Deploy vCenter Server using Ansible

Fresh off an amazing week at VMworld, I got right back into the lab to finish up a few things to complete the SDDC deployment roles I have been working on the past few months. I wanted to get this particular role published prior to VMworld, but alas the time flew by too quickly!

One of the most critical components of the SDDC is the vCenter Server, and deploying it through the OVA provided in the ISO by VMware can be challenging if you want to automate it. The ISO provides the ovftool, which can be leveraged to perform a command-line installation of the vCenter Server appliance. A team of consultants inside VMware published an Ansible role a bit ago to help them automate their SDDC installations, which was the basis for the role I have here.

The original role can be found on GitHub here.

The use-case for the above role did not match what I was trying to do, or what I think most customers would be deploying within their own production environments. So I forked the code, and re-wrote it to deploy either a VCSA with embedded PSC, standalone VCSA, and/or an external PSC appliance.

I removed many of the templates for in-band and out-of-band deployments the Chaperone project used for their configurations, and aligned the new role to match up with a typical vCenter Server deployment.

How the role works

The Ansible role vcsa-deploy is essentially a wrapper for ovftool. The role takes a specific set of variables based on the deployment configuration you’ve chosen — VCSA with embedded PSC, standalone VCSA, and/or an external PSC appliance. From there it uses the corresponding template to generate the proper set of command-line parameters ovftool leverages for the deployment, writes the newly created task to a file, and executes it.

The role also expects the vCenter Server ISO to be accessible, with the location being defined by the repo_dir and vcsa_iso variables respectively. I also modified the role to leverage the ovftool binary that is included inside the vCenter Server ISO — this makes it more portable to other environments that may not be leveraging the virtualelephant/ubuntu-ansible Docker container.

But you are right?

The role can be downloaded from GitHub as part of the vsphere-sddc repository under the Virtual Elephant space. There is also a playbook that can be leveraged to perform the deployment of a vCenter Server Appliance to your environment within the repository as well.

vcenter-sddc-deploy.yml

  1 # Licensed under the Apache License, Version 2.0 (the "License");
  2 # you may not use this file except in compliance with the License.
  3 #
  4 # You may obtain a copy of the License at
  5 #   http://www.apache.org/licenses/LICENSE-2.0
  6 #
  7 # Unless required by applicable law or agreed to in writing, software
  8 # distributed under the License is distributed on an "AS IS" BASIS,
  9 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 10 # See the License for the specific language governing permissions and
 11 # limitations under the License.
 12 #
 13 # Author: Chris Mutchler (chris@virtualelephant.com)
 14 #
 15 # Description:
 16 #   Playbook will deploy and configure a vCenter Server
 17 #
 18 # Note:
 19 #   Use of the virtualelephant/ubuntu-ansible Docker container will include
 20 #   all of necessary Ansible modules and libraries necessary to execute the
 21 #   playbook.
 22 ---
 23 - hosts: all
 24   connection: local
 25   gather_facts: false
 26 
 27   vars:
 28     repo_dir: '/opt/repo'
 29     vcsa_iso: 'VMware-VCSA-all-6.7.0-9451876.iso'
 30     vcsa_task_directory: '/opt/ansible/roles/vcsa-deploy/tasks'
 31 
 32     ovftool: '/mnt/vcsa/ovftool/lin64/ovftool'
 33     vcsa_ova: 'vcsa/VMware-vCenter-Server-Appliance-6.7.0.14000-9451876_OVF10.ova'
 34     mount_dir_path: '/mnt'
 35 
 36     appliance_type: 'embedded'
 37 
 38     net_addr_family: 'ipv4'
 39     network_ip_scheme: 'static'
 40     disk_mode: 'thin'
 41     ssh_enable: true
 42 
 43     vcenter_appliance_name: 'vcenter'
 44     vcenter_appliance_size: 'medium'
 45 
 46     target_esxi_username: '{{ vault_esxi_username }}'
 47     target_esxi_password: '{{ vault_esxi_password }}'
 48     target_esx_datastore: 'local-t410-3TB'
 49     target_esx_portgroup: 'Management'
 50 
 51     time_sync_tools: false
 52 
 53     vcenter_password: '{{ vault_vcenter_password }}'
 54     vcenter_fqdn: 'vcenter.local.domain'
 55     vcenter_ip_address: '192.168.0.25'
 56     vcenter_netmask: '255.255.0.0'
 57     vcenter_gateway: '192.168.0.1'
 58     vcenter_net_prefix: '16'
 59 
 60     dns_servers: '192.168.0.1,192.168.0.2'
 61     ntp_servers: '132.163.96.1,132.163.97.1'
 62 
 63     sso_password: '{{ vault_vcenter_password }}'
 64     sso_site_name: 'Default-Site'
 65     sso_domain_name: 'vsphere.local'
 66 
 67   roles:
 68     - vcsa-deploy

