Wednesday, November 26, 2008

So this would make it easier..

I am in the process of creating a script that will look @ a text file (from and AV scan in this case )and then email a portion of it to someone. We have five Red Hat servers and in the time it has taken for me to beat this into submission I could MANUALLY check AV scan file.

However, I digress. In the process I am learning some PERL, a little HTML and a program called sendEmail-v1.55.tar.gz. This program looks like a god-send and will come in handy in the future I can see.

The broad strokes of the process is this:
1. AV scans system (I know scanning for Viruses on a Linux box .. don't get me started)
2. Perl script runs and parses the AV scan log and then creates an HTML file.
3. sendEmail uses the HTML file as the body of the email to the admin folks to allow them to quickly see if there is a problem or not.

The sendEmail program will communicate directly to an SMTP server (if you do not know what this is... might want to read up a little bit) and it is all done @ a command line and easy to script.

Well all for now. Hope everyones Thanksgiving goes well.

Thursday, November 13, 2008

Another Day Another Patch..

Life in Missouri is always great on the health. (no not really) The weather likes to change quickly and the mold count is always high. So right now I have a head cold. It makes this work more challenging that it should.

Yesterday I set up a Web Server to hold the ESX patches. Once the ESX-1003525 (for version 3.0.2) is loaded the rollup packages work pretty great. Here is a crib notes version on how to set this up.

1. Take your everyday Linux build and load Apache.
2. Once Apache is loaded, find the directory that the web content goes into. (/var/www/html for RedHat EL 5)
3. Create a sub directory for the ESX patches. I used the crazy name of "esx"
4. Edit to the /etc/httpd/conf/httpd.conf file.. Find the section "Listen" and change the port after Listen to something you like.. I used 8080 so that it is not as vunerable.
5. After saving the httpd.conf file, type "service httpd restart" to restart Apache
6. You should now be able to open a web browser to the http://my_web_server:8080/esx directory.
7. Use WinSCP or something else to move the packages to the esx directory on the web server.
8. Un-TAR the patch files
9. Check the connection from the web browser again, you should be able to see the patch files.

Now on the ESX server to be patched:
1. Open the ESX firewall type "esxcfg-firewall -o port_number,tcp,out,httpConnection" this will open the firewall to allow the esxupdate to connect to the web server.
2. Now type "esxupdate -d http://my_web_server:8080/esx/ESX302-Rollup-01 update"
3. The esxupdate will check for the contents.xml file in the directory and will install all the files listed in it.

Note: More details on the esxupdate command can be found by typing esxupdate without anything else.

Hope this helps someone!

Monday, November 10, 2008

Time for Maintenance

ESX Maintenance Mode.. this mode is important for applying the all important updates. This can be done easily via Virtual Center but in the event you need to patch oh I don't know.. 40+ ESX hosts in an automated fashon this can be a pain in the rear.

My new best friend is VIMSH. The vimsh can be used to process many thing on the command line of the console of an ESX server. The details can be found in this doc..Here.



An example of the code I am going to use is:



vimsh -n -e hostsvc/maintenance_mode_enter

vimsh -n -e hostsvc/maintenance_mode_exit



Running vimsh --help shows that the "-n" runs the command in non-interactive mode and the "-e" runs the commands specifed. THIS IS COOL! Now I can set up the Opsware client to place an ESX host into maintence mode, patch it, reboot it, and then exit maintence mode.



Whoo Hoo! Its a great day to be a Geek!