If you build software and ship as a virtual machine, chances are that building VMware compatible OVAs for customers is a top priority. Storage Made Easy is sharing tricks and tips for the Ansible creation of vCenter compatible OVAs…
At Storage Made Easy automation is key to our agile development process. To continue on our Ansible series of posts this guide will go over tips and tricks we use in our build process.
The Ansible module for exporting VMs from vCenter or ESXi is vmware_export_ovf. It’s fairly well documented, but is deficient in two areas for our build of the Enterprise File Fabric:
-
- It creates OVFs and most customers would prefer an OVA
- It fails far too often for our automated builds with “read timeouts”
Both of the points above are addressed by the Open Virtualization Format Tool (ovftool) from VMware. At the time of this writing, the current edition is 4.3.0 U2. The ovftool is available for Mac, Windows, and Linux and works synergistically with Ansible when called with the shell command.
Here is the playbook code which will power off and download a VM (or template) and package an OVA in one step.
- name: Create OVA shell: | /bin/ovftool \ --powerOffSource --shaAlgorithm=SHA1 \ --targetType=ova \ --privateKey=/my/cert/certAndKey.pem \ 'vi://{{ vcenter_username }}:{{ vcenter_password }}@{{vcenter FQDN or IP}}:443/{{Datacenter}}/vm/{{Folder}}/{{ vm nae }}' \ /my/build/vm.ova delegate_to: localhost
Let’s break down the code:
/bin/ovftool
The location of the ovftool binary in CentOS Linux
–powerOffSource
This ensures the VM is powered off
–shaAlgorithm=SHA1
Why SHA1 vs the default SHA256? Well some of our customers are still using the vCenter 5.5 Desktop Client which doesn’t support SHA256. The web clients (HTML5 and Flash) both support SHA1 and SHA256, so we opt for the most compatible images
–targetType=ova
Exports a single file (OVA) vs OVF
–privateKey=/my/cert/certAndKey.pem
Signs the image with a certificate. Best to use a valid public certificate with at least a year left before expirations vs a self-signed certificate. Looks better for customers and is a best practice.
‘vi://{{ vcenter_username }}:{{ vcenter_password }}@{{vcenter FQDN or IP}}:443/{{Datacenter}}/vm/{{Folder}}/{{ vm name }}’
This long string is the source of the image. It requires a vCenter username and password as well as the FQDN or IP address of the vCenter/esxi server. Lastly it needs the Datacenter, Folder location and Name of the virtual machine or template.
/my/build/vm.ova
Location to save the OVA
delegate_to: localhost
This informs Ansible to run ovftool on the localhost, but this can be set to whatever host has ovftool installed
Problem solved! Well…Not so fast. Exporting in one step from vCenter to OVA is nice, but has one compatibility issue. OVFtool 4.3 exports an extra configuration for nvram which creates an annoying warning when importing in vCenter 6.5 and below.
How does Storage Made Easy work around this issue?
-
- We export the VM as an OVF
- Remove the XML lines which result in a compatibility warning
- Delete the manifest file with the existing checksums
- Package the OVA
- Delete the OVF
Below is the full example of our process:
- name: Create OVF shell: | /bin/ovftool \ --powerOffSource 'vi://{{ vcenter_username }}:{{ vcenter_password }}@{{vcenter FQDN or IP}}:443/{{Datacenter}}/vm/{{Folder}}/{{ vm name }}' \ /my/build/ delegate_to: localhost - name: Remove nvram lines in ovf for backwards compatibility lineinfile: path: /my/builds/{{ vm name }}/{{ vm name }}.ovf state: absent regexp: 'nvram' delegate_to: localhost - name: Manifest no longer valid with removal of nvram file: path: /my/builds/{{ vm name }}/{{ vm name }}.mf state: absent delegate_to: localhost - name: Create OVA shell: | /bin/ovftool \ --shaAlgorithm=SHA1 \ --targetType=ova \ --privateKey=/my/cert/certAndKey.pem \ '/mnt/builds/{{ vm name }}/{{ vm name }}.ovf' \ /my/builds/vm.ova delegate_to: localhost - name: Cleanup OVF files used in the build file: path: /my/builds/{{ vm name }}/ state: absent delegate_to: localhost
Happy Building!!!







Douglas Soltesz
Latest posts by Douglas Soltesz (see all)
- LucidLink Technology Preview Setup Guide - September 6, 2021
- The features and benefits of using LucidLink with the Enterprise File Fabric - September 2, 2021