In my vsphere, I am having total 3 DCs with name ABC,PQR and XYZ. Under each DC I have created main folder (TEAM) & subfolder(FOLDERA and FOLDERB) with same name. Here is how the folder structure look like:
I am trying to set individual permission to the subfolders and main folder under each DC using https://docs.ansible.com/ansible/latest/collections/community/vmware/vmware_object_role_permission_module.html . I have used below code for this
- name: Assign access to parent VM folder
community.vmware.vmware_object_role_permission:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
validate_certs : false
object_name: '{{ root_vm_folder }}'
state: present
recursive : false
role: NoAccess
principal: '{{ item.useraccount }}'
delegate_to: localhost
loop: '{{ my-permission }}'
- name: Assign view permission for VM sub folder
community.vmware.vmware_object_role_permission:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
validate_certs : false
object_name: '{{ item.vmfolder }}'
state: present
recursive : false
role: '{{ item.permission }}'
principal: '{{ item.useraccount }}'
loop: '{{ my-permission}}'
delegate_to: localhost
Here are the variables:
root_vm_folder: 'TEAM'
vmfolder:
- 'FOLDERA'
- 'FOLDERB'
my-permission:
- useraccount: 'devops'
permission: 'ViewOnly'
vmfolder: 'FolderA'
- useraccount: 'developer'
permission: 'ViewOnly'
vmfolder: 'FolderB'
But when we run the playbook the permission is only getting effective to the DC:ABC as it is the first one. There is no option to specify the DataCentre name in the module.
As the Folder names are global variable, is there any way we can set the permission for the folders and sub-folders with same name under each DC in a vsphere.
Related
I need to create a script that creates multiple AP with one EPG each , for the AP I can find how to build the range using the ap module , this is what I have so far:
---
- name: ACI Link Level Management
hosts: APIC
connection: local
gather_facts: no
vars:
username: admin
password: Admin
ap_list: "{{ lookup('sequence', 'start=11 count=5 format=ap%d', wantlist=True) }}"
tasks:
- name: Create link level policies
cisco.aci.aci_ap:
host: '{{ inventory_hostname }}'
user: '{{ username }}'
password: '{{ password }}'
validate_certs: false
tenant: DC
ap: '{{ ap_list }}'
description: default ap
monitoring_policy: default
state: present ...
But I'm getting the following error:
FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, "msg": "Connection failed for /api/mo/uni/tn-DC/ap-['ap11', 'ap12', 'ap13', 'ap14', 'ap15'].json?rsp-prop-include=config-only&rsp-subtree=full&rsp-subtree-class=fvRsApMonPol. An unknown error occurred: URL can't contain control characters. "/api/mo/uni/tn-DC/ap-['ap11', 'ap12', 'ap13', 'ap14', 'ap15'].json?rsp-prop-include=config-only&rsp-subtree=full&rsp-subtree-class=fvRsApMonPol" (found at least ' ')"}
The parameter ap requires a string. You provided a list instead
ap_list: [ap11, ap12, ap13, ap14, ap15]
See the doc
shell> ansible-doc -t module cisco.aci.aci_ap
Maybe you'd like to iterate the list?
- name: Create link level policies
cisco.aci.aci_ap:
host: '{{ inventory_hostname }}'
user: '{{ username }}'
password: '{{ password }}'
validate_certs: false
tenant: DC
ap: '{{ item }}'
description: default ap
monitoring_policy: default
state: present ...
loop: '{{ ap_list }}'
This is the playbook that I have for VM deletion in vCenter.
My requirement here is to add a validation to check if the VM is in "poweredoff" state before proceeding for VM deletion, the task of VM deletion should trigger only if the "VM to be removed" is in "poweredoff" state.
If the "VM to be removed" is in "poweredon" state then it should display an message saying "VM is in powered on state."
Need help in adding validation to playbook, Thanks in advance.
---
# VM Automation Playbook
- name: Remove VM
hosts: localhost
connection: local
gather_facts: no
tasks:
- name: Remove VM
vmware_guest:
hostname: '{{ vcenter_hostname }}' #The hostname or IP address of the vSphere vCenter or ESXi server.
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
validate_certs: False
datacenter: '{{ datacenter_name }}' #Destination datacenter for the deploy operation.
name: '{{ vm_name }}' #Name of the VM to be created.
force: yes
state: absent #Specify the state the virtual machine should be in.
According the Ansible Collection documentation of Community.Vmware you may use the module vmware_vm_info to return basic info pertaining to a VMware machine guest
- name: Get virtual machine info
vmware_vm_info:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
folder: '{{ of_datacenter }}'
validate_certs: no
vm_type: vm
delegate_to: localhost
register: vm_info
- name: Show 'power_state' of {{ vm_name }}
debug:
msg: "{{ item.power_state}}"
with_items:
- "{{ vm_info.virtual_machines | json_query(query) }}"
vars:
query: "[?guest_name=='{{ vm_name }}']"
as the Return Values will have a power_state.
