![Page 1: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/1.jpg)
Ansible-izing vCenter with vSphere’s RESTful APIs!
Thank you Kanji
![Page 2: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/2.jpg)
Kyle Ruddy
@kmruddy
/in/kmruddy
github.com/kmruddy
thatcouldbeaproblem.com
vbrownbag.com
Awesomest vBeardPowerCLI Master
![Page 3: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/3.jpg)
Jonathan Frappier
@jfrappier
/in/jonathanfrappier
github.com/jfrappier
jfrap.com
vbrownbag.com
Team Lead - Cloud SolutionsDell EMC Education Services
https://github.com/jfrappier/vSphere-6.5-API-Playbook-Examples
![Page 4: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/4.jpg)
1
Disclaimer● When we say how awesome something is what
we really mean “In most cases” that thing is
awesome. Your use case might be different,
that’s cool.
● Here is one way you could do it, there are many
others.
● I can’t draw 7 red lines all perpendicular with
red, green, or transparent ink.
● Some of these things are in beta/tech preview.
Don’t buy something based on this presentation
- it might not make GA (but that is Kyle’s fault).
![Page 5: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/5.jpg)
1
Who Uses...(Or has heard of…)
vSphere 6.5? 6.0? Older?
Ansible?
APIs?
![Page 6: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/6.jpg)
1
REST API Overview
An architecture, not a protocol
Benefits:
- Simple
- Reliable
- Scalable
- Performant
Get familiar with:
- GET, PUT, POST, DELETE…
- HTML Response Codes (200, 404, 500…)
![Page 7: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/7.jpg)
vSphere 6.5 RESTful APIs Overview
Brand new and built from the ground up…
Not a shim!
Five Core Areas:
- CIS (Tagging)
- Content (Content Library)
- vAPI
- VCSA
- Configuration
- Backup/Restore
- vCenter
- VM Lifecycle Management
Accessible in many ways:
- API Explorer
- Open-Source SDKs
- PowerCLI
- Curl
- Any Language Which Can Talk REST
![Page 8: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/8.jpg)
Discovering the vSphere API Explorer
![Page 9: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/9.jpg)
Discovering the vSphere API Explorer
![Page 10: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/10.jpg)
Ansible Overview
sudo yum install epel-release -y
sudo yum install ansible -y
ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
…
python version = 2.7.5
modules >> tasks >> playbooks >> roles
git clone https://github.com/repo.git
ansible-playbook disable-vcsa-ssh-api.yml
![Page 11: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/11.jpg)
Navigating Ansible Documentation60% of the time, it works every time.
![Page 12: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/12.jpg)
Navigating Ansible Documentation
![Page 13: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/13.jpg)
Navigating Ansible Documentation
![Page 14: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/14.jpg)
Why should you do this...
![Page 15: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/15.jpg)
vCenter Use Cases Use Case Benefits
Initial configuration of vCenter Server Quickly stand up vCenter
Instant documentation for vCenter config
Store/collaborate on config in SCM
Same playbook used for setup
Use playbooks for audit/compliance
Update configuration settings
Add new data centers, hosts
DR for vCenter Server Appliance
configuration
![Page 16: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/16.jpg)
Virtual Machine Use Cases Use Case Benefits
Initial configuration and/or VM deployment Instant documentation for VM config
Store/collaborate on config in SCM
Use playbooks for audit/compliance
![Page 17: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/17.jpg)
Playbook Examples
![Page 18: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/18.jpg)
vCenter Server Appliance Config
IPv4 Settings
IP Address
Hostname, DNS, Search Domains
DNS Config
NTP Server
NTP Config
Shell, SSH, DCUI
Access Options
Available on network
Deployed
![Page 19: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/19.jpg)
Required vCenter Permissions
vCenter Server Appliance
Administration > Single Sign-On > Users and Groups > Groups >
