WilliamLam.com

How to Create Manifest File for OVF Signing

by // 4 Comments

While browsing the VMTN forums the other day, I just learned that you can sign your own OVF files using VMware's ovftool. To sign your OVF files, you will need the .ovf, .vmdk files and an X.509 certificate. Though not mandatory, you should also have a manifest file that includes a hash of the files to be signed. ovftool will still allow you to sign the OVF files, but a warning will be thrown if the manifest file is not included.

If you export a virtual machine/vApp using the vSphere Client or the ovftool, the manifest file is automatically generated for you and it ends with .mf extension.

If you have some OVF files that you want to sign but do not have the manifest file or somehow lost it, it is actually quite easy to re-create using the openssl utility.

To create the manifest file, run the following command for all files to be signed:

openssl sha1 *.vmdk *.ovf > MyVM.mf

You can use cat utility to view the contents of the manifest file:

To sign your OVF files, run the following command which will include the path to your X.509 certificate and the new signed OVF name:

ovftool --privateKey=ghetto.pem MyVM.ovf MyVM-Signed.ovf

Note: There is no space between --privateKey= and the path to X.509 certifcate, else you may get an odd error message.

If the signing was successful, you should not see any errors:

To view the newly signed OVF files, you can run the following command:

ovftool MyVM-Signed.ovf

You will find that the OVF has been signed under the "Manifest Info" section:

Now when you import the OVF back into your environment using either the vSphere Client or ovftool, you should now see the certificate information:

For more details and examples of using the ovftool, take a look at the user guide here.

Unattended Deployment of vCloud Director Virtual Appliance

by // 1 Comment

VMware just released vCloud Director 1.5 as a virtual appliance for the first time. This virtual appliance is not meant to be used in a production environment, but to help users easily deploy and evaluate vCloud Director. There is also an updated vCloud Director Evaluators Guide that goes along with the new vCD appliance that was released today which you should also check out.

Just like in previous post on unattended deployments of vCenter Orchestrator and vCloud Connector. Here is how you can automate the deployment of vCloud Director.

Here are the four ovf properties that are used to configure the network for vCloud Director 1.5

  • vami.gateway.VMware_vCloud_Director
  • vami.DNS.VMware_vCloud_Director
  • vami.ip0.VMware_vCloud_Director
  • vami.netmask0.VMware_vCloud_Director
  • vami.ip1.VMware_vCloud_Director
  • vami.netmask1.VMware_vCloud_Director

Note: There are two network interfaces for vCloud Director, one for HTTP and one for CONSOLE access.

To see these properties before deploying, you can query using the ovftool which can help you identify the name of the ovf variables using the following command:

ovftool --hideEula vCloud_Director_VA_CentoOS5-1.5.0.0-525550_OVF10.ova

Here is an example of the ovftool command to deploy vCD Server:

ovftool --acceptAllEulas --skipManifestCheck '--net:Network 1=VM_Network' '--net:Network 2=VM_Network' --datastore=vesxi50-2-local-storage-1 --diskMode=thin --name=vcd --prop:vami.DNS.VMware_vCloud_Director=172.30.0.100 --prop:vami.gateway.VMware_vCloud_Director=172.30.0.1 --prop:vami.ip0.VMware_vCloud_Director=172.30.0.148 --prop:vami.netmask0.VMware_vCloud_Director=255.255.255.0 --prop:vami.ip1.VMware_vCloud_Director=172.30.0.149 --prop:vami.netmask1.VMware_vCloud_Director=255.255.255.0 vCloud_Director_VA_CentoOS5-1.5.0.0-525550_OVF10.ova 'vi://root:*protected email*/?dns=vesxi50-2.primp-industries.com'

Of course, I wrote a simple shell script deployvCD.sh to help with the deployment. The script assumes you have ovftool installed and the OVF files located in the same directory as the script. You will need to edit the following variables if you wish to deploy vCD Server:

Note: There are many ways of using the ovftool to deploy an OVF. In this simple example, it requires you to specify an ESX(i) host, but you can modify the locator to deploy to a VM folder or datacenter path. For more examples and options, please take a look at the ovftool documentation.

