Simplified ESX patching

Here's what I've set up for our VMware ESX servers...

I have a space that's accessible via HTTP (snippet from httpd.conf)
<Directory /usslsbds001/esxpatches>
Options +Indexes
Order allow,deny
Allow from all

Alias /esxpatches/ "/usslsbds001/esxpatches/"

In there, I have directories corresponding to dates VMware has released patches (that I'm interested in)
# pwd
# ls -l
total 33
drwxr-xr-x 5 root root 5 Dec 6 15:24 20071115
drwxr-xr-x 8 root root 8 Dec 6 15:25 20071130
drwxr-xr-x 3 root root 13 Dec 12 14:13 latest
drwxr-xr-x 2 root root 14 Dec 12 14:14 packed

packed has the downloaded tgz files. $YYYYMMDD has the extracted patches for that date, and latest has the unpacked directory of 3.0.2 update 1, and symlinks ESX-1234567 -> ../YYYYMMDD/ESX-1234567. When a patch is superceded, I `chmod 0` it, and remove its link from latest.

I also have a scriptwriter that generates a set of esxupdate commands:
# cat ../latest/make-install.sh
# generate an "install" file for the ESX patches in the current directory

DS=`date +%Y%m%d%H%M`

ls | grep -v install | while read patch ; do
echo "esxupdate -n -r http://`uname -n`/esxpatches/latest/$patch update" >> install.$DS

rm -f install && ln -s install.$DS install

All of this rolls together on the ESX service console by simply doing (make sure HTTP client is open in the firewall)
GET http://thestorageplace/esxpatches/latest/install | sh

and rebooting...


No comments: