-
Título
How to deploy AppAssure or Rapid Recovery patches to multiple Cores/Agents -
Descripción
You intend to deploy one or more compatible patches on multipleAppAssure or Rapid Recovery Cores or Agents. You have Powershell 3.0 or later installed on machines and winrm is not blocked in the environment you want to deploy these patches. You want to have a simple way for deploying these patches from one central location.Disclaimer:
This script is provided "as is" for the purpose of illustrating how AppAssure/RapidRecovery tasks may be performed in conjunction with Powershell. AppAssure/RapidRecovery shall not be liable for any direct, indirect, incidental, consequential, or other damage alleged in connection with the furnishing or use of this script or of the principles it demonstrates. -
Resolución
A powershell script performing this operation has been prepared. The script allows downloading the desired patch directly from the Patch repository or, if already downloaded, allows deploying it to each target machine from the machine on which the script runs. If that is the case, a small webserver is created on the fly and each target machine downloads it from there. When all is done, the ad-hoc webserver is removed.The script knows how to shut down elegantly a core or an agent and then restart it in a functional manner.
To run script, Powershell 3.0 or later needs to be present accross the all machines and the execution policy needs to be set at least to remote-signed accross all machines as well.
Although it is simple to apply, it require a good understanding of the issues it addresses.
To sumarize, the script takes into consideration the following factors:
- The script uses winrm to communicate with the remote machines. If winrm is not properly setup, the patch attempts to set it up automatically via wmi.
- The type of the patch. You can install the patch either on multiple cores or on multiple agents, not on both. To select this use the parameter "-servicename". For simplicity, you need to enter the name of the main service for the Core or Agent. The possible values are:
- Appassureagent
- RapidRecoveryAgent
- Appassurecore
- RapidRecoveryCore
- The patch name. To select this you need to use the "-patchname" parameter taking as argument the name of the patch WITHOUT the .msi extension. For instance if the patch is P-1579.msi, the -patchname argument value is P-1579
- The destination of the patch. To indicate it you need to use the "-computernames" parameter. This is a rather complex parameter as it can take as argument:
- The name of a computer to apply the patch to
- A list of computers to apply the patch to
- A file containing a list of computers AND credentials to apply the patch to. This file is easily generated by running the script separately with the "-createcomputerfile" parameter. No argument is necessary. The result of executing the script with this parameter is a notepad.exe instance with a header containing the necessary elements (computername,username,password) and indications how to fill it up. This is the best options when deploying patches over multiple machines with different credentials.
- The credentials necessary for access ing the machines to deploy the patch on. These take a few forms.
- a. No credentials are mentioned. If this is the case, a credentials pop up shows up allowing entering the credentials. It will show up after each machine to be patched as it is supposed that the credentials vary from machine to machine.
- b. Using the "-username" and "-password" parameters.
- If only the -username parameter is used, the same credentials pop up shows up allowing entering the password.
- If the "-password" parameter is used together with the "-username" parameter, then the password argument needs to be an encoded string. To get it, run the script with the "-encodepassword" parameter.
You have to enter the password twice. Please note that all passwords used by the script, with the exception on those entered in the credentials pop-up window (which are collected in a secure string format), need to be encoded. The easisest way to encode a password is to run an instance of the script with the -encoded parameter and follow the instructions on the screen. Please note that, to simplify the process, the generated encoded password is copied directly to the clipboard so it can be pasted wherever necessary.
- The preferred method for deploying a patch is downloading that patch on the management workstation and use an ad-hoc webserver to make it available via http to all machines targeted for installing that patch. The ad-hoc webserver may be run on any available port. The hostname or IP address if the name cannot be resolved is indicated via the -hostname parameter, the local path to the patch via the -folderpath parameter and the -webport parameter indicates the port of choice for the webserver.
Once these principles are clarified, it becomes very easy to run the script (and make whatever preparations may be necessary).
The list of parameters for the script is shown below:
-servicename
It can be appassureagent, RapidRecoveryAgent,appassurecore,RapidRecoveryCore. It indicates the type of the target machines (agents or cores) and allows performing the deployment both on AppAssure or RapidRecovery machines
-patchnames
The names of the patches to be deployed without the .msi extension. In most cases there is only one patch but there are situations when multiple non exclusive patches are to be deployed.
-hostwebname
The name of the webserver as it can be resolved by the target machines (i.e. IP address of FQDN)
-computernames
mandatory -- the name of the machine(s) to run the report on or the path to file containing machines information
-username
the username for the credentials to be used. if missing a dialogbox will pop up
-password
the password for the credentials to be used. it MUST be encoded using the encoding function of the script. if missing a dialogbox will pop up
-encodepassword
allows encoding a clear text password. all passwords MUST be encoded. this parameter is exclusive to any other parameters.
-createcomputerfile
opens Notepad and sticks in the table header for the CSV file containing the cores.
-folderpath
The local path to the folder containing the patch to be served. By default it is the current directory.
-webport
The port on which the listener is setup. By default it is port 80
A few usage examples are shown below:
InstallPatch.9.ps1 -encodepassword
Prompts for a password, encodes it and sends the encoded string to the clipboard
InstallPatch.9.ps1 -servicename appassureagent -patchnames P-A64-1613 -computernames mymachines.txt
Installs patch P-A64-1613 via direct downloads using information located in my machines.txt (you need to use encoded passwords)
InstallPatch.9.ps1 -servicename appassurecore -patchnames P-A64-1613 -computernames 10.23.20.72,10.23.20.11 -username mydomain\Administrator -password QQBiAGXAXwAxADIAMwA0AA== -hostwebname zorro.mydomain.org -webport 8080
Installs patch P-A64-1613 on cores 10.23.20.72,10.23.20.11 which both take the same local user name and password, by downloading it from the computer the script is run on. The local computername may be resolved as zorro.mydomain.com and the file is downloaded on port 8080 from the directory in which the script is run.
InstallPatch.9.ps1 -servicename appassureagent -patchnames P-A64-1613 -computernames c:\temp\mycomputers.csv
Installs patch P-A64-1613 on the agents and with the credentials specified in the c:\temp\mycomputers.csvThe script is attached tio this KB -
Adjuntos