Blog Marcina Bojko

https://github.com/marcinbojko/hv-packer

https://github.com/marcinbojko/hv-packer

Finally in 1.2.3 version of packer, they allowed us to change VHDX block size during its creation. For Linux machine suggested size was to set it to 1 MiB instead of default 32. How can it affect size of our image?.
Maybe like this?

👁 Selection_464

It’s 59% of initial image 🙂

Small project, using trappers instead of zabbix-agent active mode. I wanted to have better control over the pushing layer and intervals.

https://github.com/marcinbojko/foreman-template

The most „bad ass” release so far 🙂

• * `BREAKING FEATURE` – preparing switching to submodules/subtree for ./scripts and ./files – to share common code with other providers
• * tree structure in `./scripts` and `./files`, moved to `./extras`
• * [Windows] adding `phase-3.ps1` script to put less generic stuff there. Just uncomment line with `exit` to get rid of it
• * [Windows] added support for `Windows Server 1709 Edition (Standard)`
• * [Windows] remove some clutter from `bootstrap.ps1`
• * [Windows] added `exit 0` for most of the scripts as some external commands were leaving packer with non-zero exit codes
• * [CentOS] added `zeroing.sh` script to make compacting more efficient
• * [CentOS] reworked bug with UEFI – this time after deploying from image you can run script `/usr/local/bin/uefi.sh` which will recheck and readd CentOS UEFI entries. For SCVMM deployments (which separates vhdx from vmcx) use `RunOnce`
• * [CentOS] removed clutter from `provision.sh`
• * [CentOS] removed screenfetch, replaced with neofetch
• * [CentOS] reworked `motd.sh` in `/etc/profile.d` to reflect .Xauthority existence*

https://github.com/marcinbojko/hv-packer

https://github.com/marcinbojko/hv-packer

👁 Selection_999(897)

As you probably know – HashiCorp’s Packer (https://www.packer.io/) is a great tool for generating customized OS images for future use.

You can use many builders, starting from Virtualbox, Azure, Amazon EC2. You can also use mechanizm of providers to customize your image even more.
That becomes very handy when you have to manage your infrastructure fighting for every minute your machine will be available, and later on – ready to work. It’s advisable to put some effort to prepare latest images possible, with your organization custom needs.

However great tool, it still lacked a lots of decent documentation how to prepare images using less common builder – Microsoft’s Hyper-V. Hyper-V is a part of Microsoft Windows for a long time, it can be used as standalone product (Microsoft Hyper-V Server) or a additional feature (Hyper-V Feature in Windows 2016/10). When using packer with so-called „generation 1” images packer templates are no different from common examples prepared for popular Virtualbox builder.

With „Generation 2” images it required some more work to achieve this goal.

What’s the use for Gen-2 images? Few features than can be useful:

• secure boot (Windows/Linux)
• UEFI boot
• no IDE/COM burden from previous generations
• boot from SCSI devices

If you want to know more about „Genration 2” – read this post: https://www.altaro.com/hyper-v/comparing-hyper-v-generation-1-2-virtual-machines/

It took me a while to prepare them Hyper-V ready, also with SystemCenter Virtual Machine Support. They were (and are) tested with both (2012 and 2016) editions and just became quite important part of my deploys.

Long story short – here is my github repository with Hyper-V Windows 2016 and CentOS 7.4 Generation 2 templates.

https://github.com/marcinbojko/hv-packer

Leave me a sign if these were useful to you 🙂

As we may know – Microsoft introduced new way of doing snapshots/checkpoints in Hyper-V 2016. However term „production” is misleading, implying Standard checkpoints are not production ready – which is simply not true.
The biggest difference is that Production checkpoints are mostly used with VSS-aware applications (like MS SQL/Exchange, MS Windows itself) allowing them to flush/sync/commit changes to filesystem.

As a major difference – production checkpoints don’t save memory or cpu state, starting always with machine powered off after restore.

You can choose which way you want to do your snapshots here:

👁 Selection_999(411)

Windows-based virtual machines have supported this since previous versions of integration services (2012 R2, 8/8.1) and from the start in case of Windows 2016/10. What about Linux-based, Centos 6/7 machines?

When installed out of the box, without any additional packages, trying to do a production snapshot of Centos 7 (with all updates) we got something like this:

👁 Selection_999(410)

Quick how-to.

