【VMware vSphere】安装配置Update Manager Download Service(UMDS)作为 vLCM 的下载存储库。

VMware vSphere Update Manager Download Service (UMDS) 是 vSphere Lifecycle Manager(vLCM) 的可选模块。我在之前文章中提到这个功能,当 vSphere 环境能够连接 Internet 时,我们可以使用 vLCM 的在线 Internet 下载源获取修补程序,当 vSphere 环境不能连接 Internet 时,您可以在您的环境中找到一台能够访问 Internet 的服务器安装 UMDS,通过配置 UMDS 下载升级、修补程序二进制文件和修补程序元数据并自动执行导出过程,最后在 vSphere Lifecycle Manager 配置 UMDS 下载存储库后即可实现与连接 Internet 在线下载库使用一样的效果。

UMDS 必须与 vSphere Lifecycle Manager 版本相同。例如,vSphere Lifecycle Manager 8.0 只能与 UMDS 8.0 配置使用,如果您使用的是新版本的 vSphere Lifecycle Manager,则 UMDS 也必须为相同的新版本。您无法升级 UMDS,您可以卸载当前版本的 UMDS,根据系统要求执行 UMDS 的全新安装,并使用之前已卸载的 UMDS 的修补程序存储。UMDS 8.0 支持修补程序撤消和通知。如果 VMware 发布的修补程序存在问题或可能存在问题,撤消修补程序后,UMDS 下载的修补程序数据会进行同步,vSphere Lifecycle Manager 那边同样会删除已撤消的修补程序。

只能在基于 Linux 的操作系统上安装 UMDS。不再支持在 Windows 计算机上安装 UMDS。UMDS 是 64 位应用程序,要求使用 64 位 Linux 系统。支持在以下 Linux 发行版上安装并使用 Update Manager Download Service (UMDS)  。通过在 Linux 上运行的 UMDS 下载修补程序时,不需要具有管理员级别访问权限。安装 UMDS 的计算机必须能够访问 Internet。

  • Ubuntu 14.04
  • Ubuntu 18.04
  • Ubuntu 18.04 LTS
  • Ubuntu 20.04 LTS
  • Red Hat Enterprise Linux 7.4
  • Red Hat Enterprise Linux 7.5
  • Red Hat Enterprise Linux 7.7
  • Red Hat Enterprise Linux 8.1
  • Red Hat Enterprise Linux 8.3
  • Red Hat Enterprise Linux 8.5
  • Red Hat Enterprise Linux 8.6
  • Red Hat Enterprise Linux 9.0

注意,使用 Red Hat Enterprise Linux 8.1 时,必须在部署了 UMDS 的系统上安装 libnsl 软件包版本 2.28 或更高版本。如果系统中不存在该软件包,UMDS 操作可能会失败,并显示以下错误:

加载共享库 libnsl.so.1 时出错: 无法打开共享对象文件: 无此类文件或目录 (Error while loading shared libraries: libnsl.so.1: cannot open shared object file: No such file or directory)。

一、UMDS 安装

本次环境准了一台 Ubuntu 20.04.6 LTS 服务器,对于 Linux 服务器的安装设置可以使用标准安装即可,配置好 DNS 和 NTP。

root@umds:~# cat /etc/os-release 
NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.6 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
root@umds:~# uname -a
Linux umds 5.4.0-144-generic #161-Ubuntu SMP Fri Feb 3 14:49:04 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
root@umds:~#

Linux 系统准备好以后,以 root 管理员 ssh 登陆到 shell,运行 apt-get update/upgrade 命令确保一切保持最新的状态。

root@umds:~# apt-get update
Hit:1 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal InRelease
Hit:2 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates InRelease
Hit:3 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-backports InRelease
Hit:4 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-security InRelease
Reading package lists... Done
root@umds:~# apt-get upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
  linux-generic linux-headers-generic linux-image-generic python3-update-manager ubuntu-advantage-tools update-manager-core
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
root@umds:~# 

在 vSphere 8.0 版本中,UMDS 8.0 安装包捆绑在 vCenter Server Appliance 8.0 的完整 ISO 安装镜像中。当前环境是 vCenter 8.0 U2b(内部版本号 23319993),解压 vCenter 的 ISO 镜像(VMware-VMvisor-Installer-8.0U2b-23305546.x86_64.iso)到本地并找到 umds 文件夹可以发现 UMDS 安装包,如下图所示。

