This article describes how to use Ansible to configure NSX ALB with TKGm. The license uses Essential Edition.
Version
# | Software | Version |
1 | Rocky Linux | 9.1 |
2 | NSX ALB | 22.1.2 |
how to
Deploy NSX ALB Controller (Failed with error output)
- hosts: localhost
connection: local
collections:
- vmware.alb
tasks:
- name: Avi Controller
import_role:
name: avicontroller_vmware
vars:
ovftool_path: /usr/bin
vcenter_host: "192.168.222.128"
vcenter_user: "administrator@vsphere.local"
vcenter_password: "<password>"
con_datacenter: Datacenter
con_cluster: cluster
con_mgmt_network: "VM Network"
con_ova_path: ./controller-22.1.2-9086.ova
con_vm_name: ansible-test-controller
con_power_on: true
con_vcenter_folder: folder
con_mgmt_ip: 192.168.222.127
con_mgmt_mask: 255.255.255.0
con_mgmt_default_gw: 192.168.222.2
- hosts: localhost
connection: local
collections:
- vmware.alb
tasks:
- name: Avi Controller
import_role:
name: avicontroller_vmware
vars:
ovftool_path: /usr/bin
vcenter_host: "192.168.222.128"
vcenter_user: "administrator@vsphere.local"
vcenter_password: "<password>"
con_datacenter: Datacenter
con_cluster: cluster
con_mgmt_network: "VM Network"
con_ova_path: ./controller-22.1.2-9086.ova
con_vm_name: ansible-test-controller
con_power_on: true
con_vcenter_folder: folder
con_mgmt_ip: 192.168.222.127
con_mgmt_mask: 255.255.255.0
con_mgmt_default_gw: 192.168.222.2
- hosts: localhost connection: local collections: - vmware.alb tasks: - name: Avi Controller import_role: name: avicontroller_vmware vars: ovftool_path: /usr/bin vcenter_host: "192.168.222.128" vcenter_user: "administrator@vsphere.local" vcenter_password: "<password>" con_datacenter: Datacenter con_cluster: cluster con_mgmt_network: "VM Network" con_ova_path: ./controller-22.1.2-9086.ova con_vm_name: ansible-test-controller con_power_on: true con_vcenter_folder: folder con_mgmt_ip: 192.168.222.127 con_mgmt_mask: 255.255.255.0 con_mgmt_default_gw: 192.168.222.2
change admin password
Set by GUI.
run Ansible-Playbook
- hosts: localhost
connection: local
collections:
- vmware.alb
vars:
avi_credentials:
controller: "192.168.222.125"
username: "admin"
password: "VMware123!"
api_version: "22.1.2"
tasks:
- name: Change avi_backupconfiguration
avi_backupconfiguration:
avi_credentials: "{{ avi_credentials }}"
save_local: true
backup_passphrase: "VMware123!"
state: present
name: "Backup-Configuration"
- name: Change avi_systemconfiguration
vmware.alb.avi_systemconfiguration:
avi_credentials: "{{ avi_credentials }}"
dns_configuration:
server_list:
- type: V4
addr: 192.168.222.2
email_configuration:
smtp_type: SMTP_NONE
state: present
welcome_workflow_complete: true
default_license_tier: ESSENTIALS
- name: Create IPAM DNS provider setting
avi_ipamdnsproviderprofile:
avi_credentials: "{{ avi_credentials }}"
name: ipam
internal_profile:
ttl: 30
type: IPAMDNS_TYPE_INTERNAL
- name: Create a VMware cloud with write access mode once
avi_cloud:
avi_credentials: "{{ avi_credentials }}"
dhcp_enabled: true
enable_vip_static_routes: false
dns_resolution_on_se: false
name: VMware
ipam_provider_ref: "/api/ipamdnsproviderprofile?name=ipam"
vcenter_configuration:
datacenter: "Datacenter"
management_network: "/api/vimgrnwruntime?name=VM Network"
password: "VMware123!"
privilege: "WRITE_ACCESS"
username: "administrator@vsphere.local"
vcenter_url: "192.168.222.129"
use_content_lib: false
vtype: CLOUD_VCENTER
- name: Create a VMware cloud with write access mode again
avi_cloud:
avi_credentials: "{{ avi_credentials }}"
dhcp_enabled: true
enable_vip_static_routes: false
dns_resolution_on_se: false
name: VMware
ipam_provider_ref: "/api/ipamdnsproviderprofile?name=ipam"
vcenter_configuration:
datacenter: "Datacenter"
management_network: "/api/vimgrnwruntime?name=VM Network"
password: "VMware123!"
