VMware Cloud Community
RobMokkink
Expert
Expert

Update vMA without internet access

We are not allowed to let our servers to connect to the internet. Not even a proxy.

Is there a way to update the vMA offline?

Reply
0 Kudos
14 Replies
lamw
Community Manager
Community Manager

It's definitely possible to download the updates manually and install them by hand but it's definitely not recommended. If you're restricted based on specific security policies in your network, you can setup an internal depot that you can point your vima-update to which is configurable at: /etc/vmware/esxupdate/vimaupdate.conf

All the information regarding metadata and .VIBs that are downloaded using the tool for the only patch for vMA 4.0 is logged when you run vima-update scan and vima-update -b <bundle> update in /var/log/vmware/esxupdate.log

Here is an example output if you were able to hit the public VMware repo:

[2009-09-23 10:29:09]   DEBUG:    cmdline: Final selected set: [rpm_krb5-libs_1.6.1-31.el5_3.3@x86_64:uninstalled, rpm_curl_7.15.5-2.1.el5_3.4@i
386:uninstalled, rpm_krb5-libs_1.6.1-31.el5_3.3@i386:uninstalled, rpm_curl_7.15.5-2.1.el5_3.4@x86_64:uninstalled, <"VIMA400-200906001">, rpm_krb
5-workstation_1.6.1-31.el5_3.3@x86_64:uninstalled, rpm_pam_krb5_2.2.14-10@x86_64:uninstalled, rpm_sudo_1.6.9p17-3.el5_3.1@x86_64:uninstalled, rp
m_udev_095-14.20.el5_3@x86_64:uninstalled, rpm_pam_krb5_2.2.14-10@i386:uninstalled]
[2009-09-23 10:29:09]   DEBUG:   vibcache: Esxupdate Vib database not loaded - /etc/vmware/esxupdate/vibs.xml does not exist yet.
[2009-09-23 10:29:09]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-
libs-1.6.1-31.el5_3.3.x86_64.vib to /var/tmp/esxupdate/-5459869081440186845...
[2009-09-23 10:29:12]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_krb5-libs_1.6.1-31.el5_3.3@x86_64.vib
[2009-09-23 10:29:12]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/pam-k
rb5-2.2.14-10.x86_64.vib to /var/tmp/esxupdate/4482681747601919214...
[2009-09-23 10:29:13]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_pam_krb5_2.2.14-10@x86_64.vib
[2009-09-23 10:29:13]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-
libs-1.6.1-31.el5_3.3.i386.vib to /var/tmp/esxupdate/-6473612086064725300...
[2009-09-23 10:29:15]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_krb5-libs_1.6.1-31.el5_3.3@i386.vib
[2009-09-23 10:29:15]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/sudo-
1.6.9p17-3.el5_3.1.x86_64.vib to /var/tmp/esxupdate/-6119825218163351125...
[2009-09-23 10:29:16]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_sudo_1.6.9p17-3.el5_3.1@x86_64.vib
[2009-09-23 10:29:16]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-
workstation-1.6.1-31.el5_3.3.x86_64.vib to /var/tmp/esxupdate/-3217264565350984787...
[2009-09-23 10:29:18]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_krb5-workstation_1.6.1-31.el5_3.3@x86_64.vib
[2009-09-23 10:29:18]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/curl-
7.15.5-2.1.el5_3.4.i386.vib to /var/tmp/esxupdate/9193752455599430900...
[2009-09-23 10:29:20]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_curl_7.15.5-2.1.el5_3.4@i386.vib
[2009-09-23 10:29:20]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/curl-
7.15.5-2.1.el5_3.4.x86_64.vib to /var/tmp/esxupdate/4798137977164074535...
[2009-09-23 10:29:21]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_curl_7.15.5-2.1.el5_3.4@x86_64.vib
[2009-09-23 10:29:21]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/udev-
095-14.20.el5_3.x86_64.vib to /var/tmp/esxupdate/-8496369035828695118...
[2009-09-23 10:29:23]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_udev_095-14.20.el5_3@x86_64.vib
[2009-09-23 10:29:23]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/pam-k
rb5-2.2.14-10.i386.vib to /var/tmp/esxupdate/-833698672119051411...

The main patch meta file is downloaded at:

http://www.vmware.com/go/vma4/update/vmw-VIMA-4.0.0-metadata.zip
OR
https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/vmw-VIMA-4.0.0-metadata.zip

from this primary meta data file, the subsequent patch URL's are created and downloaded:

https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-libs-1.6.1-...
https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-libs-1.6.1-...
https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/pam-krb5-2.2.14-...
https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/sudo-1.6.9p17-3....
https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-workstation...
https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/curl-7.15.5-2.1....
https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/curl-7.15.5-2.1....
https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/udev-095-14.20.e...
https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/pam-krb5-2.2.14-...