将 UMDS 安装包上传到准备的 Linux 服务器,解压 UMDS 安装包并进入安装目录。

root@umds:~# ls -l
total 29424
drwx------ 3 root root     4096 Jun  6 10:31 snap
-rw-r--r-- 1 root root 30122205 Jun  6 12:25 VMware-UMDS-8.0.2.00200-12698893.tar.gz
root@umds:~# tar -zxvf VMware-UMDS-8.0.2.00200-12698893.tar.gz 
vmware-umds-distrib/
vmware-umds-distrib/share/
vmware-umds-distrib/share/VCI_base_postgresql.sql
vmware-umds-distrib/share/VCI_data_postgresql-100-110.sql
vmware-umds-distrib/share/VCI_data_postgresql-110-120.sql
vmware-umds-distrib/share/VCI_data_postgresql-120-130.sql
vmware-umds-distrib/share/VCI_data_postgresql-130-140.sql
vmware-umds-distrib/share/VCI_data_postgresql-140-150.sql
vmware-umds-distrib/share/VCI_data_postgresql-150-160.sql
vmware-umds-distrib/share/VCI_data_postgresql-160-170.sql
vmware-umds-distrib/share/VCI_data_postgresql-170-180.sql
vmware-umds-distrib/share/VCI_data_postgresql-180-190.sql
vmware-umds-distrib/share/VCI_data_postgresql-190-200.sql
vmware-umds-distrib/share/VCI_data_postgresql-200-210.sql
vmware-umds-distrib/share/VCI_data_postgresql-210-220.sql
vmware-umds-distrib/share/VCI_data_postgresql-220-230.sql
vmware-umds-distrib/share/VCI_data_postgresql-230-240.sql
vmware-umds-distrib/share/VCI_data_postgresql-240-250.sql
vmware-umds-distrib/share/VCI_data_postgresql-250-260.sql
vmware-umds-distrib/share/VCI_data_postgresql-260-270.sql
vmware-umds-distrib/share/VCI_data_postgresql-270-280.sql
vmware-umds-distrib/share/VCI_data_postgresql-280-290.sql
vmware-umds-distrib/share/VCI_data_postgresql-290-300.sql
vmware-umds-distrib/share/VCI_data_postgresql-300-310.sql
vmware-umds-distrib/share/VCI_data_postgresql-310-320.sql
vmware-umds-distrib/share/VCI_data_postgresql-320-330.sql
vmware-umds-distrib/share/VCI_data_postgresql-330-340.sql
vmware-umds-distrib/share/VCI_data_postgresql-340-350.sql
vmware-umds-distrib/share/VCI_data_postgresql-350-360.sql
vmware-umds-distrib/share/VCI_data_postgresql-360-370.sql
vmware-umds-distrib/share/VCI_data_postgresql-370-380.sql
vmware-umds-distrib/share/VCI_data_postgresql-380-390.sql
vmware-umds-distrib/share/VCI_noversion_postgresql_configuration.sql
vmware-umds-distrib/share/VCI_proc_postgresql-100-110.sql
vmware-umds-distrib/share/VCI_proc_postgresql-110-120.sql
vmware-umds-distrib/share/VCI_proc_postgresql-120-130.sql
vmware-umds-distrib/share/VCI_proc_postgresql-130-140.sql
vmware-umds-distrib/share/VCI_proc_postgresql-140-150.sql
vmware-umds-distrib/share/VCI_proc_postgresql-150-160.sql
vmware-umds-distrib/share/VCI_proc_postgresql-160-170.sql
vmware-umds-distrib/share/VCI_proc_postgresql-170-180.sql
vmware-umds-distrib/share/VCI_proc_postgresql-180-190.sql
vmware-umds-distrib/share/VCI_proc_postgresql-190-200.sql
vmware-umds-distrib/share/VCI_proc_postgresql-200-210.sql
vmware-umds-distrib/share/VCI_proc_postgresql-210-220.sql
vmware-umds-distrib/share/VCI_proc_postgresql-220-230.sql
vmware-umds-distrib/share/VCI_proc_postgresql-230-240.sql
vmware-umds-distrib/share/VCI_proc_postgresql-240-250.sql
vmware-umds-distrib/share/VCI_proc_postgresql-250-260.sql
vmware-umds-distrib/share/VCI_proc_postgresql-260-270.sql
vmware-umds-distrib/share/VCI_proc_postgresql-270-280.sql
vmware-umds-distrib/share/VCI_proc_postgresql-280-290.sql
vmware-umds-distrib/share/VCI_proc_postgresql-290-300.sql
vmware-umds-distrib/share/VCI_proc_postgresql-300-310.sql
vmware-umds-distrib/share/VCI_proc_postgresql-310-320.sql
vmware-umds-distrib/share/VCI_proc_postgresql-320-330.sql
vmware-umds-distrib/share/VCI_proc_postgresql-330-340.sql
vmware-umds-distrib/share/VCI_proc_postgresql-340-350.sql
vmware-umds-distrib/share/VCI_proc_postgresql-350-360.sql
vmware-umds-distrib/share/VCI_proc_postgresql-360-370.sql
vmware-umds-distrib/share/VCI_proc_postgresql-370-380.sql
vmware-umds-distrib/share/VCI_proc_postgresql-380-390.sql
vmware-umds-distrib/share/VCI_proc_postgresql.sql
vmware-umds-distrib/share/VCI_table_postgresql-100-110.sql
vmware-umds-distrib/share/VCI_table_postgresql-110-120.sql
vmware-umds-distrib/share/VCI_table_postgresql-120-130.sql
vmware-umds-distrib/share/VCI_table_postgresql-130-140.sql
vmware-umds-distrib/share/VCI_table_postgresql-140-150.sql
vmware-umds-distrib/share/VCI_table_postgresql-150-160.sql
vmware-umds-distrib/share/VCI_table_postgresql-160-170.sql
vmware-umds-distrib/share/VCI_table_postgresql-170-180.sql
vmware-umds-distrib/share/VCI_table_postgresql-180-190.sql
vmware-umds-distrib/share/VCI_table_postgresql-190-200.sql
vmware-umds-distrib/share/VCI_table_postgresql-200-210.sql
vmware-umds-distrib/share/VCI_table_postgresql-210-220.sql
vmware-umds-distrib/share/VCI_table_postgresql-220-230.sql