SystemConfiguration.Administrators
vCenter Server
Same as you would need to do a thing in the web client
![Page 20: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/20.jpg)
Authentication
---
- hosts: localhost
become: no
tasks:
- name: vcenter login
uri:
url: https://yourvcenter.fqdn.foo/rest/com/vmware/cis/session
force_basic_auth: yes
method: POST
user: [email protected]
password: P@ssw0rd
status_code: 200
validate_certs: no
register: login
Runs the playbook locally
Connects to remote URL
Using Ansible URI module
![Page 21: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/21.jpg)
SSH
- name: disable ssh
uri:
url: https://yourvcenter.fqdn.foo/rest/appliance/access/ssh
force_basic_auth: yes
method: PUT
body_format: json
body: "{{ lookup('file','sshoff.json') }}"
validate_certs: no
headers:
Cookie: "{{login.set_cookie}}"
Appliance API
JSON file w parameters for
API
![Page 22: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/22.jpg)
Example JSON File - sshoff.json
{
“enabled”: false
}
![Page 23: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/23.jpg)
NTP Server (Tech Preview)
- name: set ntp server
uri:
url:
https://yourvcenter.fqdn.foo/rest/appliance/techpreview/ntp/server
force_basic_auth: yes
method: PUT
body_format: json
body: "{{ lookup('file','ntpserver.json') }}"
validate_certs: no
headers:
Cookie: "{{login.set_cookie}}"
Pre-GA
Supports PUT or POST.
PUT replaces, POST adds
![Page 24: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/24.jpg)
Example JSON File - ntpserver.json
{
"servers": [
"192.168.1.100"
]
}
![Page 25: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/25.jpg)
vCenter Config
Create VMs
Virtual Machines
Start powered off VMs
Power ON VMs
Add or verify VM port group
VM Networks
Add hosts to vCenter
Hosts
¯\_(ツ)_/¯
Cluster
Create new data center
Data Center
Available on network
Deployed
![Page 26: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/26.jpg)
Data Center
- name: create new data center
uri:
url: https://yourvcenter.fqdn.foo/rest/vcenter/datacenter
force_basic_auth: yes
method: POST
body_format: json
body: "{{ lookup('file','datacenter.json') }}"
validate_certs: no
headers:
Cookie: "{{login.set_cookie}}"
vCenter API
![Page 27: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/27.jpg)
Example JSON File - datacenter.json
{
"spec": {
"folder": "string",
"name": "newdcname"
}
}
![Page 28: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/28.jpg)
Tips
➔ Use Postman and GET APIs to view info for existing objects to use in your JSON file
➔ https://yourvcenter.fqdn.foo/rest/vcenter/folder?filter.type=DATACENTER
![Page 29: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/29.jpg)
Ansible Vault
![Page 30: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/30.jpg)
Ansible Vault
1. Create vault
ansible-vault create vault.yml
2. Provide a vault password
3. Enter password
4. Save and close vi
6. cat vault.yml
5. add var in task, use var in appropriate
place in playbook
6. Run playbook with vault id
ansible-playbook playbook.yml -
-vault-id vault.yml --ask-
vault-pass
![Page 31: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/31.jpg)
Authentication - Vaultedizedtasks:
- name: vcenter login
uri:
url: https://vcsa01.corp.local/rest/com/vmware/cis/session
force_basic_auth: yes
method: POST
user: [email protected]
password: '{{ passvc }}'
status_code: 200
validate_certs: no
register: login
vars:
passvc: !vault |
$ANSIBLE_VAULT;1.1;AES256
13215345600465416546165465406546465406546540
13215345600465416546165465406546465406546540
13215345600465416546165465406546465406546540
7864
Value from step 5
![Page 32: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/32.jpg)
ResourcesGetting Started with vSphere APIs:
https://blogs.vmware.com/code/2017/02/02/getting-started-vsphere-automation-sdk-rest/
vBrownBag Zero to API Here:
http://bit.ly/apizerohero
![Page 33: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/33.jpg)
Questions?
![Page 34: Ansible-izing vCenter with vSphere’s RESTful APIs!](https://reader031.vdocuments.net/reader031/viewer/2022012304/5a6df6077f8b9ad4678b4cb7/html5/thumbnails/34.jpg)
Thank you