Here is an example of the script in action:

Once the vCD virtual appliance has been deployed, you can also have it automatically power on by specifying the following parameter --powerOn.

If everything was successful, you should now be able to point your browser to the hostname of your vCD Server and you should taken to the vCD splash screen.

Happy vClouding 🙂

Unattended Deployment of vCloud Connector Server/Node Virtual Appliance

by // 2 Comments

VMware just released vCloud Connector 1.5 Server and Node which is distributed as a virtual appliance. Just like in previous post Unattended Deployment of vCenter Orchestrator Virtual Appliance here is how you can automate the deployment of vCloud Connector Server and vCloud Connector Node.

Here are the four ovf properties that are used to configure the network for vCloud Connector 1.5

  • vami.gateway.VMware_vCloud_Connector_Server
  • vami.DNS.VMware_vCloud_Connector_Server
  • vami.ip0.VMware_vCloud_Connector_Server
  • vami.netmask0.VMware_vCloud_Connector_Server

Here are the four ovf properties that are used to configure the network for vCloud Connector 1.5

  • vami.gateway.VMware_vCloud_Connector_Node
  • vami.DNS.VMware_vCloud_Connector_Node
  • vami.ip0.VMware_vCloud_Connector_Node
  • vami.netmask0.VMware_vCloud_Connector_Node

To see these properties before deploying, you can query using the ovftool which can help you identify the name of the ovf variables using the following command:

ovftool --hideEula vCCServer-1.5.0.0-515166_OVF10.ovf

Here is an example of the ovftool command to deploy vCC Server:

ovftool --acceptAllEulas --skipManifestCheck '--net:Network 1=VM_Network' --datastore=vesxi50-1-local-storage-1 --diskMode=thin --name=vcc-server --prop:vami.DNS.VMware_vCloud_Connector_Server=172.30.0.100 --prop:vami.gateway.VMware_vCloud_Connector_Server=172.30.0.1 --prop:vami.ip0.VMware_vCloud_Connector_Server=172.30.0.143 --prop:vami.netmask0.VMware_vCloud_Connector_Server=255.255.255.0 vCCServer-1.5.0.0-515166_OVF10.ovf 'vi://root:*protected email*/?dns=vesxi50-1.primp-industries.com'

Here is an example of the ovftool command to deploy vCC Node:

ovftool --acceptAllEulas --skipManifestCheck '--net:Network 1=VM_Network' --datastore=vesxi50-1-local-storage-1 --diskMode=thin --name=vcc-node --prop:vami.DNS.VMware_vCloud_Connector_Node=172.30.0.100 --prop:vami.gateway.VMware_vCloud_Connector_Node=172.30.0.1 --prop:vami.ip0.VMware_vCloud_Connector_Node=172.30.0.144 --prop:vami.netmask0.VMware_vCloud_Connector_Node=255.255.255.0 vCCNode-1.5.0.0-515165_OVF10.ovf 'vi://root:*protected email*/?dns=vesxi50-1.primp-industries.com'

Of course, I wrote a simple shell script deployvCC.sh to help with the deployment. The script assumes you have ovftool installed and the OVF files located in the same directory as the script. You will need to edit the following variables if you wish to deploy vCC Server and/or Node:

Note: There are many ways of using the ovftool to deploy an OVF. In this simple example, it requires you to specify an ESX(i) host, but you can modify the locator to deploy to a VM folder or datacenter path. For more examples and options, please take a look at the ovftool documentation.

Here is an example of the script in action:

Once the vCC virtual appliance has been deployed, you can also have it automatically power on by specifying the following parameter --powerOn.

If everything was successful, you should now be able to point your browser to the hostname of your vCC Server/Node and you should taken to the vCC splash screen.

Happy vConnecting 🙂