When deploying Virtual-Machines by OVF/OVA-Files in automated manner, eg. using PowerShell of Terraform, it’s crucial to set all individual deployment parameters using the provisioning system.
Discover the available Properties using
Using PowerShell
Create a vCenter-Connection
PS C:\Program Files\PowerShell\7>
$VIServer = "vcenter.lab.local"
$VIUsername = "administrator@vsphere.local"
$VIPassword = "VMware!23"
$viConnection = Connect-VIServer $VIServer -User $VIUsername -Password $VIPassword
Retrieve the OVF-Config-Object
PS C:\Program Files\PowerShell\7>
$OVA = "T:\csr1000v-universalk9.16.09.01.ova"
$ovfconfig = Get-OvfConfiguration -Server $viConnection $OVA
$ovfconfigHashTable = $ovfconfig.ToHashTable()
Display all contained Properties („=Keys“)
PS C:\Program Files\PowerShell\7>
$ovfconfigHashTable.Keys | Sort-Object
com.cisco.csr1000v.domain-name.1
com.cisco.csr1000v.enable-scp-server.1
com.cisco.csr1000v.enable-ssh-server.1
com.cisco.csr1000v.hostname.1
com.cisco.csr1000v.license.1
com.cisco.csr1000v.login-password.1
com.cisco.csr1000v.login-username.1
com.cisco.csr1000v.mgmt-interface.1
com.cisco.csr1000v.mgmt-ipv4-addr.1
com.cisco.csr1000v.mgmt-ipv4-gateway.1
com.cisco.csr1000v.mgmt-ipv4-network.1
com.cisco.csr1000v.mgmt-vlan.1
com.cisco.csr1000v.pnsc-agent-local-port.1
com.cisco.csr1000v.pnsc-ipv4-addr.1
com.cisco.csr1000v.pnsc-shared-secret-key.1
com.cisco.csr1000v.privilege-password.1
com.cisco.csr1000v.remote-mgmt-ipv4-addr.1
com.cisco.csr1000v.resource-template.1
DeploymentOption
NetworkMapping.GigabitEthernet1
NetworkMapping.GigabitEthernet2
NetworkMapping.GigabitEthernet3
Deployment-Option?
PS C:\Program Files\PowerShell\7>
$ovfconfig.DeploymentOption
Key : DeploymentOption
Value :
DefaultValue : 1CPU-4GB
OvfTypeDescription : string["1CPU-4GB", "2CPU-4GB", "4CPU-4GB", "4CPU-8GB"]
Description : Small
Minimal hardware profile - 1 vCPU, 4 GB RAM
Medium
Medium hardware profile - 2 vCPUs, 4 GB RAM
Large
Large hardware profile - 4 vCPUs, 4 GB RAM
Large + DRAM Upgrade
Large hardware profile (requires purchase of DRAM upgrade SKU) - 4 vCPUs, 8 GB RAM
OVFTOOL.EXE, provided by VMware (Download OVFTOOL) allows to inspect existing OVA/OFV-Files, too.
T:\"C:\Program Files\VMware\VMware OVF Tool\ovftool.exe" --verifyOnly csr1000v-universalk9.16.09.01.ova
OVF version: 1.0
VirtualApp: false
Name: Cisco CSR 1000V Cloud Services Router
Version: 16.09.01
Full Version: Cisco IOS-XE Software, version 16.09.01
Vendor: Cisco Systems, Inc.
