Software Content Repository Tool 5.0 Guide Software Content Repository Tool 5.0 vCenter Configuration Manager 5.7 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Software Content Repository Tool 5.0 Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com © 2006–2013 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents About This Book 5 Introduction to the Software Content Repository Tool 7 Preparing for SCR Tool Installation 9 Installing the VCM Agent on the Linux and UNIX Machines to be Managed Selecting and Preparing the Host Machine Establish User Credentials Place Trusted Certificates in the Key Store Verifying Access to External Sites Installing the Prerequisite Software for the SCR Tool Install the SCR Tool Software Download the Java Runtime Environment Test the Java Runtime Environment Installatio
Software Content Repository Tool 5.0 Guide 4 VMware, Inc.
About This Book The VMware vCenter Configuration Manager Software Content Repository Tool Guide provides information about the following topics. n Preparing the host machine for components and tools. n Installing and configure components and tools. n Using the tool to download patch content. n Troubleshooting errors that might occur. Intended Audience This document contains information intended for system administrators who must patch machines in their network.
Software Content Repository Tool 5.0 Guide Technical Support and Education Resources The following technical support resources are available to you. To access the current version of this book and other books, go to http://www.vmware.com/support/pubs. Online and Telephone To use online support to submit technical support requests, view your Support product and contract information, and register your products, go to http://www.vmware.com/support.
Introduction to the Software Content Repository Tool 1 The Software Content Repository (SCR) Tool is a standalone Java client software application that builds a repository of Linux and UNIX patches and downloads operating system (OS) vendor patch content to the repository. The SCR Tool downloads patch content from vendor Web sites, which you use to patch Linux and UNIX machines. These files include patch signature files (.pls), and OS vendor patch content files (.rpm, .gz, .tar, .
Software Content Repository Tool 5.0 Guide Figure 1–1. How to Download Patches with the SCR Tool After you download patches from the vendor Web site, you must use VCM to assess your Linux and UNIX machines and deploy the patches using the machine group mapping in VCM Patching. For information about assessments, see the VCM Administration Guide and the VCM online Help. 8 VMware, Inc.
2 Preparing for SCR Tool Installation Before you install the SCR Tool, you must complete several prerequisite tasks.
Software Content Repository Tool 5.0 Guide To download content for each supported platform for patch deployment, the minimum recommended storage is 810GB. Table 2–1. Estimated Host Support for Patch Storage on Platforms Supported Platform Minimum Storage Required for Patch Content Files and Payload AIX 130GB HP-UX 15GB Mac OS X 210GB Red Hat 70GB Solaris 325GB SUSE 60GB Prerequisite n If you install the SCR Tool on a 64-bit Red Hat machine, verify that 64-bit Java is installed.
Preparing for SCR Tool Installation What to do next n As your patch content increases because of downloads and storing patch content files and payload, you must monitor the available disk space on the SCR Tool host machine to avoid disk space problems. The patch content grows over time as vendors release new patches and content. n Verify that the Linux and UNIX machines to be managed by VCM meet the system requirements. See the VCM Installation Guide.
Software Content Repository Tool 5.0 Guide Platform SCR Tool must Access SUSE https://you.novell.com/update/ https://nu.novell.com/repo/$RCE/ Solaris https://getupdates.oracle.com/ HP-UX https://itrc.hp.com/service/ https://ftp.itrc.hp.com/wpsl AIX 12 http://www7b.software.ibm.com/ VMware, Inc.
Installing the Prerequisite Software for the SCR Tool 3 The SCR Tool uses several types of software. You must install and test the required software on a supported host machine, then you install the Software Content Repository Tool on the host machine.
Software Content Repository Tool 5.0 Guide After you extract the SCR Tool files, a root directory contains the subdirectories and files for the supported Linux and UNIX platforms. This information refers to the root directory as scr_root. Download the Java Runtime Environment You download the Java Runtime Environment (JRE) to support the SCR Tool on the host machine. Prerequisites n Verify that you can access http://www.java.com. Procedure 1. Access the Java Web site. 2. Click Downloads. 3.
Installing the Prerequisite Software for the SCR Tool Procedure 1. Locate and download the Java Cryptography Extension. If the download page does not detect your Java version, manually locate the correct JCE package. 2. In the JCE zip file, locate the README.txt file. 3. Follow the instructions in the README.txt file to install the JCE on the SCR Tool host machine. VMware, Inc.
Software Content Repository Tool 5.0 Guide 16 VMware, Inc.
Configuring the Red Hat Host Machine 4 Configuring the Red Hat machine to host the SCR Tool includes reviewing the directory structure, granting permission to the patch repository, updating the properties file, connecting the VCM managed machines to the SCR Tool, and setting the logging levels and output file names.
