14 Replies Latest reply on May 12, 2010 1:32 PM by aenagy

    Update vMA without internet access

    RobMokkink Expert

       

      We are not allowed to let our servers to connect to the internet. Not even a proxy.

      Is there a way to update the vMA offline?

       

       

        • 1. Re: Update vMA without internet access
          lamw Guru
          VMware EmployeesCommunity Warriors

          It's definitely possible to download the updates manually and install them by hand but it's definitely not recommended. If you're restricted based on specific security policies in your network, you can setup an internal depot that you can point your vima-update to which is configurable at: /etc/vmware/esxupdate/vimaupdate.conf

           

          All the information regarding metadata and .VIBs that are downloaded using the tool for the only patch for vMA 4.0 is logged when you run vima-update scan and vima-update -b <bundle> update in /var/log/vmware/esxupdate.log

           

          Here is an example output if you were able to hit the public VMware repo:

          [2009-09-23 10:29:09]   DEBUG:    cmdline: Final selected set: [rpm_krb5-libs_1.6.1-31.el5_3.3@x86_64:uninstalled, rpm_curl_7.15.5-2.1.el5_3.4@i
          386:uninstalled, rpm_krb5-libs_1.6.1-31.el5_3.3@i386:uninstalled, rpm_curl_7.15.5-2.1.el5_3.4@x86_64:uninstalled, <"VIMA400-200906001">, rpm_krb
          5-workstation_1.6.1-31.el5_3.3@x86_64:uninstalled, rpm_pam_krb5_2.2.14-10@x86_64:uninstalled, rpm_sudo_1.6.9p17-3.el5_3.1@x86_64:uninstalled, rp
          m_udev_095-14.20.el5_3@x86_64:uninstalled, rpm_pam_krb5_2.2.14-10@i386:uninstalled]
          [2009-09-23 10:29:09]   DEBUG:   vibcache: Esxupdate Vib database not loaded - /etc/vmware/esxupdate/vibs.xml does not exist yet.
          [2009-09-23 10:29:09]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-
          libs-1.6.1-31.el5_3.3.x86_64.vib to /var/tmp/esxupdate/-5459869081440186845...
          [2009-09-23 10:29:12]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_krb5-libs_1.6.1-31.el5_3.3@x86_64.vib
          [2009-09-23 10:29:12]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/pam-k
          rb5-2.2.14-10.x86_64.vib to /var/tmp/esxupdate/4482681747601919214...
          [2009-09-23 10:29:13]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_pam_krb5_2.2.14-10@x86_64.vib
          [2009-09-23 10:29:13]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-
          libs-1.6.1-31.el5_3.3.i386.vib to /var/tmp/esxupdate/-6473612086064725300...
          [2009-09-23 10:29:15]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_krb5-libs_1.6.1-31.el5_3.3@i386.vib
          [2009-09-23 10:29:15]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/sudo-
          1.6.9p17-3.el5_3.1.x86_64.vib to /var/tmp/esxupdate/-6119825218163351125...
          [2009-09-23 10:29:16]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_sudo_1.6.9p17-3.el5_3.1@x86_64.vib
          [2009-09-23 10:29:16]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-
          workstation-1.6.1-31.el5_3.3.x86_64.vib to /var/tmp/esxupdate/-3217264565350984787...
          [2009-09-23 10:29:18]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_krb5-workstation_1.6.1-31.el5_3.3@x86_64.vib
          [2009-09-23 10:29:18]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/curl-
          7.15.5-2.1.el5_3.4.i386.vib to /var/tmp/esxupdate/9193752455599430900...
          [2009-09-23 10:29:20]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_curl_7.15.5-2.1.el5_3.4@i386.vib
          [2009-09-23 10:29:20]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/curl-
          7.15.5-2.1.el5_3.4.x86_64.vib to /var/tmp/esxupdate/4798137977164074535...
          [2009-09-23 10:29:21]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_curl_7.15.5-2.1.el5_3.4@x86_64.vib
          [2009-09-23 10:29:21]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/udev-
          095-14.20.el5_3.x86_64.vib to /var/tmp/esxupdate/-8496369035828695118...
          [2009-09-23 10:29:23]   DEBUG:        vib: Closing file /var/tmp/esxupdate/rpm_udev_095-14.20.el5_3@x86_64.vib
          [2009-09-23 10:29:23]   DEBUG: downloader: Downloading https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/pam-k
          rb5-2.2.14-10.i386.vib to /var/tmp/esxupdate/-833698672119051411...
          

