trigger vmware snapshot from Uyni server before patching / updating minions

[kingtabalone]

Looking for suggestions on a good way to go about this;

I'd like to have Uyuni (currently running 2024-12) snapshot my vmware VM minions before patching.

I have a script that uses govc from the govmomi project that can snapshot VMs using REST calls to a vsphere server - I'm looking for some way to get Uyuni to run this against groups of hosts - ideally using something like the system set manager.

At this time, the only way I can use it (or at least that I've been able to think of), is by using the 'Schedule Remote Command' feature, which I dont like for a few reasons (in decreasing order of importance);

1. I really want to run the script on the Uyuni server rather than the minions - I dont want to have to give all our VMs access to the vcenter API addresses / ports.
2. The remote command feature scares me - I've got it turned off for all the production hosts - the idea that any Uyuni user effectively has root on all the minions they can see makes me pretty uncomfortable.
3. It would be nice to have this integrated with the actual patching process - so one operation from the GUI would snapshot, and if successful, then patch a host. A failed snapshot would mean the host would be skipped.

This is the script (it returns success if the snapshot worked);

#!/bin/bash

# set some useful variables;
# user pass dc1 dc1_vcenter_url testhost
. ~/.mksnap.authdeets

# Check if VM name is provided as an argument
if [ -z "$1" ]; then
    echo "VM name not provided - we'll use testhost from the config file for testing"
    VM_NAME=${testhost}
else
    VM_NAME="$1"
fi

#tls certs are not working for me - ignore them.
export GOVC_INSECURE=1

#set the vcenter datacenter name
DC=${dc1}

export GOVC_URL=${dc1_vcenter_url}
export GOVC_USERNAME="${user}"
export GOVC_PASSWORD="${pass}"

#VM_NAME=$(hostname)  # Get the VM name dynamically
SNAPSHOT_NAME="Uyuni_PreUpdate"-`date "+%d/%m/%Y:%H:%M"`

# Create snapshot
govc snapshot.create -dc="$DC" -vm "$VM_NAME" "$SNAPSHOT_NAME"

[digdilem-work]

Hi We rely on our regular vmware snapshot backups for rollbacks in case of a bad patching event, but one way we might approach this. We use a slightly different way of handling this than many, but it’s worked for us for a long time – since Spacewalk days and has proven very flexible. For our patching, we schedule this using a Uyuni Groups to select what machines are being patched using spacecmd. This is called from a bash script (1) run by cron (it was on Uyuni’s vm before containerisation, but could be anywhere including uyuni’s host, provided it can reach uyuni’s api) which then calls “spacecmd -- ssm_add group:"$1"” The bash script also tells each machine in that group to run another bash script (2 – remote_update.sh) which contains the patching information. “spacecmd -y -- system_runscript ssm -u root -f remote_update.sh"” So it occurs to me that you could amend bash-script 1 to call your existing clone script and wait for that to return before telling the vm to patch and reboot via spacecmd. This doesn’t tick your “Gui only” desire and perhaps others may have a way that suits you better, but the above is how I would approach it for my environment. Good luck. S From: kingtabalone ***@***.***> Sent: 13 February 2025 02:51 To: uyuni-project/uyuni ***@***.***> Cc: Subscribed ***@***.***> Subject: [uyuni-project/uyuni] trigger vmware snapshot from Uyni server before patching / updating minions (Discussion #9768) Looking for suggestions on a good way to go about this; I'd like to have Uyuni (currently running 2024-12) snapshot my vmware VM minions before patching. I have a script that uses govc from the govmomi project that can snapshot VMs using REST calls to a vsphere server - I'm looking for some way to get Uyuni to run this against groups of hosts - ideally using something like the system set manager. At this time, the only way I can use it (or at least that I've been able to think of), is by using the 'Schedule Remote Command' feature, which I dont like for a few reasons (in decreasing order of importance); 1. I really want to run the script on the Uyuni server rather than the minions - I dont want to have to give all our VMs access to the vcenter API addresses / ports. 2. The remote command feature scares me - I've got it turned off for all the production hosts - the idea that any Uyuni user effectively has root on all the minions they can see makes me pretty uncomfortable. 3. It would be nice to have this integrated with the actual patching process - so one operation from the GUI would snapshot, and if successful, then patch a host. A failed snapshot would mean the host would be skipped. This is the script (it returns success if the snapshot worked); `#!/bin/bash set some useful variables; user pass dc1 dc1_vcenter_url testhost . ~/.mksnap.authdeets Check if VM name is provided as an argument if [ -z "$1" ]; then echo "VM name not provided - we'll use testhost from the config file for testing" VM_NAME=${testhost} else VM_NAME="$1" fi #tls certs are not working for me - ignore them. export GOVC_INSECURE=1 #set the vcenter datacenter name DC=${dc1} export GOVC_URL=${dc1_vcenter_url} export GOVC_USERNAME="${user}" export GOVC_PASSWORD="${pass}" #VM_NAME=$(hostname) # Get the VM name dynamically SNAPSHOT_NAME="Uyuni_PreUpdate"-date "+%d/%m/%Y:%H:%M" Create snapshot govc snapshot.create -dc="$DC" -vm "$VM_NAME" "$SNAPSHOT_NAME" ` — Reply to this email directly, view it on GitHub<#9768>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A7AIN5JHG4GBJHPHTVYA6S32PQCAVAVCNFSM6AAAAABXBC4YB2VHI2DSMVQWIX3LMV43ERDJONRXK43TNFXW4OZXHE2TSMJTHA>. You are receiving this because you are subscribed to this thread.Message ID: ***@***.******@***.***>>