vRealize Automation Cloud Assembly supports integration with Ansible Open Source configuration management. After configuring integration, you can add Ansible components to new or existing deployments.

When you integrate Ansible Open Source with vRealize Automation Cloud Assembly, you can configure it to run one or more Ansible playbooks in a given order when a new machine is provisioned to automate configuration management. You specify the desired playbooks in the blueprint for a deployment.

When setting up an Ansible integration, you must specify the Ansible Open Source host machine as well as the inventory file path that defines information for managing resources. In addition, you must provide a name and password to access the Ansible Open Source instance. Later, when you add an Ansible component to a deployment, you can update the connection to use key-based authentication.

By default, Ansible uses ssh to connect to the physical machines. If you are using Windows machines as specified in the blueprint with the osType Windows property, the connection_type variable is automatically set to winm.

Initially, Ansible integration uses the user/password or user/key credentials provided in the integration to connect to the Ansible Control Machine. Once the connection is successful, the provided playbooks in the blueprint are validated for syntax.

If the validation is successful, then an execution folder is created on the Ansible Control Machine at ~/var/tmp/vmware/provider/user_defined_script/. This is the location from which scripts run to add the host to the inventory, create the host vars files including setting up the authentication mode to connect to the host, and finally run the playbooks. At this point, the credentials provided in the blueprint are used to connect to the host from the Ansible Control Machine.

Ansible integration supports physical machines that do no use an IP address. For machines provisioned on public clouds such as AWS, Azure, and GCP, the address property in the created resource is populated with the machine's public IP address only when the machine is connected to a public network. For machines not connected to a public network, the Ansible integration looks for the IP address from the network attached to the machine. If there are multiple networks attached, Ansible integration looks for the network with the least deviceIndex; that is, the index of the Network Interface Card (NIC) attached to the machine. If the deviceIndex property is not specified in the blueprint, the integration uses the first network attached.

See What Is configuration management in vRealize Automation Cloud Assembly for more details on configuring Ansible Open Source for integration in vRealize Automation Cloud Assembly.

Prerequisites

  • The Ansible control machine must use Ansible version 2.6.0 or later.
  • The user must have read/write access to the directory where the Ansible inventory file is located. In addition, the user must have read/write access to the inventory file, if it exists already.
  • If you are using a non-root user with the sudo option, ensure that the following is set in the sudoers file:

    Defaults:user_name !requiretty

    and

    username ALL=(ALL) NOPASSD: ALL

  • Ensure that host key checking is disabled by setting host_key_checking = False at /etc/ansible/ansible.cfg or ~/.ansible.cfg.
  • Ensure that the vault password is set by adding the following line to the /etc/ansible/ansible.cfg or ~/.ansible.cfg file:
    vault password_file = /path/to/password_file
    The vault password file contains the password in plain text and is used only when blueprints or deployments provide the username and password combination to use between ACM and the node as show in the following example.
    echo 'myStr0ng9@88w0rd' > ~/.ansible_vault_password.txt
    echo 'ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible_vault_password.txt' > ~/.profile        # Instead of this way, you can also set it setting 'vault_password_file=~/.ansible_vault_password.txt' in either /etc/ansible/ansible.cfg or ~/.ansible.cfg
  • To avoid host key failures while trying to run playbooks, it is recommended that you include the following settings in /etc/ansible/ansible config.
    [paramiko_connection]
    record_host_keys = False
     
    [ssh_connection]
    #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
    ssh_args = -o UserKnownHostsFile=/dev/null                  # If you already have any options set for ssh_args, just add the additional option shown here at the end.

Procedure

  1. Select Infrastructure > Connections > Integrations and click Add Integration.
  2. Click Ansible.
    The Ansible configuration page appears.
  3. Enter the Hostname, Inventory File Path and other required information for the Ansible Open Source instance.
  4. Click Validate to check the integration.
  5. Click Add.

Results

Ansible is available for use with blueprints.

What to do next

Add Ansible components to the desired blueprints.

  1. On the blueprint canvas page, select Ansible under the Configuration Management heading on the blueprint options menu and drag the Ansible component to the canvas.
  2. Use the panel on the right to configure the appropriate Ansible properties such as specifying the playbooks to run.

In Ansible, users can assign a variable to a single host, and then use it later in playbooks. Ansible Open Source integration enables you to specify these host variable in blueprints. The hostVariables property must be in proper YAML format, as expected by the Ansible control machine, and this content will be placed at the following location:

parent_directory_of_inventory_file/host_vars/host_ip_address/vra_user_host_vars.yml

The default location of the Ansible inventory file is defined in the Ansible account as added on the Integrations page in Cloud Assembly. The Ansible integration will not validate the hostVariable YAML syntax in the blueprint, but the Ansible Control Machine will throw an when you run a playbook in the case of incorrect format or syntax.

The following blueprint YAML snippet shows an example useage of the hostVariables property.

Cloud_Ansible_1:
    type: Cloud.Ansible
    properties:
      host: '${resource.AnsibleLinuxVM.*}'
      osType: linux
      account: ansible-CAVA
      username: ${input.username}
      password: ${input.password}
      maxConnectionRetries: 20
      groups:
        - linux_vms
      playbooks:
        provision:
          - /root/ansible-playbooks/install_web_server.yml
      hostVariables: |
        message: Hello ${env.requestedBy}
        project: ${env.projectName}
Ansible integrations expect authentication credentials to be present in a blueprint in one of the following ways:
  • User name and password in the Ansible resource.
  • User name and privateKeyFile in the Ansible resource.
  • Username in Ansible resource and privatekey in the compute resource by specifying remoteAccess to generatedPublicPrivateKey.