Ansible-izing vCenter with vSphere’s RESTful APIs!

Ansible-izing vCenter with vSphere’s RESTful APIs!

Thank you Kanji

Kyle Ruddy

@kmruddy

/in/kmruddy

github.com/kmruddy

thatcouldbeaproblem.com

vbrownbag.com

Awesomest vBeardPowerCLI Master

Jonathan Frappier

@jfrappier

/in/jonathanfrappier

github.com/jfrappier

jfrap.com

vbrownbag.com

Team Lead - Cloud SolutionsDell EMC Education Services

https://github.com/jfrappier/vSphere-6.5-API-Playbook-Examples

1

Disclaimer● When we say how awesome something is what

we really mean “In most cases” that thing is

awesome. Your use case might be different,

that’s cool.

● Here is one way you could do it, there are many

others.

● I can’t draw 7 red lines all perpendicular with

red, green, or transparent ink.

● Some of these things are in beta/tech preview.

Don’t buy something based on this presentation

- it might not make GA (but that is Kyle’s fault).

1

Who Uses...(Or has heard of…)

vSphere 6.5? 6.0? Older?

Ansible?

APIs?

1

REST API Overview

An architecture, not a protocol

Benefits:

- Simple

- Reliable

- Scalable

- Performant

Get familiar with:

- GET, PUT, POST, DELETE…

- HTML Response Codes (200, 404, 500…)

vSphere 6.5 RESTful APIs Overview

Brand new and built from the ground up…

Not a shim!

Five Core Areas:

- CIS (Tagging)

- Content (Content Library)

- vAPI

- VCSA

- Configuration

- Backup/Restore

- vCenter

- VM Lifecycle Management

Accessible in many ways:

- API Explorer

- Open-Source SDKs

- PowerCLI

- Curl

- Any Language Which Can Talk REST

Discovering the vSphere API Explorer

Discovering the vSphere API Explorer

Ansible Overview

sudo yum install epel-release -y

sudo yum install ansible -y

ansible --version

ansible 2.4.2.0

config file = /etc/ansible/ansible.cfg

…

python version = 2.7.5

modules >> tasks >> playbooks >> roles

git clone https://github.com/repo.git

ansible-playbook disable-vcsa-ssh-api.yml

Navigating Ansible Documentation60% of the time, it works every time.

Navigating Ansible Documentation

Navigating Ansible Documentation

Why should you do this...

vCenter Use Cases Use Case Benefits

Initial configuration of vCenter Server Quickly stand up vCenter

Instant documentation for vCenter config

Store/collaborate on config in SCM

Same playbook used for setup

Use playbooks for audit/compliance

Update configuration settings

Add new data centers, hosts

DR for vCenter Server Appliance

configuration

Virtual Machine Use Cases Use Case Benefits

Initial configuration and/or VM deployment Instant documentation for VM config

Store/collaborate on config in SCM

Use playbooks for audit/compliance

Playbook Examples

vCenter Server Appliance Config

IPv4 Settings

IP Address

Hostname, DNS, Search Domains

DNS Config

NTP Server

NTP Config

Shell, SSH, DCUI

Access Options

Available on network

Deployed

Required vCenter Permissions

vCenter Server Appliance

Administration > Single Sign-On > Users and Groups > Groups >

SystemConfiguration.Administrators

vCenter Server

Same as you would need to do a thing in the web client

Authentication

---

- hosts: localhost

become: no

tasks:

- name: vcenter login

uri:

url: https://yourvcenter.fqdn.foo/rest/com/vmware/cis/session

force_basic_auth: yes

method: POST

user: administrator@vsphere.local

password: P@ssw0rd

status_code: 200

validate_certs: no

register: login

Runs the playbook locally

Connects to remote URL

Using Ansible URI module

SSH

- name: disable ssh

uri:

url: https://yourvcenter.fqdn.foo/rest/appliance/access/ssh

force_basic_auth: yes

method: PUT

body_format: json

body: "{{ lookup('file','sshoff.json') }}"

validate_certs: no

headers:

Cookie: "{{login.set_cookie}}"

Appliance API

JSON file w parameters for

API

Example JSON File - sshoff.json

{

“enabled”: false

}

NTP Server (Tech Preview)

- name: set ntp server

uri:

url:

https://yourvcenter.fqdn.foo/rest/appliance/techpreview/ntp/server

force_basic_auth: yes

method: PUT

body_format: json

body: "{{ lookup('file','ntpserver.json') }}"

validate_certs: no

headers:

Cookie: "{{login.set_cookie}}"

Pre-GA

Supports PUT or POST.

PUT replaces, POST adds

Example JSON File - ntpserver.json

{

"servers": [

"192.168.1.100"

]

}

vCenter Config

Create VMs

Virtual Machines

Start powered off VMs

Power ON VMs

Add or verify VM port group

VM Networks

Add hosts to vCenter

Hosts

¯\_(ツ)_/¯

Cluster

Create new data center

Data Center

Available on network

Deployed

Data Center

- name: create new data center

uri:

url: https://yourvcenter.fqdn.foo/rest/vcenter/datacenter

force_basic_auth: yes

method: POST

body_format: json

body: "{{ lookup('file','datacenter.json') }}"

validate_certs: no

headers:

Cookie: "{{login.set_cookie}}"

vCenter API

Example JSON File - datacenter.json

{

"spec": {

"folder": "string",

"name": "newdcname"

}

}

Tips

➔ Use Postman and GET APIs to view info for existing objects to use in your JSON file

➔ https://yourvcenter.fqdn.foo/rest/vcenter/folder?filter.type=DATACENTER

Ansible Vault

Ansible Vault

1. Create vault

ansible-vault create vault.yml

2. Provide a vault password

3. Enter password

4. Save and close vi

6. cat vault.yml

5. add var in task, use var in appropriate

place in playbook

6. Run playbook with vault id

ansible-playbook playbook.yml -

-vault-id vault.yml --ask-

vault-pass

Authentication - Vaultedizedtasks:

- name: vcenter login

uri:

url: https://vcsa01.corp.local/rest/com/vmware/cis/session

force_basic_auth: yes

method: POST

user: administrator@vsphere.local

password: '{{ passvc }}'

status_code: 200

validate_certs: no

register: login

vars:

passvc: !vault |

$ANSIBLE_VAULT;1.1;AES256

13215345600465416546165465406546465406546540

13215345600465416546165465406546465406546540

13215345600465416546165465406546465406546540

7864

Value from step 5

ResourcesGetting Started with vSphere APIs:

https://blogs.vmware.com/code/2017/02/02/getting-started-vsphere-automation-sdk-rest/

vBrownBag Zero to API Here:

http://bit.ly/apizerohero

Questions?

Thank you