EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

View e-Privacy Directive Documents

View GDPR Documents

You have declined cookies. This decision can be reversed.

Recently I've been asked to setup some VMWare VSphere servers (free edition) implementing some kind of backup of the virtual machines on a secondary server.
The choice for secondary server was Openfiler - compared to FreeNAS (I tested both) looked definitively more robust and stable.

I configured all VMWare hosts had a secondary storage (NFS) mounted from Openfiler, to easily perform backups on the Openfiler storage.

Setting up the backup scripts was quite easy - you just need to google around to find out that the only good choice were GhettoVCB scripts, by lawm.
The script worked like a charm, and everything looked fine, until I tried to send an email from the script with the backup results to a service mailbox.

VSphere 5 has a firewall enabled that blocks all outgoing traffic on port 25. At the beginning looked simple to fix this - I just had to add in /etc/vmware/firewall an xml file to allow it. I added my smtp.xml:

<!-- Firewall configuration information -->
  <!-- SMTP -->
    <rule id='0000'>

and it seemed to work fine... until next reboot. Sadly,the change was not permanent, and my file didn't survived the reboot. I had to google again, and finally I discovered that the solution was to "install" the script, using a .vib install file. Building it, was not as easy as writing an xml file.

I looked at a .vib file to see its structure and looked to at some building tool. Finally I reached this command line:

ar -r fw_smtp.vib descriptor.xml sig.pkcs7 fwSMTPru

where "fw_smtp.vib" is the destination file, descriptor.xml is a descriptor file that contains installation info,
fwSMTPru is an archive (tar -czvf ...) containing the file (complete with path) you need to copy (and to make lasting permanently) and sig.pkcs7 is a signature file.

Ok, the signature... were to catch that?!! Luckily you don't need it - just put a file with same name, without any content. VMWare permits to install a"community" packages, that have no signature on it. You just have to lower the VMWare host security to enable the community packages installation, with the command:

esxcli software acceptance set --level=CommunitySupported

otherwiser you'll get this error:

 VIB Emidio Reggiani_bootbank_fwSMTPrule_1.1's acceptance level is community, which is
not compliant with the ImageProfile acceptance level partner
 To change the host acceptance level, use the 'esxcli software acceptance set' command.
 Please refer to the log file for more details.

Finally, to install, type:

esxcli software vib install -v /fwSMTPrule-1.1.vib

if you copied the file in your host filesystem root location (otherwise just specify your path).

The .vib file is available here for download. To know how to build your own, I used a linux box (Ubuntu Server 11) and the information's from this really helpful page: http://www.yellow-bricks.com (thanks to Duncan Epping).


Update 2017-05-17

I updated the vib file removing unnecessary dependencies for 6.x compatibility. This will let the vib install without the -f (force) param needed for 6.5 and letting other updates to be installed without the dependencies error.



Junior Freitas
  • 0
    Hi all, I tested your vib but it does not work in version 6.7, I swear I tried to update on its own but I could not, would it have to verify ?, Thanks
    Emidio Reggiani
  • 0
    Hello Junior. I haven't a 6.7 environment to test it. Which error do you get during the vib installation?

    Add comment