Download vCF Upgrade Bundles using a proxy server

Download vCF Upgrade Bundles using a proxy server

The usual way to download the upgrade bundles in VMware Cloud Foundation 3.5 is in the SDDC Manager Dashboard. After entering the credentials of your My VMware account under Administration –> Repository Settings in the SDDC Manager, you will find the bundles in Repository –> Bundles as described in the official documentation.
I won’t describe the whole process how to patch the vCF environment, as it is well documented in the vCF Operations and Administration Guide.

If however you have to use a proxy server to connect to the internet, you might face a couple of issues. I had to open a SR with VMware to be able to download the update bundles through a proxy server, and wanted to share the outcome of this investigation as it is not (yet) documented in the VMware documentation.

Problem description

To be able to update the Cloud Foundation environment (e.g. from 3.5 to 3.5.1) you first need to download the update bundles. To do so, you first have to define your My VMware credentials in the Repository Settings.

 

 

 

If your company enforces the use of a proxy server for internet connectivity, the validation of the My VMware credentials may fail due to a timeout error.

Please note that vCF 3.5 (and 3.5.1) does not support the use of any proxy server requiring authentication! If however you have the possibility to connect through a proxy which does not require specific authentication, you can follow the procedure below.

 

The solution

In SDDC Manager

The chapter “Use a Proxy Server to Download Upgrade Bundles” in the Administration guide describes how to configure a proxy server for the SDDC Manager by editing the file “application-prod.properties”, and then restart the lcm.

Note that the path in the documentation is not correct for version 3.5.
“Open the /opt/vmware/vcf/lcm-app/conf/application-prod.properties file.” <– The correct path to the configuration file in my appliance was /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties.

– Connect to the SDDC appliance VM as vcf user, then type su to identify as root.
– Open the file /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties in your favourite text editor (e.g. vi)
– Add the following lines to the end of the file:
   lcm.depot.adapter.proxyEnabled=true
   lcm.depot.adapter.proxyHost=proxy IP address
   lcm.depot.adapter.proxyPort=proxy port
– Save the file
– Restart lcm with following command: systemctl restart lcm
– Wait 5 minutes

Download the update bundles manually

In my case the procedure as it was documented did not work, which is why I downloaded the bundles manually.
This process is documented in chapter “Manually Download Update Bundles”.

Basically you have to connect to the SDDC Manager appliance console, generate a markerfile, then download the markerfile and markerfile-md5, but also a tool called lcm-bundle-transfer-util to a PC which has access to the internet.

And there lies the issue. If the company-policy includes all servers and workstations, there’s a chance that the “computer with internet access” as it is being referred to in the documentation needs to connect through a proxy, too. This however is not documented.

When you try to download the bundles manually by using the lcm-bundle-transfer-util you enter following command (PowerShell or Command Line):

C:\Users\MyUSER\Desktop\vCF\lcm-tools\bin> .\lcm-bundle-transfer-util.bat -download -outputDirectory C:\Users\MyUSER\Desktop\vCF\Download -depotUser MyVMware-Account -markerFile C:\Users\MyUSER\Desktop\vCF\markerFile -markerMd5File C:\Users\MyUSER\Desktop\vCF\markerFile.md5

If your PC or VM you’re using connects through a proxy to the internet, you might see following error message:

Enter depot user password:
Validating the depot user credentials...
Got exception while downloading manifest index [/evo/vmw/index]: Connect to depot.vmware.com:443 [depot.vmware.com/23.54.113.177] failed: Connection refused: connect
Exception in thread "main" com.vmware.evo.sddc.lcm.model.depot.exception.DepotConnectionFailureException: Error downloading manifest [/evo/vmw/index] from depot.vmware.com:443
        at com.vmware.evo.sddc.lcm.bundle.download.depot.DepotBundleDownloadServiceImpl.validateUser(DepotBundleDownloadServiceImpl.java:162)
        at com.vmware.evo.sddc.lcm.tools.bundletransfer.BundleTransferUtilityDownloader.validateUser(BundleTransferUtilityDownloader.java:91)
        at com.vmware.evo.sddc.lcm.tools.bundletransfer.BundleTransferUtilityHelper.downloadBundleFiles(BundleTransferUtilityHelper.java:177)
        at com.vmware.evo.sddc.lcm.tools.bundletransfer.BundleTransferUtility.downloadBundles(BundleTransferUtility.java:125)
        at com.vmware.evo.sddc.lcm.tools.bundletransfer.BundleTransferUtility.process(BundleTransferUtility.java:111)
        at com.vmware.evo.sddc.lcm.tools.bundletransfer.BundleTransferUtility.parse(BundleTransferUtility.java:51)
        at com.vmware.evo.sddc.lcm.tools.bundletransfer.BundleTransferUtility.main(BundleTransferUtility.java:159)

