Monthly Archives: September 2023

How I automated Linux VM provisioning in VMware with Ansible and AWX

It’s interesting to see that a lot of systems engineers and admins still use traditional methods of deploying new servers to an already existing and established infrastructure.

This can take many hours to complete and is a process that can be prone to mistakes, leading to an overall ineffective work ethic and low productivity efforts.

What I do instead, is keep true to my mission statement and try to make every process a bit easier.
If it can be automated, I will automate it.

If you want to replicate this setup, you’ll need a VMware vSphere environment with full admin access, as well as an Ansible AWX instance that is able to connect to said VMware environment.

I’ve covered the setup of AWX in the previous post.

Connecting Ansible AWX to your VMware environment is trivial, provided you have the necessary permissions and network access to do so.

Anyway, let’s get to work!

Step 1. Setup the VMware connection

You’ll need to login to your vcenter using an admin user.

Once logged in, open the side-menu, then select Administration.

In the Administration section, select Users and Groups, then select the domain as vsphere.local. You may chose to select any of the other available domains, however since this is basically a service user, we don’t need to go through the process of creating a dedicated domain user.
A local user will do just fine.
Of course, think whether your vCenter is accessible publicly; If it is, then security is paramount.

Go ahead and create your user. Here’s mine.

Once the user is created, move over to the Groups tab, select the group you want to add your user in. depending on what tasks it is going to perform, then add it, by clicking the Add Members button, then using the search bar to search for your newly created user.

And that’s it on the VMware side.

Now, you may want to fine-tune the permissions of the user, at some point, based on the tasks it usually performs. Mine creates, manages and deletes VMs and other resources. We use it for a lot of things, so we need it to be as powerful as it can be.

Step 2. Setup the Ansible AWX Credentials

If you’re here, you should already know how to login to your AWX and do most things, so go ahead and a new VMware vCenter Credential.

The quality of this image is low, but you get the gist.

Once you have the credentials in, you can create a new Inventory and put the credentials to use.

Step3. Sync your VMware Inventory

Go ahead and create a new Inventory. Name it Vcenter, just so you know which one it is.

Here are mine. You can see some have a Sync Status of Success. These are dynamic inventories that update every time I target them with a job.

Once you created your base inventory, go ahead and create a sync source, in the Sources tab.

The setup is very simple. All you need is a Name, a Source, which is readily available, the Credentials you previously created and chose what happens when the inventory syncs.

In my case, I update the inventory on launch. What this means is every time I run a job on this inventory, the inventory updates.

We also overwrite variables, because things might change, on hosts between syncs.

You also want to Overwrite hosts, because you might have hosts that are no longer offline and hosts that were offline and are now online. The same is valid for hosts that are new or hosts that have been deleted.

The maintainers of the inventory sync were awesome enough to allow the sync to auto-create groups of hosts, based on the guest OS. Unfortunately, the guest OS groups do not contain only powered on VMs. They contain all the VMs from that guest OS category.

However, there is a group called poewredOn, which contains all the powered On VMs.

This is nice, as you can target that group and then apply wildcard limits for the vms you want to target in a job.

This is, as I will later show you, quite efficient.

Now, there is a catch. When you sync your vCenter inventory, Ansible will pull all the hosts, by their VM Name and their instanceUuid value and concatenate those as the Inventory Ansible Host Name, which by default, will be used as the ansible_host value which is used by your jobs. In some cases, the primary IP of the VM is used instead.

If you want to avoid that and instead use DNS names, then you should be able to use the following to your Source variables:

---
compose:
  ansible_host: 'guest.hostName'

Now sync and have fun!