Performing repetitive administrative tasks, anyone a fan? I certainly not. That’s why I delved into experimenting with Ansible playbooks to automate my tasks.
Ansible is an open-source automation tool that is widely used for configuration management, application deployment, task automation, and orchestration. It allows you to define and describe the infrastructure and application deployment process in a declarative language, making it easy to understand and maintain.
In my lab, I set up Ansible and the Community.VMware Ansible Collection on an Ubuntu server.
Install Ansible
Following the installation and update of Ubuntu, I installed Python3 and Python3-pip. Afterward, we can proceed with the installation of Ansible.
sudo apt install python3 python3-pip
sudo apt install ansibleFor managing the environment, we’re utilizing the Community.VMware collection, and it can be installed using the following command.
pip install --upgrade git+https://github.com/vmware/vsphere-automation-sdk-python.gitAdditional details about the Community.VMware collection can be found by referring to the Ansible docs.
Playbooks
I’ve created some examples. The initial one will modify the welcome message on all hosts in the cluster. At the beginning of the YAML file, we define the variables vcenter_hostname, vcenter_username, and vcenter_password. The second part will set the message.
---
- hosts: localhost
vars:
vcenter_hostname: vCenterName
vcenter_username: administrator@vsphere.local
vcenter_password: Password
tasks:
- name: Set Welcome message to all hosts in the cluster
community.vmware.vmware_host_config_manager:
hostname: "{{ vcenter_hostname }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
cluster_name: ClusterName
validate_certs: no
options:
"Annotations.WelcomeMessage": "Yo de Nick!"
delegate_to: localhostSave the file and run it.
ansible-playbook Set-HostWelcomeMessage.yaml
As I mentioned earlier, I’m not a fan of repetitive tasks. It’s safer to divide the tasks into different YAML files. However, we still need the variables in all files. Therefore, I’ve included them in a separate file and imported that file into all my other files. The following example will modify the DNS settings on all ESXi hosts.
---
vcenter_hostname: vCenterName
vcenter_username: administrator@vsphere.local
vcenter_password: Password---
- hosts: localhost
pre_tasks:
- include_vars: vars.yaml
tasks:
- name: Set DNS settings on all hosts in the cluster
community.vmware.vmware_host_dns:
hostname: "{{ vcenter_hostname }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
cluster_name: ClusterName
validate_certs: no
type: static
dns_servers:
- 9.9.9.9
- 8.8.8.8
delegate_to: localhost
Ansible-vault
We’re all aware that storing passwords in files is not secure. To address this, we can encrypt the vars.yaml file using Ansible-vault. In this scenario, we have a single vault password (distinct from the vCenter password). If you need to access the file, it’s filled the encryption key.
ansible-vault encrypt vars.yamlTo run a playbook with the encrypted file, you can use the following command:
ansible-playbook --ask-vault-pass Set-host-options.yamlThis command will prompt you for the vault password before executing the playbook.