If the "VM to be removed" is in "poweredon" state then it should display an message saying "VM is in powered on state."
Based on that you could proceed further with the result in the module assert.
Do I have to call hostname,Username and password field for all the individual task that I use with VMware module for Eg: if I call a task for Finding folder of VM and next for snapshot. Do we have an option to get authenticated and then parse token like we do with uri module ?
- name: Find Guest's Folder using name
vmware_guest_find:
hostname: "{{ vcenter_hostname }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
validate_certs: no
name: "{{ inventory_hostname }}"
delegate_to: localhost
register: vm_folder
You can use module_defaults to achieve what you want.
For instance:
- hosts: localhost
module_defaults:
vmware_guest_find:
hostname: "{{ vcenter_hostname }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
tasks:
- name: Find Guest's Folder using name
vmware_guest_find:
validate_certs: no
name: "{{ inventory_hostname }}"
While trying to clone VM via ansible using the vmware_guest module, new VM gets created with the old hostname. The Customize option is not taking effect. The error message that i see in the logs as well as within V-center is
Customization of the guest operating system 'freebsd64Guest' is not supported.
The operating system is FreeBSD OS. Please note, I have installed openvm tools in the source vm and only then i took a template. So, I have been trying to create the VM from the template that already has openvm tools.
---
- name: Create a VM from a template
vmware_guest:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
validate_certs: '{{ validate_certs }}'
name: '{{ vm_name }}'
state: '{{ state }}'
template: '{{ vm_template }}'
datacenter: '{{ cluster_name }}'
folder: '{{ folder_name }}'
cluster: '{{ cluster }}'
hardware:
memory_mb: '{{ ram }}'
num_cpus: '{{ cpu }}'
scsi: '{{ scsi }}'
customization:
hostname: '{{ vm_name }}'
networks:
- name: VM-NETWORK
ip: '{{ ip_address }}'
netmask: '{{ netmask }}'
gateway: '{{ gateway }}'
type: '{{ type }}'
wait_for_ip_address: yes
delegate_to: localhost
register: deploy
~
Looks like, it's a bug/feature that's not currently available in Vmware itself for FreeBSD. Please see the matrix available -
http://partnerweb.vmware.com/programs/guestOS/guest-os-customization-matrix.pdf
I have received this info, after raising bug in
https://github.com/ansible/ansible/issues/43189#issuecomment-407339134
We are working on Ansible Environemt. We wanted to connect to a Newly Deployed VM using its UUUID.
How to Get the UUID of a VMware Virtual Machine using Ansible so that i can establish the connection.
Did you check this link: The UUID Location and Format
It can be accessed by standard SMBIOS scanning software — for example
SiSoftware Sandra or the IBM utility smbios2 [...]
You must use the vmware_guest_facts module first, and retrieve the UUID. However, there are two identified as uuid, so I listed them both. I am assuming that the uuid you want is the instance_uuid.
tasks:
- name: get list of facts
vmware_guest_facts:
hostname: '{{ vc_name }}'
username: '{{ vc_user }}'
password: '{{ vc_pwd }}'
datacenter: "{{ dc_name }}"
name: "{{ vm_name }}"
folder: "{{ dc_folder }}"
validate_certs: False
register: vm_facts
- set_fact:
vm_uuid: "{{ vm_facts.instance.instance_uuid }}"
- debug:
msg: "product uuid hw : {{ vm_facts.instance.hw_product_uuid }}\n instance: {{ vm_facts.instance.instance_uuid }}"
Now continue on in your script and use {{ vm_uuid }} where you need the uuid to the VM.
Ansible module vmware_guest_facts has been deprecated. This will not run in Ansible 2.9. You need to use the vmware_guest_info module instead.
- name: Getting VMWARE UUID
hosts: localhost
gather_facts: false
connection: local
tasks:
- name: Get Virtual Machine info
vmware_guest_info:
validate_certs: no
hostname: "{{ vcenter_hostname }}"
username: "{{ Password }}"
password: "{{ pass }}"
validate_certs: no
datacenter: "{{ datacenter_name }}"
name: "{{ VM_Name }}"
schema: "vsphere"
properties:
delegate_to: localhost
register: vminfo
- debug:
var: vminfo.instance.config.uuid
The above code assumes you know the datacenter the VM is sitting on. If unsure of such you can also run the following code:
- name: Get UUID from given VM Name
block:
- name: Get virtual machine info
vmware_vm_info:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
folder: "/datacenter/vm/folder"
delegate_to: localhost
register: vm_info
- debug:
msg: "{{ item.uuid }}"
with_items:
- "{{ vm_info.virtual_machines | json_query(query) }}"
vars:
query: "[?guest_name=='DC0_H0_VM0']"