1. If youre using external LIS (Linux Integration Services) from Microsoft, as an external package – remove it. It’s a piece of crap,  breaking kernels from time to time, packed with ‚latest’ errors and workaround rejected by linux kernel maintainers. It’s really not worth risk to have it installed: 

   yum remove microsoft-hyper-v kmod-microsoft-hyper-v

   or

   yum remove $(yum list installed|grep microsoft)

2. Check if your Hyper-V offers all Integration Services for this VM.👁 Selection_999(412)
   
3. Check  and install hyperv-daemons

    yum info hyperv-daemons

   Available Packages
   Name : hyperv-daemons
   Arch : x86_64
   Version : 0
   Release : 0.29.20160216git.el7
   Size : 4.5 k
   Repo : base/7/x86_64
   Summary : HyperV daemons suite
   URL : http://www.kernel.org
   Licence : GPLv2
   Description : Suite of daemons that are needed when Linux guest : is running on Windows Host with HyperV

   yum install hyperv-daemons -y

4. Enable and start services

   systemctl enable hypervfcopyd
   systemctl enable hypervkvpd
   systemctl enable hypervvssd
   
   systemctl start hypervkvpd 
   systemctl start hypervvssd 
   systemctl start hypervfcopyd

5. Check status

   [root@centos7 ~]# systemctl status hypervkvpd
   ● hypervkvpd.service - Hyper-V KVP daemon
    Loaded: loaded (/usr/lib/systemd/system/hypervkvpd.service; static; vendor preset: enabled)
    Active: active (running) since Wed 2017-07-26 02:37:30 CDT; 14s ago
    Main PID: 3478 (hypervkvpd)
    CGroup: /system.slice/hypervkvpd.service
    └─3478 /usr/sbin/hypervkvpd -n
   
   Jul 26 02:37:30 centos7 systemd[1]: Started Hyper-V KVP daemon.
   Jul 26 02:37:30 centos7 systemd[1]: Starting Hyper-V KVP daemon...
   Jul 26 02:37:30 centos7 KVP[3478]: KVP starting; pid is:3478
   Jul 26 02:37:30 centos7 KVP[3478]: KVP LIC Version: 3.1
   [root@centos7 ~]# systemctl status hypervvssd
   ● hypervvssd.service - Hyper-V VSS daemon
    Loaded: loaded (/usr/lib/systemd/system/hypervvssd.service; static; vendor preset: enabled)
    Active: active (running) since Wed 2017-07-26 02:37:30 CDT; 27s ago
    Main PID: 3485 (hypervvssd)
    CGroup: /system.slice/hypervvssd.service
    └─3485 /usr/sbin/hypervvssd -n
   
   Jul 26 02:37:30 centos7 systemd[1]: Started Hyper-V VSS daemon.
   Jul 26 02:37:30 centos7 systemd[1]: Starting Hyper-V VSS daemon...
   Jul 26 02:37:30 centos7 hypervvssd[3485]: Hyper-V VSS: VSS starting; pid is:3485
   Jul 26 02:37:30 centos7 hypervvssd[3485]: Hyper-V VSS: VSS: kernel module version: 129
   [root@centos7 ~]# systemctl status hypervfcopyd
   ● hypervfcopyd.service - Hyper-V FCOPY daemon
    Loaded: loaded (/usr/lib/systemd/system/hypervfcopyd.service; static; vendor preset: disabled)
    Active: active (running) since Wed 2017-07-26 02:37:30 CDT; 44s ago
    Main PID: 3492 (hypervfcopyd)
    CGroup: /system.slice/hypervfcopyd.service
    └─3492 /usr/sbin/hypervfcopyd -n
   
   Jul 26 02:37:30 centos7 systemd[1]: Started Hyper-V FCOPY daemon.
   Jul 26 02:37:30 centos7 systemd[1]: Starting Hyper-V FCOPY daemon...
   Jul 26 02:37:30 centos7 HV_FCOPY[3492]: starting; pid is:3492
   Jul 26 02:37:30 centos7 HV_FCOPY[3492]: kernel module version: 1

   As a result:
   👁 Selection_999(413)
   
   and in /var/log/messages

   Jul 26 02:43:27 centos7 journal: Hyper-V VSS: VSS: op=FREEZE: succeeded
   
   Jul 26 02:39:25 centos7 systemd: Time has been changed
   
   Jul 26 02:39:25 centos7 journal: Hyper-V VSS: VSS: op=THAW: succeeded

There was a lot of nice summary articles about latest „ransomware” attack caused by Petya. Soon, researchers started to claim almost permanent vaccine for this type of worm.

https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/

Even patched OS won’t save you from infection as one infected machine quickly spreads the infection using other protocols like WinRM.

