As you may be aware, VMware Update Manager has functionality built-in that allows the VMware administrator to stage patches to hosts, for remediation at a later time. There are a number of downsides to the way this functionality is implemented in the VMware VUM GUI.
- You can’t natively schedule patch staging using vCenter scheduled tasks, which means that granular staging is a manual process.
- You can only stage patches and extensions separately in the GUI.
- Staging to a cluster means that all patches are copied to each host in parallel. If you’re staging across the WAN, this can be painful. (size of patches x hosts in cluster)
In an ideal world (or perhaps the next release or two), we’d have the capability within the GUI to schedule multiple baseline types and groups — or perhaps intelligence built-in to VUM & ESXi that would stage updates once to a cluster and then local copy to the remaining hosts via the management network. Until that day comes, our good friend PowerCLI is the solution. As I’ve mentioned previously, VMware has provided a handful of PowerCLI cmdlets for VMware Update Manager. The steps to implement a scheduled, granular staging solution are simple and straightforward.
- Verify that PowerCLI 4.1U1 and PowerCLI for VUM are installed and configured on a management server. For this purpose, I used my vCenter server.
- Identify the clusters that you’ll be staging patches to, and an appropriate time frame for staging.
- Using Windows Scheduled tasks, schedule PowerShell.exe to run at the time you’ve determined. Pass the .ps1 file you want to run thru the -file parameter. PowerShell execution policies still apply for scheduled jobs, so be sure that it is set appropriately, as well.
- Use the script below to serially stage patches to all hosts in the cluster(s).
[powershell]
$statusloaded=$false
$snapins=("VMware.VimAutomation.Core","VMware.VumAutomation")
foreach ($snapin in $snapins) {
Add-PSSnapin $snapin
if((Get-PSSnapin $snapin) –eq $null){
} else {
$statusloaded=$true
}
}
if($statusloaded){
Connect-VIServer vcenter.domain.com
$cluster_list = @("cluster1","cluster2","cluster3")
$baselines = Get-Baseline | where {$_.IsSystemDefined -eq $false}
foreach ($cluster in $cluster_list) {
$vmhosts = Get-VMHost -Location $cluster
foreach ($vmhost in $vmhosts) {
Stage-Patch -Entity $vmhost -Baseline $baselines -Confirm:$false
}
}
}
[/powershell]
Doug Davis says
Something else I feel is missing is a check to ensure you have enough free space on the hosts to stage the patches. There doesn’t seem to be any easy way of finding out how big the patches are either, seems to be a manual ‘go look at the web’ job at the moment.
Damian Karlson says
I totally agree. There’s nothing in GUI or in PowerCLI that returns the patch sizes or available space for staging within the hosts. The VUM documentation talks about a database view that includes the patch size (VUMV_PATCHES), but that seems just about as tedious as the “go to the web” solution. 🙂
Thanks for commenting!