We are not allowed to let our servers to connect to the internet. Not even a proxy.
Is there a way to update the vMA offline?
It's definitely possible to download the updates manually and install them by hand but it's definitely not recommended. If you're restricted based on specific security policies in your network, you can setup an internal depot that you can point your vima-update to which is configurable at: /etc/vmware/esxupdate/vimaupdate.conf
All the information regarding metadata and .VIBs that are downloaded using the tool for the only patch for vMA 4.0 is logged when you run vima-update scan and vima-update -b <bundle> update in /var/log/vmware/esxupdate.log
Here is an example output if you were able to hit the public VMware repo:
[2009-09-23 10:29:09] DEBUG: cmdline: Final selected set: [rpm_krb5-libs_1.6.1-31.el5_3.3@x86_64:uninstalled, rpm_curl_7.15.5-2.1.el5_3.4@i 386:uninstalled, rpm_krb5-libs_1.6.1-31.el5_3.3@i386:uninstalled, rpm_curl_7.15.5-2.1.el5_3.4@x86_64:uninstalled, <"VIMA400-200906001">, rpm_krb 5-workstation_1.6.1-31.el5_3.3@x86_64:uninstalled, rpm_pam_krb5_2.2.14-10@x86_64:uninstalled, rpm_sudo_1.6.9p17-3.el5_3.1@x86_64:uninstalled, rp m_udev_095-14.20.el5_3@x86_64:uninstalled, rpm_pam_krb5_2.2.14-10@i386:uninstalled] [2009-09-23 10:29:09] DEBUG: vibcache: Esxupdate Vib database not loaded - /etc/vmware/esxupdate/vibs.xml does not exist yet. [2009-09-23 10:29:09] DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5- libs-1.6.1-31.el5_3.3.x86_64.vib to /var/tmp/esxupdate/-5459869081440186845... [2009-09-23 10:29:12] DEBUG: vib: Closing file /var/tmp/esxupdate/rpm_krb5-libs_1.6.1-31.el5_3.3@x86_64.vib [2009-09-23 10:29:12] DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/pam-k rb5-2.2.14-10.x86_64.vib to /var/tmp/esxupdate/4482681747601919214... [2009-09-23 10:29:13] DEBUG: vib: Closing file /var/tmp/esxupdate/rpm_pam_krb5_2.2.14-10@x86_64.vib [2009-09-23 10:29:13] DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5- libs-1.6.1-31.el5_3.3.i386.vib to /var/tmp/esxupdate/-6473612086064725300... [2009-09-23 10:29:15] DEBUG: vib: Closing file /var/tmp/esxupdate/rpm_krb5-libs_1.6.1-31.el5_3.3@i386.vib [2009-09-23 10:29:15] DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/sudo- 1.6.9p17-3.el5_3.1.x86_64.vib to /var/tmp/esxupdate/-6119825218163351125... [2009-09-23 10:29:16] DEBUG: vib: Closing file /var/tmp/esxupdate/rpm_sudo_1.6.9p17-3.el5_3.1@x86_64.vib [2009-09-23 10:29:16] DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5- workstation-1.6.1-31.el5_3.3.x86_64.vib to /var/tmp/esxupdate/-3217264565350984787... [2009-09-23 10:29:18] DEBUG: vib: Closing file /var/tmp/esxupdate/rpm_krb5-workstation_1.6.1-31.el5_3.3@x86_64.vib [2009-09-23 10:29:18] DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/curl- 7.15.5-2.1.el5_3.4.i386.vib to /var/tmp/esxupdate/9193752455599430900... [2009-09-23 10:29:20] DEBUG: vib: Closing file /var/tmp/esxupdate/rpm_curl_7.15.5-2.1.el5_3.4@i386.vib [2009-09-23 10:29:20] DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/curl- 7.15.5-2.1.el5_3.4.x86_64.vib to /var/tmp/esxupdate/4798137977164074535... [2009-09-23 10:29:21] DEBUG: vib: Closing file /var/tmp/esxupdate/rpm_curl_7.15.5-2.1.el5_3.4@x86_64.vib [2009-09-23 10:29:21] DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/udev- 095-14.20.el5_3.x86_64.vib to /var/tmp/esxupdate/-8496369035828695118... [2009-09-23 10:29:23] DEBUG: vib: Closing file /var/tmp/esxupdate/rpm_udev_095-14.20.el5_3@x86_64.vib [2009-09-23 10:29:23] DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/pam-k rb5-2.2.14-10.i386.vib to /var/tmp/esxupdate/-833698672119051411...
