Deploy OVAs to vCenter with VMware OVF Tool

Try to deploy an OVA in vCenter 6.5 and you’ll likely see the following helpful little number-

This version of vCenter Server does not support Deploy OVF Template using this version of vSphere Web Client. To Deploy OVF Template, login with version 6.5.0.0 of vSphere Web Client.

After some mucking about, I found a supported solution- VMware OVF Tool.

First up, download OVF Tool from https://www.vmware.com/support/developer/ovf/. Install the MSI, taking note of the install directory (the default is c:\Program Files\VMware\VMware OVF Tool\).

Launch a Command Prompt, then change to the directory where OVF Tool was installed

cd "c:\Program Files\VMware\VMware OVF Tool"

Query your OVA to see deployment options

ovftool.exe Z:\ovatodeploy.ova

In this case, I’m deploying vRealize Log Insight 3.0 and the following output is received, but this will vary from one OVA to the next

Download Size:  611.42 MB

Deployment Sizes:
  Flat disks:   132.38 GB
  Sparse disks: 610 bytes

Networks:
  Name:        Network 1
  Description: The "Network 1" network

Virtual Machines:
  Name:               VMware_vRealize_Log_Insight
  Operating System:   sles11_64guest
  Virtual Hardware:
    Families:         vmx-07 vmx-08 vmx-09 
    Number of CPUs:   4
    Cores per socket: 1
    Memory:           8.00 GB

    Disks:
      Index:          0
      Instance ID:    5
      Capacity:       12.13 GB
      Disk Types:     SCSI-lsilogic 

      Index:          1
      Instance ID:    6
      Capacity:       120.00 GB
      Disk Types:     SCSI-lsilogic 

      Index:          2
      Instance ID:    9
      Capacity:       256.00 MB
      Disk Types:     SCSI-lsilogic 

    NICs:
      Adapter Type:   vmxnet3
      Connection:     Network 1

Properties:
  ClassId:     vami
  Key:         hostname
  InstanceId   VMware_vCenter_Log_Insight
  Category:    Networking Properties
  Label:       Hostname
  Type:        string(0..65535)
  Description: The hostname or the fully qualified domain name for this VM. 
               Leave blank if DHCP is desired. 

  ClassId:     vami
  Key:         ip0
  InstanceId   VMware_vCenter_Log_Insight
  Category:    Networking Properties
  Label:       Network 1 IP Address
  Type:        string
  Description: The IP address for this interface. Leave blank if DHCP is 
               desired. 

  ClassId:     vami
  Key:         netmask0
  InstanceId   VMware_vCenter_Log_Insight
  Category:    Networking Properties
  Label:       Network 1 Netmask
  Type:        string
  Description: The netmask or prefix for this interface. Leave blank if DHCP is
               desired. 

  ClassId:     vami
  Key:         gateway
  InstanceId   VMware_vCenter_Log_Insight
  Category:    Networking Properties
  Label:       Default Gateway
  Type:        string
  Description: The default gateway address for this VM. Leave blank if DHCP is 
               desired. 

  ClassId:     vami
  Key:         DNS
  InstanceId   VMware_vCenter_Log_Insight
  Category:    Networking Properties
  Label:       DNS
  Type:        string
  Description: The domain name servers for this VM (comma separated). Leave 
               blank if DHCP is desired. WARNING: Do not specify more than two 
               DNS entries or no DNS entries will be configured! 

  ClassId:     vm
  Key:         rootpw
  Category:    Other Properties
  Label:       Root Password
  Type:        password(0..65535)
  Description: A root password can be set during deployment if desired. If not,
               but guest customization is running, then it will be randomly 
               generated. Otherwise the password will be blank, and will be 
               required to change in the console before using ssh. For security
               reasons, it is recommended to use a password that is a minimum 
               of eight characters and contains a minimum of one upper, one 
               lower, one digit, and one special character. 

  ClassId:     vm
  Key:         sshkey
  Category:    Other Properties
  Label:       SSH Public Key
  Type:        string(0..65535)
  Description: An SSH Public Key can be set during deployment, disabling 
               password authentication. If blank, SSH will be configured per 
               the Root Password option above. 