vmware-umds-distrib/share/VCI_table_postgresql-230-240.sql
vmware-umds-distrib/share/VCI_table_postgresql-240-250.sql
vmware-umds-distrib/share/VCI_table_postgresql-250-260.sql
vmware-umds-distrib/share/VCI_table_postgresql-260-270.sql
vmware-umds-distrib/share/VCI_table_postgresql-270-280.sql
vmware-umds-distrib/share/VCI_table_postgresql-280-290.sql
vmware-umds-distrib/share/VCI_table_postgresql-290-300.sql
vmware-umds-distrib/share/VCI_table_postgresql-300-310.sql
vmware-umds-distrib/share/VCI_table_postgresql-310-320.sql
vmware-umds-distrib/share/VCI_table_postgresql-320-330.sql
vmware-umds-distrib/share/VCI_table_postgresql-330-340.sql
vmware-umds-distrib/share/VCI_table_postgresql-340-350.sql
vmware-umds-distrib/share/VCI_table_postgresql-350-360.sql
vmware-umds-distrib/share/VCI_table_postgresql-360-370.sql
vmware-umds-distrib/share/VCI_table_postgresql-370-380.sql
vmware-umds-distrib/share/VCI_table_postgresql-380-390.sql
vmware-umds-distrib/share/VCI_undo_postgresql.sql
vmware-umds-distrib/share/odbc.ini.postgres.tpl
vmware-umds-distrib/share/odbc.ini.tpl
vmware-umds-distrib/share/odbcinst.ini.tpl
vmware-umds-distrib/share/vci_pm_audit_postgresql_trigger.sql
vmware-umds-distrib/share/vci_pm_config_postgresql_procs-230-240.sql
vmware-umds-distrib/share/vci_pm_depot_addons_removed_components_postgresql_trigger.sql
vmware-umds-distrib/share/vci_pm_last_applied_commit_postgresql_trigger.sql
vmware-umds-distrib/share/vci_pm_policy_postgresql_trigger.sql
vmware-umds-distrib/share/vci_pm_task_postgresql_trigger.sql
vmware-umds-distrib/EULA
vmware-umds-distrib/vmware-install.pl
vmware-umds-distrib/bin/
vmware-umds-distrib/bin/7z
vmware-umds-distrib/bin/7z.so
vmware-umds-distrib/bin/vmware-umds
vmware-umds-distrib/bin/vmware-vciInstallUtils
vmware-umds-distrib/bin/downloadConfig.xml
vmware-umds-distrib/bin/umds
vmware-umds-distrib/bin/vciInstallUtils
vmware-umds-distrib/bin/vciInstallUtils_config.xml
vmware-umds-distrib/bin/vmware-updatemgr-wrapper
vmware-umds-distrib/lib/
vmware-umds-distrib/lib/libcares.so.2
vmware-umds-distrib/lib/libcom_err.so.3
vmware-umds-distrib/lib/libcrypto.so.3
vmware-umds-distrib/lib/libcurl.so.4
vmware-umds-distrib/lib/libdcerpc.so.1
vmware-umds-distrib/lib/libexpat.so
vmware-umds-distrib/lib/libgcc_s.so
vmware-umds-distrib/lib/libgcc_s.so.1
vmware-umds-distrib/lib/libgssapi_krb5.so
vmware-umds-distrib/lib/libintegrity-types.so
vmware-umds-distrib/lib/libk5crypto.so
vmware-umds-distrib/lib/libkrb5.so
vmware-umds-distrib/lib/libkrb5support.so
vmware-umds-distrib/lib/liblber.so
vmware-umds-distrib/lib/libldap_r-2.4.so.2
vmware-umds-distrib/lib/liblsaclient.so.0
vmware-umds-distrib/lib/liblsacommon.so.0
vmware-umds-distrib/lib/liblwadvapi.so.0
vmware-umds-distrib/lib/liblwadvapi_nothr.so.0
vmware-umds-distrib/lib/liblwbase.so.0
vmware-umds-distrib/lib/liblwbase_nothr.so.0
vmware-umds-distrib/lib/liblwioclient.so.0
vmware-umds-distrib/lib/liblwiocommon.so.0
vmware-umds-distrib/lib/liblwioshareinfo.so.0
vmware-umds-distrib/lib/liblwmsg.so.0
vmware-umds-distrib/lib/liblwmsg_nothr.so.0
vmware-umds-distrib/lib/libodbc.so.2
vmware-umds-distrib/lib/libregclient.so.0
vmware-umds-distrib/lib/libregcommon.so.0
vmware-umds-distrib/lib/librsutils.so.0
vmware-umds-distrib/lib/libsasl2.so.3
vmware-umds-distrib/lib/libschannel.so.0
vmware-umds-distrib/lib/libssl.so.3
vmware-umds-distrib/lib/libssoclient.so
vmware-umds-distrib/lib/libstdc++.so
vmware-umds-distrib/lib/libstdc++.so.6
vmware-umds-distrib/lib/libufa-agent.so
vmware-umds-distrib/lib/libufa-common.so
vmware-umds-distrib/lib/libufa-types.so
vmware-umds-distrib/lib/libuuid.so.0
vmware-umds-distrib/lib/libvci-registrar.so
vmware-umds-distrib/lib/libvci-vcIntegrity.so
vmware-umds-distrib/lib/libvim-types.so
vmware-umds-distrib/lib/libvmacore.so
vmware-umds-distrib/lib/libvmafdclient.so.0
vmware-umds-distrib/lib/libvmcaclient.so.0
vmware-umds-distrib/lib/libvmomi.so
vmware-umds-distrib/lib/libvsanmgmt-types.so
vmware-umds-distrib/lib/libz.so.1
root@umds:~# ls -l
total 29428
drwx------ 3 root root     4096 Jun  6 10:31 snap
-rw-r--r-- 1 root root 30122205 Jun  6 12:25 VMware-UMDS-8.0.2.00200-12698893.tar.gz
drwxr-xr-x 5 root root     4096 Jan  1  2000 vmware-umds-distrib
root@umds:~# cd vmware-umds-distrib/
root@umds:~/vmware-umds-distrib# ls -l
total 92
drwxr-xr-x 2 root root  4096 Jan  1  2000 bin
-r-xr-xr-x 1 root root 33313 Jan  1  2000 EULA
drwxr-xr-x 2 root root  4096 Jan  1  2000 lib
drwxr-xr-x 2 root root  4096 Jan  1  2000 share
-r-xr-xr-x 1 root root 44745 Jan  1  2000 vmware-install.pl
root@umds:~/vmware-umds-distrib#

