My VCSA can't connect to the update source. Tailing /var/log/vmware/applmgmt/applmgmt.log reveals:
2019-04-18T19:10:49.671 [19010]ERROR:vmware.appliance.update.update_functions:Can't read JSON file /etc/applmgmt/appliance/software_update_state.conf [Errno 2] No such file or directory: '/etc/applmgmt/appliance/software_update_state.conf'
Not sure if that's related. Later I see:
2019-04-18T19:11:00.264 [19010]DEBUG:vmware.appliance.update.update_functions:runCommandAndCheckResult failed: LocalizableException({'id': 'com.vmware.appliance.update.download_failed', 'args': [], 'default_message': 'Download failed'}, '', '--2019-04-18 15:10:50-- https://vapp-updates.vmware.com/vai-catalog/valm/vmw/8d167796-34d5-4899-be0a-6daade4005a3/upgrade_in... vapp-updates.vmware.com... 184.27.136.35, 2600:1402:f000:385::2ef, 2600:1402:f000:3a1::2ef\nConnecting to vapp-updates.vmware.com|184.27.136.35|:443... failed: Connection timed out.\nConnecting to vapp-updates.vmware.com|2600:1402:f000:385::2ef|:443... failed: Network is unreachable.\nConnecting to vapp-updates.vmware.com|2600:1402:f000:3a1::2ef|:443... failed: Network is unreachable.\n')
2019-04-18T19:11:00.264 [19010]DEBUG:vmware.appliance.update.update_b2b:Index file not present for the url https://vapp-updates.vmware.com/vai-catalog/valm/vmw/8d167796-34d5-4899-be0a-6daade4005a3/upgrade_in...
But when I curl to those URL's from the VAMI bash shell, I can retrieve them just fine. What gives? We do use a proxy server. When I refresh the VAMI update page to retry, netstat reveals:
tcp | 0 | 1 contoso:47782 as-40816.engx.vmw:https | SYN_SENT |
tcp | 0 | 1 contoso:46324 a104-74-67-235:www-http | SYN_SENT |
tcp | 0 | 1 contoso:33058 a104-74-67-235.de:https | SYN_SENT |
Oopsie, it's not using our proxy. But curl is definitely using it. /etc/sysconfig/proxy is present and properly formatted per kb article -- both http and https are present. Wat do?
Chek the log at: /var/log/vmware/applmgmt/applmgmt.log
Look for wget
I can see this kind of lines
[2355]DEBUG:vmware.appliance.update.update_functions:Running /usr/bin/wget --no-check-certificate --connect-timeout 10 -P /storage/core/software-update/tmp/latest https://vapp-updates.vmware.com/vai-catalog/valm/vmw/8d167796-34d5-4899-be0a-6daade4005a3/6.7.0.3000... -e use_proxy=yes -e http_proxy=https://http://<foobar>:8080
Which is wrong. So......
I have found a solution:
1: At VCSA level either VAMI or CLI (/etc/sysconfig/proxy) you should turn off proxy config.
2: Configure the following file: /etc/wgetrc
like:
http_proxy = http://proxy.yoyodyne.com:18023/
https_proxy = http://proxy.yoyodyne.com:18023/
use_proxy=on
Then It should work like a charm.
Good Luck.
Editing the /etc/wgetrc solved my issue with getting the VCSA patch downloaded (thanks). Any suggestions for getting VUM working with a proxy? Nothing I've tried has worked properly for VUM to connect.
I had a ticket opened with VMware to get this resolved. Rather simple really. Not sure why it's not in a document somewhere on the interwebs.
In the settings page for Update Manager just put the proxy information in. I didn't put in any http://proxy.address, I just put in proxy.address and then specified the port number. If you have credentials then use them. However do not click on Test Connection. That button doesn't seem to work right. It might take a moment for the updated settings to show in vCenter. You should then be able to click on Download Now in the upper right and it should get the latest patch definitions, which as of today was May 13th. If you run into issues you can either restart the update manager service from the GUI or if you like command line stuff you can putty into the appliance and use:
service-control --stop vmware-updatemgr
service-control --start vmware-updatemgr
Hope this helps.
The workaround (editing etc/wgetrc) does work with the latest 6.7 u2a patch. None of the 6.x seemed to have a working proxy configuration out of the box, this is frustrating.
I yearn the day when VMware will finally fix this in the various appliances (with VRLM having the most ridiculous workaround), it seems like the company is not aware at all that clients use proxies in their environments.
Agreed. We have a history of challenges surrounding the proxy configuration of our vCenters.
I updated our test ENV vcenter from 6.5 to 7.0
I ran into this error with the proxy setting
Disabling the proxy and manually putting the proxy settings via SSH into /etc/wgetrc allowed me to update to the latest vcenter 7.0 build
thanks