Deployment Options:
  Id:          xsmall
  Label:       Extra Small
  Description:  IMPORTANT: This configuration is intended for proof-of-concept 
               or test environments and should not be used in a production 
               environment. 
               
                       This configuration supports up to 20 ESXi hosts (~200 
               events/second or ~3GB/day) and requires the following: 
               
                       * 2 CPUs (minimum 2.0GHz)
                       * 4GB RAM
                       * 132GB of storage (100GB for event storage) - thick 
               provisioned, eager zeroed highly recommended 
                       * VM hardware version 7 or greater (vSphere 4.0 or 
               greater) 
                       

  Id:          small  (default)
  Label:       Small
  Description: IMPORTANT: For Log Insight clusters medium or large sized nodes 
               should be used. 
                       
                       This configuration supports up to 200 ESXi hosts (~2,000
               events/second or ~30GB/day) and requires the following: 
               
                       * 4 CPU (minimum 2.0GHz)
                       * 8GB RAM
                       * 132GB of storage (100GB for event storage) - thick 
               provisioned, eager zeroed highly recommended 
                       * VM hardware version 7 or greater (vSphere 4.0 or 
               greater) 
                       

  Id:          medium
  Label:       Medium
  Description: This configuration supports up to 500 ESXi hosts (~5,000 
               events/second or ~75GB/day) and requires the following: 
               
                       * 8 CPU (minimum 2.0GHz)
                       * 16GB RAM
                       * 282GB of storage (250GB for event storage) - thick 
               provisioned, eager zeroed highly recommended 
                       * VM hardware version 7 or greater (vSphere 4.0 or 
               greater) 
                       

  Id:          large
  Label:       Large
  Description:  IMPORTANT: This configuration requires vSphere 5.0 or greater.
               
                       This configuration supports up to 1,500 ESXi hosts 
               (~15,000 events/second or ~225GB/day) and requires the 
               following: 
               
                       * 16 CPU (minimum 2.0GHz)
                       * 32GB RAM
                       * 282GB of storage (250GB for event storage) - thick 
               provisioned, eager zeroed highly recommended 
                       * VM hardware version 8 or greater (vSphere 5.0 or 
               greater) 
                       

IP Allocation Policy:

  Protocols:   IPv4 IPv6

When constructing our deploy command, ovftool expects the following format when specifying properties-

--prop:"ClassId.Key.InstanceId"="value"

Note the following block as an example-

Properties:
  ClassId:     vami
  Key:         hostname
  InstanceId   VMware_vCenter_Log_Insight
  Category:    Networking Properties
  Label:       Hostname
  Type:        string(0..65535)
  Description: The hostname or the fully qualified domain name for this VM. 
               Leave blank if DHCP is desired.

To specify a hostname, the following command would be used-

--prop:"vami.hostname.VMware_vCenter_Log_Insight"="vrli01"

Generic OVF Tool options are visible with the following command-

ovftool.exe --help

Which will output the following-

Usage: ovftool [options] <source> [<target>]
where
<source>: Source URL locator to an OVF package, VMX file, or virtual machine in
          vCenter or on ESX Server. 
<target>: Target URL locator which specifies either a file location, or a 
          location in the vCenter inventory or on an ESX Server. 

If <target> is not specified, information about the source is displayed to the 
console. 

