Here's what I've set up for our VMware ESX servers...
I have a space that's accessible via HTTP (snippet from httpd.conf)
Allow from all
Alias /esxpatches/ "/usslsbds001/esxpatches/"
In there, I have directories corresponding to dates VMware has released patches (that I'm interested in)
# ls -l
drwxr-xr-x 5 root root 5 Dec 6 15:24 20071115
drwxr-xr-x 8 root root 8 Dec 6 15:25 20071130
drwxr-xr-x 3 root root 13 Dec 12 14:13 latest
drwxr-xr-x 2 root root 14 Dec 12 14:14 packed
packed has the downloaded tgz files. $YYYYMMDD has the extracted patches for that date, and latest has the unpacked directory of 3.0.2 update 1, and symlinks ESX-1234567 -> ../YYYYMMDD/ESX-1234567. When a patch is superceded, I `chmod 0` it, and remove its link from latest.
I also have a scriptwriter that generates a set of esxupdate commands:
# cat ../latest/make-install.sh
# generate an "install" file for the ESX patches in the current directory
ls | grep -v install | while read patch ; do
echo "esxupdate -n -r http://`uname -n`/esxpatches/latest/$patch update" >> install.$DS
rm -f install && ln -s install.$DS install
All of this rolls together on the ESX service console by simply doing (make sure HTTP client is open in the firewall)
GET http://thestorageplace/esxpatches/latest/install | sh