Please note the “Connection refused” return while connecting to the  server depot.vmware.com.

 

Modify the lcm-bundle-transfer-util configuration file

To be able to download the update bundle, you’ll have to edit the file application-prod.properties which is in the folder lcm-tools\conf you downloaded.

Add following lines to your file:

lcm.depot.adapter.proxyEnabled=true
lcm.depot.adapter.proxyHost=Your-Proxy-IP
lcm.depot.adapter.proxyPort=Your-Proxy-Port

This will result in following file:

spring.profiles=evo
spring.profiles.active=evo,production,evosddc,depot
lcm.debug.output.tmp.dir=/var/log/vmware/vcf/lcm/tools/debugtool/tmp
lcm.debug.output.dir=/var/log/vmware/vcf/lcm/tools/debugtool
lcm.rest.api.uri=http://127.0.0.1:7400

################### Dasrksite tool properties ########################
lcm.bundle.download.default.dir=${user.home}/downloadedBundles
lcm.tools.group=vcf

################### Depot properties ########################
lcm.depot.adapter.certificateCheckEnabled=false
lcm.depot.adapter.port=443
lcm.depot.adapter.host=depot.vmware.com
lcm.depot.adapter.remote.rootDir=/PROD2
lcm.depot.adapter.remote.repoDir=/evo/vmw
lcm.depot.adapter.remote.index.filename=index
lcm.depot.adapter.local.baseDir=${user.home}/downloadedBundles
lcm.depot.adapter.enableBundleSignatureValidation=true

lcm.depot.adapter.proxyEnabled=true
lcm.depot.adapter.proxyHost=Your-Proxy-IP
lcm.depot.adapter.proxyPort=Your-Proxy-Port

################### LCM BUNDLE DOWNLOAD PROPERTIES ########################
lcm.maximum.supported.bundle.manifest.version=8

Save the file, then retry the command in Powershell or Command line:

C:\Users\MyUSER\Desktop\vCF\lcm-tools\bin> .\lcm-bundle-transfer-util.bat -download -outputDirectory C:\Users\MyUSER\Desktop\vCF\Download -depotUser MyVMware-Account -markerFile C:\Users\MyUSER\Desktop\vCF\markerFile -markerMd5File C:\Users\MyUSER\Desktop\vCF\markerFile.md5
Enter depot user password:
Validating the depot user credentials...
Computed the delta of the bundles that are to be downloaded and output is written to: C:\Users\myUSER\Desktop\vCF\Download\deltaFileDownloaded
******************************************************************************************************************
Bundle Id Bundle Size (in MB)
******************************************************************************************************************
6fb582d4-a1de-42f4-993b-4e6a93ea66e1 12009,0 MB
825afb22-fc0b-4cc8-8c26-48d9f79f8c4a 12845,0 MB
80b6235e-4b87-4e64-ac76-8dadd9c8d636 4068,0 MB
8558cb7a-ef68-4d27-8d62-862a8ab15e17 2563,0 MB
28124dd4-5908-401c-b695-d8681cb98b44 6921,0 MB
******************************************************************************************************************
Do you want to continue [y/n]?

Now you may continue the next steps in the documentation to update VMware Cloud Foundation.

I was able to patch my nested environment from 3.5 to 3.5.1 with this method in almost no time.

Happy patching!

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.