Options:
     --acceptAllEulas            : Accept all end-user licenses agreements 
                                   without being prompted. 
     --allowAllExtraConfig       : Whether we allow all the ExtraConfig 
                                   options. These options are a security risk 
                                   as they control low-level and potential 
                                   unsafe options on the VM. 
     --allowExtraConfig          : Whether we allow ExtraConfig options in 
                                   white list. These options are safe as we 
                                   have a white list to filter out the 
                                   low-level and potential unsafe options on 
                                   the VM. 
     --annotation                : Add annotation to vi, vmx, vapprun, vCloud, 
                                   OVF, and OVA source locators 
     --authdPortSource           : Use this to override default vmware authd 
                                   port (902) when using a host as source. 
     --authdPortTarget           : Use this to override default vmware authd 
                                   port (902) when using a host as target. 
     --chunkSize                 : Specifies the chunk size to use for files in
                                   a generated OVF package. The default is not 
                                   to chunk. The chunk size without unit is 
                                   assumed to be in megabytes. Accepted units 
                                   are b, kb, mb, gb; e.g., 2gb or 100kb. 
     --compress                  : Compress the disks in an OVF package. Value 
                                   must be between 1 and 9. 1 is the fastest, 
                                   but gives the worst compression, whereas 9 
                                   is the slowest, but gives the best 
                                   compression. 
     --computerName              : Sets the computer name in the guest for a VM
                                   using the syntax --computerName:<VM 
                                   ID>=<value>. Only applies to vCloud targets 
                                   version 5.5 or newer. 
     --coresPerSocket            : Specifies the distribution of the total 
                                   number of CPUs over a number of virtual 
                                   sockets using the syntax 
                                   --coresPerSocket:<VM ID>=<value>. Only 
                                   applies to vCloud targets version 5.5 or 
                                   newer. 
 -ds/--datastore                 : Target datastore name for a VI locator.
     --decodeBase64              : Decode option values with Base64.
     --defaultStorageProfile     : The storage profile for all VMs in the OVF 
                                   package. The value should be an SPBM profile
                                   ID. Only applies to VI targets version 5.5 
                                   or newer. 
     --defaultStorageRawProfile  : The storage profile for all VMs in the OVF 
                                   package. The value should be raw SPBM 
                                   profile. The value will overwrite that in 
                                   --defaultStorageProfile. Only applies to VI 
                                   targets version 5.5 or newer. 
     --deploymentOption          : Selects what deployment option to use (if 
                                   the source OVF package supports multiple 
                                   options.) 
     --disableVerification       : Skip validation of signature and 
                                   certificate. 
 -dm/--diskMode                  : Select target disk format. Supported formats
                                   are: monolithicSparse, monolithicFlat, 
                                   twoGbMaxExtentSparse, twoGbMaxExtentFlat, 
                                   seSparse (VI target), eagerZeroedThick (VI 
                                   target), thin (VI target), thick (VI 
                                   target), sparse, and flat 
     --diskSize                  : Sets the size of a VM disk in megabytes 
                                   using the syntax --diskSize:<VM ID>,<disk 
                                   instance ID>=<value>. Only applies to vCloud
                                   targets version 5.5 or newer. 
     --eula                      : EULA to be inserted in the first virtual 
                                   system or virtual system collection in the 
                                   OVF. If the EULA is in a file, use the 
                                   option --eula@=filename instead. 
     --exportDeviceSubtypes      : Enables export of resource subtype for 
                                   CD/Floppy/Parallel/Serial devices. This can 
                                   limit portability as not all device backings
                                   are supported on all hypervisors. The 
                                   default is false. 
     --exportFlags               : Specifies one or more export flags to 
                                   control what gets exported. The supported 
                                   values for VI sources are mac, uuid, and 
                                   extraconfig. Supported value for vCloud 
                                   sources are preserveIdentity. One or more 
                                   options can be provided, separated by 
                                   commas. 
     --extraConfig               : Sets an ExtraConfig element for all 
                                   VirtualHardwareSections. The syntax is 
                                   --extraConfig:<key>=<value>. Applies to vi, 
                                   vmx, vapprun, vCloud, ovf, and ova source 
                                   locators. 
     --fencedMode                : If a parent network exists on the vCloud 
                                   target, this property specifies the 
                                   connectivity to the parent. Possible values 
                                   are bridged, isolated, and natRouted. 
 -h /--help                      : Prints this message.
     --hideEula                  : In OVF probe mode, hides the EULA.
     --ipAllocationPolicy        : IP allocation policy for a deployed OVF 
                                   package.Supported values are: dhcpPolicy, 
                                   transientPolicy, fixedPolicy, 
                                   fixedAllocatedPolicy. 
     --ipProtocol                : Select what IP protocol to use (IPv4, IPv6).
     --lax                       : Relax OVF specification conformance and 
                                   virtual hardware compliance checks. Use only
                                   if you know what you are doing. 
     --locale                    : Selects locale for target.
     --machineOutput             : Output OVF Tool messages in a machine 
                                   friendly manner. 
     --makeDeltaDisks            : Build delta disk hierarchy from the given 
                                   source locator. 
     --maxVirtualHardwareVersion : The maximal virtual hardware version to 
