Before you dive in an apply patches to your production environment you will most likely want to test those patches in a test or development environment. Once you have configured your baselines and tested the patches in your test environment, you can use PowerCLI to export those baselines then import them into your production environment. The process and PowerCLI script for doing so is documented in the Installing and Administering VMware vSphere Update Manager document.
The following is an outline of the process:
- Create the required baseline(s).
- Attach the patch baselines to a container object containing the hosts that you want to scan or remediate.
- Scan the container object.
- Review the results of the Scan.
- (Optional) Stage the patches in the attached baselines to the hosts that you want to update.
- Remediate the container object.
Following successful patch installation and testing:
- Export the patch baselines from the Update Manager server that you used to test the patches, and import them to the production Update Manager server.
The PowerCLI script detailed in the referenced document, and shown later in this post can be used to achieve this. - Once imported, those baselines can be used on the destination update manager server/production environment.
For reference, the following script is given as an example by VMware as a way to create a duplicate of a baseline and export it to another server:
# $destinationServer = Connect-VIServer <ip_address_of_the_destination_server>
# $sourceServer = Connect-VIServer <ip_address_of_the_source_server>
# $baselines = Get-PatchBaseline MyBaseline -Server $sourceServer
# ExportImportBaselines.ps1 $baselines $destinationServer
Param([VMware.VumAutomation.Types.Baseline[]] $baselines,
[VMware.VimAutomation.Types.VIServer[]]$destinationServers)
$ConfirmPreference = 'None'
$includePatches = @()
$excludePatches = @()
function ExtractPatchesFromServer([VMware.VumAutomation.Types.Patch[]]$patches,
[VMware.VimAutomation.Types.VIServer]$destinationServer){
$result = @()
if ($patches -ne $null){
foreach($patch in $patches){
$extractedPatches = Get-Patch -Server $destinationServer -SearchPhrase
$patch.Name
if ($extractedPatches -eq $null){
Write-Warning -Message "Patch '$($patch.Name)' is not available on the server
$destinationServer"
} else {
$isFound = $false
foreach ($newPatch in $extractedPatches){
if ($newPatch.IdByVendor -eq $patch.IdByVendor){
$result += $newPatch
$isFound = $true
}
}
if ($isFound -eq $false) {
Write-Warning -Message "Patch '$($patch.Name)' with VendorId '$($patch.IdByVendor)' is
not available on the server $destinationServer"
}
}
}
}
return .$result;
}
function
CreateStaticBaseline([VMware.VumAutomation.Types.Baseline]$baseline,
[VMware.VimAutomation.Types.VIServer]$destinationServer){
$includePatches = ExtractPatchesFromServer $baseline.CurrentPatches $destinationServer
if ($includePatches.Count -lt 1){
write-error "Static baseline '$($baseline.Name)' can't be imported. No one of the patches
it contains are available on the server $destinationServer"
} else {
$command = 'New-PatchBaseline -Server $destinationServer -Name $baseline.Name -Description
$baseline.Description -Static -TargetType $baseline.TargetType -IncludePatch $includePatches'
if ($baseline.IsExtension) {
$command += ' -Extension'
}
Invoke-Expression $command
}
}
function
CreateDynamicBaseline([VMware.VumAutomation.Types.Baseline]$baseline,
[VMware.VimAutomation.Types.VIServer]$destinationServer)
{
if ($baseline.BaselineContentType -eq 'Dynamic'){
$command = 'New-PatchBaseline -Server $destinationServer -Name $baseline.Name -Description
$baseline.Description -TargetType $baseline.TargetType -Dynamic -SearchPatchStartDate
$baseline.SearchPatchStartDate - SearchPatchEndDate $baseline.SearchPatchEndDate -
SearchPatchProduct $baseline.SearchPatchProduct -SearchPatchSeverity
$baseline.SearchPatchSeverity -SearchPatchVendor $baseline.SearchPatchVendor'
} elseif ($baseline.BaselineContentType -eq 'Both'){
$includePatches = ExtractPatchesFromServer $baseline.InclPatches $destinationServer
$excludePatches = ExtractPatchesFromServer $baseline.ExclPatches $destinationServer
$command = 'New-PatchBaseline -Server $destinationServer -Name $baseline.Name -Description
$baseline.Description -TargetType $baseline.TargetType -Dynamic -SearchPatchStartDate
$baseline.SearchPatchStartDate -SearchPatchEndDate $baseline.SearchPatchEndDate -
SearchPatchProduct $baseline.SearchPatchProduct -SearchPatchSeverity
$baseline.SearchPatchSeverity -SearchPatchVendor $baseline.SearchPatchVendor'
if ($includePatches.Count -gt 0){
$command += ' -IncludePatch $includePatches'
}
if ($excludePatches.Count -gt 0){
$command += ' -ExcludePatch $excludePatches'
}
}
#check for null because there is known issue for creating baseline with null
SearchPatchPhrase
if ($baseline.SearchPatchPhrase -ne $null){
$command += ' -SearchPatchPhrase $baseline.SearchPatchPhrase'
}
Invoke-Expression $command
}
foreach ($destinationServer in $destinationServers) {
if ($baselines -eq $null) {
Write-Error "The baselines parameter is null"
} else {
foreach($baseline in $baselines){
if ($baseline.GetType().FullName -eq 'VMware.VumAutomation.Types.PatchBaselineImpl'){
Write-Host "Import '" $baseline.Name "' to the server $destinationServer"
if($baseline.BaselineContentType -eq 'Static'){
CreateStaticBaseline $baseline $destinationServer
} else {
CreateDynamicBaseline $baseline $destinationServer
}
} else {
Write-Warning -Message "Baseline '$($baseline.Name)' is not patch baseline and will be
skipped."
}
}
}
}
This script can be found on page 156 of the Installing and Administering VMware vSphere Update Manager document.