Using vSphere 6.5 APIs with Ansible

© 2015 VMware Inc. All rights reserved.

Using vSphere 6.5 APIs with Ansible

Jonathan Frappier

August 2017

CONFIDENTIAL 2

@jfrappier | @commitmas | @vbrownabag

/in/jonathanfrappier

github.com/jfrappier

github.com/commitmas

jfrap.com

vbrownbag.com

http://bit.ly/

Jonathan Frappier

Senior Technical Consultant, Dell EMC

Education

Disclaimer

The information in this presentation is intended to outline our general product direction and should not

be relied on in making a purchasing decision. It is for informational purposes only and may not be

incorporated into any contract.

• This presentation may contain product features or functionality that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new features/functionality/technology discussed or presented, have not been determined.

• This information is confidential.

My Disclaimer

• When I say how awesome something is what I really mean “In most cases” that thing is awesome

• Here is one way you could do it, there are many others

• I can’t draw 7 red lines all perpendicular with red, green, or transparent ink

CONFIDENTIAL 4

What are we talking about

vSphere and vCenter 6.5 + vSphere APIs + Ansible

Haven’t use vSphere 6.5? >> http://bit.ly/v65new

Don’t know what an API is? >> http://bit.ly/apizerohero

What’s an Ansible, I want one! >> http://bit.ly/vbbAnsible

Using vSphere 6.5 API Into >> http://bit.ly/RuddyRULES

CONFIDENTIAL 5

Use Cases

vCenter APIs

http://bit.ly/vc65apis

• Define vCenter configuration as code

– Create data center

– Add hosts to data center

– Create VMs

– Configure VM settings (limited)

CONFIDENTIAL 6

vCenter Server Appliance APIs

http://bit.ly/vcsa65apis

• VCSA configuration management

– Enable/disable SSH

– Set/Manage DNS search domins

– Set/Manage DNS servers

– Run backup

• Currently in Tech Preview

– Create local users

– Manage firewall

– Set/Manage NTP Servers

– Restart services

Scenario

Oh no! My security auditor says I need to ensure SSH is disabled on all VCSA appliances!

What am I going to do??

CONFIDENTIAL 7

Using API Explorer

CONFIDENTIAL 8

Determine JSON block

CONFIDENTIAL 9

Ansible Playbook with URI module example

CONFIDENTIAL 10

---

- hosts: localhost

become: no

tasks:

- name: vcenter login

uri:

url: https://cloudvc.student.lab/rest/com/vmware/cis/session

force_basic_auth: yes

method: POST

user: [email protected]

password: P@ssw0rd

status_code: 200

validate_certs: no

register: login

- name: disable ssh

uri:

url: https://cloudvc.student.lab/rest/appliance/access/ssh

force_basic_auth: yes

method: PUT

body_format: json

body: "{{ lookup('file','sshoff.json') }}"

validate_certs: no

headers:

Cookie: "{{login.set_cookie}}"

Create JSON File

CONFIDENTIAL 11

{

“enabled”: false

}

One more use case…

CONFIDENTIAL 12

One more use case…

CONFIDENTIAL 13