                                   generate. 
     --memorySize                : Sets the memory size in megabytes of a VM 
                                   using the syntax --memorySize:<VM 
                                   ID>=<value>. Only applies to vCloud targets 
                                   version 5.5 or newer. 
 -n /--name                      : Specifies target name (defaults to source 
                                   name). 
     --net                       : Set a network assignment in the deployed OVF
                                   package. A network assignment is set using 
                                   the syntax --net:<OVF name>=<target name>. 
                                   If the target is vCloud 5.5 or newer, a 
                                   fence mode can also be specified using the 
                                   syntax --net:<OVF name>=<target name>,<fence
                                   mode>. Possible fence mode values are: 
                                   bridged, isolated, and natRouted. 
 -nw/--network                   : Target network for a VI deployment.
     --nic                       : Specifies NIC configuration in a VM using 
                                   the syntax --nic:<VM ID>,<index>=<OVF net 
                                   name>,<isPrimary>,<ipAddressingMode>,<ipAddress>.
                                   Possible values for ipAddressingMode are: 
                                   DHCP, POOL, MANUAL, and NONE. ipAddress is 
                                   optional and should only be used when 
                                   ipAddressingMode is set to MANUAL. Only 
                                   applies to vCloud targets version 5.5 or 
                                   newer. 
     --noDisks                   : Disable disk conversion.
     --noImageFiles              : Do not include image files in destination.
     --noSSLVerify               : Skip SSL verification for VI connections.
     --numberOfCpus              : Sets the number of CPUs for a VM using the 
                                   syntax --numberOfCpus:<VM ID>=<value>. Only 
                                   applies to vCloud targets version 5.5 or 
                                   newer. 
 -o /--overwrite                 : Force overwrites of existing files.
     --powerOffSource            : Ensures a VM/vApp is powered off before 
                                   importing from a VI source. 
     --powerOffTarget            : Ensures a VM/vApp is powered off before 
                                   overwriting a VI target. 
     --powerOn                   : Powers on a VM/vApp deployed on a VI target.
     --privateKey                : Sign OVF package with the given private key 
                                   (.pem file). The file must contain a private
                                   key and a certificate. 
     --privateKeyPassword        : Password for the private key. Should be used
                                   in conjunction with privateKey if the 
                                   private key requires password 
                                   authentication. If required and not 
                                   specified, the tool will prompt for the 
                                   password. 
     --prop                      : Set a property in the deployed OVF package. 
                                   A property is set using the syntax 
                                   --prop:<key>=<value>. 
     --proxy                     : Proxy used for HTTP[S] access.
     --proxyNTLMAuth             : Enable NTLM authentication for proxy.
 -q /--quiet                     : No output to screen except errors.
     --schemaValidate            : Validate OVF descriptor against OVF schema.
     --shaAlgorithm              : Select SHA digest algorithm when creating 
                                   OVF package. Supported values are SHA1, 
                                   SHA256 and SHA512. Default value is SHA256. 
     --skipManifestCheck         : Skip validation of OVF package manifest.
     --skipManifestGeneration    : Skip generation of OVF package manifest.
     --sourcePEM                 : File path to PEM formatted file used to 
                                   verify VI connections. 
     --sourceSSLThumbprint       : SSL fingerprint of SOURCE. OVF Tool verifies
                                   the SSL fingerprint it gets from SOURCE if 
                                   the value is set. 
 -st/--sourceType                : Explicitly express that source is OVF, OVA, 
                                   VMX, VI, vCloud, ISO, FLP, vApprun 
     --sslCipherList             : Use this to override default OpenSSL ciphers
                                   suite. 
     --sslVersion                : Use this to set preferred TLS/SSL version 
                                   for HTTPS connections. The valid values are 
                                   as following: 
                                     TLSv1_0: Set preferred TLS/SSL version to 
                                   TLSv1.0. 
                                     TLSv1_1: Set preferred TLS/SSL version to 
                                   TLSv1.1. 
                                     TLSv1_2: Set preferred TLS/SSL version to 
                                   TLSv1.2. 
     --storageProfile            : Sets the storage profile for a VM using the 
                                   syntax --storageProfile:<VM ID>=<value>. 
                                   Only applies to vCloud targets version 5.5 
                                   or newer. 
     --targetPEM                 : File path to PEM formatted file used to 
                                   verify VI connections. 
     --targetSSLThumbprint       : SSL fingerprint of TARGET. OVF Tool verifies
                                   the SSL fingerprint it gets from TARGET if 
                                   the value is set. 
 -tt/--targetType                : Explicitly express that target is OVF, OVA, 
                                   VMX, VI, vCloud, ISO, FLP, vApprun 
     --vCloudTemplate            : Create only a vApp template. Default value 
                                   is false 
     --vService                  : Set a vService assignment in the deployed 
                                   OVF package. A vService assignment is set 
                                   using the syntax 
                                   --vService:<dependencyId>=<providerId>. 
     --verifyOnly                : Do not upload the source but only verify it 
                                   against the target host. Applies to VI 4 
                                   targets only. 
 -v /--version                   : Prints the version of this tool.
     --viCpuResource             : Specify the CPU resource settings for 
                                   VI-locator targets. The syntax is 
                                   --viCpuResource=<shares>:<reservation>:<limit>.
     --viMemoryResource          : Specify the CPU resource settings for 
                                   VI-locator targets. The syntax is 
                                   --viMemoryResource=<shares>:<reservation>:<limit>.
 -vf/--vmFolder                  : Target VM folder in VI inventory (relative 
                                   to datacenter). 

