VMware Cloud Community
michael_stefani
Enthusiast
Enthusiast
‎10-11-2017 03:12 PM

7.x and Boot Strap Agent / old java

Was curious how everyone else is handling the vRA boot strap agent post installation?  The guest agent appears to uninstall after deployment (which is great), but that's not true for the boot strap agent which seems to live on forever after deployment.  This is causing issues for us as the java version that installs with it is out of date and shows up on internal vulnerability scans.  I'm kind of surprised there's not some option to have it uninstall after the software component pieces are done.  Anyone else have to deal with this issue?

0 Kudos
5 Replies
daphnissov
Immortal
Immortal
‎10-11-2017 05:36 PM

You really wouldn't want it to be uninstalled after the deployment is done because that would prevent you from running any software components that had the uninstall lifecycle configured. Honestly, I've never had an issue with people reporting the guest/software agent was causing issues with vulnerability scans. If that is a big problem, you can probably open a case with VMware to see if they'll issue a RPQ for updating Java binaries. 7.3 already uses 1.8, and it's probably unlikely that some of the builds after what it ships with would cause catastrophic failures. You might just be able to replace those binaries with newer, patched ones and be just fine.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
michael_stefani
Enthusiast
Enthusiast
‎10-12-2017 08:21 AM

So the software components are kind of new to us, we're using them to install certain components right now but I don't see us ever using that to uninstall a software component.  I'm actually kind of curious how the uninstall is even invoked?

Mike

0 Kudos
daphnissov
Immortal
Immortal
‎10-12-2017 08:34 AM

The uninstall phase is invoked when you destroy a deployment/machine. But the guest agent is for more than just software deployment, so removal of it after the machine has been provisioned is not a good SOP. If those vulnerability scans are really a big deal, then you might want to go down the route of getting Java updated on your templates after clearing it with VMware.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
michael_stefani
Enthusiast
Enthusiast
‎10-12-2017 08:41 AM

Any idea what else the agent is used for?  So as best I can tell there's two agents. 

GuestAgent - Carry over from vRA6 used in guest customization.  Fully removed at completion of the build process. 

BootStrap Agent - New with vRA7 and used with software components.  Stays installed post build. 

0 Kudos
daphnissov
Immortal
Immortal
‎10-12-2017 05:48 PM

The guest agent is also used to connect to the Manager and maintain a link with the system. It can also be used to perform OS-level configurations including running scripts outside of the software agent. It isn't uninstalled, per se, just unregistered as a service once its work item is complete.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos