Archives for posts with tag: vCLI

Using rsync to Distribute Patches to a Remote vMA

March 8, 11 //
0

I recently posted Using vMA as a local vSphere Patch Repos­i­tory, where I out­lined how you can use your vMA instances as local file repos­i­to­ries for updates.

This post is a con­tin­u­a­tion of that con­cept, but this time I’ll take it a step fur­ther and uti­lize rsync to make sure my vMA instances all con­tain the same set of patches. Rsync is great for this, as it han­dles fast incre­men­tal file trans­fers, which is a real time and band­width saver in my par­tic­u­lar sce­nario. So, the premise is that you have one cen­tral vMA instance, and one or more remote vMA instances that should pull updates from the cen­trally located one.

Installing rsync in vMA

Sadly, rsync isn’t included in vMA by default. To get it installed, we need to edit some files inside of vMA. Since vMA is Cen­tOS based, this means con­fig­ur­ing yum repos­i­to­ries, and thank­fully the bril­liant William Lam over at vir­tu­al­lyGhetto has already done the hard work for us. In his post named Auto­mate Update Man­ager Oper­a­tions using vSphere SDK for Perl + VIX + Pow­er­CLI + Pow­er­CLI VUM William explains which files to edit to cre­ate a valid repos­i­tory con­fig­u­ra­tion for instal­la­tion of offi­cial pack­ages directly from CentOS.

Warn­ing: Do this on your own risk, I have not checked but I think this will fall under the “unsup­ported” tab at VMware.

Con­fig­ur­ing YUM in vMA

These instruc­tions are pretty much copied from Williams post, but added here for context:

Cre­at­ing the repos­i­tory con­fig­u­ra­tion file

To cre­ate the file, in the cor­rect direc­tory, run the fol­low­inf command:

[vi-admin@vMA /]$ sudo vi /etc/yum.repos.d/centos-base.repo
Password:

Add the fol­low­ing lines to the repos­i­tory file:

[base]
name=CentOS-5 - Base
baseurl=http://mirror.centos.org/centos/5/os/x86_64/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
 
[update]
name=CentOS-5 - Updates
baseurl=http://mirror.centos.org/centos/5/updates/x86_64/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

Exit the vi edi­tor by hit­ting esc and enter­ing :wq and hit enter. That saves the file, and exits the editor.

Installing rsync via yum

Now comes the easy part, actu­ally installing rsync inside vMA. All you have to do, is to enter the fol­low­ing command:

[vi-admin@vMA /]$ sudo yum -y install rsync

The instal­la­tion starts, and you should see out­put sim­i­lar to the following:

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package rsync.x86_64 0:2.6.8-3.1 set to be updated
--> Finished Dependency Resolution
 
Dependencies Resolved
 
====================================================================================
 Package           Arch               Version                Repository        Size
====================================================================================
Installing:
 rsync             x86_64             2.6.8-3.1              base             235 k
 
Transaction Summary
====================================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)
 
Total download size: 235 k
Downloading Packages:
rsync-2.6.8-3.1.x86_64.rp 100% |=========================| 235 kB    00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : rsync                                             [1/1]
 
Installed: rsync.x86_64 0:2.6.8-3.1
Complete!
[vi-admin@vMA /]$

And there it is, rsync installed inside vMA!

Con­fig­ur­ing rsync to fetch upgrades from cen­tral vMA

Now that we have rsync installed inside vMA, we need to con­fig­ure it to fetch the updates from a cen­tral vMA instance. Rsync needs to be installed in both ends of the pipe, so if you haven’t already done so, con­fig­ure your “mas­ter vMA” the same way as men­tioned above.

Now that “both ends” of the pipe has rsync installed, we can run it from “client vMA” to pull down all the files cur­rently in the repos­i­tory on the “mas­ter vMA”.

[vi-admin@vMA /]$sudo rsync -r vi-admin@192.168.5.57:/var/www/html/repo/* /var/www.html/repo
The authenticity of host '192.168.5.57 (192.168.5.57)' can't be established.
RSA key fingerprint is 3f:af:7c:53:5a:15:47:56:b8:25:77:79:14:b2:f5:2f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.5.57' (RSA) to the list of known hosts.
vi-admin@192.168.5.57's password:
[vi-admin@vMA /]$

The com­mand runs for a while, and when it fin­ished you should see that the cur­rent con­tents of the “mas­ter vMA” repos­i­tory is now located in the “client vMA” repos­i­tory as well:

[vi-admin@vMA repo]$ ls -la
total 210988
drwxr-xr-x 2 root root      4096 Mar  8 18:51 .
drwxr-xr-x 4 root root      4096 Mar  8 18:50 ..
-rw-r--r-- 1 root root         0 Mar  8 18:51 testfile
-rw-r--r-- 1 root root         0 Mar  8 18:51 testfile1
-rw-r--r-- 1 root root         0 Mar  8 18:51 testfile2
-rw-r--r-- 1 root root         0 Mar  8 18:51 testfile3
-rw-r--r-- 1 root root 215820281 Jan 27 19:15 update-from-esxi4.1-4.1_update01.zip
[vi-admin@vMA repo]$

Con­clu­sion

There is a lot more you can do with rsync, like repli­ca­tion files both ways, con­trol­ling band­width usage, using ssh keys to avoid username/password prompts, some­thing that is required if you want to fully auto­mated this process. I will not cover that, at least not right now, so head over to the rsync site to read up on the doc­u­men­ta­tion for more advanced use cases.

Even if I’ve barely touched the fea­tures rsync pro­vides, it is clear that this is a way for admins to cen­trally man­age dis­tri­b­u­tion of vSphere patches to remote loca­tions, even if the band­width is low and the latency high. Rsync pro­vides us with ways to over­come the patch­ing issues that you might see in poorly net­worked envi­ron­ments, and it can cer­tainly help vAd­mins keep­ing their envi­ron­ments patched and cur­rent, and that has to be a good thing™

Using vMA as a local vSphere Patch Repository

March 7, 11 //
7

I like using http as the trans­port pro­to­col when patch­ing my vSphere hosts. It’s easy to use and in most cases imme­di­ately avail­able over most net­works. Since I want to use http as the trans­port, we need to make vMA work as a http server.

Start­ing Apache inside vMA

Luck­ily, the Apache http dae­mon is installed, by default, in vMA and to uti­lize it all you have to do is to start it!

Log on to vMA with your favorite SSH client and run the fol­low­ing com­mand to start the Apache HTTP Daemon:

[vi-admin@vMA /]$ sudo service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for  ServerName                   [ OK ]
[vi-admin@vMA /]$

Never mind the error mes­sage it dis­plays, for our pur­poses that’s not an issue and we can safely ignore it.

By default the files served by Apache is located in /var/www/html, so we’ll head over there to cre­ate a new directory

[vi-admin@vMA /]$ cd /var/www/html/
[vi-admin@vMA html]$ sudo mkdir repo

We’ve now cre­ated the repo direc­tory inside the Apache doc­root. Now we need to add some patches to that direc­tory, to make it avail­able for the vihos­tup­date or esx­up­date com­mand we can use to patch our hosts.

In my lab, I used the update-from-esxi4.1–4.1_update01 patch bun­dle from vmware.com

To down­load the patch into the new repo direc­tory cre­ated above, run the fol­low­ing commands:

[vi-admin@vMA html]$ cd /var/www/html/repo/
[vi-admin@vMA repo]$ sudo wget https://hostupdate.vmware.com/software/VUM/OFFLINE/release-260-20110127-912579/update-from-esxi4.1-4.1_update01.zip
Password:
--15:34:32--  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-260-20110127-912579/update-from-esxi4.1-4.1_update01.zip
	Resolving hostupdate.vmware.com... 88.221.164.7
	Connecting to hostupdate.vmware.com|88.221.164.7|:443... connected.
	HTTP request sent, awaiting response... 200 OK
	Length: 215820281 (206M) [application/zip]
	Saving to: `update-from-esxi4.1-4.1_update01.zip'
100%[===============================================================================================================>] 

215,820,281  919K/s   in 3m 54s
15:38:26 (901 KB/s) - `update-from-esxi4.1-4.1_update01.zip' saved [215820281/215820281]

This down­loads the patch bun­dle, using the wget com­mand, to the cur­rent directory.

Now, to make sure your down­loaded patch bun­dle is avail­able via the web server, open http://vMA-IP/repo/ and you should see the direc­tory con­tents listed. Your browser should dis­play some­thing sim­i­lar to this:

Before patch­ing a host, power off or migrate any vir­tual machines that are run­ning on the host and place the host into main­te­nance mode.

Scan host for update compatibility

[vi-admin@vMA repo]$ vihostupdate --server 10.0.100.20 --scan --bundle http://10.0.101.14/repo/update-from-esxi4.1-4.1_update01.zip
Enter username: root
Enter password:
The bulletins which apply to but are not yet installed on this ESX host are listed.
 
---------Bulletin ID---------   ----------------Summary-----------------
ESXi410-201101201-SG            Updates the ESXi 4.1 firmware
ESXi410-201101202-UG            Updates the ESXi  4.1 VMware Tools
ESXi410-201101223-UG            3w-9xxx: scsi driver for VMware ESXi
ESXi410-201101224-UG            vxge: net driver for VMware ESXi
ESXi410-Update01                VMware ESXi 4.1 Complete Update 1

Install updates to host

[vi-admin@vMA repo]$ vihostupdate --server 10.0.100.20 --install --bundle http://10.0.101.14/repo/update-from-esxi4.1-4.1_update01.zip
Enter username: root
Enter password:
Please wait patch installation is in progress ...
The update completed successfully, but the system needs to be rebooted for the changes to be effective.
[vi-admin@vMA repo]$

While the update runs, you can also fol­low it’s progress in the vSphere Client


When the patch has com­pleted, and the host has been rebooted you can run the scan com­mand again to make sure all of the patches are installed and no longer required.

Man­age­ment

Now, down­load­ing the patches this way for each vMA instance you have (espe­cially if you have sev­eral remote sites) is not very effec­tive. Sure, you could place a cen­tral repos­i­tory at a cen­tral site and use that as your cen­tral update repos­i­tory. In that sce­nario you might as well just use the VMware vCen­ter Update Man­ager and not have to man­age your updates via vMA at all.

In some cases though, you would want to have the remote hosts install their updates from a local repos­i­tory. One such case might be if you have remote loca­tions with low bandwidth/high latency links that you don’t want to stress with the update downloads.

I’m inves­ti­gat­ing a pos­si­ble solu­tion for that as well, and I’ll post that as soon as I have work­ing proof of con­cept up and running.

Another thing to note, is that when you restart vMA the http ser­vice will be stopped again. If you want it to autostart each time vMA boots, issue the fol­low­ing command

[vi-admin@vMA repo]$ sudo ntsysv
Password:

This brings up a screen where you can choose which dae­mons should start at boot time inside of vMA.

Find httpd, select it and hit the OK but­ton. The next time vMA boots, the Apache web server starts with it.

Installing vSphere Management Assistant (vMA)

March 1, 11 //
0

The vMA is a Vir­tual Appli­ance that you can down­load from VMware. It’s pri­mary func­tion is to enable com­mand line based man­age­ment of your ESX/ESXi systems.

Basi­cally this is a pre-packaged vir­tual machine that  includes vCLI and the vSphere SDK for Perl, which means that you don’t have to build your own man­age­ment VM or install these tools locally on a man­age­ment station.

vMA is in many regards seen as a replace­ment for the ESX Ser­vice Con­sole which no longer is  present in ESXi.

