Deploying VMware Cloud Foundation (VCF) in environments with limited or no external network access – whether for security or logistical reasons – requires a little planning. One key piece is having a local depot for software packages. In this post, we’ll walk through setting up an offline depot web server for VCF 9, allowing you to keep your deployments running smoothly even when disconnected from the internet. We’ll cover the necessary components, configuration steps, and best practices to ensure a reliable and accessible offline repository. Let’s dive in!
What is Required
- Generate download token on Broadcom Support Portal.
- The offline depot must have:
- The latest version of the VCF Download Tool, which you can download from the Broadcom Support Portal.
- Virtual machine with Internet connectivity
- Configure TCP keepalive in your SSH client to prevent socket connection timeouts.
Error: “Unable to connect to the Proxy Server” – VCF Download Tool is failing with proxy configured.
VMware is working on the solution for Proxy enabled downloads – KB Article
Upload the VCF Bundle Utility to the VM and extract it into a directory.
tar -xzvf vcf-download-tool-9.0.0.0.24703747.tar.gzAfter extracting the VCF download tool, create a text document with your authentication token for downloading the binaries.
Executing the VCF Bundle Tool example:
./vcf-download-toolDescription:
Download all the necessary files. The command supports filtering to narrow down the selection of binaries based on the customer intent. At least one filter is required. In addition to the
binaries, it also downloads all of the needed metadata. However, UMDS binaries are excluded from the download. When executed multiple times with the same output directory, the command’s
behavior is cumulative, adding to previously downloaded binaries without overwriting them.
--ceip=<ENABLE|DISABLE>
Enable or disable the Customer Experience Improvement Program (CEIP) within the VCF Download Tool. When the tool is used for the first time, if not provided, the
user will be prompted to make a choice about whether to participate in CEIP. After the initial selection, the value will be stored, making the parameter optional
in future runs. To change the persisted value pass the parameter with the new value. Valid values: ENABLE, DISABLE
* -d, --depot-store=<depotStore>
Directory where all binaries and metadata downloaded by the VCF Download Tool will be stored. This directory serves as the local repository for all downloaded
artifacts, maintaining the necessary structure for easy access and management.
-h, --help Displays a help message that provides information about the command and its available options, and then exits the tool.
[DEPOT] Depot authentication settings:
* --depot-download-token-file=<depotDownloadTokenFile>
Path to text file containing single line with depot download token. Download token can be generated at Broadcom download portal and used for authentication instead
of --depot-user and --depot-user-password-file.
--depot-user-password-file=<depotUserPasswordFile>
Path to a text file that contains the password for the provided --depot-user. The file should have the password on a single line. If this parameter is not provided,
the user will be prompted to manually enter the password.
* -u, --depot-user=<depotUser>
Username used for authentication when accessing the depot from which binaries and metadata are downloaded.
[PROXY] Proxy configuration settings:
--proxy-https Specifies whether the proxy server is configured to be used with HTTPS connections.
--proxy-user-password-file=<proxyServerPasswordFile>
Path to a text file containing the password for the provided --proxy-user. The file should contain the password on a single line. If this parameter is not provided,
the user will be prompted to enter the password manually.
* -r, --proxy-user=<proxyServerUserName>
Username required to authenticate to the proxy server. If the proxy server enforces authentication, this parameter allows you to provide the necessary credentials
for accessing the proxy.
* -s, --proxy-server=<proxyServerHostName>
Host name of the proxy server that the VCF Download Tool will use for internet access. The required format is <FQDN:Port>. The proxy server must be reachable from
the machine where the tool is running.
[VCF VERSION] VCF Version filter parameters:
--automated-install Download binaries needed by VCF Installer.
--component=<component>
Component type for which to download binaries. Possible values [VCENTER, SDDC_MANAGER_VCF, NSX_T_MANAGER, ESX_HOST, VRSLCM, VRA, VROPS, VRLI, VRNI, VSAN_OSA_WITNESS,
VSAN_ESA_WITNESS, VSAN_FILE_SERVICES, VMTOOLS, VCFDT, VCF_OPS_CLOUD_PROXY, VIDB, HCX, VMRC, VRO].
--lifecycle-managed-by=<SDDC_MANAGER_VCF|VRSLCM|SELF>
Download binaries whose lifecycle is managed by the provided component. Possible values [SDDC_MANAGER_VCF, VRSLCM, SELF].
--patches-only Download binaries for patch versions of components.
