OVF Tool 4.4 | 2 April 2020 | Resource on code.vmware.com |
About the OVF Tool
OVF Tool 4.4 coincides with the release of vSphere 7.0 and supports other products as well, such as vCloud Director.
VMware OVF Tool is a command-line utility that allows you to import and export OVF packages to and from virtual machines running on VMware virtualization platforms. OVF Tool gets called internally by many VMware products.
Before You Begin
You can download the OVF Tool for installation on Windows 64-bit or 32-bit, Linux 64-bit or 32-bit, Mac OS X 64-bit, and ARM 64-bit. The OVF Tool landing page provides a link to the software download group for each release. OVF Tool 4.4 supports the following operating systems:
- Windows 10 32-bit (x86) and 64-bit (x86_64)
- Windows 8.1 and Windows 7 32-bit and 64-bit
- Windows Server 2019, 2016, 2012, and 2012 R2
- Mac OS X versions including 10.13 High Sierra, 10.14 Mojave, and 10.15 Catalina
- Red Hat Enterprise Linux RHEL recent releases
- Recent releases of CentOS and Fedora
- SUSE Linux Enterprise Server SLES recent releases
- Ubuntu Linux and variants, recent releases
- VMware Photon OS and Oracle Linux
What's New?
This release of OVF Tool contains the following new features:
- Updated to support vCloud Director (VCD) versions 27 through 31.
- Release 4.4 supports importing OVF into vCenter Server as a template, rather than as a VM. Template import on ESXi is not supported, nor vApp import as template.
- If an OVF or OVA source file contains a security certificate, certificate information and the base64 PEM certificate appear during deployment.
- OVF Tool now can upload disk files to the host in parallel, and download disk files from the host in parallel. OVA is unsupported. Parallelism is limited by the number of CPUs. See the --parallelThreads=N option in the OVF Tool User's Guide for details.
- OVA files can be large, causing operations to fail, so HTTP retry was added for files in the OVA that fail mid-stream.
- OVF Tool 4.4 reads a configuration file specified by --configFile option, which overrides the ovftool.cfg file if present in the current directory, which overrides the global configuration file in $HOME/ovftool.cfg on Linux and OS X, or C:\Users\%USER%\AppData\Roaming\VMware\ovftool.cfg on Windows. You can place command-line options in the configuration file to simplify scripting.
- On Windows machines, this release generates a dump file after any crash.
- The ARM64 architecture on Linux is now supported.
- To avoid initialization errors, OVF Tool sets LC_CTYPE = en_US.UTF-8, if unset.
- HTTPS support was added for vCloud Director, along with the new --noProxyVerify and --proxyCert flags.
- This release adds new options to wait for IPv4 or IPv6, and ignore the local link IP address. See the OVF Tool User's Guide for details.
- Conversion operations are faster when source and destination disks are the same file type. Packaging OVFs to OVA and cross-type conversions are somewhat faster.
- Users can skip SSL verification either for source or target, rather than --noSSLVerify for both. New options --noSourceSSLVerify or --noDestinationSSLVerify cannot be used together with --noSSLVerify.
- New flag --noNvramFile to skip copying the NVRAM file during export and import. See also the --noImageFiles flag in documentation.
- With the new release, users can specify username and password in the URL locator using special characters without encoding them.
- For multi-disk virtual machines, OVF Tool now includes the --multiDatastore flag to specify datastore per disk. See the OVF Tool User's Guide for details.
The following open source components were updated:
- The c-ares library for asynchronous DNS requests to version 1.14.0
- Curl to version 7.66.0
- The expat XML parser to version 2.2.9
- International Components for Unicode (ICU4C) to version 60.2.164
- Google URL library to version 59
- OpenSSL library to version 1.0.2t
The following improvements were made to OVF parsing:
- Support for virtual PCI passthrough, both legacy and assignable-hardware
- Support for virtual performance counters, previously reported as disabled
- Support for 3D graphics memory and CPU shares in the Config section
- Check power-on connection state before setting a backing resource for CDROM
- Add SPBM profile to OVF descriptor for VM and disks when exporting
- The --noImageFiles flag removes image file references from the OVF descriptor
Compatibility Notices
When customers try to install vCenter Server 7.0 from a browser on Mac OS X 10.15 Catalina, a popup dialog appears saying “vcsa-deploy.bin cannot be opened because the developer cannot be verified” and installation fails with error “ovftool cannot be opened because the developer cannot be verified.” This is due to greater security in Catalina. OVF Tool called by vcsa-deploy is not notarized for Apple. One workaround in Chrome browser is to click the dialog and type thisisunsafe to proceed. A more universal workaround is to run the following commands in Terminal:
- sudo spctl --master-disable
sets “Allow apps download from” anywhere in Security and Privacy. - sudo xattr -r -d com.apple.quarantine Path-to-ISO
then mount the ISO, open UI Installer, and install. - sudo spctl —-master-enable
to re-enable security.
