Creating an OVA

While working on creating the next version of the pmsApp OVA, I ran into some issues so I thought I would try to make a small guide to creating an OVA here. Mostly for my own benefit.

I installed version 0.2 of the pmsApp and updated it to get the latest software versions. When I then tried to create a new OVA it turned out to be quite a lot larget than the original. I needed to make the image smaller.

I started out by clearing the yum cache and uninstalling the old kernel, that shrinked the used space to around the same as before the update. I found this guide as to how to prepare a VM to be a template, that freed up a bit more space.

Using VirtualBox, i created an OVA from the VM. Now the problem is that an OVA created with VirtualBox can not be imported into ESXi. Fortunately an OVA is actually just a tar archive so I was able to extract the .ovf file and the vmdk’s without issues. After that it is a queston of editing the ovf and changing the hardware version from virtualbox-2.2 to vmx-Y where Y is the vmware hardware version wanted. I plan on going with vmx-8.

Now the problem is assemling the OVA again, to do that, I used vmware’s ovftool, but it wants a .mf file to ensure that the files are not corrupted. I found this article, explaining how to create the .mf file.

To have everything in one place, here is what I have done to the VM to make it into an OVA:

First, we are working “inside” the VM to reduce space used.

Stop logging:

service rsyslog stop
service auditd stop

Remove old kernels:

uname -a
rpm -qa | grep kernel
#remove old kernel versions with. yum remove

Clean yum cache:

yum clean all

Empty logs:

logrotate -f /etc/logrotate.conf
rm –f /var/log/*-???????? /var/log/*.gz /var/log/*.old /var/log/anac*
cat /dev/null > /var/log/audit/audit.log
cat /dev/null > /var/log/wtmp
cat /dev/null > /var/log/lastlog
#there might be other logfiles to empty out with cat /dev/null
#*I will update this next time I go through the process

Clean tmp space:

rm -rf /tmp/*
rm -rf /var/tmp/*

Zero out freespace to ensure disk images can be made as small as possible:

dd if=/dev/zero of=/boot/zerofile bs=1M
sync
rm -rf /boot/zerofile

dd if=/dev/zero of=/zerofile bs=1M
sync
rm +rf /zerofile

Finally shut down the vm:

shutdown -h now

Using VirtualBox, I exported the VM as pmsApp-0.3.ova. Next are the steps taken to ensure that the OVA is as small as possible and can be imported by ESXi.

Extract OVA:

mv pmsApp-0.3.ova pmsApp-0.3.tar
tar xf pmsApp-0.3.tar

Above step can be skipped if the VM is exported as .ovf instead of .ova

Replace the system type to ensure that the OVA can be imported by ESXi:

sed 's/virtualbox-2.2/vmx-8/g' pmsApp-0.3.ovf > pmsApp-tmp.ovf
mv pmsApp-tmp.ovf pmsApp-0.3.ovf

Ensure that the disk image is as small as possible:

qemu-img convert -p -O vmdk pmsApp-0.3-disk1.vmdk thindisk.vmdk
mv thindisk.vmdk pmsApp-0.3-disk1.vmdk

Create a manifest file to ensure data consistency in OVA:

openssl sha1 *.ovf *.vmdk > pmsApp-0.3.mf

Create the OVA:

ovftool pmsApp-0.3.ovf pmsApp-0.3.ova

One thought on “Creating an OVA

  1. I had thought about leaving ssh-keys intact in the OVA to ease communication between pmsApp’s in a cluster, but as that would be quite a security issue, I thought again and figured that I can use unique keys and still get ssh communication between pmsApp’s faily easy.

    For pmsapp1 to ssh to pmsapp2, it needs to know the identity of pmsapp2. The identity is stored in /etc/ssh/ssh_host_rsa_key.pub
    The contents needs to be copied to /root/.ssh/known_hosts on pmsapp1 with the hostname of pmsapp2 in the beginning.

    So, if contents of /etc/ssh/ssh_host_rsa_key.pub on pmsapp2 is:
    ssh-rsa AAAAB3463l3j563l6j34l
    Contents of /root/.ssh/knownhosts on pmsapp1 should be:
    pmsapp2 ssh-rsa AAAAB3463l3j563l6j34l

    To ensure that pmsapp1 can ssh to pmsapp2 without the use of a password, a key-pair needs to be generated. This can be done with the following command:
    ssh-keygen -f /root/.ssh/id_rsa -q -N “”

    The contents of /root/.ssh/id_rsa.pub on pmsapp1 needs to be appended to /etc/.ssh/authorized_keys on pmsapp2.

    /root./ssh/authorized_keys is owned by root and have 600 rights
    /root/.ssh/known_hosts is owned by root and have 644 rights

Leave a Reply

Your email address will not be published. Required fields are marked *