The inclusion of the role completes the foundational parts of deploying a complete VMware vSphere SDDC with ESXi, vCenter Server and NSX-v. I hope to add functionality to the role for deploying a highly-available vCenter Server cluster in the future.

Until then, I hope this helps you find success with your Ansible automation efforts. Enjoy!

Next Chapter in my VMware Journey

I joined VMware in June of 2015 as a member of the internal private cloud architecture team. At the time, it was my first full-time role as an architect and I was extremely excited to both have the opportunity to improve my skills as an architect and join the VMware family. During my tenure on the team, I have been able to grow my skills immensely, work with amazing team members who mentored, coached, and taught me how to be a better ‘practicing’ architect.

In May of 2017, I earned my VCDX certification – a major accomplishment both personally and professionally. Since earning that certification, I have become a VCDX panelist and begun handling the VCDX Online Workshops to help other candidates be successful within the program. Through the program I’ve met even more great architects within VMware, and unbeknownst to me, I met my future boss Joe Silvagi.

I am excited to announce that starting September 1, 2018, I am moving internally to the Customer Success Architecture team, focused on VMware HCI technologies (vSAN, VCF, and VVD). I am looking forward to being able to leverage the operational experience I have gained over the past 20+ years to directly help customers be successful utilizing the VMware SDDC and HCI technologies within their environments.

I want to take a brief moment and thank several people — Brian Smith, Tom Ralph, Simon Long, John Tompkins and Lyubo Lyubenov — whom I’ve had the pleasure of working closely with the past 3 years at VMware. Without them I would not have been ready to take this next step in my career.

While I will continue to maintain the Virtual Elephant site, you’ll likely notice a shift in the content to be more focused on these technologies. I look forward to sharing my experiences with all of you.

Ansible Roles for VMware SDDC Deployments

I’ve been excited for weeks now as I prepped for VMworld 2018 in Las Vegas and anticipating being able to talk more about leveraging Ansible to deploy and operate a VMware SDDC environment. As you can tell from my recent posts, I am heavily involved in automation using Ansible, both within my side projects and as a practicing architect at VMware. As an internal team, we are working hard to improve and enhance several of the upstream Ansible modules, and I hope to be able to share those externally in the future as they are contributed back.

In my spare time, I’ve been working the lab to provide a set of Ansible roles that anyone can leverage to configure ESXi hosts, deploy and configure a vCenter Server Appliance (VCSA), and deploy and configure NSX-v within their environments. I am happy to announce the initial release of these roles in the Virtual Elephant GitHub space.

The following roles have been published within the space and are operational:

  • esxi-adv-settings – Configure advanced ESXi settings on an ESXi node
  • esxi-host-config – Configure DNS, hostname and NTP settings on an ESXi node
  • esxi-services – Configure ESXi services on an ESXi node
  • esxi-vmk-interfaces – Create/delete VMkernel interfaces on an ESXi node
  • nsxv-cluster-prep – Prepare vCenter cluster for NSX-v
  • nsxv-controllers – Create/delete NSX-v controllers
  • nsxv-license – Assign NSX-v license
  • nsxv-logical-switch – Create/delete NSX-v logical switch
  • nsxv-manager-config – Configure NSX-v Manager
  • nsxv-manager-deploy – Deploy NSX-v Manager OVA to vCenter Server
  • nsxv-manager-roles – Configure NSX-v Manager user roles
  • nsxv-transport-zone – Create/delete NSX-v transport zone
  • vcenter-add-hosts – Add or remove ESXi nodes to vCenter Server
  • vcenter-cluster – Create/delete/modify vCenter cluster
  • vcenter-datacenter – Create/delete vCenter datacenter object
  • vcenter-maintenance-mode – Manage the maintenance mode state of an ESXi node
  • vcenter-networking – Create/delete DVS
  • vcenter-portgroups – Create/delete port groups

Wherever possible, each role has been written to allow the creation, deletion or modification of said objects within the SDDC environment.

