Short tip: Deploy OVA/OVF templates using OVF Tool

Recently I had massive problems with deploying some VMware appliances under vSphere 6.5. Independently of the frontend (Host Client, HTML 5 Client, Web Client, C# Client) I was unable to deploy templates in a clean way at all - mostly aborts and "generic system failures" occured.

Mark Brookfield gave me the tip to use OVF Tool instead of a graphical interface. The console utility focusses at importing/exporting OVA/OVF templates between multiple VMware products and is available for Microsoft Windows, Linux und App macOS erhältlich. The tool can be downloaded for free.

Basically, it is executed like this:

1$ ovftool [parameter] source target

Major parameters (some are optional) are:

-n / --nameTarget VM name
-vf / --vmFolderFolder for storing the VM
--acceptAllEulasAutomatically accept EULA
-ds / --datastoreTarget datastore
-dm / --diskModeDisk provisioning mode (for vSphere: thin, thick or eagerZeroedThick)
--net:NIC-name:portgroupNetwork binding (portgroup is mapped to NIC name)
--ipProtocolIP protocoll: IPv4, IPv6
--propAssigning an OVA/OVF parameter (e.g. Root password)
--deploymentOptionSelecting a vApp configuration (if supported by template)
--powerOnTurning on VM after provisioning

The target locator needs to have a specific schema I was not aware of at first sight. Some examples for vSphere:

vi://myvcenter/mydatacenter/host/myclusterArbitrary host of a dedicated datacenter and cluster
vi://admin:admin@myvcenter/mydatacenter/host/myclusterlike above, but with fixed login information
vi://myvcenter/mydatacenter/vm/myfolder/myvmArbitrary datacenter, VM folder and name
vi://myvcenter/mydatacenter/host/myesxArbitrary ESXi host of a datacenter
vi://myvcenter/mydatacenter/host/myesx/Resources/myresourcelike above, but with arbitrary resource pool

Additional examples can be found in the utility online help:

1$ ovftool -h | less
2$ ovftool -h locators | less
3$ ovftool -h examples | less

The OVA/OVF source does not need to be stored on the local hard drive, it can also be downloaded from a web server (http://path, https://path) or FTP server (ftp://pfad).

Before deploying a template, it is a good idea to have a look at the available options. For example, this is required to get information about required network interfaces:

1$ ovftool --hideEula VMware-vSAN-Witness-201704001-5310538.ova
4  Name:        Management Network
5  Description: Management Network will be used to drive witness vm traffic
7  Name:        Witness Network
8  Description: Witness Network will be used to drive witness vm traffic

In this case, valid assignments for the Management Network and Witness Network need to be made. Afterwards, check-out the available properties:

3  ClassId:     vsan
4  Key:         witness.root.passwd
5  Label:       Root password
6  Type:        password(7..)
7  Description: Set password for root account.

Some are required - like the root password in this example - some are optional. Some OVA/OVF templates also offer deployment options; also called "t-shirt sizes":

 1Deployment Options:
 2  Id:          tiny
 3  Label:       Tiny (10 VMs or fewer)
 4  Description: Configuration for Tiny vSAN Deployments with 10 VMs or fewer
 6               * 2 vCPUs
 7               * 8GB vRAM
 8               * 1x 12GB ESXi Boot Disk
 9               * 1x 15GB Magnetic Disk
10               * 1x 10GB Solid-State Disk
11               * Maximum of 750 Components
13  Id:          normal  (default)
14  Label:       Medium (up to 500 VMs)
15  Description: Configuration for Medium vSAN Deployments of up to 500 VMs
17               * 2 vCPUs
18               * 16GB vRAM
19               * 1x 12GB ESXi Boot Disk
20               * 1x 350GB Magnetic Disk
21               * 1x 10GB Solid-State Disk
22               * Maximum of 22K Components
24  Id:          large
25  Label:       Large (more than 500 VMs)
26  Description: Configuration for Large vSAN Deployments of more than 500 VMs
28               * 2 vCPUs
29               * 32GB vRAM
30               * 1x 12GB ESXi Boot Disk
31               * 3x 350GB Magnetic Disks
32               * 1x 10GB Solid-State Disk
33               * Maximum of 45K Components

This template offers three fixed configuration sizes - the requirements and use-cases are explained.

The completed commands can look like this:

 1$ ovftool --acceptAllEulas -ds=NFS-Backup --net:"Management Network"="DPortGroup-MGMT" --net:"Witness Network"="DPortGroup-VSAN" --prop:witness.root.passwd=... --deploymentOption=tiny VMware-vSAN-Witness-201704001-5310538.ova vi://st-vcsa03.stankowic.loc/Stankowic/host/Darmstadt/
 2Opening OVA source: VMware-vSAN-Witness-201704001-5310538.ova
 3The manifest validates
 4Source is signed and the certificate validates
 5Enter login information for target vi://st-vcsa03.stankowic.loc/
 6Username: administrator@vsphere.local
 7Password: ...
 8Opening VI target: vi://administrator%40vsphere.local@st-vcsa03.stankowic.loc:443/Stankowic/host/Darmstadt/
 9Deploying to VI: vi://administrator%40vsphere.local@st-vcsa03.stankowic.loc:443/Stankowic/host/Darmstadt/
10Transfer Completed

vApp options

If you are receiving an warning such as:

2- OVF property with key: 'witness.root.passwd' does not exists.

You might want to have a look at the vApp options pane in the VM configuration. There might be a missing parameter you want to fix before turning on the appliance.

Using the tool I was finally able to deploy additional vApps in my home lab - too bad, that this did not work using one of the plenty frontends. I don't know whether the root cause for this issue is based in my lab or if it is just an generic issue (bug?). Really need to dig deeper regarding this...