using vsphere 6.5 apis with ansible
TRANSCRIPT
© 2015 VMware Inc. All rights reserved.
Using vSphere 6.5 APIs with Ansible
Jonathan Frappier
August 2017
CONFIDENTIAL 2
@jfrappier | @commitmas | @vbrownabag
/in/jonathanfrappier
github.com/jfrappier
github.com/commitmas
jfrap.com
vbrownbag.com
http://bit.ly/
Jonathan Frappier
Senior Technical Consultant, Dell EMC
Education
Disclaimer
The information in this presentation is intended to outline our general product direction and should not
be relied on in making a purchasing decision. It is for informational purposes only and may not be
incorporated into any contract.
• This presentation may contain product features or functionality that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new features/functionality/technology discussed or presented, have not been determined.
• This information is confidential.
My Disclaimer
• When I say how awesome something is what I really mean “In most cases” that thing is awesome
• Here is one way you could do it, there are many others
• I can’t draw 7 red lines all perpendicular with red, green, or transparent ink
CONFIDENTIAL 4
What are we talking about
vSphere and vCenter 6.5 + vSphere APIs + Ansible
Haven’t use vSphere 6.5? >> http://bit.ly/v65new
Don’t know what an API is? >> http://bit.ly/apizerohero
What’s an Ansible, I want one! >> http://bit.ly/vbbAnsible
Using vSphere 6.5 API Into >> http://bit.ly/RuddyRULES
CONFIDENTIAL 5
Use Cases
vCenter APIs
http://bit.ly/vc65apis
• Define vCenter configuration as code
– Create data center
– Add hosts to data center
– Create VMs
– Configure VM settings (limited)
CONFIDENTIAL 6
vCenter Server Appliance APIs
http://bit.ly/vcsa65apis
• VCSA configuration management
– Enable/disable SSH
– Set/Manage DNS search domins
– Set/Manage DNS servers
– Run backup
• Currently in Tech Preview
– Create local users
– Manage firewall
– Set/Manage NTP Servers
– Restart services
Scenario
Oh no! My security auditor says I need to ensure SSH is disabled on all VCSA appliances!
What am I going to do??
CONFIDENTIAL 7
Using API Explorer
CONFIDENTIAL 8
Determine JSON block
CONFIDENTIAL 9
Ansible Playbook with URI module example
CONFIDENTIAL 10
---
- hosts: localhost
become: no
tasks:
- name: vcenter login
uri:
url: https://cloudvc.student.lab/rest/com/vmware/cis/session
force_basic_auth: yes
method: POST
user: [email protected]
password: P@ssw0rd
status_code: 200
validate_certs: no
register: login
- name: disable ssh
uri:
url: https://cloudvc.student.lab/rest/appliance/access/ssh
force_basic_auth: yes
method: PUT
body_format: json
body: "{{ lookup('file','sshoff.json') }}"
validate_certs: no
headers:
Cookie: "{{login.set_cookie}}"
Create JSON File
CONFIDENTIAL 11
{
“enabled”: false
}
One more use case…
CONFIDENTIAL 12
One more use case…
CONFIDENTIAL 13