So, how should one on its vast server farm vaccinate hundrets of machines?

For example, like this 🙂

win_manage:
 dsc_file: 
 petya_vaccine1:
 dsc_destinationpath: C:\Windows\perfc
 dsc_type: file
 dsc_attributes: readonly
 dsc_contents: ""
 petya_vaccine2:
 dsc_destinationpath: C:\Windows\perfc.dat
 dsc_type: file
 dsc_attributes: readonly
 dsc_contents: ""
 petya_vaccine3:
 dsc_destinationpath: C:\Windows\perfc.dll
 dsc_type: file
 dsc_attributes: readonly
 dsc_contents: ""

👁 2017-04-22 20.14.36

Prezentacja: https://goo.gl/1HJZjI

Github repo: https://github.com/marcinbojko/ldi2017

System Center Virtual Machine Manager was Microsoft’s answer to VMWare’s vSphere. It’s Microsoft, so what could have gone wrong? It’s Microsoft – so everything.
Below is a list of most annoying things, some of them are so serious it makes you wonder – maybe Powershell is the answer? Seriously? In 2017, Microsoft, you FORCE everybody to use text console again?
In a moment of doubt we used to call it overgrown cancer over Powershell commands.

Let’s start, sorted by weight of crime:

Deal breakers:

1) Terrible things you cannot do in SCVMM but you can in Hyper-V Manager, Failover Cluster or Powershell like:

• rename you machine when its powered on (sic)
• change its MAC from Dynamic to Static other way like manually copy it character by character.
• change booting order (sic) of machines and templates
• select all Integration Services offered
• change location of smart paging file
• change affinity with cluster (high/medium/low/do not autostart)

and so on.

2) Console. Console is so terrible, that its sorry state is just good meme source.

First – console from Hyper-V Manager/FailoverCluster

👁 Selection_670.png

Then from SCVMM

👁 Selection_671.png

• you cannot attach console and then power on machine. You HAVE to – power on machine, wait few sec for console button to be available then race through time to start it BEFORE OS starts. You have better chances of winning some of Grand Prix then finish the trick above on first run.
• only actions you have is Reconnect and Send CTRL+ALT+Delete. Never working ‚Clipboard’ added in SCVMM 2016 requires you to paste text HERE, then it’s pasted in VM console
• when it start before machine starts – you have to kill an application. It’s no good to use it ever again, it won’t ‚click’ with machine you’ve started. Exit? Something terrible may happen.

👁 Selection_672.png

3) Requirements

• MS SQL Server Standard or Enterprise. https://technet.microsoft.com/en-us/system-center-docs/system-requirements/sql-server-version-compatibility
• 4 GB Ram required, 16 GB recommended (don’t even bother going below)
• A lot of not-really-so-working tricks to use it to manage hosts from other domains, especially without 2 way trusts settled.
• Price. With whole gang of System Center tools, prepare to be robbed in a daylight. Doesn’t matter you have no intention to use other components – you have to pay for it. You cannot just pick and buy needed component – you have to buy-and-pay with bulk.

4) GUI

• General slowness of GUI, regardless of hosts number, running tasks, library sizes.
• Jobs window – generally unusable with more than one admin or more than one job running- lots of informational comments. Important actions (like: who deleted or altered machine) quickly goes off the screen, covered by messages like: refresh was completed.
• Oh, did I mention ‚Refresh’ habit? Learn it. Learn it, and let your fingers memorize this config, as you will be using it a lot.

Refresh is required almost on everything. In options like: you DID change something via Powershell and HV-Manager – I can understand, refresh may be required. But you will have to hit REFRESH before, in time, and after ANY action you would like to perform. If not – expect the worst. Virtual machine seems to be non responding on your commands? Maybe its locked for backup, maybe it hanged, maybe it migrated to another host – you have to refresh, refresh and refresh to persuade SCVMM that you have most recent data.

Sometimes even refresh doesn’t work. Like in recovery or cluster node failure, you shouldn’t count on SCVMM to update its status before timer reaches day or two. Take your time! Sometime you will have to reboot SCVMM to persuade it to have the latest data. So, when your action fails – search no more, VM is probably locked, on other host or powered off. SCVMM takes its auto-refresh very slowly.

