Virtualized Linux guests running on VMware vSphere can only offer the best performance if the helper software VMware Tools in the most recent version.

If you have ever used VMware products you know that constant updates guarantee the support of new operating systems and hardware. But this has also the disadvantage that this helper software needs to be updated more often.

This might be no problem for private use. But if you have to maintain a bigger amount of Linux VMs you surely know that this can be very time-consuming.

Fortunately there are plenty of Software repositories for Linux distributions maintained by VMware. Using this repositories installing and upgrading the VMware Tools is much easier. Supported distributions are amongst others:

• Red Hat Enterprise Linux 3 - 6
• SUSE Linux
• SUSE Linux Enterprise Server (9 - 11)
• Ubuntu Linux (Lucid, Natty, Oneiric, Precise)

VMware Tools are offered as software package which can be installed including their dependencies using the Linux distribution's package manager.

You can find further information regarding the usage of the repositories on the following website: http://packages.vmware.com/

For the two main architectures i386 (32-bit) and x86_64 (64-bit) of EL3-6 there are appropriate RPM packages that contain the mirror list and the GPG key. This key is used to sign the packages to prevent invalid and manipulated packages from being installed.

Deployment using Spacewalk, Red Hat Satellite or SUSE Manager

Using Spacewalk, Red Hat Satellite or SUSE Manager you can also update a bigger amount of virtual Linux systems which reduces the time needed - a pleasure for the administrator. 🙂

In this example the Vmware Tools for the most rececent ESXi 5.5 release for Enterprise Linux 6 64-bit (CentOS, RHEL / RHED, Oracle Linux, Scientific Linux) is deployed. You might have to customize the following information for other distributions.

The first step is to create an appropriate software channel. In the appropriate menu the following information is entered:

• Channel Name: VMware Tools for EL6 x86_64
• Channel Label: vmwaretools-el6-x86_64
• Parent Channel: (entsprecheder Kanal für EL6 x86_64)
• Architecture: x86_64
• Yum Repository Checksum Type: sha1
• Channel Summary: VMware Tools for EL6 x86_64

Please have a look at the hints and explanations noticed in the form. E.g. for EL5 systems you have to use the checksum type SHA256 because SHA1 isn't supported yet for this platform.

The GPG information expected in the bottom of the form are also very important. Along with the URL for the GPG key you also need to provide the appropriate key ID and fingerprint. This information can be obtained from the key using GPG (I found out what GPG key is used by having a look at the client repository RPM!):

1# wget http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub
2# gpg --with-fingerprint VMWARE-PACKAGING-GPG-RSA-KEY.pub
3pub  1024R/66FD4949 2008-04-15 VMware, Inc. -- Linux Packaging Key --
4      Key fingerprint = 36E4 7E1C C4DC C5E8 152D  115C C0B5 E0AB 66FD 4949

The information are important - they have to be entered in the form as follows:

• GPG key URL: http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub
• GPG key ID: 66FD4949
• GPG key Fingerprint: 36E4 7E1C C4DC C5E8 152D 115C C0B5 E0AB 66FD 4949

Afterwards a software repository is created and assigned the previously created channel by modifying the channel and assigning the repository (in the tab "Repository"):

• Repository Label: vmwaretools-el6-x86_64
• Repository URL: http://packages.vmware.com/tools/esx/5.5p01/rhel6/x86_64

After the channel and the repository were created the software packages can be downloaded using the  spacewalk-repo-sync utility:

1# /usr/bin/spacewalk-repo-sync --channel vmwaretools-el6-x86_64 --url http://packages.vmware.com/tools/esx/5.5p01/rhel6/x86_64 --type yum -c vmwaretools-el6-x86_64
2Repo URL: http://packages.vmware.com/tools/esx/5.5p01/rhel6/x86_64
3Packages in repo:                40
4Packages already synced:          0
5Packages to sync:                40
61/45 : vmware-tools-plugins-guestInfo-9.4.0-1.el6-0.x86_64
7...

40 software packages were imported and linked the the software channel in this example.

I another blog article I explained how to implement automatic updating the CentOS repository packages and errata. For this I created a cronjob which updates the appropriate information every day - this cronjob can be extended to also include the VMware Tools software channel for updates:

1# vi /etc/cron.daily/spacewalk_sync.cron
2...
3/usr/bin/spacewalk-repo-sync --channel vmwaretools-el6-x86_64
4                             --url http://packages.vmware.com/tools/esx/5.5p01/rhel6/x86_64
5                             --type yum -c vmwaretools-el6-x86_64 >/dev/null

Usage and installation

Depending on your configuration of Spacewalk, Red Hat Satellite or SUSE Manager the previously created software channel is now available for individual or all organisations inside the management software. Users which have the appropriate permissions can assign the channel to registered systems

Unfortunately the installation of packages from this software channel will abort because the VMware GPG key wasn't imported yet:

1...
2warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID 66fd4949: NOKEY
3Public key for vmware-tools-xxx.rpm is not installed

On a standalone system you would install this key as follows:

1# wget http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub
2# rpm --import VMWARE-PACKAGING-GPG-RSA-KEY.pub

If you have to maintain a big amount of systems this is no option. In this case it is recommended to provide this key using a RPM package. This package only needs to be installed on the affected systems to install packages from the VMware Tools repository.

In another blog article I explained how RPM packages can be built - you might want to have a look at that article for further details. Here's my draft for a RPM package containing the GPG key:

 1Name:           vmwaretools-key
 2Version:        1.0
 3Release:        1%{?dist}
 4Summary:        GPG key for VMware Tools repository
 5
 6#Group:
 7License:        GPL
 8URL:            http://packages.vmware.com/
 9Source0:        %name-%version.tar.gz
10
11BuildArch:      noarch
12
13%description
14This package contains the GPG key used by VMware to sign the VMware Tools packages offered at http://packages.vmware.com.
15
16%prep
17%setup -q
18
19%build
20
21%install
22rm -rf $RPM_BUILD_ROOT
23install -m 0755 -d %{buildroot}%{_sysconfdir}/pki/rpm-gpg
24install -m 0755 VMWARE-PACKAGING-GPG-RSA-KEY.pub %{buildroot}%{_sysconfdir}/pki/rpm-gpg/VMWARE-PACKAGING-GPG-RSA-KEY.pub
25
26%post
27rpm --import /etc/pki/rpm-gpg/VMWARE-PACKAGING-GPG-RSA-KEY.pub
28
29%clean
30rm -rf $RPM_BUILD_ROOT
31
32%files
33%defattr(-,root,root,-)
34%{_sysconfdir}/pki/rpm-gpg/VMWARE-PACKAGING-GPG-RSA-KEY.pub
35
36%changelog
37* Mon Jan 20 2014  Christian Stankowic  - 1.0-1
38- Initial release

The associated source code package contains the GPG key by VMware:

1# tar tvfz ~/rpmbuild/SOURCES/vmwaretools-key-1.0.tar.gz
2-rw-rw-r-- su-rpmdev/su-rpmdev 755 2011-03-02 01:39 vmwaretools-key-1.0/VMWARE-PACKAGING-GPG-RSA-KEY.pub

If you're too lazy to rebuild this you might want to download the source code of the RPM packages: vmwaretools-key-1.0-1.el6.src

Now using the previously created repository is working like a charm. It is a good idea to deploy this RPM using OSAD on the affected systems so that you don't need to install it manually.

Here are some important packages provided by the repository:

The base installation on a server without graphical user interface (EL6) is executed as follows:

1# yum install vmware-tools-esx{-nox,-kmods} vmware-tools-services

🙂