Software Content Repository Tool 5.0 Guide Procedure 1. Open the SCR Tool root directory. This is the directory where you unzipped the .tar.gz file. 2. Verify that the .pls files are stored in the subdirectories for each platform. The subdirectories include ./aix, ./hpux, ./osx, ./redhat-nca, ./solaris, and ./suse-nca. The platform-nca directories indicate new content architecture directories that have alternative locations. 3.
Configuring the Red Hat Host Machine Prerequisites n Review the properties file parameters in preparation to update the properties files. See "Properties File Parameters" on page 19. n For Red Hat: When files differ between a Red Hat client, a Red Hat server, and architectures, such as x86 and x64 versions, you must generate individual properties files for the client, server, and each architecture in the SCR root directory. For example: scr_root/conf/RedHat_version_or_ arch.properties. Procedure 1.
Software Content Repository Tool 5.0 Guide platform The platform parameter specifies the type of patch content to download. platform=platform_name arch The arch parameter must include one or more valid architecture strings for the specified platform. Multiple values must be comma separated without spaces. arch=arch_type1,arch_type2,... dist dist=distribution_name For Red Hat and SUSE platforms, the dist parameter is required. Multiple values must be comma separated without spaces. Table 4–1.
Configuring the Red Hat Host Machine index index=VMware57.xml Do not modify. program program="." Do not modify. extractOSX For the Mac OS X platform only. If the value is true, PLP files for the Mac OS X content are extracted. When run, this parameter specifies to extract the embedded .dmg vendor patch files from the corresponding .plp files. When used with any other platform, this parameter has no effect.
Software Content Repository Tool 5.0 Guide n If the value is true, the SCR Tool validates every payload file for every .pls file, whether it is new, modified, or unchanged. n If the value is false, or not provided, the SCR Tool downloads and loops through each new or modified .pls file. The process downloads any payload data, which includes .plp files and vendor patch files that correspond to each downloaded .pls file. dependencyCheck Turns off dependent RPM download for Linux platforms.
Configuring the Red Hat Host Machine Platform Channel AIX 6_1 7_1 technologylevel_aix61 technologylevel_aix71 OSX 10_6 10_7 10_8 applications downloadPayload If the value is true, all patches are downloaded. If the value is false, only the patches with UIDs that are included in the cache request folder are downloaded. If the value is false and there is no cache request XML, the content is processed but no patches are downloaded.
Software Content Repository Tool 5.0 Guide {8E4D5C21-51A6-43B0-AA63-DBB5B51DD9D2} {DD1A967A-CB04-4C30-A18F-6C46A5568019} {E3A8AF68-58EA-4B71-B6E2-173230C3EF64} proxyServer Proxy server IP address. proxyServer=IP_address proxyPort Proxy server port. proxyPort=port_number proxyUser User ID for proxy server authentication.
Configuring the Red Hat Host Machine Connect the VCM Managed Machines to the SCR Tool To establish communication between the managed machines and the host machine, connect the VCM managed machines to the SCR Tool. Procedure Connect the managed machines to the SCR Tool. You must take this action for each platform type. n Create a mount point to the respective platform directory on the SCR Tool machine that contains the patch payload for the platform.
Software Content Repository Tool 5.0 Guide n SEVERE n WARNING (valid, but not used) n INFO (recommended for production) n CONFIG (valid, but not used) n FINE (debug) n FINER (debug) n FINEST (debug) 5. To customize log file names, change the output java.util.logging.FileHandler.pattern=path parameter. a. Verify that the java.util.logging.FileHandler.pattern=path entry includes the path. For example: ../logs/scr-messages-rh-%g.log b.
Managing Patch Content with the SCR Tool 5 The SCR Tool downloads patch content files from the Content Download Network (CDN), which is managed by Akamai, the hosted content service provider. The SCR Tool obtains any additional patches from the Red Hat, AIX (IBM), SUSE, HP-UX, and Solaris vendor Web sites and saves those patches in your defined directories. The SCR Tool performs delta downloads.
Software Content Repository Tool 5.0 Guide Schedule Downloads You can use OS schedulers, such as cron or at, to automate the process to replicate the patchs. Automating the patch replication process is preferable, because the download process might require you to run the startup file more than once to retrieve all of the content for a particular vendor. The SCR Tool does not provide embedded scheduling.
Managing Patch Content with the SCR Tool #!/bin/sh cd scr_root/bin echo "### Get all new unix content" ./start_all_nix_replication.sh 10. Set the mode of the file to executable. chmod +x SCR The script runs daily and synchronizes your patch content. Maintain the Software Content Repository You can monitor the log files and activities to maintain the patch repository and its performance.
Software Content Repository Tool 5.0 Guide 30 VMware, Inc.
6 Troubleshooting the SCR Tool The SCR Tool troubleshooting information provides procedures to diagnose and fix problems that you might encounter when you use the SCR Tool or download patch content.