Product URL: http://www.cisco.com/en/US/products/ps12559/index.html
Vendor URL: http://www.cisco.com
Download Size: 413.23 MB
Deployment Sizes:
Flat disks: 8.40 GB
Sparse disks: 692.60 MB
Networks:
Name: GigabitEthernet1
Description: Data network 1
Name: GigabitEthernet2
Description: Data network 2
Name: GigabitEthernet3
Description: Data network 3
Virtual Machines:
Name: Cisco CSR 1000V Cloud Services Router
Operating System: other3xlinux64guest
Virtual Hardware:
Families: vmx-10 vmx-11 vmx-13
Number of CPUs: 1
Cores per socket: 1
Memory: 4.00 GB
Disks:
Index: 0
Instance ID: 3001
Capacity: 8.00 GB
Disk Types: SCSI-VirtualSCSI
NICs:
Adapter Type: VMXNET3
Connection: GigabitEthernet1
Adapter Type: VMXNET3
Connection: GigabitEthernet2
Adapter Type: VMXNET3
Connection: GigabitEthernet3
Properties:
ClassId: com.cisco.csr1000v
Key: hostname
InstanceId 1
Category: 1. Bootstrap Properties
Label: Router Name
Type: string(..63)
Description: Hostname of this router
ClassId: com.cisco.csr1000v
Key: login-username
InstanceId 1
Category: 1. Bootstrap Properties
Label: Login Username
Type: string(..64)
Description: Username for remote login
ClassId: com.cisco.csr1000v
Key: login-password
InstanceId 1
Category: 1. Bootstrap Properties
Label: Login Password
Type: password(..25)
Description: Password for remote login.
WARNING: While this password will be stored securely within IOS,
the plain-text password will be recoverable from the OVF
descriptor file.
ClassId: com.cisco.csr1000v
Key: mgmt-interface
InstanceId 1
Category: 1. Bootstrap Properties
Label: Management Interface
Type: string
Description: Management interface (such as "GigabitEthernet1" or
"GigabitEthernet1.100")
Value: GigabitEthernet1
ClassId: com.cisco.csr1000v
Key: mgmt-vlan
InstanceId 1
Category: 1. Bootstrap Properties
Label: Management VLAN
Type: string(..5)
Description: Management dot1Q VLAN (requires specifying a subinterface such
as "GigabitEthernet1.100" for the Management Interface)
ClassId: com.cisco.csr1000v
Key: mgmt-ipv4-addr
InstanceId 1
Category: 1. Bootstrap Properties
Label: Management Interface IPv4 Address/Mask
Type: string(..33)
Description: IPv4 address and mask for management interface (such as
"192.0.2.100/24" or "192.0.2.100 255.255.255.0"), or "dhcp" to
configure via DHCP
ClassId: com.cisco.csr1000v
Key: mgmt-ipv4-gateway
InstanceId 1
Category: 1. Bootstrap Properties
Label: Management IPv4 Gateway
Type: string(..16)
Description: IPv4 gateway address (such as "192.0.2.1") for management
interface, or "dhcp" to configure via DHCP
ClassId: com.cisco.csr1000v
Key: mgmt-ipv4-network
InstanceId 1
Category: 1. Bootstrap Properties
Label: Management IPv4 Network
Type: string(..33)
Description: IPv4 Network (such as "192.168.2.0/24" or "192.168.2.0
255.255.255.0") that the management gateway should route to.
ClassId: com.cisco.csr1000v
Key: pnsc-ipv4-addr
InstanceId 1
Category: 1. Bootstrap Properties
Label: PNSC IPv4 Address
Type: string(..15)
Description: IPv4 address without mask (such as "192.0.2.110") of PNSC
service controller
ClassId: com.cisco.csr1000v
Key: pnsc-agent-local-port
InstanceId 1
Category: 1. Bootstrap Properties
Label: PNSC Agent Local Port
Type: string(..5)
Description: PNSC service agent SSL port (on local CSR) to receive policies
from service manager.
The port shall be in the range of [55001, 61000] if shared IP is
used, i.e., Remote Management IPv4 Address is not configured.
ClassId: com.cisco.csr1000v
Key: pnsc-shared-secret-key
InstanceId 1
Category: 1. Bootstrap Properties
Label: PNSC Shared Secret Key
Type: password(..64)
Description: PNSC service controller shared secret key (8-64 characters) for
PNSC agent to get SSL certificate from the controller.
