virtuallyGhetto

ovftool

Quick Tip – Import OVF/OVA as VM Template using OVFTool 4.3 Update 1

by 5 Comments

OVFTool is an extremely versatile command-line utility for importing and exporting Virtual Machines to and from the OVF/OVA format and it supports a number of VMware platforms including VMware Cloud on AWS (VMC), vSphere (vCenter Server and ESXi), Fusion, Workstation, Player and even vCloud Director (vCD).

An infrequent asks that I have seen from customers is the ability to deploy an OVF/OVA as a VM Template rather than just a Virtual Machine in a vSphere-based environment. OVFTool has had the ability to deploy to vAppTemplate for vCD-based environments, so it would make sense to also support vCenter Server VM Templates as well. Today, the workflow is a two-step process, deploy the OVF/OVA and then use the vSphere API to convert the VM to a VM Template.

With the latest OVFTool 4.3 Update 1 which was a minor release last year, we now have a new parameter called importAsTemplate which will allow customers to easily import an OVF/OVA directly into as a VM Template. Below is a quick sample using this new option and I am deploying to a VMC-based environment (see this article for requirements when using OVFTool with VMC)

Once the upload has completed, we can take a look at our vSphere UI and see that our imported OVA been automatically been converted to a VM Template!

OVFTool and VMware Cloud on AWS

by 1 Comment

Recently, I had noticed a number of questions that have come up regarding the use of OVFTool with the VMware Cloud on AWS (VMC) service. I had a chance to take a look at this last Friday and I can confirm that customers can indeed use this tool to import/export VMs into VMC whether they are from a vSphere/vCloud Director-based environment or simply OVF/OVAs you have on your desktop. Outlined below are the requirements and steps that you must have setup before you can use OVFTool with VMC. In addition, I have also include an OVFTool command snippet which you can use and adapt in your own environment.

Requirements:

  1. You must setup VPN connection between your onPrem environment and the Management Gateway on VMC (direct internet access to ESXi is not supported)
  2. Configure the VMC Firewall to allow access between your onPrem and VMC's ESXi host on port 443 (data transfer occurs at ESXi host level)
  3. Specify the Workload VM Folder as a target
  4. Specify the Compute-ResourcePool Resource Pool as a target
  5. Specify the WorkloadDatastore Datastore as a target

Instructions:

Step 1 - Create a Management VPN connection, please see the official documentation here for more details.

Step 2 - Create a two new Firewall Rules that allow traffic from your onPrem environment to both vCenter Server and ESXi host on port 443. vCenter Server will obviously be used for UI/API access and for ESXi, this is where the data traffic transfer will take place.


Step 3 - Construct your OVFTool command-line arguments and ensure you are using the VM Folder "Workloads", Resource Pool "Compute-ResourcePool" and Datastore "WorkloadDatastore" as your target destination since the CloudAdmin user will have restrictive privileges within VMC.

Here is an example command to upload an OVA from my desktop to the VMC vCenter Server:

Note: OVFTool also supports the ability to specify a VM that is residing in your vSphere environment as a source, so you do not have to export it locally to your desktop and you can directly transfer it (your client desktop acting as a proxy) to VMC.

Here is the output from running the above command:


Once the upload has completed, you should see your new VM appear in your vSphere Inventory

 

Quick Tip – OVFTool 4.3 now supports vCPU & memory customization during deployment

by 2 Comments

In addition to adding vSphere 6.7 support and a few security enhancements (more details in the release notes), the latest OVFTool 4.3 release has also been enhanced to support customizing either vCPU and/or Memory from the default configurations when deploying an OVF/OVA.

Historically, it was only possible to modify these values if you were deploying to a vCloud Director endpoint using either --numberOfCpus or --memorySize. When deploying to a vSphere endpoint, these settings were not applicable and users would need to perform an additional operation calling into the vSphere API using whatever automation tool of choice to reconfigure the VM after deployment. It was not the end of the world but also not ideal if you simply wanted to make a minor modification to the default OVF/OVA you were deploying. I definitely ran into this a few times where having this functionality would have been very useful and I know number of customers have also shared simliar feedback in the past.

I had asked whether it was possible to support this use case and it looks like we already had an internal feature request added to the OVFTool backlog and with some additional customer feedback, we were also able to get this enhancement added to the latest release.

The existing --numberOfCpus and --memorySize accepts a VM Identifier (usually the name) followed by the value, for example

--numberOfCpus:Foo=4

The VM Identifier is to help with vApp deployments where you may have an OVF/OVA which is composed of multiple VMs of which you would like to customize each VM with different values. To ensure we do not break backwards compatibility, this pattern has also been extended when deploying to a vSphere endpoint. Having said that, most customers that I have talked to who use OVFTool generally deploy an OVF/OVA that is comprised of a single VM. In this case, rather than specifying the name of the VM again which is derived from --name property, you can simply use the wildcard asterisk (*) to simply apply it to all VMs within the OVF/OVA.

Here is an example of deploying a PhotonOS OVA which is configured with a default of 1 vCPU and 2GB memory and as part of our deployment using OVFTool, we will increase both vCPU to 2 and memory to 4GB:

ovftool --acceptAllEulas --name=Foo --numberOfCpus:'*'=2 --memorySize:'*'=4096 photon-custom-hw11-2.0-304b817.ova 'vi://administrator@vsphere.local@192.168.30.200/VSAN-Datacenter/host/VSAN-Cluster'

Native OVF support for Fusion/Workstation 2017 Tech Preview 

by 1 Comment

The VMware Fusion and Workstation team just released their 2017 Tech Preview releases and there is a ton of new and awesome capabilities which you can read more about here and here. One of the exciting new features, which I was very fortunate to have been involved with is finally here, native OVF property support! Although customers have had the ability to import OVF/OVAs for some time now, if they included OVF properties, they would be ignored and often times this would result in a failed deployment as those properties are required for the initial setup.