Software Content Repository Tool 5.0 Guide Solution Verify that the SCR Tool host machine has enough memory to run the patch replications, or run fewer concurrent replications. Each patch replication is configured to require between 512MB of RAM minimum and 2GB maximum. Content Download Network Connection Error The connection between the SCR Tool and the Content Download Network (CDN) might disconnect occasionally. Problem The SCR Tool cannot connect to the CDN.
Troubleshooting the SCR Tool delete them. 4. On the SCR Tool host machine, from the scr_root/conf directory, open the properties file and verify that it is updated with the new username and encrypted password. 5. Run the replication process again. Session Login to Red Hat Fails An incorrect entry in the Red Hat .properties file causes the session login from the Software Content Repository (SCR) Tool to fail.
Software Content Repository Tool 5.0 Guide RHSA-2007:0779-04 getPackage/mailman-2.1.5.1-34.rhel4.6.i386.rpm at com.lumension.scr.pojo.SCPackage.download(SCPackage.java:472) at com.lumension.scr.client.StandaloneSCRepositoryClient .download (StandaloneSCRepositoryClient.java:389) at com.lumension.scr.client.StandaloneSCRepositoryClient .process (StandaloneSCRepositoryClient.java:328) at com.lumension.scr.client.StandaloneSCRepositoryClient .main (StandaloneSCRepositoryClient.
Troubleshooting the SCR Tool HP-UX Service Authentication Fails The HP-UX service validates authentication through the use of a trusted certificate. Problem The HP-UX Software Assistant performs checks for published security issues, installed patches that have warnings, and missing patches that have critical fixes. The HP-UX Software Assistant checks certificates to ensure a secure connection.
Software Content Repository Tool 5.0 Guide INFO: Starting Standalone Repository Client Mar 12, 2013 6:19:48 AM com.lumension.scr.log.CommonsLogging info INFO: Using runtime profile : solariskarl-rt Mar 12, 2013 6:19:48 AM com.lumension.scr.log.CommonsLogging info INFO: System Configuration: ( {keyFile=./vmware.plk, folder=/SCR/download, platform=SOLARIS, configlog=../logs/Solaris-Config.log, user=you@yourdomain.com, dependencyCheck=false, program=".
Troubleshooting the SCR Tool Solution Review and correct the proxy server parameters in the properties file used to download patch content for the Linux or UNIX platform, including the IP address, port, user ID for authentication, and encrypted password. Mismatch in Number of Patches The number of patches on the vendor download site exceeds the number of patches verified by the SCR Tool host machine.
Software Content Repository Tool 5.0 Guide Problem When you attempt to download patch content, an error occurs on the OS vendor download Web site. For example: Mar 24, 2011 3:33:19 PM sun.net.www.protocol.http.HttpURLConnection getInputStream FINE: HYPERLINK "mailto:sun.net.www.MessageHeader@1a4e8a118" sun.net.www.MessageHeader@1a4e8a118 pairs: {null: HTTP/1.
Troubleshooting the SCR Tool Mar 29, 2011 12:59:01 PM com.lumension.scr.util.Utils downloadFromURL SEVERE: com.lumension.scr.exception.UnableToAccesURL: Unable to access URL 4. Use the message results in the log file to resolve the error, then attempt to download the patch content from the entitled OS vendor site again. Obsolete Patches Cause the Download to Fail Solaris patches that are no longer available cause the patch download to fail.
Software Content Repository Tool 5.0 Guide Connection Refused Errors A Java error indicates that the connection from the SCR Tool to the vendor download site was refused. Problem When you interactively run a replication process, or in the cron logs when you use cron, a Connection refused error can occur. This type of error resembles the following message. java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.
Troubleshooting the SCR Tool Problem When you run a replication process interactively, or in the cron logs when you use cron, a null pointer error can occur. This type of error resembles the following message. Apr 8, 2011 8:51:13 PM com.lumension.scr.client.StandaloneSCRepositoryClient process SEVERE: Error Processing Content Download Request. java.lang.NullPointerException at com.lumension.scr.pojo.SCPackage.download(SCPackage.java:416) at com.lumension.scr.client.StandaloneSCRepositoryClient.
Software Content Repository Tool 5.0 Guide 42 VMware, Inc.
Index A accessing external sites 11 agent machines 9 C certificates for HP-UX 11, 35 checkPayload option 22 configuring host machine 17 connecting to machines 25 Content Download Network 27 custom logging 25 D directory structure 17 downloads delta 27 HP-UX error 35 Java Cryptography Extension 14 Java Runtime Environment 14 patch content 27 patch errors 38 Red Hat patch error 33 schedule 28 E errors CDN 32 connection refused 40 HP-UX download 35 HP service authentication 35 HTTP connection 39 insufficie
Software Content Repository Tool 5.0 Guide V VCM Patching 7 44 VMware, Inc.
