Cloud Assembly supports integration with Puppet Enterprise and Ansible Open Source so that you can manage deployments for configuration and drift.

Puppet Integration

To integrate Puppet-based configuration management, you must have a valid instance of Puppet Enterprise installed on a public or private cloud with a vSphere workload. You must establish a connection between this external system and your Cloud Assembly instance. Then you can make Puppet configuration management available to Cloud Assembly by adding it to appropriate blueprints.

The Cloud Assembly blueprint service Puppet provider installs, configures, and runs the Puppet agent on a deployed compute resource. The Puppet provider supports both SSH and WinRM connections with the following prerequisites:

  • SSH connections:
    • The user name must be either a super user or a user with sudo permissions to run commands with NOPASSWD.
    • Disable requiretty for the given user.
    • cURL must be available on the deployment compute resource.
  • WinRM connections:
    • PowerShell 2.0 must be available on the deployment compute resource.
    • Configure the Windows template as described in the vRealize Orchestrator documentation.

The DevOps administrator is responsible for managing the connections to a Puppet master and for applying Puppets roles, or configuration rules, to specific deployments. Following deployment, virtual machines configured to support configuration management are registered with the designated Puppet Master.

When virtual machines are deployed, users can add or delete a Puppet Master as an external system or update projects assigned to the Puppet Master. Finally, appropriate users can de-register deployed machines from the Puppet Master when the machines are decommissioned.

Ansible Open Source Integration

When setting up an Ansible integration, you must install Ansible Open Source in accordance with the Ansible installation instructions. See the Ansible documentation for more information about installation.

Ansible enables host key checking by default. If a host is re-installed and has a different key in the known_hosts file, an error will occur. If the host key is not specified in the known-hosts file, then Ansible will prompt users for the key. You can diable host key checking using the following procedure.

  1. Open the /etc/ansible/ansible.cfg file using a text editor.
  2. Ensure that the following command is present in the file.
    [defaults]
    host_key_checking = False

Ansible vault enables you to store sensitive information, such as passwords or keys, in encrypted files rather than as plain text. Vault is encrypted with a password. In Cloud Assembly, Ansible uses Vault to encrypt data such as ssh passwords for host machines. It assumes that the path to the Vault password has been set.

You can modify the ansible.cfg file to specify the location of the password file using the following format

vault_password_file = /path/file.txt

You can also set the ANSIBLE_VAULT_PASSWORD_FILE environment variable so that Ansible automatically searches for the password. For example, ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt

Cloud Assembly manages the Ansible inventory file, so you must ensure that the Cloud Assembly user has rwx access on the inventory file.