Dear VMware: Pick a Common (SUPPORTED) Virtual Appliance OS…Please….

Caution: Articles written for technical not grammatical accuracy, If poor grammar offends you proceed with caution ;-)

One of my pet peeves is that each virtual appliance coming out of VMware is that each different virtual appliance released by them is based on a different OS. Some of these do not even have documented methods for updating the OS. We all know that no matter what OS is running on a system, there will be updates for stability and security. Almost every time I begin an engagement with a customer and it involves using a virtual appliance, their security wonks get all pissy with me and I need to show that I have the latest security patches installed before I even connect the appliance to their network.

This all started with the HealthCheck Appliance, which is a tool available to partners. Its running Ubuntu 7.10 Server JEOS. Great! It is an unsupported, deprecated OS. If you know anything about Ubuntu, you know that the “Long Term Support” (LTS) versions are released every other year. So, the latest LTS version is 8.04 and the previous is 6.06. No big deal, right?

Now to further complicate things, the VMware Data Recovery appliance and the vSphere Management Assistant run completely different OS versions. The VDR runs CentOS with a kernel version 2.6.18-92-el5. The vMA runs RedHat Enterprise Linux with a kernel version 2.6.18-128.1.1.el5.

Updating the vHA

The documentation that comes with the vHA explains how to update the OS using apt-get, and it explains it in such a way that anyone can do it. BUT…Ubuntu 7.10 has been deprecated and the repositories were recently removed. Running apt-get update results in a bunch of http 404 errors because the repositories are no longer where the OS thinks they belong. Now what?

I did a quick search on google and found a blog post on NewAdventuresInSoftware about a work around, so thanks goes out to Dan Dyer for providing this solution. Its pretty straight forward and I added how to install VMware Tools to it. The 7.10 repositories haven’t been completely removed, they were just moved to a different url: http://old-releases.ubuntu.com/releases. The apt-get utility uses the file “/etc/apt/sources.list” to determine where to go for patches and software packages. In order to upgrade the OS to 8.04, you need to install the update-manager-core first and then upgrade the OS. So, you need to point apt-get to the new url to install the update-manager-core package and all the dependancies. But, before upgrading the OS, you need to point back to the original repositories, because that is where the 8.04 packages reside. Here is a step-by-step list of how to get this done:

1. Make a backup copy of the /etc/apt/sources.list file:

sudo cp /etc/apt/sources.list.710

Edit the original file:

sudo vi /etc/apt/sources.list

Comment out any reference to a CDROM using #

Use the global search and replace command in vi to change the references:

:%s/us.archive/old-releases/g

Save and quit:

:wq

Install the update-manager-core package and all dependancies:

sudo apt-get install update-manager-core

Copy the original sources.list file back because it gets changed during the upgrade:

sudo cp /etc/apt/sources.list /etc/apt/sources.list.updt
sudo cp /etc/apt/sources.list.710 /etc/apt/sources.list

Edit the original sources.list:

sudo vi /etc/apt/sources.list

Comment out any reference to a CDROM using #

Save and quit:

:wq

Run the OS upgrade routine:

sudo do-release-upgrade

Install the packages required for VMware Tools to be compiled:

sudo apt-get install linux-headers-server build-essential

Install VMware Tools as listed in the instructions (Replace the ?.?.?-?????? with the proper tools version)

mount /cdrom
cp /cdrom/VMwareTools-?.?.?-??????.i386.tar.gz /tmp
cd /tmp
tar -zxvf VMwareTools-?.?.?-??????.i386.tar.gz

cd vmware-tools-distrib

sudo ./vmware-install.pl

You should be prompted to automatically run vmware-config-tools.pl

Once the installation is completed, install the vmxnet drivers:

sudo /etc/init.d/networking stop
sudo rmmod pcnet32
sudo rmmod vmxnet

sudo modprobe vmxnet
sudo /etc/init.d/networking start

Verify your IP address:

ifconfig

Updating the vMA

The vMA has a well documented process for updates, using sudo vima-update scan and sudo vima-update update for updating the OS. I am assuming that eventually, patches will become available from VMware, but there is nothing right now. The vima-update utility can also be configured to look at a different repostory for patches. That is documented in the Admin Guide and I won’t get into it here. The is nothing about updating VMware Tools, but a simple VMware Tools process for RPM based distros will work. Just copy the VMwareTools…rpm from the tools cd image and run rpm -i VMwareTools…rpm. Substitute the proper file version.

Updating VDR

HA! Nothing is documented for VDR about updates. Nothing. Not even a mention. It is running an older, unpatches kernel and an old version of VMware Tools. I found a post on the communities about how to update the OS using yum update and VMware Tools. Basically, vmware-config-tools.pl is hard-coded to to older versions of libssl and libcrypto, so symlinks need to be added to install VMware Tools properly:

cd /lib
ln -s libssl.so.0.9.8e libssl.so.0.9.8
ln -s libcrypto.so.0.9.8e libcrypto.so.0.9.8

DISCLAIMER:

Since some of these methods are NOT documented by VMware, they may not be supported. Sometimes, you have to weigh security concerns against ultimate support ooptions.