WARNING: While this password will be stored securely within IOS,
the plain-text password will be recoverable from the OVF
descriptor file.
ClassId: com.cisco.csr1000v
Key: remote-mgmt-ipv4-addr
InstanceId 1
Category: 1. Bootstrap Properties
Label: Remote Management IPv4 Address (optional, deprecated)
Type: string(..15)
Description: Secondary IPv4 address without mask (such as "192.0.2.101") for
access to remote management features (REST API, etc.). This
should be in the same IP subnet as the Management Interface IPv4
Address entered above.
Warning: THIS IS A DEPRECATED OPTION IN THIS RELEASE.
ClassId: com.cisco.csr1000v
Key: enable-scp-server
InstanceId 1
Category: 2. Features
Label: Enable SCP Server
Type: boolean
Description: Enable IOS SCP server feature
Value: False
ClassId: com.cisco.csr1000v
Key: enable-ssh-server
InstanceId 1
Category: 2. Features
Label: Enable SSH Login and Disable Telnet Login
Type: boolean
Description: Enable remote login via SSH and disable remote login via telnet.
Requires login-username and login-password to be set!
Value: False
ClassId: com.cisco.csr1000v
Key: privilege-password
InstanceId 1
Category: 3. Additional Configuration Properties
Label: Enable Password
Type: password(..25)
Description: Password for privileged (enable) access.
WARNING: While this password will be stored securely within IOS,
the plain-text password will be recoverable from the OVF
descriptor file.
ClassId: com.cisco.csr1000v
Key: domain-name
InstanceId 1
Category: 3. Additional Configuration Properties
Label: Domain Name
Type: string(..238)
Description: Network domain name (such as "cisco.com")
ClassId: com.cisco.csr1000v
Key: license
InstanceId 1
Category: 3. Additional Configuration Properties
Label: License boot level
Type: string(..30)
Description: Configure license boot level(such as ax, security, appx, ipbase,
lite, vacs)
Value: ax
ClassId: com.cisco.csr1000v
Key: resource-template
InstanceId 1
Category: 3. Additional Configuration Properties
Label: Resource template
Type: string(..30)
Description: Configure Resource template(service_plane_medium,
service_plane_heavy or default)
Value: default
Deployment Options:
Id: 1CPU-4GB (default)
Label: Small
Description: Minimal hardware profile - 1 vCPU, 4 GB RAM
Id: 2CPU-4GB
Label: Medium
Description: Medium hardware profile - 2 vCPUs, 4 GB RAM
Id: 4CPU-4GB
Label: Large
Description: Large hardware profile - 4 vCPUs, 4 GB RAM
Id: 4CPU-8GB
Label: Large + DRAM Upgrade
Description: Large hardware profile (requires purchase of DRAM upgrade SKU) -
4 vCPUs, 8 GB RAM
References:
File: csr1000v_harddisk.vmdk
File: bdeo.sh
File: README-OVF.txt
File: README-BDEO.txt
File: cot.tgz
File: csr1000v-universalk9.16.09.01-vga.iso
Error: OVF Package is not supported by target:
- Line -1: Unsupported value 'ethernet0.rxDataRingEnabled' for attribute 'key' on element 'ExtraConfig'.
- Line -1: Unsupported value 'ethernet1.rxDataRingEnabled' for attribute 'key' on element 'ExtraConfig'.
- Line -1: Unsupported value 'ethernet2.rxDataRingEnabled' for attribute 'key' on element 'ExtraConfig'.
- Line -1: Unsupported value 'ethernet3.rxDataRingEnabled' for attribute 'key' on element 'ExtraConfig'.
- Line -1: Unsupported value 'isolation.tools.diskWiper.disable' for attribute 'key' on element 'ExtraConfig'.
- Line -1: Unsupported value 'isolation.tools.memSchedFakeSampleStats.disable' for attribute 'key' on element 'ExtraConfig'.
