Build and deploy the latest open-vm-tools from source with Ansible and Docker
If you run Linux VMs on VMware, you've probably hit this: your distro ships an open-vm-tools version that's 1-2 years behind upstream. That matters when you need guest OS compatibility fixes for newer ESXi, VMCI socket support, or CVE patches your distro hasn't backported yet.
I built an Ansible role that solves this: vmware-tools-builder — it compiles the latest open-vm-tools inside isolated Docker containers, produces clean .deb/.rpm packages, and deploys them across your entire fleet.
Why not just use the distro package?
| Distro package | This role | |
|---|---|---|
| Version | Months/years behind | Always latest upstream |
| VMCI socket support | Often missing | Compiled in |
| CVE patches | Depends on distro backport | Upstream fix on release |
| Multi-distro | One at a time | Ubuntu, Debian, RHEL, Rocky, Fedora |
How it works
The build runs inside Docker containers — one per distro — so your Ansible controller stays clean. No build dependencies polluting your system.
cd containers
# Build for all supported distros
./build-all.sh
# Single distro
./build-all.sh --target rocky9
# Pin a specific upstream version
./build-all.sh --version 12.5.0
Output: .deb and .rpm packages in output/, automatically copied to files/ where Ansible picks them up.
Deploy with Ansible
Install from Galaxy:
ansible-galaxy install giuliosavini.vmware_tools_builder
Write your inventory:
[debian]
srv-web01 ansible_host=10.0.0.1
srv-web02 ansible_host=10.0.0.2
[rhel]
srv-app01 ansible_host=10.0.0.10
[all:vars]
ansible_user=root
Run the playbook:
ansible-playbook -i inventory.ini playbook.yml
Smart deployment logic
The role handles three scenarios automatically — no conditional vars needed:
| Current state | Action |
|---|---|
| No open-vm-tools installed | Fresh install |
Distro open-vm-tools present |
Remove it, install custom build |
| Previous custom build present | In-place upgrade |
For each host the role runs: preflight → deploy → post-install → diagnose → verify. If vmtoolsd fails to start, it collects logs and attempts automatic recovery before reporting failure.
Supported platforms
| Distro | Build | Deploy |
|---|---|---|
| Ubuntu 22.04+ | Docker container | Ansible (apt) |
| Debian 12+ | Docker container | Ansible (apt) |
| RHEL / Rocky / Alma 9 | Docker container | Ansible (yum) |
| RHEL / Rocky / Alma 8 | Docker container | Ansible (yum) |
| Fedora | Docker container | Ansible (yum) |
| SUSE / openSUSE | — | Ansible (zypper) |
Example playbook
- name: Deploy custom open-vm-tools
hosts: all
become: true
gather_facts: true
roles:
- role: giuliosavini.vmware_tools_builder
vmtools_remove_standard: true
vmtools_diagnose_on_failure: true
Requirements
- Docker on the build host (just for compiling packages)
- Ansible 2.12+ on the controller
- SSH access to target machines
That's it. No special build deps, no polluted environments.
If you manage VMware infrastructure and are tired of outdated guest tools, give it a try. The role is on Ansible Galaxy and the source is on GitHub.
→ github.com/GiulioSavini/vmware-tools-builder
→ galaxy.ansible.com/giuliosavini/vmware_tools_builder
Top comments (0)