Down­load­ing vSphere Man­age­ment Assis­tant (vMA)

Basi­cally there are two meth­ods you can use when deploy­ing vMA.

  1. Down­load the .OVF file to your local machine and upload it to your ESX/ESXi host.
    This is use­ful if you have already down­loaded the vMA appli­ance and plan on deploy­ing it to sev­eral hosts/clusters. This saves you from down­load­ing it sev­eral times, and you can even use Pow­er­CLI to auto­mate the deploy­ment of vMA, but I’m not going into that sce­nario this time around.
  2. Deploy the .OVF file directly from vmware.com, via the vSphere Client, to your host.

In this post, I’ll focus on how to deploy vMA using method 2 — Direct Deployment

Direct Deploy­ment of vMA

Start your vSphere Client and con­nect to your host or vCenter.

Nav­i­gate to “File”, find and select the “Deploy OVF tem­plate” option

This starts the OVF deploy­ment wiz­ard. In the “Deploy from a file or URL”  text box, enter the fol­low­ing URL: http://download3.vmware.com/software/vma/vMA-4.1.0.0–268837.ovf and click on “Next”.

Note: This URL is valid at the point of writ­ing, but might change at a later date when a new ver­sion is released by VMware.

The URL is now val­i­dated, and you are pre­sented with the OVF Tem­plate Details win­dow, where you can review the set­tings defined in the OVF file.

Click “Next”  to view and accept the VMware EULA. After read­ing it thro­r­oughly click on “Accept” and then on “Next” again to continue

Next up is the “Name and Loca­tion” screen, where you can cus­tomize the name of your vMA instance. If you are deploy­ing the sev­eral vMA instances to the same host/vCenter, you will need to change this to pre­vent nam­ing conflicts.

After nam­ing your vMA, click on “Next” again, and you’ll get pre­sented with the “Disk For­mat” screen. Here you can select between thin pro­vi­sioned or thick pro­vi­sioned disks, for this instal­la­tion I chose to change it to thin pro­vi­sioned, but the default is thick pro­vi­sioned disks.

After mak­ing your selec­tion, we once again click on “Next” and now we’re nearly there! Review the sum­mary screen to make sure you have selected the right options and  click on “Fin­ish” to finally  start the down­load and deploy­ment of your vMA.

The down­load starts, and a nice lit­tle progress win­dow shows you how far along you are.

Of course, the time it takes to deploy vMA this way is highly depen­dant on avail­able band­width and down­load speeds. In this par­tic­u­lar envi­ron­ment the down­load is esti­mated to take approx­i­mately 39 minutes.

Tip: If you want to deploy vMA in this man­ner, to sev­eral hosts, you can place the down­load­able vMA .OVF file on an acces­si­ble file share or http server and serve your local path or URL to your host via the vCen­ter Client as well. This is par­tic­u­larly use­ful in sce­nar­ios where your vCen­ter Client doesn’t have inter­net access or if you want to speed up deploy­ment by down­load­ing it only once, but with­out script­ing it.

Once the vMA has fin­ished down­load­ing and installing, it will pop up inside your vSphere Client on the host you deployed it to.

vMA Ini­tial Configuration

The first time you start vMA, it fires a con­fig­u­ra­tion wiz­ard to help you con­fig­ure it.
The wiz­ard guides you through the net­work setup and set­ting the vi-admin user password.


And there it is. Now you can use your favorite SSH client (Putty) to con­nect to the vMA, or by using the con­sole in the vSphere Client.

For details on using vMA and vCLI see the vSphere Man­age­ment Assis­tant (vMA) site. You can even add ESX/ESXi and vMA to your Active Direc­tory and use that as an authen­ti­ca­tion source, but I’ll leave that for another post on another day.