WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple

How to Deploy an OVF Located On ESXi Datastore Using ovftool

03.11.2012 by William Lam // 43 Comments

I have written several articles in the past about the awesome ovftool which is a versatile remote command-line utility for importing/exporting virtual machines in the OVF format across various VMware products. I mainly run ovftool in either the vMA or on my OSX desktop. When performing an import, the OVF files are local on the same system that has the ovftool installed.

I recently came across an interesting question about using the ovftool to deploy OVF files that are located on an ESXi datastore. My initial thought was that you would not be able to deploy the OVF files since the ovftool would not have access to the files locally. After finishing a recent article about ESXi datastore management using the vCLI's vifs utility, I then realized there might actually be a way to deploy OVF files that are stored on an ESXi datastore.

If you take a look on page 17 of the ovftool user guide, there is a table describing the various source locators that are supported. You can see that the source of an OVF file can be accessed by ovftool in 4 different methods including HTTP/HTTPs which is a key for this specific request.

Source Type Default File Extension Protocol
OVF .ovf File, HTTP, HTTPS, FTP
OVA .ova File, HTTP, HTTPS, FTP
VMX .vmx File
vvApprun N/A File
vCloud Director N/A HTTPS
vSphere N/A vSphere

Files and folders management for a datastore is exposed through the fileManager in the vSphere API and datastores are referenced as a URL or remote path.

A URL has the form

scheme://authority/folder/path?dcPath=dcPath&dsName=dsName

where

  • scheme is http or https.
  • authority specifies the hostname or IP address of the Center or ESX(i) server and optionally the port.
  • dcPath is the inventory path to the Datacenter containing the Datastore.
  • dsName is the name of the Datastore.
  • path is a slash-delimited path from the root of the datastore.

Putting all this together, you can use the ovftool remotely to deploy an OVF file that is stored on an ESX(i) datastore. Below is an example walk through of this process.

Here is an OVF that is stored on a datastore located on an ESXi host:

To identify the URL path to your OVF, you can use a web browser to assist. Point your browser to the following address: https://[ESXI_HOST]/folder

When you first login, you will be brought to the root datacenter, in the case of directly connecting to an ESX(i) host, you will only see "ha-datacenter". Go ahead and select it and then you will be brought to a list of datastores the host has access to.

Select the datastore which contains the OVF file you wish to deploy from and then browse to the specific file.

Make a note of the URL path used to get to the OVF file and the OVF filename itself. Taking the example above, we end up with the following URL path:

https://vesxi50-4.primp-industries.com/folder/MyVM/MyVM.ovf?dcPath=ha-datacenter&dsName=iSCSI-1

To confirm the URL path, we can use ovftool to perform a simple "probe" on our OVF, this will provide you with a quick summary of the OVF.

Next we are ready to import the OVF file to our ESXi host. In this example, we will deploy the OVF to another datastore the ESXi host has access to and configure a specific portgroup to connect to the VM to after deployment. There are various options that can be passed to ovftool, please refer to the ovftool user guide for more details.

One the import has completed, you should now see the VM automatically registered in your ESXi host inventory.

You can see that this method allows you to import an OVF file stored on a datastore locally to the ESXi host as well as an OVF file stored on a remote datastore of another ESXi host. To help manage and deploy your OVF files, you should consider storing them on a centralized "media" datastore or even a WEB/FTP server that can be accessed by the ovftool.

Categories // Automation, OVFTool Tags // ova, ovf, ovftool

Unattended Deployment of vCenter Infrastructure Navigator

02.06.2012 by William Lam // 2 Comments

I deployed VMware's new vCenter Infrastructure Navigator in my lab over the weekend and just like the rest of the other virtual appliances (vCloud, vCO, vCC, vShield), here is how you can automate the deployment of VMware vIN.

