Steps For Applying Security Patch Updates For XenServer 7.2

In this blog, we will share the steps to apply the hotfix using  XenServer Command Line Interface (CLI)  for security patch updates for Xenserver 7.2

Installing the Hotfix by using the xe Command Line Interface

  1. First of all, we need to download the hotfix file to a known location from the URL https://support.citrix.com/article/CTX224692
  2. Extract the .iso file from the zip.
  3. Upload the .iso file to the Pool Master by entering the following commands:(Where -s is the Pool Master’s IP address or DNS name.) xe -s <server> -u <username> -pw <password> update-upload file-name=<filename>\XS72E011.iso


If you get below error in the above screenshot

        The uploaded update package is invalid. 
         info: Invalid signature 

The above error received due to the files pubring.gpg and secring.gpg were empty  under /opt/xensource/gpg/   directory

You need to Synchronize the ntp time by running the command ntpdate -u “SERVER IP” and restarted the service 60-import-keys from /etc/firstboot.d/.

For example:-

ntpdate -u “SERVER IP”

/etc/firstboot.d/60-import-keys start

Reference URL  https://support.citrix.com/article/CTX231197

After that the files were pubring.gpg and secring.gpg were auto generated on location /opt/xensource/gpg/ directory

Steps For Applying Security Patch Updates For XenServer 7.2

XenServer assigns the update file a UUID which is shown in the screenshot prints output of command.

Steps For Applying Security Patch Updates For XenServer 7.2

4.  Apply the update to all hosts in the pool, specifying the UUID of the update:

                 xe update-pool-apply uuid=<UUID_of_file>

Run the following command if you would like to apply the hotfix for a individual host

               xe update-apply host=<UUID_of_host> uuid=<UUID_of_file>

Alternatively, if you need to update and restart hosts in a rolling manner, you can apply the update file to an                 individual host by running the following:

              xe upload-apply host=<UUID_of_host> uuid=<UUID_of_file>

5. Verify that the update was applied by using the update-list command.

             xe update-list -s <server> -u root -pw <password> name-label=XS72E011

If the update is successful, the hosts field contains the UUIDs of the hosts to which this patch was successfully applied. This should be a complete list of all hosts in the pool.

The screenshot shown as  list of security patches updated for XenServer 7.2

Steps For Applying Security Patch Updates For XenServer 7.2

6. If the hotfix is applied successfully, carry out any specified post-update task on each host, starting with the master.

7.  Reboot the server to take effect the security patches updated.

D KarthiKeyan