Software Content Repository Tool 6.1 Guide Software Content Repository Tool 6.1 vRealize Configuration Manager 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Software Content Repository Tool 6.1 Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com © 2006–2015 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents About This Book 5 Introduction to the Software Content Repository Tool 7 Preparing for SCR Tool Installation 9 Installing the VCM Agent on the Linux and UNIX Machines to be Managed Selecting and Preparing the Host Machine Establish User Credentials Place Trusted Certificates in the Key Store Verifying Access to External Sites Installing the Prerequisite Software for the SCR Tool Install the SCR Tool Software Download the Java Runtime Environment Test the Java Runtime Environment Installatio
Software Content Repository Tool 6.1 Guide Index 4 45 VMware, Inc.
About This Book The VMware vRealize Configuration Manager Software Content Repository Tool Guide provides information about the following topics. n Preparing the host machine for components and tools. n Installing and configure components and tools. n Using the tool to download patch content. n Troubleshooting errors that might occur. Intended Audience This document contains information intended for system administrators who must patch machines in their network.
Software Content Repository Tool 6.1 Guide Technical Support and Education Resources The following technical support resources are available to you. To access the current version of this book and other books, go to http://www.vmware.com/support/pubs. Online and Telephone To use online support to submit technical support requests, view your Support product and contract information, and register your products, go to http://www.vmware.com/support.
Introduction to the Software Content Repository Tool 1 The Software Content Repository (SCR) Tool is a standalone Java client software application that builds a repository of Linux and UNIX patches and downloads operating system (OS) vendor patch content to the repository. The SCR Tool downloads patch content from vendor Web sites, which you use to patch Linux and UNIX machines. These files include patch signature files (.pls), and OS vendor patch content files (.rpm, .gz, .tar, .
Software Content Repository Tool 6.1 Guide Figure 1–1. How to Download Patches with the SCR Tool After you download patches from the vendor Web site, you must use VCM to assess your Linux and UNIX machines and deploy the patches using the machine group mapping in VCM Patching. For information about assessments, see the VCM Administration Guide and the VCM online Help. 8 VMware, Inc.
2 Preparing for SCR Tool Installation Before you install the SCR Tool, you must complete several prerequisite tasks.
Software Content Repository Tool 6.1 Guide You can install the SCR Tool on a 64-bit Red Hat Enterprise Linux Server machine running version 6. You can also install the SCR Tool on a 64-bit Red Hat Enterprise Linux Server machine running version 7. IMPORTANT Use the host machine exclusively to run the SCR Tool and serve as the patch repository. To download content for each supported platform for patch deployment, the minimum recommended storage is 950 GB. Table 2–1.
Preparing for SCR Tool Installation 8. If you download Red Hat content, verify that the Red Hat Network (RHN) Management and Update entitlements are available and associated with the credentials so that SCR can download the RHN content. 9. Verify that the SCR Tool host machine has sufficient memory for the replicated files. Linux files require up to 2 GB of memory. All other machines require 1 GB by default. 10.
Software Content Repository Tool 6.1 Guide Table 2–2. Access from SCR Tool to External Sites Platform SCR Tool must Access All platforms http://configuresoft.cdn.lumension.com/configuresoft http://novell.cdn.lumension.com/ https://a248.e.akamai.net/f/60/59258/2d/ http://vmware.cdn.lumension.com/ AIX http://www7b.software.ibm.com/ CentOS http://vault.centos.org You can also use the mirrors returned from the Web service at: http://mirrorlist.centos.org HP-UX https://itrc.hp.com/service/ https://ftp.
Installing the Prerequisite Software for the SCR Tool 3 The SCR Tool uses several types of software. You must install and test the required software on a supported host machine, then you install the Software Content Repository Tool on the host machine.
Software Content Repository Tool 6.1 Guide After you extract the SCR Tool files, a root directory contains the subdirectories and files for the supported Linux and UNIX platforms. This information refers to the root directory as scr_root. Download the Java Runtime Environment You download the Java Runtime Environment (JRE) to support the SCR Tool on the host machine. Prerequisites n Verify that you can access http://www.java.com. Procedure 1. Access the Java Web site. 2. Click Downloads. 3.
Installing the Prerequisite Software for the SCR Tool Procedure 1. Locate and download the Java Cryptography Extension. If the download page does not detect your Java version, manually locate the correct JCE package. 2. In the JCE zip file, locate the README.txt file. 3. Follow the instructions in the README.txt file to install the JCE on the SCR Tool host machine. VMware, Inc.
Software Content Repository Tool 6.1 Guide 16 VMware, Inc.
Configuring the Red Hat Host Machine 4 Configuring the Red Hat machine to host the SCR Tool includes reviewing the directory structure, granting permission to the patch repository, updating the properties file, connecting the VCM managed machines to the SCR Tool, and setting the logging levels and output file names.
Software Content Repository Tool 6.1 Guide Procedure 1. Open the SCR Tool root directory. This is the directory where you unzipped the .tar.gz file. 2. Verify that the .pls files are stored in the subdirectories for each platform. The subdirectories include ./aix, ./centos-nca-*, ./hpux, ./oracle-nca-*, ./osx, ./redhatnca, ./solaris, and ./suse-nca. The platform-nca directories indicate new content architecture directories that have alternative locations. 3.