• General over complexity in Logical Network and Switches. It’s like you have to create every VLAN again, even if you’ve done it on dozen of network devices, fill variables like subnets, gateways. You have to group it all together and again, attach to every Hyper-V switch on hosts you have.
• Adding you own custom fields and filling them is, again, over complicated and requires you to do a lot of scripting and scheduling them in a Windows manner.
• You cannot add, change or sort fields like Operating systems. What Microsoft got you are values like this:
  • Microsoft Windows Server 2012 R2
  • 64-bit edition of Microsoft Server

👁 Selection_673.png

• Hyper-V integration Services are always few releases behind. It started to change with Windows 2016 and idea to install them via Windows Update.
• Inability to rename vm folder when machine changes its name. This way you will have to do a Live Migration to rename folder.
• Complexity of generated script.One will think generating a new machine is easy: New-SCVirtualMachine with a lot of parameters. No. Script is long, heavy, complex and tries to do things in complete different matter.
• Templates – only way to refresh a template is to create it again, or replace vhdx in library, and do some internal tricks.
• Inability to do anything with machine when the job is running – all fields are grayed out and you have to wait for jobs to end or fail.

5) Agent

• if you’re lucky, agents are deployed ALMOST instantly, but adding host to SCVMM requires it to restart
• if you’re not lucky, then in case of SCVMM upgrade, you will have to manually redeploy and reinstall all agents. Quite common I’d say.
• [IMPORTANT] The mess agent leaves on filesystem is just legendary. Lets say we would like to migrate our machine from folder d:\vm to e:\vm.After migration (when we choose right option) we will got:

– empty files in d:\vm\machinename

– machine in e:\vm\machinename

Let’s say we would like to migrate it back for some reason

We will get:

• empty d:\vm\machinename
• empty e:\vm\machinename
• machine in e:\vm\machinename (1)

And migration is just done twice. Do you see the pattern? After few migrations we have complete chaos on filesystems with a lots of empty, semi-empty, almost empty and ‚soon-to-be-empty folders’. You’ll end up with removing them manually – again, if you’re lucky.

• locked folder after failed job. Yes, when you migration failed, you will end with d:\vm\machinename which you’re not able to delete. Sometimes it can be deleted after some time, sometimes after SCVMM/host reboot, sometimes never.

Above list, not fully completed can be seen in SCVMM 2012 R2 and SCVMM 2016 versions. It’s clear that SCVMM is not very high on Microsoft ‚to do’ list as same errors and mistakes are transferred to newer version and hunts us until this day.

UPDATE (1)
Changed from Requirements (Enterprise) to (Standard , Enterprise)

So, the question is – how to deploy and maintain farm of Microsoft SQL Servers? With different domains, install sources, roles, features. Should we create unattended installers for every single instance?

No, we shouldn’t.

We should use Powershell DSC – https://github.com/PowerShell/xSQLServer
With Foreman/Puppet and win_manage, we have something like:

The simplest way:

instance1:
  dsc_instancename: MSSQLSERVER
  dsc_sourcepath: "\\our.server.com\ourshare"
  dsc_sourcecredential:
    user: anonymous
    password: anonymous
  dsc_setupcredential:
    user: DOMAIN\someuser
    password: somepassword

Or, more sophisticated:

instance1:
  dsc_instancename: MSSQLSERVER
  dsc_sourcepath: "\\our.server.com\ourshare"
  dsc_sourcecredential:
    user: anonymous
    password: anonymous
  dsc_setupcredential:
    user: DOMAIN\someuser
    password: somepassword
  dsc_features: SQLENGINE
  dsc_forcereboot: true
  dsc_agtsvcaccount:
    user: DOMAIN\scvaccount
    password: somepassword
  dsc_sqlsvcaccount:
    user: DOMAIN\sqlaccount
    password: somepassword
  dsc_sqlcollation: SQL_Latin1_General_CP1_CI_AS
  dsc_sqlsysadminaccounts:
    - DOMAIN\someadmin
    - DOMAIN\someotheradmin
  dsc_securitymode: SQL
  dsc_sapwd:
  user: sa
  password: paaaswordisverysecure
  dsc_sqluserdbdir: D:\MSSQL\Data
  dsc_sqluserdblogdir: E:\MSSQL\Data
  dsc_browsersvcstartuptype: Disabled

Whole install from local source takes aprox. 400 seconds (with other OS related settings) to finish.

