Ansible for VMware infrastructure automation

• Author
• Recent Posts

Mohammed Raffic

Mohammed Raffic Kajamoideen is a subject matter expert in VMware and Microsoft virtualization, a vExpert 2014 to date, a VCIX-NV, vSAN Specialist, VCAP4/5-DCA, VCP, CCA, and MCSA. He blogs at vmwarearena.com, which is ranked as one of the top 25 Virtualization blogs. It can be found on Twitter at @vmwarearena.

Latest posts by Mohammed Raffic (see all)

• vCenter Server 7.0 profiles - Wed, Apr 8 2020
• What’s new in content libraries in vSphere 7 - Wed, Mar 25 2020
• Ansible for VMware infrastructure automation - Wed, Dec 25 2019

Ansible uses neither remote agents nor additional custom security infrastructure, so it's easy to deploy. Most importantly, it uses a very simple language (YAML) that lets you describe your automation jobs in a way that approaches plain English. The market has many configuration management tools, each with its own set of strengths and weaknesses.

Due to its agentless nature and extensive support of Linux distributions, Ansible has gained significant customer adoption and is becoming the preferred configuration management solution in the DevOps community.

Ansible works by connecting to your nodes and pushing out small programs called Ansible modules to them. These programs serve as resource models of the desired system state. Ansible then executes these modules (over SSH by default) and removes them when finished. Your library of modules can reside on any machine, and there are no servers, daemons, or databases required. Typically, you'll work with your favorite terminal program and a text editor.

When it comes to automation, Ansible can automate entire IT environments regardless of whether they are bare-metal servers, virtualization platforms, or workloads in the cloud. Ansible can also automate a wide range of systems and devices, such as storage devices, application deployments, databases, network devices, firewalls, and many others.

Automate a VMware environment using Ansible ^

Many organizations have various IT teams, such as an operations team to manage the VMware infrastructure, an operating system team to manage OS deployments, and an application operations team for deploying applications. Using Ansible with VMware lets the teams implement a simple self-service IT model across all environments.

When it comes to VMware infrastructure automation, you can automate ESXi installations, ESXi configurations, and network configurations. You can create vSwitches, port groups, and network deployments, such as NSX deployments, configuration, and build validations. You can automate deployment steps from start to end using Ansible. Apart from deployments, Ansible can also help automate day-two operations, including patching and upgrading various VMware infrastructure components.

Out of the box, Ansible has over 50 VMware modules to automate various VMware use cases, including:

• Managing vSphere datacenters, clusters, virtual storage area network (vSAN) clusters, hosts, and guests
• License configuration, templates, and snapshot management
• vSwitches, DNS settings, firewall rules, and network address translation (NAT) gateway rules
• Cloud deployments, including support for VMware Cloud (VMC) on Amazon Web Services (AWS)

Install Ansible for VMware automation ^

To begin using Ansible automation, we need to have a Linux server, such as Red Hat or CentOS. The server or node for the Ansible installation is the Ansible controller.

You can install Ansible on a CentOS server using the command below:

sudo yum install ansible

As already noted, Ansible provides various modules to manage VMware infrastructure, including datacenters, clusters, host systems, and virtual machines (VMs). Ansible VMware modules are written on top of pyVmomi, which is the Python SDK for the VMware vSphere API that allows users to manage ESX, ESXi, and vCenter infrastructure.

You can install pyVmomi using pip, a tool for installing and managing Python packages. If your CentOS Ansible controller machine doesn't have pip installed, you can use the command below to install it:

sudo easy_install pip

Install pip on CentOS

Once you've installed pip on the CentOS machine, install pyVmomi to begin automating VMware using the Ansible module. Install pyVmomi using the command below:

pip install pyvmomi

Install pyVmomi on CentOS

Testing the Ansible installation ^

After installing Ansible and pyVmomi, we can test Ansible with some commands like ping by using the ping Ansible module against the localhost or the remote host. You will get a success message with all green color messages after execution, and the response to ping is "pong."

Ping using the Ansible module

In the screenshot above, I tried to ping the localhost and the remote ESXi host; "esxi1" is the name of my ESXi host. We can create an alias for any server in the Ansible inventory file.

Ansible works against multiple managed nodes or "hosts" in your infrastructure at the same time, using a list or group of lists known as an inventory. After defining your inventory, you use patterns to select the hosts or groups you want Ansible to run against. The default location for the inventory file is in "/etc/ansible/hosts." We can create a group, a nested group, or a server alias to run the play or playbook against the servers in the inventory file.

In the inventory file below, I have created an alias called "esxi1" for the "lab-esxi-01.md.lab" ESXi server:

Ansible inventory file

We can also create groups and nested groups in the inventory file to run an Ansible play or playbook against server groups. In the example below, I have created two ESXi host groups called "esxi-cluster1" and "esxi-cluster2." I have also added both ESXi host groups under the "allesxihosts" group.

Ansible host groups

You can also list the hosts that are part of the groups defined in the Ansible inventory file.

List Ansible hosts

We can specify a different inventory file from the command line using the -i <path> option. You can also use multiple inventory files at the same time.

Before we wrap up, let's run some ad-hoc Ansible commands on the remote ESXi hosts. These are one-time usage commands we can run individually to perform quick functions or actions. Ad-hoc commands are like running any ESXCLI commands directly from the ESXi console. We can run ad-hoc commands on a single remote server or a group of remote servers using Ansible.

For example, suppose you want to check the version of an ESXi server group or the driver version of an ESXi network adapter. Or let's say you want to retrieve the version of the power path installed on a group of ESXi hosts. You can use ad-hoc commands to achieve this.

These ad-hoc commands are not for configuration management and deployment because these commands are for one-time usage. Use ansible-playbook for configuration management and deployment.

Ad hoc Ansible commands

I hope this article will give you a basic overview about Ansible to get started with VMware automation. You can look at the VMware modules for Ansible and start using these modules to automate various tasks in the VMware environment.