--sku=<VCF|VVF> Offering type for which binaries to be downloaded. Possible values [VCF, VVF].
-t, --type=<INSTALL|UPGRADE>
Type of binary to be downloaded. Possible values [INSTALL, UPGRADE].
* --vcf-version=<vcf version[..[end version]]>
Version of VMware Cloud Foundation (VCF) for which binaries to be downloaded. Provided version should be of format a.b, a.b.c or a.b.c.d. For example, if 9.0 is
provided, 9.0.0.0 major release and all the maintenance release for 9.0.x is returned. If 9.0.1 is provided only 9.0.1.x release is returned. If 9.0.1.0 is
provided, exact release version is matched. Version range is also supported with format start_version..end_version. When version range option is used all binaries
from start version inclusive till end version inclusive will be downloaded. If end version is not provided (e.g. 9.0..) binaries for all released versions higher
than 9.0 will be downloaded.
[BUNDLE ID] Bundle ID filter parameters:
--id=<bundleIds>[,<bundleIds>...]
Accepts one or multiple binary IDs, which can be provided as a comma-separated list or by repeating the option.
[DOWNLOAD SPEC] Download spec filter parameters:
--download-spec-file=<downloadSpecFile>
Path to the download specification file generated by the create download spec command. This file contains the details of the binaries required for the planned
upgrades in your environment.
Examples:
1. Download install binaries needed by VCF Installer for deploying VCF instance for a specific VCF version using depot username:
vcf-download-tool binaries download --depot-store=<binaries_dir> --depot-user=<username> --depot-user-password-file=<password_file_path> --vcf-version=<VCF_version> --sku=VCF
--automated-install --type=INSTALL
2. Download upgrade binaries whose lifecycle is managed by SDDC Manager for specific VCF version using depot token:
vcf-download-tool binaries download --depot-store=<binaries_dir> --depot-download-token-file=<token_file_path> --vcf-version=<VCF_version> --lifecycle-managed-by=SDDC_MANAGER_VCF
--type=UPGRADE
3. Download binaries based on download specification file using depot token through proxy:
vcf-download-tool binaries download --depot-store=<binaries_dir> --depot-download-token-file=<token_file_path> --download-spec-file=<download_spec_file_path> --proxy-server=<FQDN:Port>
--proxy-https --proxy-user=<username> --proxy-user-password-file=<password_file_path>
Commands:
- binaries Management of the binaries files within the system.
- metadata Management of the metadata files within the system.
- releases Operations related to the VCF releases.
- umds Manage the installation and execution of the UMDS (Update Manager Download Service) tool.
NOTE: The following command is for installation binaries ( –type=install ), specify upgrade parameters for upgrade binaries for VCF.
./vcf-download-tool binaries download --vcf-version 9.0.0 --automated-install -d /var/www/offline-bundles --depot-download-token-file /root/token.txt --type=install
Binaries are downloading! They are now available in OVA or ISO format, depending on whether you are installing or upgrading.
The binaries have been downloaded, and an example of the tree structure for the offline VCF Depot is shown below.
root@photon-69a92c0feee [ /var/www/offline-bundles/PROD ]# tree
.
├── COMP
│ ├── NSX_T_MANAGER
│ │ └── nsx-unified-appliance-9.0.0.0.24733065.ova
│ ├── SDDC_MANAGER_VCF
│ │ ├── Compatibility
│ │ │ └── VmwareCompatibilityData.json
│ │ └── VCF-SDDC-Manager-Appliance-9.0.0.0.24703748.ova
│ ├── VCENTER
│ │ └── VMware-VCSA-all-9.0.0.0.24755230.iso
│ ├── VCF_OPS_CLOUD_PROXY
│ │ └── Operations-Cloud-Proxy-9.0.0.0.24695833.ova
│ ├── VRA
│ │ └── vmsp-vcfa-combined-9.0.0.0.24701403.tar
│ ├── VROPS
│ │ └── Operations-Appliance-9.0.0.0.24695812.ova
│ └── VRSLCM
│ └── VCF-OPS-Lifecycle-Manager-Appliance-9.0.0.0.24695816.ova
├── metadata
│ ├── manifest
│ │ └── v1
│ │ └── vcfManifest.json
│ └── productVersionCatalog
│ └── v1
│ ├── productVersionCatalog.json
│ └── productVersionCatalog.sig
└── vsan
└── hcl
├── all.json
└── lastupdatedtime.json
16 directories, 13 files
