Ovftool 4.4.1 import ova from remote url

With ovftool 4.4.1 you can directly deploy ovf/ova files from an remote url.

As decribed in William's blog post here: https://www.virtuallyghetto.com/2020/10/ovftool-4-4-1-upload-ovf-ova-from-url-using-upcoming-pull-mechanism.html

Well that did not work for me so I have done some troubleshooting.

So I downloaded the ova and imported it locally to verify that this is working.

 1ovftool \
 2--X:logFile="ovftool.log" \
 3--acceptAllEulas \
 4--noSourceSSLVerify \
 5--noDestinationSSLVerify \
 6--disableVerification \
 7--skipManifestCheck \
 8--pullUploadMode \
 9--diskMode=thin \
10--powerOn \
11--net:None='VM Network' \
12--datastore=vmware01 \
13--name=photon_vm_test \
14photon-hw11-3.0-a383732.ova \
15vi://[USER]@vsphere.local:[PASSWORD]@[VCENTER]/Homelab/host/Dell-R630-Cluster

That worked without any issues. So next test was to upload the ova to a webserver which is running in my lab

 1ovftool \
 2--X:logFile="ovftool.log" \
 3--acceptAllEulas \
 4--noSourceSSLVerify \
 5--noDestinationSSLVerify \
 6--disableVerification \
 7--skipManifestCheck \
 8--pullUploadMode \
 9--diskMode=thin \
10--powerOn \
11--net:None='VM Network' \
12--datastore=vmware01 \
13--name=photon_vm_test \
14http://WEBSERVER/photon-hw11-3.0-a383732.ova \
15vi://[USER]@vsphere.local:[PASSWORD]@[VCENTER]/Homelab/host/Dell-R630-Cluster

That failed again.

12020-12-03T12:09:08.563+01:00 verbose OVFTool[11256FDC0] [Originator@6876 sub=Default] Erasing open readers for photon-hw11-3.0-a383732.ova
22020-12-03T12:09:08.563+01:00 verbose OVFTool[11256FDC0] [Originator@6876 sub=Default] [Complete] started.
32020-12-03T12:09:08.565+01:00 error OVFTool[700001A07000] [Originator@6876 sub=Default] CurlWrite exception: N5boost16exception_detail10clone_implINS0_19error_info_injectorI16OvfToolExceptionEEEE(Connection error: Network connection to host [%1] was lost)
4--> [context]zKq7AVQGAQAAAJuIAAEXT1ZGVG9vbAAA/3kobGlidm1hY29yZS5keWxpYgAAf2EHAFr5BQAPfgEB2vUKb3ZmdG9vbAABwZYOAdnqDgHl1w4CIYYBbGliY3VybC40LmR5bGliAAIyggECRncDAsVnAwI1aQQCMFIEAt2xAwKBnQMC55sDAeHnDgD2ahYAPHcWAJccIwMJYQBsaWJzeXN0ZW1fcHRocmVhZC5keWxpYgADixsA[/context]
52020-12-03T12:09:08.566+01:00 verbose OVFTool[700001A07000] [Originator@6876 sub=Default] Curl_perform communication error code 23 (Failed writing received data to disk/application)
62020-12-03T12:09:08.567+01:00 verbose OVFTool[700001A07000] [Originator@6876 sub=Default] Curl session torn down
72020-12-03T12:09:10.572+01:00 verbose OVFTool[11256FDC0] [Originator@6876 sub=Default] HttpNfcLease: state:error
82020-12-03T12:09:10.577+01:00 verbose OVFTool[11256FDC0] [Originator@6876 sub=Default] HttpNfcLease: error:HTTP communication could not be completed with status 404
92020-12-03T12:09:10.583+01:00 verbose OVFTool[11256FDC0] [Originator@6876 sub=Default] [Complete] Caught exception while aborting lease: Fault cause: vim.fault.InvalidState

Using pullUploadMode the ESXi will directly download the ovf/ova file from the provided URL but was we can see in the log it gives us an 404.

So I connected to my ESXi host using ssh and tried to download the ova file using wget.

1wget -S http://WEBSERVER/photon-hw11-3.0-a383732.ova
2Connecting to WEBSERVER (WEBSERVER)
3wget: can't connect to remote host (WEBSERVER): Connection timed out

As my ESXi and this Webserver are in the same network it should work. So the only option left would be the ESXi firewall.