- Line -1: Unsupported value 'isolation.tools.diskShrink.disable' for attribute 'key' on element 'ExtraConfig'.
- Line -1: Unsupported value 'isolation.tools.vmxDnDVersionGet.disable' for attribute 'key' on element 'ExtraConfig'.
- Line -1: Unsupported value 'isolation.tools.unityActive.disable' for attribute 'key' on element 'ExtraConfig'.
- Line -1: Unsupported value 'isolation.tools.guestDnDVersionSet.disable' for attribute 'key' on element 'ExtraConfig'.
- Line -1: Unsupported value 'snapshot.maxSnapshots' for attribute 'key' on element 'ExtraConfig'.
- Line -1: Unsupported value 'RemoteDisplay.maxConnections' for attribute 'key' on element 'ExtraConfig'.
The CLI-Switch „–allowExtraConfig“ enables the support for ExtraConfig-Key/Values:
T:\>"C:\Program Files\VMware\VMware OVF Tool\ovftool.exe" --verifyOnly --allowExtraConfig nsx-unified-appliance-3.1.3.5.0.19068437.ova
The provided certificate is in valid period
Source is signed and the certificate validates
Certificate information:
CertIssuer:/C=US/ST=California/L=Palo Alto/O=VMware, Inc.
CertSubject:/C=US/ST=California/L=Palo Alto/O=VMware, Inc.
-----BEGIN CERTIFICATE-----
MIIDyzCCArOgAwIBAgIJAKH7xLtwMqSZMA0GCSqGSIb3DQEBBQUAME0xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlQYWxvIEFsdG8x
FTATBgNVBAoTDFZNd2FyZSwgSW5jLjAeFw0xMDAyMjYyMjE3NDFaFw0yNjAxMDMy
MjE3NDFaME0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYD
VQQHEwlQYWxvIEFsdG8xFTATBgNVBAoTDFZNd2FyZSwgSW5jLjCCASAwDQYJKoZI
hvcNAQEBBQADggENADCCAQgCggEBALU9NUtC39fqG7yo2XAswUmtli9uA+31uAMw
9FFHAEv/it8pzBQZ/4r+2bN+GnXOWhuDd1K4ApKMRvoO4LwQfZxrkx4pXrsu0gdb
4OunHw0D8MrdzSoob8Js/uq+IJ+8Bhsc6b7RzTUt9HeDWzHasAJVgMsjehGt23ay
9FKOT6dVD6D/Xi3qJnB/4t/XNS6L63dC3ea4guzKDyLaXIP5bf/m56jvVImFjhhT
W2ASbnEUlZIVrEuyVcdG7e3FvZufE553JmHL0YG/0m5bIHXKRzBRx0D3HHOAzOKw
kkOnxJHSTN4Hz8hSYCWvzUAjSYL3Q8qiTd7GHJ2ynsRnu3KlzKUCAQOjga8wgaww
HQYDVR0OBBYEFHg8KQJdm8NPQDmYP41uEgKG+VNwMH0GA1UdIwR2MHSAFHg8KQJd
m8NPQDmYP41uEgKG+VNwoVGkTzBNMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs
aWZvcm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMRUwEwYDVQQKEwxWTXdhcmUsIElu
Yy6CCQCh+8S7cDKkmTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCP
nVEBVF2jYEsgaTJ1v17HNTVTD5pBPfbQk/2vYVZEWL20PtJuLeSWwoo5+TnCSp69
i9n1Hpm9JWHjyb1Lba8Xx7VC4FferIyxt0ivRm9l9ouo/pQAR8xyqjTg1qfr5V8S
fZElKbjpzSMPrxLwF77h+YB+YjqWAJpVV+fAkAvK7K9vMiFgW60teZBxVW/XlmG0
IJaSUWSI3/A+bA6fuIy8PMmpQMtm0droHrCnViAVRhMMgEC/doMH1GqUSmoiyQ1G
PifLAp5wV5/HV+S9AGrb8HGdWIvW+kBgmCl0wSf2JFYm1bpq30CVE4EC0MAY1mJG
vSqQGIbCybw5KTCXRQ8d
-----END CERTIFICATE-----
OVF version: 1.0
VirtualApp: false
Name: nsx-unified-appliance
Version: 3.1.3.5
Full Version: 3.1.3.5.0.19068437
Vendor: VMware, Inc
Download Size: 8.37 GB
Deployment Sizes:
Flat disks: 300.00 GB
Sparse disks: 4.74 GB
Networks:
Name: Network 1
Description: Network 1
Virtual Machines:
Name: nsx-unified-appliance
Operating System: ubuntu64guest
Virtual Hardware:
Families: vmx-10 vmx-11 vmx-13
Number of CPUs: 6
Cores per socket: 1
Memory: 24.00 GB
Disks:
Index: 0
Instance ID: 5