Backward Compatibility:
- OVF Tool on vCenter 6.5 can import/export BIOS and EFI firmware settings from/to ESXi 6.5, but not the NVRAM file.
- OVF Tool on vCenter 6.7 can import/export BIOS and EFI firmware settings from/to ESXi 6.5, and EFI extraConfig, but not BIOS extraConfig and NVRAM.
- OVF Tool on vCenter 6.7 can import/export BIOS and EFI firmware settings from/to ESXi 6.7, both BIOS and EFI extraConfig, and NVRAM.
- OVF Tool on vCenter 7.0 can import/export the same items as 6.7.
Resolved Issues
Fixed in this release:
- DTD processing disabled for security reasons.
Processing of XML document type definition (DTD) is temporarily disabled in this release. To re-enable schema validation, you can specify the --schemaValidation option.
- Respect the order of networks listed in OVF file.
Previous OVF Tool releases could change the order when multiple networks were specified. This release follows the order listed for virtual machine in OVF files.
- Misleading error and log messages during OVF import.
When trying to import an OVF on VMC with default VMFolder parameter, this error message appears: “Caught exception while keeping VI session alive: vim.fault.NoPermission.” Furthermore the misleading message appears in the log file: “Error while importing. Check for if host is in maintenance mode.” The workaround was to specify a VM folder, vf="Workloads" for example. The error message has been changed to “Import vApp API failed on target host” and the log message to: “Exception thrown from VI target: Fault cause: vim.fault.NoPermission.”
- Hang after reading corrupt security certificate.
When OVF Tool encountered a corrupt root security certficiate, it hangs. This release fixes this issue by logging the corrupt certificate and proceeding to the next certificate.
- OVF Tool failed to overwrite > 2GB files.
Due to use of the 32-bit Delete API on Windows, OVF Tool got an overflow error when deleting before writing the replacement file. This has been fixed by switching to 64-bit Delete API.
- Manifest is checked despite skip request.
When the --skipManifestCheck flag was present, OVF Tool nonetheless checked the manifest and could pHlkrint a message saying “The manifest does not validate.” In this release, another message appears first saying “The manifest is present but user flag causing to skip it.”
- SSL thumbprint was not updated as user requested.
If the user provided an invalid SSL thumbprint, OVF Tool asked if the user wanted to update it for accuracy, however permission was lacking so a “yes” loop resulted. In this release, the invalid SSL thumbprint gets properly updated.
- Warn if expired security certificate provided.
OVF Tool could be given an expired security certificate, which would eventually fail. This release prints a warning if an X.509 certificate has expired.
- OVF Tool for Mac OS X has expired security certificate.
The installer and binaries for Mac OS X have updated security certificates.
- Improve network connection error messages.
When making network connections, this release gives more diagnostic information about host name and file transfers.
- Ignore content length for vCloud targets.
For conformance with RFC 7230 (HTTP), this release sets skipContentLength=true by default when the target is a vCloud URL.
- Photon OS returned DHCPv6 address even with IPv4 address family.
With PhotonOS 3, IPv6 must be initialized before appliance management software can change any network settings. Regardless of user-selected IP configuration, the OS sends an IPv6 local address before IP settings get initialized. As a result, the installer saw an IP address that it cannot deal with. In this release options are provided to wait for an appropriate IP address, and to ignore link-local addresses.
Fixed in the previous release:
- Should use local ovftool.cfg file instead of global OVF configuration file.
In this release, OVF Tool looks for and uses the local configuration file, if available in a user's home directory, before looking for the global configuration file near the executable. The command line option --configFile takes precedence over other configuration files. This option will be added to documentation in the next major release.
Known Issues
These are issues carried forward from the previous release:
- OVF Tool can crash with no datastore specified.
When the user does not specify a datastore, OVF Tool should display an error message, but instead it crashes with a segmentation fault. The workaround is to specify the datastore argument, as in this example:
ovftool --datastore=vim.Datastore:datastore-2 myspec.ovf vi://sometarget - HTTP source links with Query parameters are not supported yet.
OVF Tool drops URL query parameters (after question mark), including authentication tokens. This functionality is required for VMC on AWS pre-signed URLs, and possibly for other public clouds. The workaround is to download the specified file to a local drive and then point OVF Tool at the local file.
- Cannot create VM with same name in a different folder.
If you specify the --vmFolder option to place a VM in a different folder than where another VM of same name exists, then an error will be thrown and OVF Tool does not allow you to place that VM in the other folder. For example, if VM-CentOS is in folder-1 and you try to create another VM-CentOS in folder-2, OVF Tool fails saying “duplicate VM-CentOS found, use the overwrite flag.” This issue will be fixed in the next release.