运行 ./vmware-install.pl 文件,开始安装并接受 EULA 协议。安装配置过程保持默认即可,根据需要可自行设置 Proxy 代理地址。

Do you accept? (yes/no) yes

Thank you.

Installing VMware Update Manager Download Service.

Logs would be store at /var/log/vmware/vmware-updatemgr/umds
Creating the log directory if required....

In which directory do you want to install Download service? 
[/usr/local/vmware-umds] 

The path "/usr/local/vmware-umds" does not exist currently. This program is 
going to create it, including needed parent directories. Is this what you want?
[yes] 

Let us setup some things for you...

Do you need proxy to connect to internet? [no] 

One more thing...we need a storage location to store patches. Make sure you 
have enough space in that location

Where do you want download service to store patches 
[/var/lib/vmware-umds] 

The path "/var/lib/vmware-umds" does not exist currently. This program is going
to create it, including needed parent directories. Is this what you want? 
[yes] 

The installation of VMware Update Manager Download Service 8.0.2 build-23319993
completed successfully. You can decide to remove this software from your system
at any time by invoking the following command: 
"/usr/local/vmware-umds/vmware-uninstall-umds.pl".

Enjoy,

--the VMware team

二、UMDS 配置

UMDS 默认安装在 /usr/local/vmware-umds 目录,我们可以进入 bin 目录使用 vmware-umds 二进制文件命令配置 UMDS 服务。

root@umds:~# /usr/local/vmware-umds/bin/vmware-umds --help
Allowed Options:

Basic Commands:
  -h [ --help ]                       Show this message
  -D [ --download ]                   Download updates based on the current 
                                      configuration
  -E [ --export ]                     Export all updates that have been 
                                      downloaded.
  -R [ --re-download ]                Re-download existing updates that may be 
                                      corrupted and download new updates. Use 
                                      this command only if you suspect UMDS 
                                      patch store is corrupted.
  -S [ --set-config ]                 Setup UMDS configuration
  -G [ --get-config ]                 Print current UMDS configuration
  -v [ --version ]                    Print UMDS version
  -i [ --info-level ] arg             The level of information shown on the 
                                      console: <verbose|info>. Use this along 
                                      with download, export or re-download 
                                      operation only
  -L [ --list-host-platforms ]        List all suppported ESX platforms for 
                                      download

Optional argument for export:
  -x [ --export-store ] arg           Destination directory for export 
                                      operation (Overrides setting from 
                                      configuration)

Arguments for set-config:
  -u [ --add-url ] arg                Add a URL to the configuration for 
                                      downloading updates. Requires url-type
  -r [ --url-type ] arg               Type of URL: <HOST>, HOST for ESX 6.x 
                                      (HOST is the only supported type 
                                      currently). Use with add-url
  -l [ --remove-url ] arg             Remove URL from the configuration
  -P [ --patch-store ] arg            Configure location for storing updates 
                                      after download
  -o [ --default-export-store ] arg   Configure location for exporting updates
  -p [ --proxy ] arg                  Configure proxy server settings. Format 
                                      is host:port. Use --proxy "" to disable 
                                      proxy
  -Y [ --enable-host ]                Enable ESX host update downloads for all 
                                      platforms
  -N [ --disable-host ]               Disable ESX host update downloads for all
                                      platforms
  -e [ --enable-host-platform ] arg   Enable ESX host update downloads for 
                                      specified platforms. Specify multiple 
                                      platforms separated by whitespace
  -d [ --disable-host-platform ] arg  Disable ESX host update downloads for 
                                      specified platforms. Specify multiple 
                                      platforms separated by whitespace


  Examples:

	To add a new ESX host patch depot URL
		vmware-umds -S --add-url https://hostname/index.xml --url-type HOST