           

          The main patch meta file is downloaded at:

          http://www.vmware.com/go/vma4/update/vmw-VIMA-4.0.0-metadata.zip
          OR
          https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/vmw-VIMA-4.0.0-metadata.zip
          

           

          from this primary meta data file, the subsequent patch URL's are created and downloaded:

           

          https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-libs-1.6.1-31.el5_3.3.x86_64.vib
          https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-libs-1.6.1-31.el5_3.3.i386.vib
          https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/pam-krb5-2.2.14-10.x86_64.vib
          https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/sudo-1.6.9p17-3.el5_3.1.x86_64.vib
          https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/krb5-workstation-1.6.1-31.el5_3.3.x86_64.vib
          https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/curl-7.15.5-2.1.el5_3.4.i386.vib
          https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/curl-7.15.5-2.1.el5_3.4.x86_64.vib
          https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/udev-095-14.20.el5_3.x86_64.vib
          https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmw/VIMA/4.0.0/VIMA-4.0.0-P01/pam-krb5-2.2.14-10.i386.vib
          

           

          So you would just need to manually download the individual .VIB(s) and update them each manually:

           

          sudo esxupdate -b krb5-libs-1.6.1-31.el5_3.3.x86_64.vib update
          sudo esxupdate -b sudo-1.6.9p17-3.el5_3.1.x86_64.vib update
          sudo esxupdate -b krb5-workstation-1.6.1-31.el5_3.3.x86_64.vib update
          sudo esxupdate -b curl-7.15.5-2.1.el5_3.4.i386.vib update
          sudo esxupdate -b curl-7.15.5-2.1.el5_3.4.x86_64.vib update
          sudo esxupdate -b udev-095-14.20.el5_3.x86_64.vib update
          sudo esxupdate -b pam-krb5-2.2.14-10.x86_64.vib update
          sudo esxupdate -b krb5-libs-1.6.1-31.el5_3.3.i386.vib update
          

           

           

          Here is how you use vima-update to patch: vMA4 vima-update error, again I would recommend setting up an internal depot that way you're patching through VMware's mechanism since this is outside of their patch system, if you ever connect this system to the public depot, you'll see that the patch bundle isn't installed but when you to try install, it'll say the packages are up to date.

           

           

           

           

           

          =========================================================================

          William Lam

          VMware vExpert 2009

          VMware ESX/ESXi scripts and resources at: http://engineering.ucsb.edu/~duonglt/vmware/

          vGhetto Script Repository

          VMware Code Central - Scripts/Sample code for Developers and Administrators

          VMware Developer Comuunity

          Twitter: @lamw

           

          http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

           

          If you find this information useful, please award points for "correct" or "helpful".

          1 person found this helpful
          • 2. Re: Update vMA without internet access
            RobMokkink Expert

             

            Thanks.

             

             

            But is it not possible to use the UMDS to create the repository?

             

             

             

             

             

             

             

             

            • 3. Re: Update vMA without internet access
              lamw Guru
              VMware EmployeesCommunity Warriors

              You might, not sure.

               

               

               

               

              =========================================================================

              William Lam

              VMware vExpert 2009

              VMware ESX/ESXi scripts and resources at: http://engineering.ucsb.edu/~duonglt/vmware/

              vGhetto Script Repository

              VMware Code Central - Scripts/Sample code for Developers and Administrators

              VMware Developer Comuunity

              Twitter: @lamw

               

              http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

               

              If you find this information useful, please award points for "correct" or "helpful".

              • 4. Re: Update vMA without internet access
                RobMokkink Expert

                 

                Is there another method then?

                 

                 

                It would be nice to download all patches for the vMA just like you can with ESX.

                 

                 

                • 5. Re: Update vMA without internet access
                  lamw Guru
                  Community WarriorsVMware Employees

                  I'm not aware of way, you may want to contact VMware Support if you have SnS to file a support request regarding this question.

                   

                   

                   

                   

                  =========================================================================

                  William Lam

                  VMware vExpert 2009

                  VMware ESX/ESXi scripts and resources at: http://engineering.ucsb.edu/~duonglt/vmware/

                  vGhetto Script Repository

                  VMware Code Central - Scripts/Sample code for Developers and Administrators

                  VMware Developer Comuunity

                  Twitter: @lamw

                   

                  http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

                   

                  If you find this information useful, please award points for "correct" or "helpful".

                  1 person found this helpful
                  • 6. Re: Update vMA without internet access
                    RobMokkink Expert

                     

                    Oke, i will do that.

                     

                     

                    I think VMware needs to fix these things.

                     

                     

                    • 7. Re: Update vMA without internet access
                      RobMokkink Expert

                       

                      I just created a case at VMware.

                       

                       

                      I will keep this thread updated.