Configuring the Red Hat Host Machine For Red Hat: If files differ between a Red Hat client and a Red Hat server, such as x86 versus x64, you must generate a separate scr_root/conf/.properties file for each. Prerequisites n Review the properties file parameters in preparation to update the properties files. See "Properties File Parameters" on page 20.
Software Content Repository Tool 6.1 Guide Properties File Parameters You can use the properties file parameters to customize the download process that replicates the patch content on the SCR Tool host machine. The following parameters are available. platform The platform parameter specifies the type of patch content to download. platform=platform_name arch The arch parameter must include one or more valid architecture strings for the specified platform.
Configuring the Red Hat Host Machine keyfile keyfile=string Do not modify. key key=string Do not modify. index index=VMware573.xml Do not modify. program program="." Do not modify. extractOSX For the Mac OS X platform only. If the value is true, PLP files for the Mac OS X content are extracted. When run, this parameter specifies to extract the embedded .dmg vendor patch files from the corresponding .plp files. When used with any other platform, this parameter has no effect.
Software Content Repository Tool 6.1 Guide configlog=config_log_file_path/filename.log checkPayload checkPayload=true or false Enables the SCR Tool to audit and verify payload content for .pls files. If the .pls files do not match the .pls or .plp files, this option causes the SCR Tool to download or replace the payload files. This parameter defaults to false if not included in the properties file or not explicitly set to true. The value is set to true by default in each properties file.
Configuring the Red Hat Host Machine Platform Channel Oracle Enterprise Linux (OEL) orae5, orae6, orae7 OSX 10_6 10_7 10_8 applications Red Hat client-5 server-5 workstation-6 server-6 client-7 workstation-7 server-7 Solaris sol10 SUSE SLES10-Updates SLES10-SP1 SLES10-SP2 SLES10-SP3 SLES10-SP4 SLES11-Updates SLES11-SP1 SLES11-SP2 SLES11-SP3 downloadPayload If the value is true, all patches are downloaded.
Software Content Repository Tool 6.1 Guide where identifier = 'RHBA-2007:0622-02' To include the prerequisites for the patch, use the following queries. select name, [uid],prerequisite_uids from ecm_sysdat_patch_pls where identifier = 'RHBA-2007:0622-02' To include the prerequisites for the prerequisite patches, use the following query where {13A7294C2D7C-4CA2-AD7D-10592D79C9B9} is a prerequisite for RHBA-2007:0622-02.
Configuring the Red Hat Host Machine proxyUser=string proxyPwd Encrypted password for the proxy server. This password is generated using the lumension_encryptor_ tool.sh script. proxyPwd=string tmpDir Temporary working directory that the AIX patch replication script uses to download and create .tar.gz files. Although the AIX patches are comprised of files, the SCR Tool and VCM depend on the .tar.gz files for patch deployment.
Software Content Repository Tool 6.1 Guide Set Logging Levels and Output File Names The SCR Tool provides flexible logging settings and properties to customize your logging levels. The logging levels and output file names reside in the individual -rt.properties file for each platform type. Table 4–3. Property Files with Logging Levels and Output File Names Platform Properties File Name AIX scr_root/conf/aix-rt.properties CentOS scr_root/conf/centos-rt.properties HP-UX scr_root/conf/hp-rt.
Configuring the Red Hat Host Machine a. Verify that the java.util.logging.FileHandler.pattern=path entry includes the path. For example: ../logs/scr-messages-rh-%g.log b. To generate distinct file names, use special substitution variables. Variable Description / Local path name separator. %t System temporary directory. %h Value of the user.home system property. %g Generated number to distinguish rotated logs. %u Unique number to resolve conflicts. %% Translates to a single percent sign %. 4.
Software Content Repository Tool 6.1 Guide 28 VMware, Inc.
Managing Patch Content with the SCR Tool 5 The SCR Tool downloads patch content files from the Content Download Network (CDN), which is managed by Akamai, the hosted content service provider. The SCR Tool obtains any additional patches from the AIX (IBM), CentOS, HP-UX, Mac OS X, Oracle Enterprise Linux (OEL), Red Hat, SUSE, and Solaris vendor Web sites, and saves those patches in your defined directories. The SCR Tool performs delta downloads.
Software Content Repository Tool 6.1 Guide Schedule Downloads You can use OS schedulers, such as cron or at, to automate the process to replicate the patches. Automating the patch replication process is preferable, because the download process might require you to run the startup file more than once to retrieve all of the content for a particular vendor. The SCR Tool does not provide embedded scheduling.
Managing Patch Content with the SCR Tool 7. Change directory to /etc/cron.daily. 8. Use the following command to create a new file. vim SCR 9. Add the following content to the file to begin the patch replication process, and save the file. #!/bin/sh cd scr_root/bin echo "### Get all new unix content" ./start_all_nix_replication.sh 10. Set the mode of the file to executable. chmod +x SCR The script runs daily and synchronizes your patch content.