In addition to the roles themselves, there are published playbooks that execute the roles in a specific order, based on dependencies, to perform the actual deployment of the SDDC environment.

  • esxi_sddc_configure.yml – Configure ESXi nodes
  • nsxv_sddc_deploy – Deploy and configure NSX-v Manager and controllers

If you are looking to start leveraging Ansible to deploy and manage your VMware SDDC environments, these roles are a great starting point. Reach out to me over Twitter, or come find me this afternoon in the VMware {code} Theatre at 1:00PM.

Enjoy!

 

VMworld US 2018 – Session and Schedule

With the VMworld US 2018 conference set to start in just over a month, my schedule is beginning to take shape. 2018 will be my 5th trip to the US show and I am extremely excited to be presenting again on several different stages in Las Vegas!

Sunday – TAM Day table from 4:15PM -5PM

Come find me to talk about the full vSphere SDDC, including NSX-v, NSX-T, vSphere, vCloud Director and/or the VCDX certification.

Monday – VMTN Lounge from 1PM – 1:30PM

Session ID: CODE5542U – Enhancing the SDDC with Ansible

New engineers are often unsure how to contribute to an Open Source project and timid when it is time to make their first merge request. Drawing insight from the recent Ansible automation efforts within the VMware Private Cloud team, learn how to identify areas within an Open Source project where you can contribute using a real-world use-case. In this session, we will walk through the open source Ansible VMware modules leveraged to fully automate the deployment of the software-defined datacenter, including vSphere, vSAN and NSX components. We’ll dive into how gaps in the current Ansible modules were identified and how our engineers were able to begin writing additional functionality and contributing it upstream. The presentation will also highlight how improvements to our own VMware Open Source projects on GitHub can benefit and be leveraged by our customers.

Tuesday – experts bar from 11:3oAM – 1:30PM

Come find me to talk about the full vSphere SDDC, including NSX-v, NSX-T, vSphere, PKS and/or the VCDX certification.

Tuesday – solutions exchange theatre 3:30pm – 4PM

Come learn about how VMware utilizes multiple public cloud providers, in addition to our on-premise clouds, to deliver a memorable VMworld Hands-on-Lab experience each year! I will go over the VCDX methodologies and how they were leveraged to design the Hands-on-Lab architecture.

Tuesday – meet the experts @ solutions exchange theatre from 3:30pm – 4PM

Come find me to talk about the full vSphere stack, including NSX-v, NSX-T, vSphere, PKS and/or the VCDX certification.

thursday – Transformers: How vmware IT transitioned to a services-based organization from 10:30AM – 11:30AM

Session ID: LDT1515PU

Hot on the heels of the digital transformation process sweeping across IT organizations worldwide, the VMware private cloud architects will discuss how they are leveraging their operational experience to propel VMware IT into a services-based organization. As VMware IT has learned, the digital transformation process is less about the technologies adopted and more about the people involved. In order to drive true adoption, the digital transformation starts with strong leadership, but also requires engagement from those closest to the consumers. Come discover how to drive your organization’s digital transformation initiatives and gain true adoption from a technical practitioner’s perspective. Challenges and lessons learned will also be covered.

Upcoming VMUG Conferences

Speaking to customers and public speaking is something I have come to really enjoy the past few years. The opportunity to share experiences, issues and resolutions really resonates with me, so I am grateful I have had opportunity to present in several VMUG webinars the past two years. Now I have the opportunity to speak, in-person, at two upcoming VMUG conferences — Phoenix, AZ in June and Indianapolis, IN in July.

I will be speaking on vSphere 6.7, including NSX, and how the VMware internal private cloud team leverages the SDDC to provide a variety of workload capacities to the internal R&D teams. I will be covering best practices and lessons learned for the SDDC stack with 6.7 and how to upgrade successfully to the latest releases from vSphere 6.0 and vSphere 6.5

Phoenix VMUG

June 21, 2018

12PM-4:30PM MDT

Register here.

 

Indianapolis VMUG

July 10, 2018

Register here.

I look forward to seeing you there!