privilege: "WRITE_ACCESS"
username: "administrator@vsphere.local"
vcenter_url: "192.168.222.129"
use_content_lib: false
vtype: CLOUD_VCENTER
- name: Modify Network Object
vmware.alb.avi_network:
avi_credentials: "{{ avi_credentials }}"
configured_subnets:
- prefix:
ip_addr:
addr: "192.168.222.0"
type: "V4"
mask: 24
static_ip_ranges:
- range:
begin:
addr: "192.168.222.110"
type: "V4"
end:
addr: "192.168.222.119"
type: "V4"
type: STATIC_IPS_FOR_VIP_AND_SE
name: "VM Network
- hosts: localhost
connection: local
collections:
- vmware.alb
vars:
avi_credentials:
controller: "192.168.222.125"
username: "admin"
password: "VMware123!"
api_version: "22.1.2"
tasks:
- name: Change avi_backupconfiguration
avi_backupconfiguration:
avi_credentials: "{{ avi_credentials }}"
save_local: true
backup_passphrase: "VMware123!"
state: present
name: "Backup-Configuration"
- name: Change avi_systemconfiguration
vmware.alb.avi_systemconfiguration:
avi_credentials: "{{ avi_credentials }}"
dns_configuration:
server_list:
- type: V4
addr: 192.168.222.2
email_configuration:
smtp_type: SMTP_NONE
state: present
welcome_workflow_complete: true
default_license_tier: ESSENTIALS
- name: Create IPAM DNS provider setting
avi_ipamdnsproviderprofile:
avi_credentials: "{{ avi_credentials }}"
name: ipam
internal_profile:
ttl: 30
type: IPAMDNS_TYPE_INTERNAL
- name: Create a VMware cloud with write access mode once
avi_cloud:
avi_credentials: "{{ avi_credentials }}"
dhcp_enabled: true
enable_vip_static_routes: false
dns_resolution_on_se: false
name: VMware
ipam_provider_ref: "/api/ipamdnsproviderprofile?name=ipam"
vcenter_configuration:
datacenter: "Datacenter"
management_network: "/api/vimgrnwruntime?name=VM Network"
password: "VMware123!"
privilege: "WRITE_ACCESS"
username: "administrator@vsphere.local"
vcenter_url: "192.168.222.129"
use_content_lib: false
vtype: CLOUD_VCENTER
- name: Create a VMware cloud with write access mode again
avi_cloud:
avi_credentials: "{{ avi_credentials }}"
dhcp_enabled: true
enable_vip_static_routes: false
dns_resolution_on_se: false
name: VMware
ipam_provider_ref: "/api/ipamdnsproviderprofile?name=ipam"
vcenter_configuration:
datacenter: "Datacenter"
management_network: "/api/vimgrnwruntime?name=VM Network"
password: "VMware123!"
privilege: "WRITE_ACCESS"
username: "administrator@vsphere.local"
vcenter_url: "192.168.222.129"
use_content_lib: false
vtype: CLOUD_VCENTER
- name: Modify Network Object
vmware.alb.avi_network:
avi_credentials: "{{ avi_credentials }}"
configured_subnets:
- prefix:
ip_addr:
addr: "192.168.222.0"
type: "V4"
mask: 24
static_ip_ranges:
- range:
begin:
addr: "192.168.222.110"
type: "V4"
end:
addr: "192.168.222.119"
type: "V4"
type: STATIC_IPS_FOR_VIP_AND_SE
name: "VM Network
- hosts: localhost connection: local collections: - vmware.alb vars: avi_credentials: controller: "192.168.222.125" username: "admin" password: "VMware123!" api_version: "22.1.2" tasks: - name: Change avi_backupconfiguration avi_backupconfiguration: avi_credentials: "{{ avi_credentials }}" save_local: true backup_passphrase: "VMware123!" state: present name: "Backup-Configuration" - name: Change avi_systemconfiguration vmware.alb.avi_systemconfiguration: avi_credentials: "{{ avi_credentials }}" dns_configuration: server_list: - type: V4 addr: 192.168.222.2 email_configuration: smtp_type: SMTP_NONE state: present welcome_workflow_complete: true default_license_tier: ESSENTIALS - name: Create IPAM DNS provider setting avi_ipamdnsproviderprofile: avi_credentials: "{{ avi_credentials }}" name: ipam internal_profile: ttl: 30 type: IPAMDNS_TYPE_INTERNAL - name: Create a VMware cloud with write access mode once avi_cloud: avi_credentials: "{{ avi_credentials }}" dhcp_enabled: true enable_vip_static_routes: false dns_resolution_on_se: false name: VMware ipam_provider_ref: "/api/ipamdnsproviderprofile?name=ipam" vcenter_configuration: datacenter: "Datacenter" management_network: "/api/vimgrnwruntime?name=VM Network" password: "VMware123!" privilege: "WRITE_ACCESS" username: "administrator@vsphere.local" vcenter_url: "192.168.222.129" use_content_lib: false vtype: CLOUD_VCENTER - name: Create a VMware cloud with write access mode again avi_cloud: avi_credentials: "{{ avi_credentials }}" dhcp_enabled: true enable_vip_static_routes: false dns_resolution_on_se: false name: VMware ipam_provider_ref: "/api/ipamdnsproviderprofile?name=ipam" vcenter_configuration: datacenter: "Datacenter" management_network: "/api/vimgrnwruntime?name=VM Network" password: "VMware123!" privilege: "WRITE_ACCESS" username: "administrator@vsphere.local" vcenter_url: "192.168.222.129" use_content_lib: false vtype: CLOUD_VCENTER - name: Modify Network Object vmware.alb.avi_network: avi_credentials: "{{ avi_credentials }}" configured_subnets: - prefix: ip_addr: addr: "192.168.222.0" type: "V4" mask: 24 static_ip_ranges: - range: begin: addr: "192.168.222.110" type: "V4" end: addr: "192.168.222.119" type: "V4" type: STATIC_IPS_FOR_VIP_AND_SE name: "VM Network
Create Certificate
Create by CUI. Command execution example
configure sslkeyandcertificate controller
type ssl_certificate_type_system
certificate
self_signed subject_alt_names 192.168.222.125
subject
common_name 192.168.222.125
exit
exit
exit
configure sslkeyandcertificate controller
type ssl_certificate_type_system
certificate
self_signed subject_alt_names 192.168.222.125
subject
common_name 192.168.222.125
exit
exit
exit
configure sslkeyandcertificate controller type ssl_certificate_type_system certificate self_signed subject_alt_names 192.168.222.125 subject common_name 192.168.222.125 exit exit exit
run Ansible-Playbook(Apply Certificate)
- hosts: localhost
connection: local
collections:
- vmware.alb
vars:
avi_credentials:
controller: "192.168.222.125"
username: "admin"
password: "VMware123!"
api_version: "22.1.2"
tasks:
- name: Apply Certificate
vmware.alb.avi_systemconfiguration:
avi_credentials: "{{ avi_credentials }}"
dns_configuration:
server_list:
- type: V4
addr: 192.168.222.2
email_configuration:
smtp_type: SMTP_NONE
state: present
portal_configuration:
sslkeyandcertificate_refs: [ "/api/sslkeyandcertificate?name=controller" ]
welcome_workflow_complete: true
default_license_tier: ESSENTIALS
- hosts: localhost
connection: local
collections:
- vmware.alb
vars:
avi_credentials:
controller: "192.168.222.125"
username: "admin"
password: "VMware123!"
api_version: "22.1.2"
tasks:
- name: Apply Certificate
vmware.alb.avi_systemconfiguration:
avi_credentials: "{{ avi_credentials }}"
dns_configuration:
server_list:
- type: V4
addr: 192.168.222.2
email_configuration:
smtp_type: SMTP_NONE
state: present
portal_configuration:
sslkeyandcertificate_refs: [ "/api/sslkeyandcertificate?name=controller" ]
welcome_workflow_complete: true
default_license_tier: ESSENTIALS
- hosts: localhost connection: local collections: - vmware.alb vars: avi_credentials: controller: "192.168.222.125" username: "admin" password: "VMware123!" api_version: "22.1.2" tasks: - name: Apply Certificate vmware.alb.avi_systemconfiguration: avi_credentials: "{{ avi_credentials }}" dns_configuration: server_list: - type: V4 addr: 192.168.222.2 email_configuration: smtp_type: SMTP_NONE state: present portal_configuration: sslkeyandcertificate_refs: [ "/api/sslkeyandcertificate?name=controller" ] welcome_workflow_complete: true default_license_tier: ESSENTIALS
コメント