	To remove a URL
		vmware-umds -S --remove-url https://hostname/index.xml

	To list all supported platforms for downloading ESX host updates
		vmware-umds --list-host-platforms

	To enable downloading of ESX host updates
		vmware-umds -S --enable-host

	To enable downloading of only ESXi 6.7.0 host updates
		vmware-umds -S --enable-host
		vmware-umds -S -e embeddedEsx-6.7.0

	To disable downloading of only ESXi 6.7.0 host updates
		vmware-umds -S --disable-host
		vmware-umds -S -d embeddedEsx-6.7.0

	To download updates based on the current configuration
		vmware-umds -D

	To export all downloaded updates to F:\UMDS-store
		vmware-umds -S --default-export-store F:\UMDS-store
		vmware-umds -E
	OR
		vmware-umds -E --export-store F:\UMDS-store

root@umds:~#

使用 -v 选项查看当前 UMDS 安装版本。

root@umds:~# /usr/local/vmware-umds/bin/vmware-umds -v
VMware Update Manager Download Service 8.0.2.0 Build = 23319993
root@umds:~#

使用 -G 选项查看当前 UMDS 配置设置。

root@umds:~# /usr/local/vmware-umds/bin/vmware-umds -G
Configured URLs
URL Type Removable URL
HOST     NO       https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
HOST     NO       https://hostupdate.vmware.com/software/VUM/PRODUCTION/addon-main/vmw-depot-index.xml
HOST     NO       https://hostupdate.vmware.com/software/VUM/PRODUCTION/iovp-main/vmw-depot-index.xml
HOST     NO       https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmtools-main/vmw-depot-index.xml

Patch store location  : /var/lib/vmware-umds
Export store location : 
Proxy Server          : Not configured

Host patch content download: enabled
Host Versions for which patch content will be downloaded:
esxio-8.0-INTL
embeddedEsx-6.7.0-INTL
embeddedEsx-7.0-INTL
embeddedEsx-8.0-INTL
root@umds:~#

根据获取到的 UMDS 默认配置信息,让我们来了解一下每项配置的含义和作用:

  • Configured URLs 配置项里默认有四个下载源,分别对应 vLCM 配置中的修补程序下载源地址,可以使用 vmware-umds -S --remove-url 或者 vmware-umds -S --add-url 命令移除或增加一个下载地址,比如第三方OEM厂商的下载源,--url-type 指定下载源的类型,如 HOST。
  • Patcch store localtion 配置项为我们安装的时候配置的 UMDS 默认修补程序下载的保存目录,可以使用 vmware-umds -S --patch-store 命令修改默认位置。
  • Export store localtion 配置项是 vLCM 所使用的默认目录,可以使用 vmware-umds -S --default-export-store 命令修改这个目录,当前设置为空,后面会设置这个地方。
  • Proxy Server 配置项是设置 UMDS 服务器的网络代理地址,可以使用 vmware-umds -S --proxy 命令配置一个代理地址,如 proxy-ip:port,使用 --proxy "" 地址为空来关闭代理。
  • Host patch content download 配置项表示是否开启 ESXi 主机的修补程序下载,可以使用 vmware-umds -S --enable-host 或者 vmware-umds -S --disable-host 命令开启或关闭这个功能。
  • Host Versions for which patch content will be downloaded 配置项表示设置需要下载的 ESXi 主机的修补程序版本,可以使用  vmware-umds -L 命令列出当前设置的所有版本,使用 vmware-umds -S --enable-host-platform 或者 vmware-umds -S --disable-host-platform 命令增加或移除要下载的修补程序版本。

根据实际需要自定义修改配置,比如,当前 vSphere 环境中没有 vSphere 6.7 和 vSphere 7.0 的主机,那么可以把配置下载的修补程序版本给移除掉,而无需浪费不必要的网络带宽和存储空间。

root@umds:~# /usr/local/vmware-umds/bin/vmware-umds -S --disable-host-platform embeddedEsx-6.7.0-INTL
Setting up UMDS configuration
Host update downloads for platform embeddedEsx-6.7.0-INTL: Disabled
root@umds:~# /usr/local/vmware-umds/bin/vmware-umds -S --disable-host-platform embeddedEsx-7.0-INTL
Setting up UMDS configuration
Host update downloads for platform embeddedEsx-7.0-INTL: Disabled
root@umds:~# /usr/local/vmware-umds/bin/vmware-umds -L
Supported ESX Host platforms:
esxio-8.0-INTL
embeddedEsx-8.0-INTL
root@umds:~# 

如果一切没有问题,我们可以使用 vmware-umds -D 命令开始下载主机修复程序,怀疑 UMDS 修补程序存储已损坏时,可以使用 vmware-umds -R 命令重新下载可能已损坏的现有更新并下载新的更新。因为下载的内容比较多或比较慢,我们可以在运行下载任务时,开始准备 WEB 服务器。通过 UMDS 下载了修补程序文件,现在需要设置一个 Export 目录并发布共享存储库。我这里使用 nginx 作为 web 服务器,直接运行 apt-get install nginx 命令安装并运行 nginx 服务。