Software Content Repository Tool 6.1 Guide 32 VMware, Inc.
6 Troubleshooting the SCR Tool The SCR Tool troubleshooting information provides procedures to diagnose and fix problems that you might encounter when you use the SCR Tool or download patch content.
Software Content Repository Tool 6.1 Guide Solution Verify that the SCR Tool host machine has enough memory to run the patch replications, or run fewer concurrent replications. Each patch replication is configured to require between 512 MB of RAM minimum and 2 GB maximum. Content Download Network Connection Error The connection between the SCR Tool and the Content Download Network (CDN) might disconnect occasionally. Problem The SCR Tool cannot connect to the CDN.
Troubleshooting the SCR Tool delete them. 4. On the SCR Tool host machine, from the scr_root/conf directory, open the properties file and verify that it is updated with the new username and encrypted password. 5. Run the replication process again. Session Login to Red Hat Fails An incorrect entry in the Red Hat .properties file causes the session login from the Software Content Repository (SCR) Tool to fail.
Software Content Repository Tool 6.1 Guide RHSA-2007:0779-04 getPackage/mailman-2.1.5.1-34.rhel4.6.i386.rpm at com.lumension.scr.pojo.SCPackage.download(SCPackage.java:472) at com.lumension.scr.client.StandaloneSCRepositoryClient .download (StandaloneSCRepositoryClient.java:389) at com.lumension.scr.client.StandaloneSCRepositoryClient .process (StandaloneSCRepositoryClient.java:328) at com.lumension.scr.client.StandaloneSCRepositoryClient .main (StandaloneSCRepositoryClient.
Troubleshooting the SCR Tool HP-UX Service Authentication Fails The HP-UX service validates authentication through the use of a trusted certificate. Problem The HP-UX Software Assistant performs checks for published security issues, installed patches that have warnings, and missing patches that have critical fixes. The HP-UX Software Assistant checks certificates to ensure a secure connection.
Software Content Repository Tool 6.1 Guide INFO: Starting Standalone Repository Client Mar 12, 2013 6:19:48 AM com.lumension.scr.log.CommonsLogging info INFO: Using runtime profile : solariskarl-rt Mar 12, 2013 6:19:48 AM com.lumension.scr.log.CommonsLogging info INFO: System Configuration: ( {keyFile=./vmware.plk, folder=/SCR/download, platform=SOLARIS, configlog=../logs/Solaris-Config.log, user=you@yourdomain.com, dependencyCheck=false, program=".
Troubleshooting the SCR Tool Solution Review and correct the proxy server parameters in the properties file used to download patch content for the Linux or UNIX platform, including the IP address, port, user ID for authentication, and encrypted password. Mismatch in Number of Patches The number of patches on the vendor download site exceeds the number of patches verified by the SCR Tool host machine.
Software Content Repository Tool 6.1 Guide Problem When you attempt to download patch content, an error occurs on the OS vendor download Web site. For example: Mar 24, 2011 3:33:19 PM sun.net.www.protocol.http.HttpURLConnection getInputStream FINE: HYPERLINK "mailto:sun.net.www.MessageHeader@1a4e8a118" sun.net.www.MessageHeader@1a4e8a118 pairs: {null: HTTP/1.
Troubleshooting the SCR Tool SEVERE: com.lumension.scr.exception.UnableToAccesURL: Unable to access URL 4. Use the message results in the log file to resolve the error, then attempt to download the patch content from the entitled OS vendor site again. Obsolete Patches Cause the Download to Fail Solaris patches that are no longer available cause the patch download to fail. Problem Solaris patch downloads fail on patches with names that begin with SUN. These errors resemble the following entries.
Software Content Repository Tool 6.1 Guide Connection Refused Errors A Java error indicates that the connection from the SCR Tool to the vendor download site was refused. Problem When you interactively run a replication process, or in the cron logs when you use cron, a Connection refused error can occur. This type of error resembles the following message. java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.
Troubleshooting the SCR Tool Problem When you run a replication process interactively, or in the cron logs when you use cron, a null pointer error can occur. This type of error resembles the following message. Apr 8, 2011 8:51:13 PM com.lumension.scr.client.StandaloneSCRepositoryClient process SEVERE: Error Processing Content Download Request. java.lang.NullPointerException at com.lumension.scr.pojo.SCPackage.download(SCPackage.java:416) at com.lumension.scr.client.StandaloneSCRepositoryClient.
Software Content Repository Tool 6.1 Guide 44 VMware, Inc.
Index A accessing external sites 11 agent machines 9 C certificates for HP-UX 11, 37 checkPayload option 22 configuring host machine 17 connecting to machines 25 Content Download Network 29 custom logging 26 D directory structure 17 downloads delta 29 HP-UX error 37 Java Cryptography Extension 14 Java Runtime Environment 14 patch content 29 patch errors 40 Red Hat patch error 35 schedule 30 E errors CDN 34 connection refused 42 HP-UX download 37 HP service authentication 37 HTTP connection 41 insufficie
Software Content Repository Tool 6.1 Guide V VCM Patching 7 46 VMware, Inc.