The main patch meta file is downloaded at:
http://www.vmware.com/go/vma4/update/vmw-VIMA-4.0.0-metadata.zip OR https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/vmw-VIMA-4.0.0-metadata.zip
from this primary meta data file, the subsequent patch URL's are created and downloaded:
https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-libs-1.6.1-... https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-libs-1.6.1-... https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/pam-krb5-2.2.14-... https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/sudo-1.6.9p17-3.... https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-workstation... https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/curl-7.15.5-2.1.... https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/curl-7.15.5-2.1.... https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/udev-095-14.20.e... https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/pam-krb5-2.2.14-...
So you would just need to manually download the individual .VIB(s) and update them each manually:
sudo esxupdate -b krb5-libs-1.6.1-31.el5_3.3.x86_64.vib update sudo esxupdate -b sudo-1.6.9p17-3.el5_3.1.x86_64.vib update sudo esxupdate -b krb5-workstation-1.6.1-31.el5_3.3.x86_64.vib update sudo esxupdate -b curl-7.15.5-2.1.el5_3.4.i386.vib update sudo esxupdate -b curl-7.15.5-2.1.el5_3.4.x86_64.vib update sudo esxupdate -b udev-095-14.20.el5_3.x86_64.vib update sudo esxupdate -b pam-krb5-2.2.14-10.x86_64.vib update sudo esxupdate -b krb5-libs-1.6.1-31.el5_3.3.i386.vib update
Here is how you use vima-update to patch: , again I would recommend setting up an internal depot that way you're patching through VMware's mechanism since this is outside of their patch system, if you ever connect this system to the public depot, you'll see that the patch bundle isn't installed but when you to try install, it'll say the packages are up to date.
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Thanks.
But is it not possible to use the UMDS to create the repository?
You might, not sure.
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Is there another method then?
It would be nice to download all patches for the vMA just like you can with ESX.
I'm not aware of way, you may want to contact VMware Support if you have SnS to file a support request regarding this question.
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Oke, i will do that.
I think VMware needs to fix these things.
I just created a case at VMware.
I will keep this thread updated.
I got a reply from VMware and unfortunaly it's under the NDA.
People who are seeking for an answer should open a case at Vmware
Thanks for the update, I'm quite surprised that VMware told you in which the process to patch vMA 4.0 w/o internet access or proxy acess (which is already out) is under NDA! I'll follow up with the vMA PM to see if this is the case, though I think having the process documented and readily available for customers that have this type of network/ACL restrictions would be quite useful and required.
Thanks again
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Any updates?
Is there a way to use UMDS as the patch repository for updating vMA 4? If so, what is it?
No updates, let me ping one of the PMs to see if I can get an answer.
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Any word on a non-NDA solution?
I've pinged the PM for vMA and he said he would reply back but I guess he hasn't had a chance.
If you have VMware SnS, I would file an SR to get your answer if you need one right away.
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
I opened a SR and this is the reply:
I have verified this Straight from engineering.
We don't currently support downloading vMA metadata via UMDS, but we are going to support offline bundle in vMA 4.1.
So, users have 2 ways to update vMA appliance without external network access:
1. Download the metadata to local http/https server, update depot url with the local depot in /etc/vmware/esxupdate/esxupdate.conf, and then run "vima-update"
2. Download offline bundle to local disk and run "vma-update --bundle=<offline-bundle>".
Note: this solution does not apply to vMA 4.0 because we started to support offline bundle in vMA 4.1.
http://www.vmware.com/support/developer/vima/
My posting to Development as we do not necessarily get this question which is a good one everyday:
I hope I have the right alias and that someone will be able to assist. We have a customer that has asked if it's possible or if there are any plans to be able to download the vMA metadata via Update Manager Download Service (UMDS) or Update Manager.
I found https://wiki.eng.vmware.com/Beijing/BeijingCoreQA/PDPESX/vMA/use_vima_update but do not see any options for an external depot/portal.
This thread also seems to be asking a similar question http://communities.vmware.com/thread/233898 .
Is this possible or planned in an upcoming release?