root@umds:~# apt-get install nginx
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libnginx-mod-http-image-filter
  libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libtiff5 libwebp6 libxpm4 nginx-common nginx-core
Suggested packages:
  libgd-tools fcgiwrap nginx-doc ssl-cert
The following NEW packages will be installed:
  fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libnginx-mod-http-image-filter
  libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libtiff5 libwebp6 libxpm4 nginx nginx-common nginx-core
0 upgraded, 17 newly installed, 0 to remove and 6 not upgraded.
Need to get 2,438 kB of archives.
After this operation, 7,925 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal/main amd64 fonts-dejavu-core all 2.37-1 [1,041 kB]
Get:2 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal/main amd64 fontconfig-config all 2.13.1-2ubuntu3 [28.8 kB]
Get:3 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal/main amd64 libfontconfig1 amd64 2.13.1-2ubuntu3 [114 kB]
Get:4 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 libjpeg-turbo8 amd64 2.0.3-0ubuntu1.20.04.3 [118 kB]
Get:5 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal/main amd64 libjpeg8 amd64 8c-2ubuntu8 [2,194 B]
Get:6 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 libjbig0 amd64 2.1-3.1ubuntu0.20.04.1 [27.3 kB]
Get:7 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 libwebp6 amd64 0.6.1-2ubuntu0.20.04.3 [185 kB]
Get:8 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 libtiff5 amd64 4.1.0+git191117-2ubuntu0.20.04.12 [164 kB]
Get:9 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 libxpm4 amd64 1:3.5.12-1ubuntu0.20.04.2 [34.9 kB]
Get:10 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 libgd3 amd64 2.2.5-5.2ubuntu2.1 [118 kB]
Get:11 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 nginx-common all 1.18.0-0ubuntu1.4 [37.7 kB]
Get:12 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 libnginx-mod-http-image-filter amd64 1.18.0-0ubuntu1.4 [14.8 kB]
Get:13 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 libnginx-mod-http-xslt-filter amd64 1.18.0-0ubuntu1.4 [13.0 kB]
Get:14 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 libnginx-mod-mail amd64 1.18.0-0ubuntu1.4 [42.9 kB]
Get:15 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 libnginx-mod-stream amd64 1.18.0-0ubuntu1.4 [67.4 kB]
Get:16 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 nginx-core amd64 1.18.0-0ubuntu1.4 [425 kB]
Get:17 http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 nginx all 1.18.0-0ubuntu1.4 [3,620 B]
Fetched 2,438 kB in 3s (900 kB/s)  
Preconfiguring packages ...
Selecting previously unselected package fonts-dejavu-core.
(Reading database ... 72467 files and directories currently installed.)
Preparing to unpack .../00-fonts-dejavu-core_2.37-1_all.deb ...
Unpacking fonts-dejavu-core (2.37-1) ...
Selecting previously unselected package fontconfig-config.
Preparing to unpack .../01-fontconfig-config_2.13.1-2ubuntu3_all.deb ...
Unpacking fontconfig-config (2.13.1-2ubuntu3) ...
Selecting previously unselected package libfontconfig1:amd64.
Preparing to unpack .../02-libfontconfig1_2.13.1-2ubuntu3_amd64.deb ...
Unpacking libfontconfig1:amd64 (2.13.1-2ubuntu3) ...
Selecting previously unselected package libjpeg-turbo8:amd64.
Preparing to unpack .../03-libjpeg-turbo8_2.0.3-0ubuntu1.20.04.3_amd64.deb ...
Unpacking libjpeg-turbo8:amd64 (2.0.3-0ubuntu1.20.04.3) ...
Selecting previously unselected package libjpeg8:amd64.
Preparing to unpack .../04-libjpeg8_8c-2ubuntu8_amd64.deb ...
Unpacking libjpeg8:amd64 (8c-2ubuntu8) ...
Selecting previously unselected package libjbig0:amd64.
Preparing to unpack .../05-libjbig0_2.1-3.1ubuntu0.20.04.1_amd64.deb ...
Unpacking libjbig0:amd64 (2.1-3.1ubuntu0.20.04.1) ...
Selecting previously unselected package libwebp6:amd64.
Preparing to unpack .../06-libwebp6_0.6.1-2ubuntu0.20.04.3_amd64.deb ...
Unpacking libwebp6:amd64 (0.6.1-2ubuntu0.20.04.3) ...
Selecting previously unselected package libtiff5:amd64.
Preparing to unpack .../07-libtiff5_4.1.0+git191117-2ubuntu0.20.04.12_amd64.deb ...
Unpacking libtiff5:amd64 (4.1.0+git191117-2ubuntu0.20.04.12) ...
Selecting previously unselected package libxpm4:amd64.
Preparing to unpack .../08-libxpm4_1%3a3.5.12-1ubuntu0.20.04.2_amd64.deb ...
Unpacking libxpm4:amd64 (1:3.5.12-1ubuntu0.20.04.2) ...
Selecting previously unselected package libgd3:amd64.
Preparing to unpack .../09-libgd3_2.2.5-5.2ubuntu2.1_amd64.deb ...
Unpacking libgd3:amd64 (2.2.5-5.2ubuntu2.1) ...
Selecting previously unselected package nginx-common.
Preparing to unpack .../10-nginx-common_1.18.0-0ubuntu1.4_all.deb ...
Unpacking nginx-common (1.18.0-0ubuntu1.4) ...
Selecting previously unselected package libnginx-mod-http-image-filter.
Preparing to unpack .../11-libnginx-mod-http-image-filter_1.18.0-0ubuntu1.4_amd64.deb ...
Unpacking libnginx-mod-http-image-filter (1.18.0-0ubuntu1.4) ...
Selecting previously unselected package libnginx-mod-http-xslt-filter.
Preparing to unpack .../12-libnginx-mod-http-xslt-filter_1.18.0-0ubuntu1.4_amd64.deb ...
Unpacking libnginx-mod-http-xslt-filter (1.18.0-0ubuntu1.4) ...
Selecting previously unselected package libnginx-mod-mail.
Preparing to unpack .../13-libnginx-mod-mail_1.18.0-0ubuntu1.4_amd64.deb ...
Unpacking libnginx-mod-mail (1.18.0-0ubuntu1.4) ...
Selecting previously unselected package libnginx-mod-stream.
Preparing to unpack .../14-libnginx-mod-stream_1.18.0-0ubuntu1.4_amd64.deb ...
Unpacking libnginx-mod-stream (1.18.0-0ubuntu1.4) ...
Selecting previously unselected package nginx-core.
Preparing to unpack .../15-nginx-core_1.18.0-0ubuntu1.4_amd64.deb ...
Unpacking nginx-core (1.18.0-0ubuntu1.4) ...
Selecting previously unselected package nginx.
Preparing to unpack .../16-nginx_1.18.0-0ubuntu1.4_all.deb ...
Unpacking nginx (1.18.0-0ubuntu1.4) ...
Setting up libxpm4:amd64 (1:3.5.12-1ubuntu0.20.04.2) ...
Setting up nginx-common (1.18.0-0ubuntu1.4) ...
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /lib/systemd/system/nginx.service.
Setting up libjbig0:amd64 (2.1-3.1ubuntu0.20.04.1) ...
Setting up libnginx-mod-http-xslt-filter (1.18.0-0ubuntu1.4) ...
Setting up libwebp6:amd64 (0.6.1-2ubuntu0.20.04.3) ...
Setting up fonts-dejavu-core (2.37-1) ...
Setting up libjpeg-turbo8:amd64 (2.0.3-0ubuntu1.20.04.3) ...
Setting up libjpeg8:amd64 (8c-2ubuntu8) ...
Setting up libnginx-mod-mail (1.18.0-0ubuntu1.4) ...
Setting up fontconfig-config (2.13.1-2ubuntu3) ...
Setting up libnginx-mod-stream (1.18.0-0ubuntu1.4) ...
Setting up libtiff5:amd64 (4.1.0+git191117-2ubuntu0.20.04.12) ...
Setting up libfontconfig1:amd64 (2.13.1-2ubuntu3) ...
Setting up libgd3:amd64 (2.2.5-5.2ubuntu2.1) ...
Setting up libnginx-mod-http-image-filter (1.18.0-0ubuntu1.4) ...
Setting up nginx-core (1.18.0-0ubuntu1.4) ...
Setting up nginx (1.18.0-0ubuntu1.4) ...
Processing triggers for ufw (0.36-6ubuntu1.1) ...
Processing triggers for systemd (245.4-4ubuntu3.23) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.16) ...
root@umds:~# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-06-06 14:00:37 CST; 20s ago
       Docs: man:nginx(8)
   Main PID: 60808 (nginx)
      Tasks: 9 (limit: 19101)
     Memory: 8.9M
     CGroup: /system.slice/nginx.service
             ├─60808 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
             ├─60809 nginx: worker process
             ├─60810 nginx: worker process
             ├─60811 nginx: worker process
             ├─60812 nginx: worker process
             ├─60813 nginx: worker process
             ├─60814 nginx: worker process
             ├─60815 nginx: worker process
             └─60816 nginx: worker process