Yes, we all „love” the way Microsoft gives us new stuff (like forced updates in Windows 10). As we usually know better what and when should be applied, let’s say it is time to upgrade our guest integration services to the latest version.
I usually  express strong conviction that HV integration services should be kept up to date, the thing most sysadmins disregards. Those tools are responsible for keeping your VMs in shape, maintain communication between them and host services, so they SHOULD be always updates. Of course, as with almost everything TEST it before applying on any important environment.
As on 2016-12-31, the latest HV Integration Services version is 6.3.9600.18398

Let’s say – we would like to upgrade all our Windows machines (those BEFORE Windows 10 and Windows 2016) . We can do it manually (not cool, not cool at all), semi-automatic (no reboot) or almost … magical way – fully automatic 😉

Let’s start we have proper source added to Chocolatey:

choco source add -n=public -s"https://www.myget.org/F/public-choco" --priority=10

• semi automatic (RDP, psexec, powershell)

  choco install hvintegrationservices -y

• fully automatic (with reboot) using The Foreman and win_manage
  

  win_manage:
   chocolatey_packages:
   hvintegrationservices:
   ensure: 6.3.9600.18398
   dsc_reboot:
   dsc_reboot:
   message: Machine requested a reboot
   when: pending

On my lectures and meetings with both: IT and Management  I’ve had a pleasure to be a myth buster about Hyper-V. As much as I don’t appreciate Microsoft’s ‚way of life’ – Hyper-V is mostly feared due to: lack of proper knowledge and very low quality support from Microsoft. Few most common myths are:

