“Infrastructure as code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. The IT infrastructure managed by this process comprises both physical equipment, such as bare-metal servers, as well as virtual machines, and associated configuration resources. The definitions may be in a version control system. It can use either scripts or declarative definitions, rather than manual processes, but the term is more often used to promote declarative approaches. “Wikipedia
In large and not so large Companies, time and availability is crucial, and I don’t mean ‘high availability’ in case of a disaster. The availability of a server, or an application after the request is in the queue is usually ASAP or Now (sometimes Yesterday – You all know what I’m talking about;) ). With the Cloud Providers on the market this time is basically zero. Everyone wants everything asap, and even though the most time consuming parts are outside of the IT departments – usually gathering all of the approvals take more time than for example create a VM – somehow IT looks slow. Using automation tools is inevitable to provide services fast without any risks and could get the processes done without human interference.
Managing and deploying large datacenters, virtual machines, switches, configurations or other software defined components requires more than interactive UIs. Probably you know how to deploy vCenter appliance in cli with description files. This is why VMware released a vRealize Automation couple of year ago and acquired SaltStack last year. Besides VRA many other automation software is available like Terraform, Ansible etc…. With this article, I’ll try to help to start automation with Ansible.
Ansible / Ansible Tower is an IT Automation Platform, it was released by Red Hat in 2012. It can deploy and configure systems or softwares and orchestrate IT tasks by using a simple YAML language while modules can be written in any language. Ansible provides more than 50 various modules to manage virtual infrastructure, which includes datacenters, clusters, hosts and virtual machine templates or snapshots. Also has modules to manage network components like switches, DNS and firewall configurations. Ansible does not require deploying agents, its works with a control machine and access targets through different protocols like SSH or HTTP.
Control VM on Centos 8
In my LAB I have downloaded the latest Centos 8 image, and deployed it. Many companies operate with own distributions or pre-made images to have standardized environment across the company which may differ from a default installation in terms of (pre-)installed packages and security restrictions. This command set I share below works with a default installation.
The latest Centos 8 image can be downloaded from the site of The Centos Project.
As I mentioned for presentation purposes I have done a default installation without any restrictions. I don’t do so much in my box, just added the network configuration, configured rsa key based login, but this is not production vm, just for presentation purposes only. Once I was able to log in to the host using SSH, perform an update on the host:
$ sudo yum -y update
There was new kernel available for me so I rebooted the vm.
Once the system is up and running, just logged back and install the following packages. If any of the packages are already installed, skip them, while other dependencies should be installed if necessary.
$ sudo yum install -y epel-release $ sudo yum install -y ansible python38 git-core $ sudo easy_install-3.8 pip $ pip install --upgrade pip setuptools
We have the ansible and python available for using VMware automation modules, and we need to install pyVmomi. pyVmomi is the Python SDK for the VMware vSphere API that allows user to manage ESX, ESXi, and vCenter infrastructure. You can install pyVmomi using pip:
$ pip install pyvmomi
Ansible VMware modules leveraging latest vSphere features are using vSphere Automation Python SDK. Let’s install vSphere Automation Python SDK:
$ pip install --upgrade git+https://github.com/vmware/vsphere-automation-sdk-python.git
The latest SDK require a specific version of a python module, called “request” to be higher than 2.3, so if you get warnings about the module, check its version. I recommend to use version 2.6 as 2.3 has other issues. Please leave a comment if you need help I’ll do my best to answer it.
By entering ansible –version command we should see the following:
Ansible utilizes HTTP API requests when connecting to vCenter, and this is the preferred method. Usually direct SSH connection to the hypervisors could denied due security reasons and/or lockdown mode. To change SSH services and opening firewall every time we want to execute a playbook is an overhead and against security best practices. Also performing tasks outside the vCenter also not recommended.
So lets connect to the vCenter first. The best way to interact our vCenter is enabling the inventory plugin. In ansible.cfg file enable the plugin with adding it to the [inventory] section.
There are multiple location possible for presence of the configuration file, i have changed in /etc/ansible/ansible.cfg.
[inventory] enable_plugins = vmware_vm_inventory
I like to keep separated my working files, so I’ve created a new directory called workdir.
$ mkdir -p /etc/ansible/workdir
Because the inventory plugin needs and authentication file a vcenter.vmware.yml file must be created …
$ touch /etc/ansible/workdir/vcenter.vmware.yml $ vi /etc/ansible/workdir/vcenter.vmware.yml
…with the following content:
plugin: vmware_vm_inventory strict: False hostname: 192.168.1.0 «-- your vcenter ip username: firstname.lastname@example.org «-- your vcenter username password: Dummy.123 «-- your vcenter user's password validate_certs: False with_tags: True
Let’s test our connection:
$ ansible-inventory -i /etc/ansible/workdir/vcenter.vmware.yml --list
You should get a list of all available vms in your inventory, like this:
If the command ran successfully, creating different playbooks for different tasks like creating, editing or removing vms can be start.
Again, for safety reason do not use the administrator user. Create a dedicated ansible user and use that for authentication. And because of this file is a plain text and contains sensitive data, we should encrypt the file:
$ ansible-vault encrypt /etc/ansible/workdir/vcenter.vmware.yml New Vault password: Confirm New Vault password: Encryption successful
To run an encrypted file –ask-vault-pass parameter should be added to the command:
$ ansible-inventory -i /etc/ansible/workdir/vcenter.vmware.yml --list --ask-vault-pass
The result should be the same as before, a list of the available vms with their parameters.
I hope this small article will be helpful to start your automatization journey.