WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud
  • Tanzu
    • Application Modernization
    • Tanzu services
    • Tanzu Community Edition
    • Tanzu Kubernetes Grid
    • vSphere with Tanzu
  • Home Lab
  • Nested Virtualization
  • Apple
You are here: Home / Automation / OVFTool 4.4.1 - Upload OVF/OVA from URL using upcoming "pull" mechanism

OVFTool 4.4.1 - Upload OVF/OVA from URL using upcoming "pull" mechanism

10.14.2020 by William Lam // 4 Comments

I was helping a fellow colleague yesterday with an OVA question and I came to learn about an upcoming feature in the popular OVFTool utility that would allow for a new method of uploading a remote OVF/OVA to either a vCenter and/or ESXi endpoint.

Historically, when you upload an OVF/OVA whether that is stored locally or remotely from a URL, the data path will actually transfer through the system running the OVFTool between the source and destination, which is ultimately the ESXi host which performs the actual download. Although the OVF/OVA data is not actually stored on your local system, the traffic is proxied through your system and can add an unnecessary hop if the remote OVF/OVA URL can directly be accessed by ESXi host.

A new --pullUploadMode flag has been introduced in the latest OVFTool 4.4.1 release, which will allow ESXi host to directly download (pull) from the remote OVF/OVA URL, assuming it has connectivity. In addition to version of OVFTool, you will also need to have either ESXi 6.7 or 7.0 environment for this new feature to work.

Disclaimer: Although this feature is available in latest OVFTool release, it is still under development and should be considered a Beta feature in case folks are interested in trying it out.

Since the ESXi host is directly downloading from the remote source, there are two additional security verification that has already been implemented. The first is an additional vSphere Privilege called "Pull from URL" which is under the vApp section. Without this, you will get a permission denied error.


Secondly, in addition to specifying the new CLI option, you will also need to provide another flag called --sourceSSLThumbprint which should include the SHA1 hash of endpoint hosting the OVF/OVA. This is an additional verification to ensure the validity of the server hosting the OVF/OVA.

Here is an example of deploying my latest ESXi 7.0 Update 1 Virtual Appliance OVA which is remotely hosted. The quickest way to obtain the SHA1 thumbprint is simply opening browser to based URL which is https://download3.vmware.com/


You will need to replace the space with ":" (colon), so the final string should look like BA:C6:4E:D9:AD:D4:53:B5:86:5A:5D:70:36:CF:89:93:D1:6C:F9:63

Here is an example OVFTool command to deploy from the remote URL

ovftool \
--X:logFile="ovftool.log" \
--acceptAllEulas \
--allowAllExtraConfig \
--allowExtraConfig \
--noSSLVerify \
--sourceSSLThumbprint="BA:C6:4E:D9:AD:D4:53:B5:86:5A:5D:70:36:CF:89:93:D1:6C:F9:63" \
--name="Nested-ESXi-7.0-Update-1-Appliance" \
--datastore=sm-vsanDatastore \
--net:"VM Network"="VM Network" \
--pullUploadMode \
https://download3.vmware.com/software/vmw-tools/nested-esxi/Nested_ESXi7.0u1_Appliance_Template_v1.ova \
'vi://*protected email*:[email protected]/Primp-Datacenter/host/Supermicro-Cluster'

If we switch over to the vSphere UI, we should see a new task called "Download remote files" which indicates the new pull method is being leveraged. One thing to note is that because ESXi is now performing the download directly, progress may not be known by the OVFTool client, since it is not longer the source for the data transfer. Another thing to be aware of is that OVFTool itself has built-in retry logic in case there is a slight interruption during the data transfer with the current mechanisms. In the "pull" scenario, there is no retry by ESXi and so depending on connectivity, its possible deployments can fail and complete re-transfer would be required.

More from my site

  • Tanzu Kubernetes Grid (TKG) Demo Appliance 1.2.0
  • Quick Tip - Enabling vCenter Events for NTP (Network Time Protocol) or PTP (Precision Time Protocol) operations
  • Quick Tip - How to deploy OVF/OVA to multiple networks using OVFTool?
  • How to programmatically retrieve vCenter Server Patch & Update History?
  • Quick Tip - How to disable the vCenter Server Update Notification banner?
Share this...
  • Twitter
  • Facebook
  • Linkedin
  • Reddit
  • Pinterest

Categories // Automation, OVFTool, vSphere 6.7, vSphere 7.0 Tags // ovftool, vSphere 6.7, vSphere 7.0

Comments

  1. David K. Lee says

    10/14/2020 at 7:57 am

    This is a great improvement! Thanks for pointing it out! Also, William, congrats on your 9 year anniversary as a VMware employee!

    Reply
  2. Tony Su says

    10/15/2020 at 10:39 am

    Very interesting.
    But from your description I can imagine a number of possible improvements, eg
    Use a directory service to list and select available machines
    A label alias that maps to the ivf id instead of the number string,
    Progress bar or similar displaying progress of remote download

    Reply
  3. mikeschinkel says

    10/09/2021 at 12:13 am

    Thanks for writing this post William.

    Does this mean that I could get vSphere to pull directly from a jFrog Artifactory to get an OVA to deploy in vCenter?

    If so, how exactly?

    Reply
    • William Lam says

      10/09/2021 at 8:15 am

      If jFrog provides an accessible URL, then yes 🙂

      I'd recommend you give it a try and experiment a bit yourself

      Reply

Thanks for the comment! Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Author

William Lam is a Senior Staff Solution Architect working in the VMware Cloud team within the Cloud Infrastructure Business Group (CIBG) at VMware. He focuses on Cloud Native technologies, Automation, Integration and Operation for the VMware Cloud based Software Defined Datacenters (SDDC)

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Connect

  • Email
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • Vimeo

Support

Recent

  • Using the new vSphere Guest OS Customization with cloud-init in vSphere 7.0 Update 3 06/27/2022
  • How to forcefully disconnect a vSphere VM Console session? 06/24/2022
  • Quick Tip - Using ESXi Scripted Installation (kickstart) to configure IPv6 networking 06/21/2022
  • Hiking Trails 06/04/2022
  • 2022 VMUG Advantage Community Group Buy 06/01/2022

Advertisment

Copyright WilliamLam.com © 2022

 

Loading Comments...