1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223 | Copyright (c) 2012-2019 by Cisco Systems, Inc.
The Open Virtualization Format (OVF) is a standard (DSP0243) defined
by the Distributed Management Task Force, Inc. (DMTF) for the
distribution and deployment of virtual appliances.
Full details of this specification are available from the DMTF web
site at https://wwww.dmtf.org/standards/ovf. The latest version of the
OVF standard as of the writing of this document is 2.0.1.
--------
Overview
--------
In brief, a virtual appliance can be distributed as an OVF package,
which consists of:
* An XML file called an OVF descriptor (.ovf)
* A manifest file containing checksums (.mf)
* Disk images containing the software and data for the VM (.vmdk, .iso)
* Various other associated files (such as this documentation file)
An OVF package can also be distributed in a compressed TAR format;
such a compressed package is called an OVA (Open Virtualization
Archive) and is typically assigned a .ova extension.
Within an OVF package, the primary file of interest is the OVF descriptor,
which as the name suggests, describes various properties of the VM. The
two main capabilities of this file are as follows:
1) Configuration of the IOS-XE software that powers this virtual
appliance.
2) Allocation and provisioning of virtual hardware resources (CPUs,
RAM, hard disks, CD-ROM drives, NICs, etc.)
--------------------------
OVF Software Configuration
--------------------------
**********************************************************************
NOTE: This feature is available when using a VMware vCenter server to
administer virtual machines. It is not supported on standalone ESX
hosts. Other hypervisors may or may not support this feature.
**********************************************************************
The <ProductSection>...</ProductSection> of the OVF descriptor, in
addition to various fields describing the VM as a whole (product name
and URL, vendor name and URL, software version, etc.) also can contain
a list of <Property> elements, which are used to pass configuration
information into the software running inside the VM (here, IOS-XE
software), where they are translated at startup into configuration of
the VM (here, IOS-XE configuration CLI commands). Each <Property> has
the following attributes:
* ovf:key, indicating what type of configuration is described
* ovf:type, indicating the format of this information (string,
boolean, etc.)
* ovf:qualifiers, indicating any format restrictions (such as string
minimum or maximum length)
* ovf:value, containing the actual configuration information (such as
a string, an IP address, etc.)
* ovf:userConfigurable, indicating whether the property is meant to be
edited by the user (through a tool such as the VMware vSphere
client) before deploying the VM, or whether it should be passed
through un-edited.
The following Property keys are supported by this version of IOS-XE
software:
* login-username
This is a string specifying a username that can be used for remote
login to the VM (such as a SSH connection to the management
address). It must be paired with a login-password attribute.
* login-password
This is a string specifying the password associated with the
login-username attribute defined above.
* mgmt-interface
This is a string representing the preferred interface (or
subinterface) for management traffic.
* mgmt-vlan
If mgmt-interface is set to a subinterface (such as
"GigabitEthernet1.1") then this property must be set to a string
representing the desired dot1Q VLAN associated with the subinterface.
* mgmt-ipv4-addr
This is a string specifying the address and mask (for example,
"10.1.1.1/24" or "10.1.1.1 255.255.255.0" to be configured on the
management interface (the first NIC, labeled as "GigabitEthernet0"
in IOS-XE). This string can also be set to "dhcp" to instruct the VM
to use DHCP to determine this configuration.
* mgmt-ipv4-gateway
This is a string specifying the gateway address to use for the
management interface. As with the mgmt-ipv4-addr property, this
string can also be set to "dhcp".
* mgmt-ipv4-network
Network reachable via the management gateway. If unspecified, the
management gateway will be a default gateway (routing to 0.0.0.0/0).
* pnsc-ipv4-addr
This is a string specifying the IP address of any PNSC service
controller that this virtual machine should act as a client of.
* pnsc-agent-local-port
This is a string specifying the local port number that the PNSC
service agent will listen on.
* pnsc-shared-secret-key
This is a string specifying the shared secret key for communication
between the PNSC service agent and PNSC service controller.
* hostname
This is a string specifying the hostname for the virtual router.
* enable-scp-server
This is a Boolean value. If set to true, the IOS SCP server will be
enabled.
* enable-ssh-server
This is a Boolean value. If set to true, SSHv2 will be enabled in
the VM for remote user login. This generally requires that the
login-username and login-password properties also be set.
* privilege-password
If this string is set, the defined login-username and login-password
will only enable unprivileged (user) access to the software;
entering this password will subsequently be required in order to
escalate to privileged (enable) access.
* domain-name
This is a string defining the IP domain name to use in the VM.
* ios-config-0001
Properties of this type each contain a string defining a single line
of literal IOS-XE configuration CLI. Multiple properties (with
increasing numbering) can be used to provide any additional IOS-XE
configuration not possible through any of the specifically defined
properties above.
-------------------------
OVF Hardware Provisioning
-------------------------
Various XML elements in the OVF descriptor are used to describe and
provision the hardware resources of the resulting VM. The following
are of interest:
* <DiskSection>...</DiskSection>
This describes a virtual disk (typically a hard disk) in the VM,
including a reference to the file (.vmdk) that contains the data
associated with this disk.
* <NetworkSection>...</NetworkSection>
This describes the logical networks that NICs can be associated
with. Part of the process of deploying an OVF package as a VM
involves mapping these logical networks to the networks defined on
the hypervisor.
* <DeploymentOptionSection>...</DeploymentOptionSection>
This describes a set of supported deployment options (hardware
configuration profiles) with various requirements and capabilities,
ranging from minimal profiles (with the lowest supported CPU, RAM,
and NIC requirements) to maximal (with the highest supported CPU,
RAM, and NIC allocations).
* <VirtualHardwareSection>...</VirtualHardwareSection>
This describes the virtual hardware available to the VM as a list of
<Item> elements each with a <rasd:ResourceType> indicating the type
of hardware being described. Items in this section include:
* Number of CPUs (ResourceType 3)
* Amount of RAM (ResourceType 4)
* IDE and SCSI controllers (ResourceType 5 and 6)
* Ethernet NICs (ResourceType 10)
* CD-ROM drives (ResourceType 15)
* Hard disk drives (ResourceType 17)
---------------------
Common OVF Tool (COT)
---------------------
Manually editing OVF descriptor files can be tedious and error prone.
To make this process easier, the Common OVF Tool (COT) was developed and
released as open source to the community.
COT's capabilities include:
* Add a disk to an OVF/OVA
+ Used in reference platform software builds (combining template OVF
descriptor with disk generated by the build)
+ Can be used to add secondary disks (for easy file import/export)
on platforms that support it
+ Can be used to embed bootstrap configuration files
* Edit product description information in an OVF/OVA
+ Used in reference platform builds to set correct OVA software
version string (5.2.0.017I, 15.4(3)S, etc.)
* Edit virtual machine hardware (CPUs, RAM, NICs, etc.) including support for
multiple hardware configuration profiles in a single OVA.
+ Used in ATS/LaaS (Lab as a Service) to support customized testbed
configuration.
* Edit OVF environment properties
+ Including bootstrap configuration XML
* Display a descriptive summary of the contents of an OVA or OVF package
* Embed a bootstrap configuration text file into an OVF/OVA.
* Deploy an OVF/OVA to ESXi (VMware vCenter).
The COT tool can be located on GitHub at the following location:
https://github.com/glennmatthews/cot
|