                       

                       

                      • 8. Re: Update vMA without internet access
                        RobMokkink Expert

                         

                        I got a reply from VMware and unfortunaly it's under the NDA.

                         

                         

                        People who are seeking for an answer should open a case at Vmware

                         

                         

                        • 9. Re: Update vMA without internet access
                          lamw Guru
                          Community WarriorsVMware Employees

                          Thanks for the update, I'm quite surprised that VMware told you in which the process to patch vMA 4.0 w/o internet access or proxy acess (which is already out) is under NDA! I'll follow up with the vMA PM to see if this is the case, though I think having the process documented and readily available for customers that have this type of network/ACL restrictions would be quite useful and required.

                           

                          Thanks again

                           

                           

                           

                           

                          =========================================================================

                          William Lam

                          VMware vExpert 2009

                          VMware ESX/ESXi scripts and resources at: http://engineering.ucsb.edu/~duonglt/vmware/

                          vGhetto Script Repository

                          VMware Code Central - Scripts/Sample code for Developers and Administrators

                          VMware Developer Comuunity

                          Twitter: @lamw

                           

                          http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

                           

                          If you find this information useful, please award points for "correct" or "helpful".

                          • 10. Re: Update vMA without internet access
                            aenagy Hot Shot

                            Any updates?

                             

                            Is there a way to use UMDS as the patch repository for updating vMA 4? If so, what is it?

                            • 11. Re: Update vMA without internet access
                              lamw Guru
                              VMware EmployeesCommunity Warriors

                              No updates, let me ping one of the PMs to see if I can get an answer.

                               

                               

                               

                               

                              =========================================================================

                              William Lam

                              VMware vExpert 2009

                              VMware ESX/ESXi scripts and resources at: http://engineering.ucsb.edu/~duonglt/vmware/

                              Twitter: @lamw

                              vGhetto Script Repository

                              Getting Started with the vMA (tips/tricks)

                              Getting Started with the vSphere SDK for Perl

                              VMware Code Central - Scripts/Sample code for Developers and Administrators

                              VMware Developer Community

                               

                              http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

                               

                              If you find this information useful, please award points for "correct" or "helpful".

                              • 12. Re: Update vMA without internet access
                                dwang1092 Novice

                                Any word on a non-NDA solution?

                                • 13. Re: Update vMA without internet access
                                  lamw Guru
                                  VMware EmployeesCommunity Warriors

                                  I've pinged the PM for vMA and he said he would reply back but I guess he hasn't had a chance.

                                   

                                  If you have VMware SnS, I would file an SR to get your answer if you need one right away.

                                   

                                   

                                   

                                   

                                  =========================================================================

                                  William Lam

                                  VMware vExpert 2009

                                  VMware ESX/ESXi scripts and resources at: http://engineering.ucsb.edu/~duonglt/vmware/

                                  Twitter: @lamw

                                  vGhetto Script Repository

                                  Getting Started with the vMA (tips/tricks)

                                  Getting Started with the vSphere SDK for Perl

                                  VMware Code Central - Scripts/Sample code for Developers and Administrators

                                  VMware Developer Community

                                   

                                  http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

                                   

                                  If you find this information useful, please award points for "correct" or "helpful".

                                  • 14. Re: Update vMA without internet access
                                    aenagy Hot Shot

                                    I opened a SR and this is the reply:

                                     

                                    I have verified this Straight from engineering.

                                     

                                    We don't currently support downloading vMA metadata via UMDS, but we are going to support offline bundle in vMA 4.1.

                                     

                                    So, users have 2 ways to update vMA appliance without external network access:

                                    1. Download the metadata to local http/https server, update depot url with the local depot in /etc/vmware/esxupdate/esxupdate.conf, and then run "vima-update"

                                     

                                    2. Download offline bundle to local disk and run "vma-update --bundle=<offline-bundle>".

                                    Note: this solution does not apply to vMA 4.0 because we started to support offline bundle in vMA 4.1.

                                     

                                    http://www.vmware.com/support/developer/vima/

                                     

                                    My posting to Development as we do not necessarily get this question which is a good one everyday:

                                    I hope I have the right alias and that someone will be able to assist.  We have a customer that has asked if it's possible or if there are any plans to be able to download the vMA metadata via Update Manager Download Service (UMDS) or Update Manager.

                                     

                                    I found https://wiki.eng.vmware.com/Beijing/BeijingCoreQA/PDPESX/vMA/use_vima_update but do not see any options for an external depot/portal.

                                     

                                    This thread also seems to be asking a similar question http://communities.vmware.com/thread/233898 .

                                     

                                    Is this possible or planned in an upcoming release?