vRealize Automation Cloud Assembly supports integration with Puppet Enterprise and Ansible Open Source so that you can manage deployments for configuration and drift.
To integrate Puppet-based configuration management, you must have a valid instance of Puppet Enterprise installed on a public or private cloud with a vSphere workload. You must establish a connection between this external system and your vRealize Automation Cloud Assembly instance. Then you can make Puppet configuration management available to vRealize Automation Cloud Assembly by adding it to appropriate blueprints.
The vRealize Automation Cloud Assembly blueprint service Puppet provider installs, configures, and runs the Puppet agent on a deployed compute resource. The Puppet provider supports both SSH and WinRM connections with the following prerequisites:
- SSH connections:
- The user name must be either a super user or a user with sudo permissions to run commands with NOPASSWD.
- Disable requiretty for the given user.
- cURL must be available on the deployment compute resource.
- WinRM connections:
- PowerShell 2.0 must be available on the deployment compute resource.
- Configure the Windows template as described in the vRealize Orchestrator documentation.
The DevOps administrator is responsible for managing the connections to a Puppet master and for applying Puppets roles, or configuration rules, to specific deployments. Following deployment, virtual machines configured to support configuration management are registered with the designated Puppet Master.
When virtual machines are deployed, users can add or delete a Puppet Master as an external system or update projects assigned to the Puppet Master. Finally, appropriate users can de-register deployed virtual machines from the Puppet Master when the machines are decommissioned.
Ansible Open Source Integration
When setting up an Ansible integration, install Ansible Open Source in accordance with the Ansible installation instructions. See the Ansible documentation for more information about installation.
[defaults] host_key_checking = False localhost_warning = False [paramiko_connection] record_host_keys = False [ssh_connection] #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s ssh_args = -o UserKnownHostsFile=/dev/null
To avoid the host key checking errors, set
record_host_keys to False including adding an extra option
UserKnownHostsFile=/dev/null set in
ssh_args.In addition, if the inventory is empty initially, Ansible warns that the host list is empty. This causes the playbook syntax check to fail.
Ansible vault enables you to store sensitive information, such as passwords or keys, in encrypted files rather than as plain text. Vault is encrypted with a password. In vRealize Automation Cloud Assembly, Ansible uses Vault to encrypt data such as ssh passwords for host machines. It assumes that the path to the Vault password has been set.
You can modify the ansible.cfg file to specify the location of the password file using the following format.
vault_password_file = /path to/file.txt
You can also set the
ANSIBLE_VAULT_PASSWORD_FILE environment variable so that Ansible automatically searches for the password. For example,
vRealize Automation Cloud Assembly manages the Ansible inventory file, so you must ensure that the vRealize Automation Cloud Assembly user has rwx access on the inventory file.
cat ~/var/tmp/vmware/provider/user_defined_script/$(ls -t ~/var/tmp/vmware/provider/user_defined_script/ | head -1)/log.txt
myuser ALL=(ALL) NOPASSWD: ALL
If you encounter errors or other problems when setting up Ansible integration, refer to the log.txt file at 'cat~/var/tmp/vmware/provider/user_defined_script/$(ls -t ~/var/tmp/vmware/provider/user_defined_script/ | head -1)/' on the Ansible Control Machine.