So you would just need to manually download the individual .VIB(s) and update them each manually:

sudo esxupdate -b krb5-libs-1.6.1-31.el5_3.3.x86_64.vib update
sudo esxupdate -b sudo-1.6.9p17-3.el5_3.1.x86_64.vib update
sudo esxupdate -b krb5-workstation-1.6.1-31.el5_3.3.x86_64.vib update
sudo esxupdate -b curl-7.15.5-2.1.el5_3.4.i386.vib update
sudo esxupdate -b curl-7.15.5-2.1.el5_3.4.x86_64.vib update
sudo esxupdate -b udev-095-14.20.el5_3.x86_64.vib update
sudo esxupdate -b pam-krb5-2.2.14-10.x86_64.vib update
sudo esxupdate -b krb5-libs-1.6.1-31.el5_3.3.i386.vib update

Here is how you use vima-update to patch: , again I would recommend setting up an internal depot that way you're patching through VMware's mechanism since this is outside of their patch system, if you ever connect this system to the public depot, you'll see that the patch bundle isn't installed but when you to try install, it'll say the packages are up to date.

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Comuunity

Twitter: @lamw

If you find this information useful, please award points for "correct" or "helpful".

RobMokkink
Expert
Expert

Thanks.

But is it not possible to use the UMDS to create the repository?

Reply
0 Kudos
lamw
Community Manager
Community Manager

You might, not sure.

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Comuunity

Twitter: @lamw

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
RobMokkink
Expert
Expert

Is there another method then?

It would be nice to download all patches for the vMA just like you can with ESX.

Reply
0 Kudos
lamw
Community Manager
Community Manager

I'm not aware of way, you may want to contact VMware Support if you have SnS to file a support request regarding this question.

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Comuunity

Twitter: @lamw

If you find this information useful, please award points for "correct" or "helpful".

RobMokkink
Expert
Expert

Oke, i will do that.

I think VMware needs to fix these things.

Reply
0 Kudos
RobMokkink
Expert
Expert

I just created a case at VMware.

I will keep this thread updated.

Reply
0 Kudos
RobMokkink
Expert
Expert

I got a reply from VMware and unfortunaly it's under the NDA.

People who are seeking for an answer should open a case at Vmware

Reply
0 Kudos
lamw
Community Manager
Community Manager

Thanks for the update, I'm quite surprised that VMware told you in which the process to patch vMA 4.0 w/o internet access or proxy acess (which is already out) is under NDA! I'll follow up with the vMA PM to see if this is the case, though I think having the process documented and readily available for customers that have this type of network/ACL restrictions would be quite useful and required.

Thanks again

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Comuunity

Twitter: @lamw

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
aenagy
Hot Shot
Hot Shot

Any updates?

Is there a way to use UMDS as the patch repository for updating vMA 4? If so, what is it?

Reply
0 Kudos
lamw
Community Manager
Community Manager

No updates, let me ping one of the PMs to see if I can get an answer.

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

Twitter: @lamw

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
dwang1092
Contributor
Contributor

Any word on a non-NDA solution?

Reply
0 Kudos
lamw
Community Manager
Community Manager

I've pinged the PM for vMA and he said he would reply back but I guess he hasn't had a chance.

If you have VMware SnS, I would file an SR to get your answer if you need one right away.

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

Twitter: @lamw

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
aenagy
Hot Shot
Hot Shot

I opened a SR and this is the reply:

I have verified this Straight from engineering.

We don't currently support downloading vMA metadata via UMDS, but we are going to support offline bundle in vMA 4.1.

So, users have 2 ways to update vMA appliance without external network access:

1. Download the metadata to local http/https server, update depot url with the local depot in /etc/vmware/esxupdate/esxupdate.conf, and then run "vima-update"

2. Download offline bundle to local disk and run "vma-update --bundle=<offline-bundle>".

Note: this solution does not apply to vMA 4.0 because we started to support offline bundle in vMA 4.1.

http://www.vmware.com/support/developer/vima/

My posting to Development as we do not necessarily get this question which is a good one everyday:

I hope I have the right alias and that someone will be able to assist. We have a customer that has asked if it's possible or if there are any plans to be able to download the vMA metadata via Update Manager Download Service (UMDS) or Update Manager.

I found https://wiki.eng.vmware.com/Beijing/BeijingCoreQA/PDPESX/vMA/use_vima_update but do not see any options for an external depot/portal.

This thread also seems to be asking a similar question http://communities.vmware.com/thread/233898 .

Is this possible or planned in an upcoming release?

Reply
0 Kudos