So I quickly disabled the firewall

1esxcli network firewall set --enabled false
 1[root@r630:/vmfs/volumes/datastore01] wget -S http://192.168.0.25:8015/photon-hw11-3.0-a383732.ova
 2Connecting to 192.168.0.25:8015 (192.168.0.25:8015)
 3  HTTP/1.1 200 OK
 4  Content-Type: application/octet-stream
 5  Accept-Ranges: bytes
 6  Content-Length: 196976640
 7  Connection: close
 8  Date: Thu, 03 Dec 2020 11:18:32 GMT
 9  Server: lighttpd/1.4.55
10
11photon-hw11-3.0-a383 100% |****************************************************************************************|  187M  0:00:00 ETA
12[root@r630:/vmfs/volumes/datastore01]

Awesome so lets try with the original URL.

 1hemmi@mac01 ~/Downloads: ovftool \
 2--X:logFile="ovftool.log" \
 3--acceptAllEulas \
 4--noSourceSSLVerify \
 5--noDestinationSSLVerify \
 6--disableVerification \
 7--skipManifestCheck \
 8--pullUploadMode \
 9--diskMode=thin \
10--powerOn \
11--net:None='VM Network' \
12--datastore=vmware01 \
13--name=photon_vm_test \
14https://packages.vmware.com/photon/3.0/Rev3/ova/photon-hw11-3.0-a383732.ova \
15vi://[USER]@vsphere.local:[PASSWORD]@[VCENTER]/Homelab/host/Dell-R630-Cluster
16Opening OVA source: https://packages.vmware.com/photon/3.0/Rev3/ova/photon-hw11-3.0-a383732.ova
17The manifest does not validate
18Opening VI target: vi://administrator%40vsphere.local@[VCENTER]:443/Homelab/host/Dell-R630-Cluster
19Deploying to VI: vi://administrator%40vsphere.local@[VCENTER]:443/Homelab/host/Dell-R630-Cluster
20Error: Message is: Authenticity of the host's SSL certificate is not verified.,
21Fault cause: vim.fault.SSLVerifyFault
22
23Warning:
24 - The manifest is present but user flag causing to skip it
25Completed with errors
26hemmi@mac01 ~/Downloads:

Ok better but still not working. So I would expect due to no SSLVerify options it should work but no.

So I collected the SSL Thumbprint from packages.vmware.com and added it to my call.

1hemmi@mac01 ~/Downloads: openssl s_client -connect packages.vmware.com:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin
2SHA1 Fingerprint=BA:C6:4E:D9:AD:D4:53:B5:86:5A:5D:70:36:CF:89:93:D1:6C:F9:63
3hemmi@mac01 ~/Downloads:
 1ovftool \
 2--X:logFile="ovftool.log" \
 3--acceptAllEulas \
 4--sourceSSLThumbprint="BA:C6:4E:D9:AD:D4:53:B5:86:5A:5D:70:36:CF:89:93:D1:6C:F9:63" \
 5--noSourceSSLVerify \
 6--noDestinationSSLVerify \
 7--disableVerification \
 8--skipManifestCheck \
 9--pullUploadMode \
10--diskMode=thin \
11--powerOn \
12--net:None='VM Network' \
13--datastore=vmware01 \
14--name=photon_vm_test \
15https://packages.vmware.com/photon/3.0/Rev3/ova/photon-hw11-3.0-a383732.ova \
16vi://[USER]@vsphere.local:[PASSWORD]@[VCENTER]/Homelab/host/Dell-R630-Cluster

Its downloading the ova file.

1Opening OVA source: https://packages.vmware.com/photon/3.0/Rev3/ova/photon-hw11-3.0-a383732.ova
2The manifest does not validate
3Opening VI target: vi://administrator%40vsphere.local@[VCENTER]:443/Homelab/host/Dell-R630-Cluster
4Deploying to VI: vi://administrator%40vsphere.local@[VCENTER]:443/Homelab/host/Dell-R630-Cluster
5Powering on VM: photon_vm_test
6Task Completed
7Warning:
8 - The manifest is present but user flag causing to skip it
9Completed successfully

Finished!