For more help, type: --help <topic>, where topics are:
 locators    : For detailed source and destination locator syntax
 examples    : For examples of use
 config      : For syntax of configuration files
 debug       : For debug purpose
 integration : For a list of options primarily used when ovftool is exec'ed 
               from another tool or shellscript. 

So for example, to specify the target datastore, we can use the following-

--datastore="NAS_R10DS"

The finished command should be in the following format-

ovftool.exe --option1=parameter --prop:"ClassId.Key.InstanceId"="value" Z:\PathToOva.ova vi://[email protected]/DC/host/Cluster

As mentioned above, the properties required vary from one OVA to another; but here is an example using the full command I ran to deploy vRealize Log Insight 3.0-

ovftool.exe --acceptAllEulas ^
--datastore="NAS_R10DS" ^
--deploymentOption="xsmall" ^
--ipProtocol="IPv4" --ipAllocationPolicy="fixedPolicy" ^
--vmFolder="Discovered virtual machine" ^
--name="vrli01" ^
--net:"Network 1"="MGMT" ^
--prop:"vami.hostname.VMware_vCenter_Log_Insight"="vrli01" ^
--prop:"vami.ip0.VMware_vCenter_Log_Insight"="10.0.10.40" ^
--prop:"vami.netmask0.VMware_vCenter_Log_Insight"="255.255.255.0" ^
--prop:"vami.gateway.VMware_vCenter_Log_Insight"="10.0.10.254" ^
--prop:"vami.DNS.VMware_vCenter_Log_Insight"="192.168.105.2,172.16.60.2" ^
--prop:"vm.rootpw"="supersecurepassword" ^
--prop:"vm.sshkey"="ssh-rsa PUBLICRSAKEY" ^
Z:\VMware-vRealize-Log-Insight-3.0.0-3021606.ova ^ 
vi://[email protected]@vcsa1.example.com/DC1/host/Cluster01

Note that OVAs can only be deployed to hosts that are managed by vCenter. There are way of deploying to standalone ESXi hosts but at the time of writing, none are supported.

Leave a Reply

Your email address will not be published. Required fields are marked *