1. It’s very expensive
   Let’s calculate:
   If you’re going to use standalone hosts with Microsoft Hyper-V Server your cost will be just zero coma zero.
   If you’re going to use a lots of Microsoft Windows virtual machines on them – you can rent them as SPLA licenses (per machine), or just rent Windows Datacenter edition for whole host.
   If you’re gonna to use Linux machines (assuming opensource, not paid edition) – again – zero coma zero
   If you’re going to use HA, all you need is just 1 (preferably more) OS for Domain Controller.
   If you’re gonna to manage standalone hosts, all you need (and rather as a suggestion) is a Microsoft Windows 10 Anniversary Edition machines. Just one 🙂
   You don’t have to pay extra for all fine features like: HA, Live Migration, Cluster Aware Updates. With W2k16 edition few extra features are available only in Datacenter edition (which I believe is a grave mistake) but that’s all.
2. It requires System Center to be managed by
   No. As a matter of fact, SC is only useful in situations when you have lots of VLANS, Logical Network, templates to be deployed or Services. In any other case like: have your VLANS’s accounted for, drop Services as nobody is using this part. System Center Virtual Machine Manager is nothing more than overgrown cancer on a top of Powershell scripts it runs. Since 2012 edition Microsoft couldn’t ever fix the simplest things like: responsive console and not having refreshed it manually after every operation.
3. It’s slower than VMWare or ‚any’ other competitor
   No. Overhead of Hyper-V is done mostly on storage level and most problems with it are created on a level of infrastructure design.
   For example: If you have a lot of hosts, and you do not require virtual machines there to be Highly Available – do not (i repeat) DO NOT connect them all as cluster nodes.
   If you’re using 1 or 2 iSCSI 1GB cards as you paths for low quality machines – expect nothing more than problems.
   Instead: use local storage, combined with low-end HW controllers. Even having 2 (mirror) or 4 (RAID5 or RAID10) disks for those machines is way better than having one underpowered ‚best of the world storage’. Plan this usage carefully – you still have things like Shared Nothing Live Migration (in a case of maintenance on specific host).
   Creating a lot of host, giving them all 1 or 2 ClusterSharedVolume to share is just asking for trouble.
4. It requires a lot’s of PowerShell knowledge
   No. And I am the best example here 😉 With few exceptions like script for installing Hyper-V hosts, maybe create few LACPs – that’s all I used Powershell for.
5. It doesn’t support Linux
   It does, it does it very well.
   Official document: https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/supported-linux-and-freebsd-virtual-machines-for-hyper-v-on-windows
   Few my lectures: https://marcinbojko.wordpress.com/2014/10/22/xxi-spotkanie-regionalnej-lubelskiej-grupy-microsoft-i-moj-wyklad-systemy-linux-na-platformie-hyper-v-2012/
   As a matter of fact – I use CentOS/RedHat, Ubuntu/Debian machines and appliances, and have to say: working with them on Hyper-V is just a simple pleasure.
   In 2016 with things like Hyper-V and Veeam, support for Linux machines on Hyper-V is very much alive. Even our beloved ‚System Center Virtual Machine Manager’ supports creating templates for Linux machines, with small agent to set a lots of things during and after deployment.
6. It’s complicated to install, run, maintain especially HA & Clusters
   No. It is just simple as click few times: next, next, next,finish.
   Using System Center or (better) FailoverCluster Manager from any Windows Server machine works perfectly out of the box. Rules are simple, wizard will tell you what you should do next.
   With maintenance mode, Live Storage Migration, Cluster Aware Updates you can have stable and secure environment for your machines. Even migrating machines between different clusters (Shared Nothing Migration) is secure and efficient.
7. It requires specific hardware 
   One of the biggest myths. Learn with a hard way with VMWare hosts , you do not require special NIC, special motherboards or any devices from very narrow VMWare HCL list. Requirements of Hyper-V are very small: VT enabled CPU, enough memory to fit VM’s and host OS itself, one HDD, one NIC. For small setups it almost equals in using desktops and other workstations as a hyper-v farm.
   After hearing this statement from one of my clients, I began to pursue the subject. It was someone from VMWare camp that told him: ‚you will need special hardware for SMB3 and SMB Direct’ – which is generally correct in a same matter like: ‚if you want a milk, you need a cow’ 😉
8. It doesn’t work with Azure
   Hyper-V 2016  is a light years ahead of Azure:) They still seems to be using Windows 2008 as a hosts with all of its negative aspects.
   But, jokes aside, using pre-build templates or products like Veeam and Windows Azure Pack, creating you own hybrid cloud is one of the best things you can do. Don’t trust sales guy from Microsoft forcing you to ‚move everything to a cloud, our cloud’. Don’t trust you IT guy saying ‚only on premise or death!’. Live in a both worlds.
9. I know NOTHING about Hyper-V.
   If you have ANY knowledge about Windows – you have knowledge about Hyper-V itself.
10. But migration from platform X/Y/Z is pain in the ….
    Take a deep breath. Calculate it. Find tools to do it manually, recreate all you machines using somekind of CM tool (like mentioned The Foreman/Puppet)- https://marcinbojko.wordpress.com/2016/10/04/puppet-the-foreman-powershell-dsc-your-system-center-in-a-box/. Calculate it again.
    Do it 😉

Administrator:
  dsc_username: Administrator
  dsc_disabled: false
  dsc_password:
    user: NT AUTHORITY\\SYSTEM
    password: P@$$w0rd

Looks we’ready to go 🙂

## version 0.3.7 2016-11-13

• reworked logic with checking and aplying updates
• reworked logic with notifications when checking for xWindowsUpdateAgentSchedule
• reformatted `dsc_xfirewall` – according to [https://github.com/PowerShell/xNetworking/issues/151](https://github.com/PowerShell/xNetworking/issues/151)

to
„`yaml
dsc_profile:
-„Domain”
-„Private”
„`
from
„`yaml
dsc_profile: Domain,Private
„`

• improved links in `README.md`

https://github.com/marcinbojko/hv_default

1. Backup your machine (physical/virtual)
2. Run (for server AND agent)
   

   ---

   # stop services
   systemctl stop zabbix-server
   systemctl stop zabbix-agent
   
   # clean cache
   yum clean all
   
   # upgrade releases from 2.x/3.0 to 3.2
   yum upgrade http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm
   
   # disable additional repository
   yum-config-manager --disable zabbix-non-supported
   
   # update
   yum update -y
   
   # clean cache
   yum clean all
   
   # enable services
   systemctl enable zabbix-server
   systemctl enable zabbix-agent

   ---

3. [FOR AGENTS ONLY] Run:
   

   ---

   # for agents
   
   systemctl stop zabbix-agent
   
   yum clean all
   
   yum upgrade http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm
   
   yum-config-manager --disable zabbix-non-supported
   
   yum install zabbix-agent -y
   
   yum clean all
   
   systemctl enable zabbix-agent
   
   systemctl start zabbix-agent

   ---