A great example of this is trying to run the vCenter Server Appliance (VCSA) on either Fusion or Workstation. Today, the only workaround is to manually edit the VMX file and supplying the correct OVF properties which I have blogged about here. With the latest TP release of Fusion/Workstation, when you import an OVF/OVA that contains OVF properties, the UI will automatically render the required information directly into the UI without needing users to manually touch the VMX files.

Here is a screenshot of deploying the latest VCSA 6.5d OVA (jump to bottom for some additional VCSA tidbits when deploying to Fusion/Workstation):

[Read more...] about Native OVF support for Fusion/Workstation 2017 Tech Preview 

Workaround to deploy vSphere Integrated Containers 1.1 OVA using PowerCLI (SHA256 not supported)

by 2 Comments

Last week I had noticed several folks were having issues deploying the latest vSphere Integrated Containers (vIC) 1.1 OVA using PowerCLI. The following error message was observed when using the Get-OvfConfiguration cmdlet which is needed before importing an OVF/OVA:

PowerCLI doesn't support SHA256 hash codes in OVF manifest

As you probably have guessed, the issue is that PowerCLI currently does not support the SHA256 hashing algorithm, which the latest vIC OVA was generated with. I suspect this is probably related to the change with OVFTool 4.2 which now defaults to SHA256 which also has some implications on which vSphere UI you can use to import OVF/OVAs which I had written about here. As of today, PowerCLI currently only supports SHA1 and anything greater will not work. I have already reported this to Jake Robinson who is the PM for PowerCLI and hopefully this will get addressed in a future update.

In the meantime, you can deploy vIC using either the vSphere Web Client and/or ESXi Embedded Host Client, both support SHA256. If you wish to Automate the deployment of vIC, the only option right now is to convert the OVA from SHA256 to SHA1. You can easily do this by using OVFTool which is available on all OS platforms. If you already have downloaded the vCenter Server Appliance (VCSA) ISO, you can even make use of its bundled OVFTool in case you did not want to install OVFTool (You can find it under vcsa/ovftool in extracted ISO).

To convert the hashing algorithm, we just need to pass in our desire hash to the --shaAlgorithm parameter.

ovftool.exe --shaAlgorithm=SHA1 C:\Users\primp\Desktop\vic-v1.1.1_56a309fb.ova C:\Users\primp\Desktop\vic-v1.1.1_56a309fb-SHA1.ova

Once the conversion is done, you can delete the original vIC OVA and then use PowerCLI to import the new OVA just like you would with any other OVF/OVA!

New “raw” VM Storage Policy support in OVFTool 4.2 simplifies bootstrapping VMs onto VSAN

by 1 Comment

Several weeks back I came across a handy little tidbit on an enhancement that was added to the latest version of OVFTool (4.2) that greatly simplifies the bootstrapping of a vCenter Server or any other VM for that matter onto a vSAN Datastore. This is generally used when setting up a pure greenfield environment where your vCenter Server may not be setup yet and you want to run it on top of vSAN which is fully supported configuration. The process of "bootstrapping" a VCSA onto a single node vSAN datastore is documented on my blog here. The high level steps are as follows:

  1. Temporarily change default ESXi VM Storage Policy to allow forced provisioning and FTT=0 (e.g. no protection)
  2. Claim disks for creating vSAN Diskgroup(s)
  3. Create vSAN Cluster
  4. Deploy VCSA
  5. Apply the default vSAN VM Storage Policy to VCSA VM
  6. Revert the temporarily change of default ESXi VM Storage Policy

With this new OVFTool enhancement, Step 1 and 6 is no longer needed from the standpoint of needing to change the default VM Storage Policy on the ESXi host using the ESXi Shell or using the vSphere API. Instead, you can now pass in a "raw" VM Storage Policy (SPBM) to apply to the specific OVF/OVA that is being deployed rather having to make a global change on the ESXi host. This also helps reduce the post-deployment steps as you only need to re-apply the default vSAN VM Storage Policy to the vCenter Server VM and not have to touch ESXi host settings once the vCenter Server is up and running.

To use this new raw VM Storage Policy feature in OVFTool, there is a new command-line option called --defaultStorageRawProfile which accepts the "raw" VM Storage Policy as you would normally provide to SPBM APIs such as "((\"hostFailuresToTolerate\" i1) (\"forceProvisioning\" i1))" for example.

The really cool thing about this feature is that you can take advantage of this directly with the new OVFTool argument passthrough feature that was introduced in the VCSA 6.5 CLI deployment utility. Combining these solutions together, you can easily simplify the "bootstrapping" of a VCSA onto a vSAN Datastore. Below is the snippet that you would include in the VCSA JSON configuration file used for deployment.

"ovftool.arguments" : {
"defaultStorageRawProfile" : "((\"hostFailuresToTolerate\" i1) (\"forceProvisioning\" i1))"
}

Although a tiny enhancement, I think this is a pretty neat capability, especially being able to make use of it natively within the VCSA configuration file. It is definitely great to see us continue to simplify how VMware management infrastructure is deployed and definitely stay tuned on what else we have cooking in the future for this particular area 🙂