As a vSphere administrator, create a content library to store and manage VM templates.

Create a Content Library for Stand-Alone VMs

You can create a local content library and populate it with templates and other types of files. You can also create a subscribed library to use the contents of an already existing published local library.

To protect the items of a content library, you can apply an OVF security policy. The OVF security policy enforces strict validation when you deploy or update a content library, import items to a content library, or synchronize templates. To make sure that the templates are signed by a trusted certificate, you can add the OVF signing certificate from a trusted CA to a content library.

For more information about content libraries and VM templates in vSphere, see Using Content Libraries in vSphere Virtual Machine Administration.

Prerequisites

Required privileges:
  • Content library.Create local library or Content library.Create subscribed library on the vCenter Server instance where you want to create the library.
  • Datastore.Allocate space on the destination datastore.

Procedure

  1. Navigate to the VM Service page.
    1. From the vSphere Client home menu, select Workload Management.
    2. Click the Services tab and click Manage on the VM Service card.
  2. On the VM Service page, click Content Libraries > Create a content library.
    This action takes you to the content library section in the vSphere Client.
  3. Click Create.
    The New Content Library wizard opens.
  4. On the Name and location page, enter a name, select a vCenter Server instance for the content library and click Next.
    Make sure to use an informative name for the content library, so that your DevOps team can easily find and access the library items.
  5. On the Configure content library page, select the type of content library that you want to create and click Next.
    Option Description
    Local content library

    A local content library is accessible only in the vCenter Server instance where you create it by default.

    1. (Optional) To make the content of the library available to other vCenter Server instances, select Enable publishing .
    2. (Optional) If you want to require a password for accessing the content library, select Enable authentication and set a password.
    Subscribed content library A subscribed content library originates from a published content library. Use this option to take advantage of existing content libraries.

    You can synchronize the subscribed library with the published library to see up-to-date content, but you cannot add or remove content from the subscribed library. Only an administrator of the published library can add, modify, and remove contents from the published library.

    Provide the following information to subscribe to a library:

    1. In the Subscription URL text box, enter the URL address of the published library.
    2. If authentication is enabled on the published library, select Enable authentication and enter the publisher password.
    3. Select a download method for the contents of the subscribed library.
      • If you want to download a local copy of all the items in the published library immediately after subscribing to it, select immediately.
      • If you want to save storage space, select when needed. You download only the metadata for the items in the published library.

        If you need to use an item, synchronize the item or the entire library to download its content.

    4. If prompted, accept the SSL certificate thumbprint.

      The SSL certificate thumbprint is stored on your system until you delete the subscribed content library from the inventory.

  6. (Optional) On the Apply security policy page, select Apply Security Policy and select OVF default policy.
    For the subscribed library, this option appears only if the library supports security policies.
    If you select this option, the system performs a strict OVF certificate verification when importing an OVF item to the library from the local host or synchronizing an item. The OVF items that do not pass the certificate validation cannot be imported.
    If the item does not pass the validation during synchronization, it is marked with the Verification Failed tag. Only the item and metadata will be kept, but not the files in the item.
  7. On the Add storage page, select datastore as a storage location for the content library contents and click Next.
  8. On the Ready to complete page, review the details and click Finish.

Populate a Content Library with VM Images for Stand-Alone VMs

After you create the content library, populate it with VM templates in OVA or OVF format. Your DevOps engineers can use the templates to provision new stand-alone virtual machines in the vSphere IaaS control plane environment.

You can use several methods to populate the library. This topic describes how to add items to a local content library by importing files from your local machine or from a Web server. For other ways to populate the content library, see Populating Libraries with Content in vSphere Virtual Machine Administration.

Note: There are no restrictions on the VM images that you use. If you want to test ready-to-use OVA images, you can download them from the Recommended Images page. Keep in mind that these images are for POC use only. In the production environment, create images with latest patches and required security settings that follow corporate security policies.

Prerequisites

  • Create VM images that are compatible with vSphere IaaS control plane.

    The image specification requires that all VM images include VMware Tools or an equivalent open source package. The images must use one of the following to bootstrap the guest OS and its networking stack. For more information, see Bootstrap Providers.

    • Linux + Cloud-Init version 17.9-21.2 with DataSourceVMwareGuestInfo.
    • Linux + Cloud-Init version 21.3+
    • Windows + Cloudbase-Init version 1.1.0+
    • Windows + Sysprep (System Preparation)

    For information about Cloud-Init, see the official documentation at The standard for customising cloud instances.

    For information about Sysprep, see the official documentation at Sysprep overview.

  • If your library is protected by a security policy, make sure that all library items are complaint. If a protected library includes a mix of compliant and non-compliant items, the kubectl get virtualmachineimages fails to present VM images to the DevOps engineers.
  • Required privilege: Content library.Add library item and Content library.Update files on the library.

Procedure

  1. From the vSphere Client home menu, select Content Libraries.
  2. Right-click a local content library and select Import Item.
    The Import Library Item dialog box opens.
  3. In the Source section, select the source of the item.
    Option Description
    URL Enter the path to the Web server where the item is.
    Note: You can import either an .ovf or .ova file. The resulting content library item is of the OVF Template type.
    Local File Click Upload File to navigate to the file that you want to import from your local system. You can use the drop-down menu to filter files in your local system.
    Note: You can import either an .ovf or .ova file. When you import an OVF template, first select the OVF descriptor file ( .ovf). Next, you are prompted to select the other files in the OVF template, for example the .vmdk file. The resulting content library item is of the OVF Template type.
    vCenter Server reads and validates the manifest and certificate files in the OVF package during importing. A warning is displayed in the Import Library Item wizard, if certificate issues exist, for example if vCenter Server detects an expired certificate.
    Note: vCenter Server does not read signed content, if the OVF package is imported from an .ovf file from your local machine.
  4. In the Destination section, enter a name and a description for the item.
  5. Click Import.

Results

The item appears on the Templates tab or on the Other Types tab.

The image appears on the Templates tab