Embed Size (px)
Citation preview
Ansible-izing vCenter with vSphere’s RESTful APIs!
Thank you Kanji
Kyle Ruddy
@kmruddy
/in/kmruddy
github.com/kmruddy
thatcouldbeaproblem.com
vbrownbag.com
Awesomest vBeardPowerCLI Master
Jonathan Frappier
@jfrappier
/in/jonathanfrappier
github.com/jfrappier
jfrap.com
vbrownbag.com
Team Lead - Cloud SolutionsDell EMC Education Services
https://github.com/jfrappier/vSphere-6.5-API-Playbook-Examples
1
Disclaimer● When we say how awesome something is what
we really mean “In most cases” that thing is
awesome. Your use case might be different,
that’s cool.
● Here is one way you could do it, there are many
others.
● I can’t draw 7 red lines all perpendicular with
red, green, or transparent ink.
● Some of these things are in beta/tech preview.
Don’t buy something based on this presentation
- it might not make GA (but that is Kyle’s fault).
1
Who Uses...(Or has heard of…)
vSphere 6.5? 6.0? Older?
Ansible?
APIs?
1
REST API Overview
An architecture, not a protocol
Benefits:
- Simple
- Reliable
- Scalable
- Performant
Get familiar with:
- GET, PUT, POST, DELETE…
- HTML Response Codes (200, 404, 500…)
vSphere 6.5 RESTful APIs Overview
Brand new and built from the ground up…
Not a shim!
Five Core Areas:
- CIS (Tagging)
- Content (Content Library)
- vAPI
- VCSA
- Configuration
- Backup/Restore
- vCenter
- VM Lifecycle Management
Accessible in many ways:
- API Explorer
- Open-Source SDKs
- PowerCLI
- Curl
- Any Language Which Can Talk REST
Discovering the vSphere API Explorer
Discovering the vSphere API Explorer
Ansible Overview
sudo yum install epel-release -y
sudo yum install ansible -y
ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
…
python version = 2.7.5
modules >> tasks >> playbooks >> roles
git clone https://github.com/repo.git
ansible-playbook disable-vcsa-ssh-api.yml
Navigating Ansible Documentation60% of the time, it works every time.
Navigating Ansible Documentation
Navigating Ansible Documentation
Why should you do this...
vCenter Use Cases Use Case Benefits
Initial configuration of vCenter Server Quickly stand up vCenter
Instant documentation for vCenter config
Store/collaborate on config in SCM
Same playbook used for setup
Use playbooks for audit/compliance
Update configuration settings
Add new data centers, hosts
DR for vCenter Server Appliance
configuration
Virtual Machine Use Cases Use Case Benefits
Initial configuration and/or VM deployment Instant documentation for VM config
Store/collaborate on config in SCM
Use playbooks for audit/compliance
Playbook Examples
vCenter Server Appliance Config
IPv4 Settings
IP Address
Hostname, DNS, Search Domains
DNS Config
NTP Server
NTP Config
Shell, SSH, DCUI
Access Options
Available on network
Deployed
Required vCenter Permissions
vCenter Server Appliance
Administration > Single Sign-On > Users and Groups > Groups >
SystemConfiguration.Administrators
vCenter Server
Same as you would need to do a thing in the web client
Authentication
---
- hosts: localhost
become: no
tasks:
- name: vcenter login
uri:
url: https://yourvcenter.fqdn.foo/rest/com/vmware/cis/session
force_basic_auth: yes
method: POST
user: [email protected]
password: P@ssw0rd
status_code: 200
validate_certs: no
register: login
Runs the playbook locally
Connects to remote URL
Using Ansible URI module
SSH
- name: disable ssh
uri:
url: https://yourvcenter.fqdn.foo/rest/appliance/access/ssh
force_basic_auth: yes
method: PUT
body_format: json
body: "{{ lookup('file','sshoff.json') }}"
validate_certs: no
headers:
Cookie: "{{login.set_cookie}}"
Appliance API
JSON file w parameters for
API
Example JSON File - sshoff.json
{
“enabled”: false
}
NTP Server (Tech Preview)
- name: set ntp server
uri:
url:
https://yourvcenter.fqdn.foo/rest/appliance/techpreview/ntp/server
force_basic_auth: yes
method: PUT
body_format: json
body: "{{ lookup('file','ntpserver.json') }}"
validate_certs: no
headers:
Cookie: "{{login.set_cookie}}"
Pre-GA
Supports PUT or POST.
PUT replaces, POST adds
Example JSON File - ntpserver.json
{
"servers": [
"192.168.1.100"
]
}
vCenter Config
Create VMs
Virtual Machines
Start powered off VMs
Power ON VMs
Add or verify VM port group
VM Networks
Add hosts to vCenter
Hosts
¯\_(ツ)_/¯
Cluster
Create new data center
Data Center
Available on network
Deployed
Data Center
- name: create new data center
uri:
url: https://yourvcenter.fqdn.foo/rest/vcenter/datacenter
force_basic_auth: yes
method: POST
body_format: json
body: "{{ lookup('file','datacenter.json') }}"
validate_certs: no
headers:
Cookie: "{{login.set_cookie}}"
vCenter API
Example JSON File - datacenter.json
{
"spec": {
"folder": "string",
"name": "newdcname"
}
}
Tips
➔ Use Postman and GET APIs to view info for existing objects to use in your JSON file
➔ https://yourvcenter.fqdn.foo/rest/vcenter/folder?filter.type=DATACENTER
Ansible Vault
Ansible Vault
1. Create vault
ansible-vault create vault.yml
2. Provide a vault password
3. Enter password
4. Save and close vi
6. cat vault.yml
5. add var in task, use var in appropriate
place in playbook
6. Run playbook with vault id
ansible-playbook playbook.yml -
-vault-id vault.yml --ask-
vault-pass
Authentication - Vaultedizedtasks:
- name: vcenter login
uri:
url: https://vcsa01.corp.local/rest/com/vmware/cis/session
force_basic_auth: yes
method: POST
user: [email protected]
password: '{{ passvc }}'
status_code: 200
validate_certs: no
register: login
vars:
passvc: !vault |
$ANSIBLE_VAULT;1.1;AES256
13215345600465416546165465406546465406546540
13215345600465416546165465406546465406546540
13215345600465416546165465406546465406546540
7864
Value from step 5
ResourcesGetting Started with vSphere APIs:
https://blogs.vmware.com/code/2017/02/02/getting-started-vsphere-automation-sdk-rest/
vBrownBag Zero to API Here:
http://bit.ly/apizerohero
Questions?
Thank you
