3.0.1\patchlist.txt for ESX v3.0.1) | ||
=== Prep for roll-out === | === Prep for roll-out === | ||
| Line 61: | Line 63: | ||
=== Install patches on an ESX === | === Install patches on an ESX === | ||
# Copy the update script to the ESX server | # Copy the update script to the ESX server | ||
#* EG <code> pscp C:\Software_Repository\esx-autopatch.pl | #* EG <code> pscp C:\Software_Repository\esx-autopatch.pl user@esx:/home/user </code> | ||
# Put the ESX into maintenance mode | # Put the ESX into maintenance mode | ||
# Give the file execute permissions | # Give the file execute permissions | ||
| Line 81: | Line 83: | ||
# Download the patch to the NFS_Share on the Virtual Centre server (note down the md5 hash) | # Download the patch to the NFS_Share on the Virtual Centre server (note down the md5 hash) | ||
# Copy the patch to the ESX server, eg | # Copy the patch to the ESX server, eg | ||
#* <code> pscp c:\NFS_Share\esx-upgrade-from-esx3-3.0.2-61618.tar.gz | #* <code> pscp c:\NFS_Share\esx-upgrade-from-esx3-3.0.2-61618.tar.gz user@esx:/home/user/ </code> | ||
# From the ESX server, confirm the file hasn't been corrupted by checking its md5 hash matches that displayed on the VMware download page, eg | # From the ESX server, confirm the file hasn't been corrupted by checking its md5 hash matches that displayed on the VMware download page, eg | ||
#* <code> md5sum esx-upgrade-from-esx3-3.0.2-61618.tar.gz </code> | #* <code> md5sum esx-upgrade-from-esx3-3.0.2-61618.tar.gz </code> | ||