Our security team are all over us around patching of ESXi 6.x hosts. We are a small team (2 people) with 45 ESXi hosts to manage. Worse still, some clusters only have 1 hosts due to guest software licensing restrictions (oracle!). Regardless, we have to patch the hosts. Now, we could use the 'normal' methodology:
- Use VUM to evacuate VMs, patch and reboot hosts. If issues, roll back patches
- Repeat
So this seems time consuming to me for 2 reasons:
- time taken need to reboot
- time taken to back out patch if need be
I guess I could script up the whole thing using VCO but again, time I don't have ....
So, one other technology that caught my eye was auto-deploy. I was thinking it might be possible to do the following:
- patch an offline image with patches
- auto-deploy image to ESXi hosts
- Rollback simply boot from old image
Anyone doing something similar or see any blockers here?