Jun 06 14:00:37 umds systemd[1]: Starting A high performance web server and a reverse proxy server...
Jun 06 14:00:37 umds systemd[1]: Started A high performance web server and a reverse proxy server.
root@umds:~#

完成 nginx 安装和服务的启动,需对 nginx 配置做一些修改,配置文件 /etc/nginx/sites-enabled/default 如下所示。通过对 nginx 配置,需要重启 nginx 服务。设置 web 服务器的下载目录为 /umds ,需在 UMDS 服务器根目录创建 umds 目录。

root@umds:~# mkdir /umds
root@umds:~# vim /etc/nginx/sites-enabled/default
root@umds:~# cat /etc/nginx/sites-enabled/default | grep -v '#'
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	index index.html index.htm index.nginx-debian.html;

        server_name  localhost;

        location / {
        root /umds;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        charset utf-8;
        }

}
root@umds:~# systemctl restart nginx
root@umds:~#

通过上面的配置,现在你应该能使用 UMDS 服务器的域名访问到 web 下载服务器,但是现在还没有内容,将 UMDS 的 Export 目录配置为 web 服务器下载目录 /umds ,使用 vmware-umds -S --default-export-store 命令配置目录,使用 vmware-umds -G 命令查看配置。

root@umds:~# /usr/local/vmware-umds/bin/vmware-umds -S --default-export-store /umds
Setting up UMDS configuration
Directory for exporting updates: /umds
root@umds:~# /usr/local/vmware-umds/bin/vmware-umds -G
Configured URLs
URL Type Removable URL
HOST     NO       https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
HOST     NO       https://hostupdate.vmware.com/software/VUM/PRODUCTION/addon-main/vmw-depot-index.xml
HOST     NO       https://hostupdate.vmware.com/software/VUM/PRODUCTION/iovp-main/vmw-depot-index.xml
HOST     NO       https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmtools-main/vmw-depot-index.xml

