VMworld 2018 EMEA Sessions

The VMworld EMEA show is off to a great start! I’ve got a pretty busy week, with several sessions spread out through the show, so if you’re looking to learn more about Digital Transformation, the Hands-on-Lab Architecture or how to Automate the SDDC with Ansible, come check out these sessions:

LDT1515PE – Transformers: How VMware IT Transitioned to a Services-Based Organization. 5:00PM Tuesday in Hall 8.0, Room 41.

CODE5602E – Enhancing the SDDC with Ansible. 12:30PM Thursday in VMware {code} Power Session Theater, VMvillage.

VMTN5533 – Hybrid Cloud in the Hands-on-Labs. 2:30PM Thursday in VMTN TechTalk Theater, VMvillage.

Hope to see you there!

Deploy vCenter Server using Ansible

Fresh off an amazing week at VMworld, I got right back into the lab to finish up a few things to complete the SDDC deployment roles I have been working on the past few months. I wanted to get this particular role published prior to VMworld, but alas the time flew by too quickly!

One of the most critical components of the SDDC is the vCenter Server, and deploying it through the OVA provided in the ISO by VMware can be challenging if you want to automate it. The ISO provides the ovftool, which can be leveraged to perform a command-line installation of the vCenter Server appliance. A team of consultants inside VMware published an Ansible role a bit ago to help them automate their SDDC installations, which was the basis for the role I have here.

The original role can be found on GitHub here.

The use-case for the above role did not match what I was trying to do, or what I think most customers would be deploying within their own production environments. So I forked the code, and re-wrote it to deploy either a VCSA with embedded PSC, standalone VCSA, and/or an external PSC appliance.

I removed many of the templates for in-band and out-of-band deployments the Chaperone project used for their configurations, and aligned the new role to match up with a typical vCenter Server deployment.

How the role works

The Ansible role vcsa-deploy is essentially a wrapper for ovftool. The role takes a specific set of variables based on the deployment configuration you’ve chosen — VCSA with embedded PSC, standalone VCSA, and/or an external PSC appliance. From there it uses the corresponding template to generate the proper set of command-line parameters ovftool leverages for the deployment, writes the newly created task to a file, and executes it.

The role also expects the vCenter Server ISO to be accessible, with the location being defined by the repo_dir and vcsa_iso variables respectively. I also modified the role to leverage the ovftool binary that is included inside the vCenter Server ISO — this makes it more portable to other environments that may not be leveraging the virtualelephant/ubuntu-ansible Docker container.

But you are right?

The role can be downloaded from GitHub as part of the vsphere-sddc repository under the Virtual Elephant space. There is also a playbook that can be leveraged to perform the deployment of a vCenter Server Appliance to your environment within the repository as well.


  1 # Licensed under the Apache License, Version 2.0 (the "License");
  2 # you may not use this file except in compliance with the License.
  3 #
  4 # You may obtain a copy of the License at
  5 #   http://www.apache.org/licenses/LICENSE-2.0
  6 #
  7 # Unless required by applicable law or agreed to in writing, software
  8 # distributed under the License is distributed on an "AS IS" BASIS,
  9 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 10 # See the License for the specific language governing permissions and
 11 # limitations under the License.
 12 #
 13 # Author: Chris Mutchler (chris@virtualelephant.com)
 14 #
 15 # Description:
 16 #   Playbook will deploy and configure a vCenter Server
 17 #
 18 # Note:
 19 #   Use of the virtualelephant/ubuntu-ansible Docker container will include
 20 #   all of necessary Ansible modules and libraries necessary to execute the
 21 #   playbook.
 22 ---
 23 - hosts: all
 24   connection: local
 25   gather_facts: false
 27   vars:
 28     repo_dir: '/opt/repo'
 29     vcsa_iso: 'VMware-VCSA-all-6.7.0-9451876.iso'
 30     vcsa_task_directory: '/opt/ansible/roles/vcsa-deploy/tasks'
 32     ovftool: '/mnt/vcsa/ovftool/lin64/ovftool'
 33     vcsa_ova: 'vcsa/VMware-vCenter-Server-Appliance-'
 34     mount_dir_path: '/mnt'
 36     appliance_type: 'embedded'
 38     net_addr_family: 'ipv4'
 39     network_ip_scheme: 'static'
 40     disk_mode: 'thin'
 41     ssh_enable: true
 43     vcenter_appliance_name: 'vcenter'
 44     vcenter_appliance_size: 'medium'
 46     target_esxi_username: '{{ vault_esxi_username }}'
 47     target_esxi_password: '{{ vault_esxi_password }}'
 48     target_esx_datastore: 'local-t410-3TB'
 49     target_esx_portgroup: 'Management'
 51     time_sync_tools: false
 53     vcenter_password: '{{ vault_vcenter_password }}'
 54     vcenter_fqdn: 'vcenter.local.domain'
 55     vcenter_ip_address: ''
 56     vcenter_netmask: ''
 57     vcenter_gateway: ''
 58     vcenter_net_prefix: '16'
 60     dns_servers: ','
 61     ntp_servers: ','
 63     sso_password: '{{ vault_vcenter_password }}'
 64     sso_site_name: 'Default-Site'
 65     sso_domain_name: 'vsphere.local'
 67   roles:
 68     - vcsa-deploy

The inclusion of the role completes the foundational parts of deploying a complete VMware vSphere SDDC with ESXi, vCenter Server and NSX-v. I hope to add functionality to the role for deploying a highly-available vCenter Server cluster in the future.