Capacity: 200.00 GB
Disk Types: SCSI-lsilogic
Index: 1
Instance ID: 6
Capacity: 100.00 GB
Disk Types: SCSI-lsilogic
NICs:
Adapter Type: VmxNet3
Connection: Network 1
Properties:
Key: nsx_passwd_0
Category: Application
Label: System Root User Password
Type: password(12..)
Description: The password for root user for this VM.
Please follow the password complexity rule as below:
- minimum of 12 characters in length
- >=1 uppercase character
- >=1 lowercase character
- >=1 numeric character
- >=1 special character
- >=5 unique characters
- default password complexity rules as enforced by the Linux
PAM module
NOTE: Password strength validation will occur during VM
boot. If the password does not meet the above criteria then
login as root user for the change password prompt to appear.
Key: nsx_cli_passwd_0
Category: Application
Label: CLI "admin" User Password
Type: password(12..)
Description: The password for default CLI user for this VM.
Please follow the password complexity rule as below:
- minimum of 12 characters in length
- >=1 uppercase character
- >=1 lowercase character
- >=1 numeric character
- >=1 special character
- >=5 unique characters
- default password complexity rules as enforced by the Linux
PAM module
NOTE: Password strength validation will occur during VM
boot. If the password does not meet the above criteria then
login as admin user for the change password prompt to appear.
Key: nsx_cli_audit_passwd_0
Category: Application
Label: CLI "audit" User Password
Type: password
Description: The password for audit CLI user for this VM.
Please follow the password complexity rule as below:
- minimum of 12 characters in length
- >=1 uppercase character
- >=1 lowercase character
- >=1 numeric character
- >=1 special character
- >=5 unique characters
- default password complexity rules as enforced by the Linux
PAM module
NOTE: Password strength validation will occur during VM
boot. If the password does not meet the above criteria then
login as admin user and use the NSX CLI command "set user audit"
to change the audit user password.
Key: nsx_cli_username
Category: Application
Label: CLI "admin" username (default: admin)
Type: string
Description: Username of administrator user.
Key: nsx_cli_audit_username
Category: Application
Label: CLI "audit" username (default: audit)
Type: string
Description: Username of auditor user.
Key: extraPara
Category: Application
Label: Optional parameters
Type: password
Description: For internal use only.
Key: nsx_hostname
Category: Network properties
Label: Hostname
Type: string(1..)
Description: The hostname for this VM.
NOTE: Underscores in hostname are not allowed. If hostname
contains underscore, then the appliance gets deployed with
'nsx-manager' as hostname.
Key: nsx_role
Category: Network properties
Label: Rolename
Type: string["NSX Manager","nsx-cloud-service-manager","NSX Global
Manager"]
Description: The role for this VM. Currently supports
'nsx-cloud-service-manager', 'NSX Global Manager' OR 'NSX
Manager' as rolename.