Patch store location  : /var/lib/vmware-umds
Export store location : /umds
Proxy Server          : Not configured

Host patch content download: enabled
Host Versions for which patch content will be downloaded:
esxio-8.0-INTL
embeddedEsx-8.0-INTL
root@umds:~#

现在访问 web 服务器应该没有任何内容,之前通过 vmware-umds -D 命令下载修补程序如果已经完成,使用 vmware-umds -E 命令开始 Export 到 /umds 目录。如果任务完成,再次访问 web 服务器,可以看到 UMDS 下载的修补程序。

三、vLCM 设置

完成对 UMDS 的安装和配置后,现在可以到 vLCM 配置指向 UMDS 存储库的下载源了。导航到 Lifecycle Manager-设置-系统管理-修补程序设置。

点击“更改下载源”,将下载源类型更改为 UMDS 并配置 UMDS 服务器的下载地址,保存设置。

点击“同步更新”。

获取元数据正常,现在你可以通过 vLCM 使用 UMDS 存储库中的修补程序来管理 vSphere 的生命周期了。

四、UMDS 调度

通过上面的设置,你应该可以正常使用 UMDS 服务器作为 vLCM的下载存储库了,不过使用 UMDS 的这个过程需要手动完成,其实我们可以创建一个自动化任务,让 UMDS 去下载修补程序并 Export 的过程自动完成。我们可以将 Download 和 Export 这两个动作分成两个脚本,以便可以让 Crontab 程序在不同的时间调度不同的任务。

运行 UMDS 下载的脚本 umds-download.sh 和运行 UMDS 导出的脚本 umds-export.sh 如下,将这两个脚本文件放在 UMDS 服务器的 /usr/local/sbin/ 目录并增加执行权限。

root@umds:~# vim umds-download.sh
root@umds:~# cat umds-download.sh
/usr/local/vmware-umds/bin/vmware-umds -D
root@umds:~# vim umds-export.sh
root@umds:~# cat umds-export.sh 
/usr/local/vmware-umds/bin/vmware-umds -E
root@umds:~# mv umds-* /usr/local/sbin/
root@umds:~# chmod +x /usr/local/sbin/umds-*
root@umds:~# ls -l /usr/local/sbin/umds-*
-rwxr-xr-x 1 root root 42 Jun  6 17:48 /usr/local/sbin/umds-download.sh
-rwxr-xr-x 1 root root 42 Jun  6 17:49 /usr/local/sbin/umds-export.sh
root@umds:~#

Crontab 使用语法。

# ┌───────────── minute (0 - 59)
# │ ┌───────────── hour (0 - 23)
# │ │ ┌───────────── day of the month (1 - 31)
# │ │ │ ┌───────────── month (1 - 12)
# │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday)
# │ │ │ │ │
# │ │ │ │ │
# │ │ │ │ │
# * * * * * <command to execute>

使用 crontab -e 命令添加定时任务,第一条表示每天凌晨12点的时候执行下载任务脚本,第二条表示每天凌晨3点的时候执行导出任务脚本。

root@umds:~# crontab -e
no crontab for root - using an empty one

Select an editor.  To change later, run 'select-editor'.
  1. /bin/nano        <---- easiest
  2. /usr/bin/vim.basic
  3. /usr/bin/vim.tiny
  4. /bin/ed

Choose 1-4 [1]: 2
crontab: installing new crontab
root@umds:~# crontab -l | grep -v '#' | grep -v '^$'
0 0 * * * /usr/local/sbin/umds-download.sh
0 3 * * * /usr/local/sbin/umds-export.sh
root@umds:~#

Crontab 服务状态。

root@umds:~# systemctl status cron.service 
● cron.service - Regular background program processing daemon
     Loaded: loaded (/lib/systemd/system/cron.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-06-06 16:17:11 CST; 2h 3min ago
       Docs: man:cron(8)
   Main PID: 899 (cron)
      Tasks: 1 (limit: 19099)
     Memory: 1.9M
     CGroup: /system.slice/cron.service
             └─899 /usr/sbin/cron -f

Jun 06 16:17:11 umds systemd[1]: Started Regular background program processing daemon.
Jun 06 16:17:11 umds cron[899]: (CRON) INFO (pidfile fd = 3)
Jun 06 16:17:11 umds cron[899]: (CRON) INFO (Running @reboot jobs)
Jun 06 17:17:01 umds CRON[3947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 06 17:17:01 umds CRON[3955]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Jun 06 17:17:01 umds CRON[3947]: pam_unix(cron:session): session closed for user root
Jun 06 18:17:01 umds CRON[5532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 06 18:17:01 umds CRON[5533]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Jun 06 18:17:01 umds CRON[5532]: pam_unix(cron:session): session closed for user root
root@umds:~#

参考:《VMware vSphere Lifecycle Manager 产品文档》

热门相关:呆萌配腹黑:倒追男神1000次   极品仙师   呆萌小青梅:妖孽竹马太腹黑   黄金渔村   娇女种田,掌家娘子俏夫郎