Here are the ovf parameters that are available to deploy vCenter Infrastructure Navigator:

  • vm.password
  • vami.gateway.vCenter_Infrastructure_Navigator
  • vami.DNS.vCenter_Infrastructure_Navigator
  • vami.ip0.vCenter_Infrastructure_Navigator
  • vami.netmask0.vCenter_Infrastructure_Navigator

To see these properties before deploying, you can query using the ovftool which can help you identify the name of the ovf variables using the following command:

ovftool --hideEula Navigator-1.0.0.49-592384_OVF10.ova

Note: Before deploying vIN, ensure that you have the vCenter advanced setting VirtualCenter.ManagedIP configured as it is needed by the vService in vIN. For more details, take a look at this blog post on how you can easily automate this.

Here is an example of the ovftool command to deploy vIN Server:

ovftool --acceptAllEulas --skipManifestCheck '--net:Network 1=VM_Network' --datastore=iSCSI-4 --diskMode=thin --name=vin --prop:vami.DNS.vCenter_Infrastructure_Navigator=172.30.0.100 --prop:vami.gateway.vCenter_Infrastructure_Navigator=172.30.0.1 --prop:vami.ip0.vCenter_Infrastructure_Navigator=172.30.0.150 --prop:vami.netmask0.vCenter_Infrastructure_Navigator=255.255.255.0 --prop:vm.password=vmware123 Navigator-1.0.0.49-592384_OVF10.ova 'vi://root:*protected email*/?dns=vesxi50-3.primp-industries.com'

Of course, I wrote a simple shell script deployvIN.sh to help with the deployment. The script assumes you have ovftool installed and the OVF files located in the same directory as the script. You will need to edit the following variables if you wish to deploy vIN:

Note: There are many ways of using the ovftool to deploy an OVF. In this simple example, it requires you to specify an ESX(i) host, but you can modify the locator to deploy to a VM folder or datacenter path. For more examples and options, please take a look at the ovftool documentation.

Here is an example of the script in action:

Once the vIN virtual appliance has been deployed, you can also have it automatically power on by specifying the following parameter --powerOn.

If everything was successful, you should be able to license vCenter Infrastructure Navigator using the vSphere Client C# client and then login to the vSphere Web Client to enable the discovery process for your virtual machines. Shortly after, you should start seeing some application dependency within your vSphere environment like this:

Categories // Automation, OVFTool Tags // infrastructure navigator, ovftool, vIN

How to Create Manifest File for OVF Signing

01.25.2012 by William Lam // 4 Comments

While browsing the VMTN forums the other day, I just learned that you can sign your own OVF files using VMware's ovftool. To sign your OVF files, you will need the .ovf, .vmdk files and an X.509 certificate. Though not mandatory, you should also have a manifest file that includes a hash of the files to be signed. ovftool will still allow you to sign the OVF files, but a warning will be thrown if the manifest file is not included.

If you export a virtual machine/vApp using the vSphere Client or the ovftool, the manifest file is automatically generated for you and it ends with .mf extension.

If you have some OVF files that you want to sign but do not have the manifest file or somehow lost it, it is actually quite easy to re-create using the openssl utility.

To create the manifest file, run the following command for all files to be signed:

openssl sha1 *.vmdk *.ovf > MyVM.mf

You can use cat utility to view the contents of the manifest file:

To sign your OVF files, run the following command which will include the path to your X.509 certificate and the new signed OVF name:

ovftool --privateKey=ghetto.pem MyVM.ovf MyVM-Signed.ovf

Note: There is no space between --privateKey= and the path to X.509 certifcate, else you may get an odd error message.

If the signing was successful, you should not see any errors:

To view the newly signed OVF files, you can run the following command:

ovftool MyVM-Signed.ovf

You will find that the OVF has been signed under the "Manifest Info" section:

Now when you import the OVF back into your environment using either the vSphere Client or ovftool, you should now see the certificate information:

For more details and examples of using the ovftool, take a look at the user guide here.

Categories // Automation, OVFTool Tags // manifest file, ovftool

  • « Previous Page
  • 1
  • …
  • 216
  • 217
  • 218
  • 219
  • 220
  • …
  • 224
  • Next Page »

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025