Value: NSX Manager
Key: nsx_ip_0
Category: Network properties
Label: Management Network IPv4 Address
Type: string(1..)
Description: The IPv4 Address for the first interface.
Key: nsx_netmask_0
Category: Network properties
Label: Management Network Netmask
Type: string(1..)
Description: The netmask for the first interface.
Key: nsx_gateway_0
Category: Network properties
Label: Default IPv4 Gateway
Type: string
Description: The default gateway for this VM.
Key: nsx_dns1_0
Category: DNS
Label: DNS Server list
Type: string
Description: The space separated DNS server list for this VM (valid only if
an IPv4 address is specified for the first interface).
NOTE: At most three name servers can be configured (first 3
name servers passed in list will be used and all other will be
ignored)
Key: nsx_domain_0
Category: DNS
Label: Domain Search List
Type: string
Description: The space separated domain search list for this VM (valid only
if an IPv4 address is specified for the first interface).
Key: nsx_ntp_0
Category: Services Configuration
Label: NTP Server List
Type: string
Description: The NTP server list(space separated) for this VM.
Key: nsx_isSSHEnabled
Category: Services Configuration
Label: Enable SSH
Type: boolean
Description: Enabling SSH service is not recommended for security reasons.
Value: False
Key: nsx_allowSSHRootLogin
Category: Services Configuration
Label: Allow root SSH logins
Type: boolean
Description: Allowing root SSH logins is not recommended for security
reasons.
Value: False
Key: nsx_swIntegrityCheck
Category: Services Configuration
Label: Software Integrity Checker
Type: boolean
Description: Software Integrity Checker is required only for NDcPP 2.2
Value: False
Key: mpIp
Category: Internal Properties - Do not set these parameters.
Label: Manager IP
Type: string
Description: For internal use only. Do not set this parameter.
Key: mpToken
Category: Internal Properties - Do not set these parameters.
Label: Manager Token
Type: password
Description: For internal use only. Do not set this parameter.
Key: mpThumbprint
Category: Internal Properties - Do not set these parameters.
Label: Manager Thumbprint
Type: string
Description: For internal use only. Do not set this parameter.
Key: mpNodeId
Category: Internal Properties - Do not set these parameters.
Label: Manager Node ID
Type: string
Description: For internal use only. Do not set this parameter.
Key: mpClusterId
Category: Internal Properties - Do not set these parameters.
Label: Cluster ID of First Manager Cluster
Type: string
Description: For internal use only. Do not set this parameter.
Deployment Options:
Id: extra_small
Label: ExtraSmall
Description:
IMPORTANT: This configuration is only supported for the
nsx-cloud-service-manager role.
This configuration requires the following:
* 2 vCPU
* 8GB RAM
* 300GB Storage
* VM hardware version 10 or greater (vSphere 5.5 or greater)
Id: small
Label: Small
Description:
IMPORTANT: This configuration is supported for Global Manager
Production deployment
This configuration requires the following:
* 4 vCPU
* 16GB RAM
* 300GB Storage
* VM hardware version 10 or greater (vSphere 5.5 or greater)
Id: medium (default)
Label: Medium
Description:
IMPORTANT: This configuration is supported for Local Manager
Production deployment ('NSX Manager' role)
This is supported for Global Manager Production
deployment (but not required)
This configuration requires the following:
* 6 vCPU
* 24GB RAM
* 300GB Storage
* VM hardware version 10 or greater (vSphere 5.5 or greater)
Id: large
Label: Large
Description:
IMPORTANT: This configuration is supported for Local Manager
Production deployment ('NSX Manager' role)
This is supported for Global Manager Production
deployment (but not required)
This configuration requires the following:
* 12 vCPU
* 48GB RAM
* 300GB Storage
* VM hardware version 10 or greater (vSphere 5.5 or greater)
References:
File: nsx-unified-appliance.vmdk
File: nsx-unified-appliance-secondary.vmdk