before doing the Export-EsxImageProfile
I suspect, there is a FW or something that isn't allowing the cmdlet to reach the CA to verify the certificate.
Update: oops, I notice you already did that. Perhaps try doing it just before the Export-EsxImageProfileBlog: http://lucd.info | Twitter: @LucD22 | PowerCLI Reference co-author: http://tinyurl.com/hkn4glz
I tried running the
just prior to the Export command and get the same result.
To be clear, I'm trying to inject the latest Cisco Nexus VIBs into the latest HP customized ZIP downloaded directly from VMware and create an HP-Customized ISO + Cisco VIB.
As far as you know, I should be able to do that, right?
Yes, that should work.
I'm just not sure which certificate will be verified.Blog: http://lucd.info | Twitter: @LucD22 | PowerCLI Reference co-author: http://tinyurl.com/hkn4glz
There is a problem with the current HP hpvsa driver package being incorrectly signed and causing the "Could not find a trusted signer" error.
Is this one by chance included in the VMware-ESXi-5.0.0-Update1-623860-HP-5.20.43.zip bundle?
To answer my own question: yes, it is.
If you do not need the hpvsa driver then remove the package from the custom image profile before exporting it by running
Remove-ESXSoftwarePackage -ImageProfile HP-Cisco-ESXi-5.0.1-standard -SoftwarePackage scsi-hpvsa
where is the $DeployNoSignatureCheck thing documented?
I already read a lot about the ImageBuilder snapin, but have not yet stumbled over this?!
That was mentioned in an older thread, but besides that mention I have no idea where it is documented.
On the latest PowerCLI build, the Export-EsxImageProfile now has a NoSignatureCheck switch.
Perhaps the switch replaces the variable ?
Can you try with the switch ?Blog: http://lucd.info | Twitter: @LucD22 | PowerCLI Reference co-author: http://tinyurl.com/hkn4glz1 person found this helpful
I'll try both the switch via the export command and the removal of the hpvsa & report back shortly.
Thanks for the suggestions.
Okay, so good news all the way around-- BOTH solutions actually worked.
If I re-ran my above process as-is but ONLY added the "-NoSignatureCheck" to the end of the export command, it worked just fine.
If I re-ran my above process as-is but removed the HPVSA mode (Remove-ESXSoftwarePackage -ImageProfile HP-Cisco-ESXi-5.0.1-standard -SoftwarePackage scsi-hpvsa), that ALSO worked- and I didn't need the "-NoSignatureCheck".
(Oh, and I didn't need CommunitySupported either)
Since we may have a bunch of new stand-alone hosts (ROBOs) that will have local storage in the near future, I decided to leave the HPVSA in and just used the -NoSignatureCheck.
Below are my complete working steps to get the the Cisco Nexus VIBs injected into the HP Customized Installer. Thanks all for the help!
1) Download HP's Customized Image Profile ZIP from VMware's Website
2) Open PowerCLI
3) Add-EsxSoftwareDepot .\VMware-ESXi-5.0.0-Update1-623860-HP-5.20.43.zip
4) New-EsxImageProfile -CloneProfile HP-ESXi-5.0.1-standard -Name HP-Cisco-ESXi-5.0.1-standard
5) Add-EsxSoftwareDepot -DepotURL https://hostupdate.vmware.com/software/VUM/PRODUCTION/csco-main/csco-depot-index.xml
6) Add-EsxSoftwarePackage -imageprofile HP-Cisco-ESXi-5.0.1-standard cisco-vem-v140-esx
7) Compare-EsxImageProfile -ComparisonProfile HP-Cisco-ESXi-5.0.1-standard -referenceprofile HP-ESXi-5.0.1-standard
8) Export-EsxImageProfile -ImageProfile HP-Cisco-ESXi-5.0.1-standard -exporttobundle -filepath .\ESXi-5.0.1-HP-Cisco-623860.zip -NoSignatureCheck
9) Export-EsxImageProfile -ImageProfile HP-Cisco-ESXi-5.0.1-standard -exporttoiso -filepath .\ESXi-5.0.1-HP-Cisco-623860.iso -NoSignatureCheck