Until then, I hope this helps you find success with your Ansible automation efforts. Enjoy!

Ansible SDDC Demo Video

Following on the heels of the release of the VMware SDDC Ansible roles inside the Virtual Elephant GitHub space, here is a recording of several of the roles being leveraged to deploy and configure a set of ESXi nodes (advanced settings, DVS and VMkernel configuration) within a vCenter cluster, deploy an NSX-v Manager through ovftool and the deployment of the NSX-v Controllers.

To avoid any copyright issues, there is no sound or music playing in the background. The video was recorded and then time-lapsed to make it a quick-view of the deployment. Deploying the NSX-v Manager and Controllers were the longest-running tasks, but in it’s raw form the demo video was just under 30 minutes to perform all of the tasks you see in the video.

Leveraging Ansible can greatly enhance and reduce the time it takes a vSphere Administrator to deploy a VMware SDDC environment!


Ansible Roles for VMware SDDC Deployments

I’ve been excited for weeks now as I prepped for VMworld 2018 in Las Vegas and anticipating being able to talk more about leveraging Ansible to deploy and operate a VMware SDDC environment. As you can tell from my recent posts, I am heavily involved in automation using Ansible, both within my side projects and as a practicing architect at VMware. As an internal team, we are working hard to improve and enhance several of the upstream Ansible modules, and I hope to be able to share those externally in the future as they are contributed back.

In my spare time, I’ve been working the lab to provide a set of Ansible roles that anyone can leverage to configure ESXi hosts, deploy and configure a vCenter Server Appliance (VCSA), and deploy and configure NSX-v within their environments. I am happy to announce the initial release of these roles in the Virtual Elephant GitHub space.

The following roles have been published within the space and are operational:

  • esxi-adv-settings – Configure advanced ESXi settings on an ESXi node
  • esxi-host-config – Configure DNS, hostname and NTP settings on an ESXi node
  • esxi-services – Configure ESXi services on an ESXi node
  • esxi-vmk-interfaces – Create/delete VMkernel interfaces on an ESXi node
  • nsxv-cluster-prep – Prepare vCenter cluster for NSX-v
  • nsxv-controllers – Create/delete NSX-v controllers
  • nsxv-license – Assign NSX-v license
  • nsxv-logical-switch – Create/delete NSX-v logical switch
  • nsxv-manager-config – Configure NSX-v Manager
  • nsxv-manager-deploy – Deploy NSX-v Manager OVA to vCenter Server
  • nsxv-manager-roles – Configure NSX-v Manager user roles
  • nsxv-transport-zone – Create/delete NSX-v transport zone
  • vcenter-add-hosts – Add or remove ESXi nodes to vCenter Server
  • vcenter-cluster – Create/delete/modify vCenter cluster
  • vcenter-datacenter – Create/delete vCenter datacenter object
  • vcenter-maintenance-mode – Manage the maintenance mode state of an ESXi node
  • vcenter-networking – Create/delete DVS
  • vcenter-portgroups – Create/delete port groups

Wherever possible, each role has been written to allow the creation, deletion or modification of said objects within the SDDC environment.

In addition to the roles themselves, there are published playbooks that execute the roles in a specific order, based on dependencies, to perform the actual deployment of the SDDC environment.

  • esxi_sddc_configure.yml – Configure ESXi nodes
  • nsxv_sddc_deploy – Deploy and configure NSX-v Manager and controllers

If you are looking to start leveraging Ansible to deploy and manage your VMware SDDC environments, these roles are a great starting point. Reach out to me over Twitter, or come find me this afternoon in the VMware {code} Theatre at 1:00PM.



Updated Ansible Control Server Docker Container

The Docker container I built earlier this year, when I embarked on the Infrastructure-as-Code project, has been taken and used as the base container for the internal project to automate the SDDC using Ansible. As such, most of the recent updates I have made to the container have been only published internally. I decided to spend a few minutes updating the container on the public side to take advantage of some of the improvements and changes made.

An important note, the container is not what I would call lightweight. It is intended to be used as a development container, where it can provide a base-level of libraries and binaries for running Ansible against a vSphere, vCenter or NSX-v endpoint.

The first major change I’ve made is to move where the repo lives in GitHub. I’ve broken out the repository from the virtualelephant/vsphere-kubernetes repo and placed it in the virtualelephant/containers repo (link here).

Running the container

The default CMD of the container will display the installed version of Ansible and default version of Python.

The container continues to clone several useful community Ansible modules, including vmware/nsxansible and OpenShift/ansible-ansible-contrib. I have modified the Dockerfile to copy these modules into the directory /opt/ansible/modules. The ansible.cfg file has been modified to leverage the new module location.

Another change is how the container is pulling the nsxraml spec and making it available. The container currently pulls down both the NSX-v 6.3 and 6.4 branches of the nsxraml spec and places them in /opt/nsxraml. The specs should be backwards compatible, however it is possible some future version will not be. Therefore, I have created a symlink in the container that will always point to the most recent version of the RAML spec, while leaving the other branches there in case a consumer of the container requires them.

How is this leveraged?

Well, within my Ansible dictionary variable for the nsxmanager_spec, I always point the RAML file to /opt/nsxraml/current/nsxvapi.raml.

Finally, the container includes clean-up of the git repositories reduce its size.

Learn More at VMworld

If you are going to be at VMworld, be sure to VMware {code} session  CODE5542U on Monday afternoon. I will be talking more about the internal Ansible project and will have some exciting news regarding new Ansible modules available to VMware users!

Otherwise, feel free to pull the container or the repo and leverage it based on your needs!