VMware Cloud Community
Pernas01
Contributor
Contributor
‎01-31-2024 08:04 AM
Jump to solution

Disable LCM Download Sources scripted?

Hi!

Due to a recent DISA requirement, and also possibly something that fills up the logs for an isolated instance, I wonder if it's possible to disable the four predefined LCM Download Sources scripted?

I've already disabled the DL/check scheduled tasks with help from William Lam:

https://williamlam.com/2023/10/disabling-vcenter-lifecycle-manager-automatic-download-using-vsphere-...

Thanks, 

Per

Labels (1)
Labels
Preview file
95 KB
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎02-01-2024 01:57 AM
Jump to solution

That might be an option.
In KB1011858 and KB1012677 they advise editing that file, albeit for other reasons.
The closest info I could find comes from a very old HP support article.

I would in any case create a backup of that file before making any changes.
You could automate that with an SSH session (module Posh-SSH) and using the PS [xml] cast after reading the file.

But I'm not sure how "supported" this might be, and what will happen after upgrades and restarts.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

6 Replies
LucD
Leadership
Leadership
‎01-31-2024 08:27 AM
Jump to solution

It doesn't look like there are any public API under the  LCM REST API to do that.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Tags (1)
StephenMoll
Expert
Expert
‎01-31-2024 01:48 PM
Jump to solution

Have you tried Code Capture to see if it will record the actions you want into a PowerCLI script?

Record Actions Using Code Capture (vmware.com)

There is a note saying "Calls made on operations regarding roles, privileges, tags, content libraries, and storage policies are not recorded. Sensitive data such as passwords is not recorded.", so it might not work, but no harm in trying.

Tags (1)
Pernas01
Contributor
Contributor
‎01-31-2024 09:47 PM
Jump to solution

Thank you for the information and suggestions. Most appreciated.

I'll try the code capture and let you know the outcome. 

/Per

0 Kudos
Pernas01
Contributor
Contributor
‎02-01-2024 01:27 AM
Jump to solution

Code Capture wasn't able to reveal anything unfortunately.

However, digging a bit deeper I located the four Download Sources specified in the /usr/lib/vmware-updatemgr/bin/vci-integrity.xml file:

    <ESX4xUpdateUrl id="integrity.SoftwareUpdateURL.ESX4x.addon.description">https://hostupdate.vmware.com/software/VUM/PRODUCTION/addon-main/vmw-depot-index.xml</ESX4xUpdateUrl>
    <ESX4xUpdateUrl id="integrity.SoftwareUpdateURL.ESX4x.description">https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml</ESX4xUpdateUrl>
    <ESX4xUpdateUrl id="integrity.SoftwareUpdateURL.ESX4x.iovp.description">https://hostupdate.vmware.com/software/VUM/PRODUCTION/iovp-main/vmw-depot-index.xml</ESX4xUpdateUrl>
    <ESX4xUpdateUrl id="integrity.SoftwareUpdateURL.ESX4x.vmtools.description">https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmtools-main/vmw-depot-index.xml</ESX4xUpdateUrl>

But there wasn't any flags/settings to be found for source enabled/disabled in this file...

Further on, when either disabling/enabling the sources in the GUI I've found this trace of events in the /var/log/vmware/vmware-updatemgr/vum-server/vmware-vum-server-1.log:

2024-02-01T09:11:50.305Z info vmware-vum-server[12377] [Originator@6876 sub=Activation] [activationValidator 366] Leave Validate. Succeeded for integrity.option.OptionManager.setURLEnabledByName on target: Integrity.OptionManager

Would that indicate a possibility to change this with a script command somehow?

/Per

0 Kudos
LucD
Leadership
Leadership
‎02-01-2024 01:57 AM
Jump to solution

That might be an option.
In KB1011858 and KB1012677 they advise editing that file, albeit for other reasons.
The closest info I could find comes from a very old HP support article.

I would in any case create a backup of that file before making any changes.
You could automate that with an SSH session (module Posh-SSH) and using the PS [xml] cast after reading the file.

But I'm not sure how "supported" this might be, and what will happen after upgrades and restarts.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Pernas01
Contributor
Contributor
‎02-01-2024 05:08 AM
Jump to solution

Thanks, that was subsequently easily handled with a Plink:ed one-liner:

 

sed -i -e '/<ESX4xUpdateUrl/,/<\/ESX4xUpdateUrl>/d' /usr/lib/vmware-updatemgr/bin/vci-integrity.xml

 

 
/Per

0 Kudos