How to configure NSX ALB using Ansible

This article describes how to use Ansible to configure NSX ALB with TKGm. The license uses Essential Edition.

Version
how to

Version

#	Software	Version
1	Rocky Linux	9.1
2	NSX ALB	22.1.2

how to

Deploy NSX ALB Controller (Failed with error output)

- hosts: localhost

connection: local

collections:

- vmware.alb

tasks:

- name: Avi Controller

import_role:

vars:

ovftool_path: /usr/bin

vcenter_host: "192.168.222.128"

vcenter_user: "administrator@vsphere.local"

vcenter_password: "<password>"

con_datacenter: Datacenter

con_cluster: cluster

con_mgmt_network: "VM Network"

con_ova_path: ./controller-22.1.2-9086.ova

con_vm_name: ansible-test-controller

con_power_on: true

con_vcenter_folder: folder

con_mgmt_ip: 192.168.222.127

con_mgmt_mask: 255.255.255.0

con_mgmt_default_gw: 192.168.222.2

- hosts: localhost connection: local collections: - vmware.alb tasks: - name: Avi Controller import_role: name: avicontroller_vmware vars: ovftool_path: /usr/bin vcenter_host: "192.168.222.128" vcenter_user: "administrator@vsphere.local" vcenter_password: "<password>" con_datacenter: Datacenter con_cluster: cluster con_mgmt_network: "VM Network" con_ova_path: ./controller-22.1.2-9086.ova con_vm_name: ansible-test-controller con_power_on: true con_vcenter_folder: folder con_mgmt_ip: 192.168.222.127 con_mgmt_mask: 255.255.255.0 con_mgmt_default_gw: 192.168.222.2

- hosts: localhost
  connection: local
  collections:
    - vmware.alb
  tasks:
    - name: Avi Controller
      import_role:
        name: avicontroller_vmware
      vars:
        ovftool_path: /usr/bin
        vcenter_host: "192.168.222.128"
        vcenter_user: "administrator@vsphere.local"
        vcenter_password: "<password>"
        con_datacenter: Datacenter
        con_cluster: cluster
        con_mgmt_network: "VM Network"
        con_ova_path: ./controller-22.1.2-9086.ova
        con_vm_name: ansible-test-controller
        con_power_on: true
        con_vcenter_folder: folder
        con_mgmt_ip: 192.168.222.127
        con_mgmt_mask: 255.255.255.0
        con_mgmt_default_gw: 192.168.222.2

change admin password

Set by GUI.

run Ansible-Playbook

- hosts: localhost

connection: local

collections:

- vmware.alb

vars:

avi_credentials:

controller: "192.168.222.125"

username: "admin"

password: "VMware123!"

api_version: "22.1.2"

tasks:

- name: Change avi_backupconfiguration

avi_backupconfiguration:

avi_credentials: "{{ avi_credentials }}"

save_local: true

backup_passphrase: "VMware123!"

state: present

- name: Change avi_systemconfiguration

vmware.alb.avi_systemconfiguration:

avi_credentials: "{{ avi_credentials }}"

dns_configuration:

server_list:

- type: V4

addr: 192.168.222.2

email_configuration:

smtp_type: SMTP_NONE

state: present

welcome_workflow_complete: true

default_license_tier: ESSENTIALS

- name: Create IPAM DNS provider setting

avi_ipamdnsproviderprofile:

avi_credentials: "{{ avi_credentials }}"

internal_profile:

ttl: 30

type: IPAMDNS_TYPE_INTERNAL

- name: Create a VMware cloud with write access mode once

avi_cloud:

avi_credentials: "{{ avi_credentials }}"

dhcp_enabled: true

enable_vip_static_routes: false

dns_resolution_on_se: false

ipam_provider_ref: "/api/ipamdnsproviderprofile?name=ipam"

vcenter_configuration:

datacenter: "Datacenter"

management_network: "/api/vimgrnwruntime?name=VM Network"

password: "VMware123!"

privilege: "WRITE_ACCESS"

username: "administrator@vsphere.local"

vcenter_url: "192.168.222.129"

use_content_lib: false

vtype: CLOUD_VCENTER

- name: Create a VMware cloud with write access mode again

avi_cloud:

avi_credentials: "{{ avi_credentials }}"

dhcp_enabled: true

enable_vip_static_routes: false

dns_resolution_on_se: false

ipam_provider_ref: "/api/ipamdnsproviderprofile?name=ipam"

vcenter_configuration:

datacenter: "Datacenter"

management_network: "/api/vimgrnwruntime?name=VM Network"

password: "VMware123!"

privilege: "WRITE_ACCESS"

username: "administrator@vsphere.local"

vcenter_url: "192.168.222.129"

use_content_lib: false

vtype: CLOUD_VCENTER

- name: Modify Network Object

vmware.alb.avi_network:

avi_credentials: "{{ avi_credentials }}"

configured_subnets:

- prefix:

ip_addr:

addr: "192.168.222.0"

type: "V4"

mask: 24

static_ip_ranges:

- range:

begin:

addr: "192.168.222.110"

type: "V4"

end:

addr: "192.168.222.119"

type: "V4"

type: STATIC_IPS_FOR_VIP_AND_SE

- hosts: localhost connection: local collections: - vmware.alb vars: avi_credentials: controller: "192.168.222.125" username: "admin" password: "VMware123!" api_version: "22.1.2" tasks: - name: Change avi_backupconfiguration avi_backupconfiguration: avi_credentials: "{{ avi_credentials }}" save_local: true backup_passphrase: "VMware123!" state: present name: "Backup-Configuration" - name: Change avi_systemconfiguration vmware.alb.avi_systemconfiguration: avi_credentials: "{{ avi_credentials }}" dns_configuration: server_list: - type: V4 addr: 192.168.222.2 email_configuration: smtp_type: SMTP_NONE state: present welcome_workflow_complete: true default_license_tier: ESSENTIALS - name: Create IPAM DNS provider setting avi_ipamdnsproviderprofile: avi_credentials: "{{ avi_credentials }}" name: ipam internal_profile: ttl: 30 type: IPAMDNS_TYPE_INTERNAL - name: Create a VMware cloud with write access mode once avi_cloud: avi_credentials: "{{ avi_credentials }}" dhcp_enabled: true enable_vip_static_routes: false dns_resolution_on_se: false name: VMware ipam_provider_ref: "/api/ipamdnsproviderprofile?name=ipam" vcenter_configuration: datacenter: "Datacenter" management_network: "/api/vimgrnwruntime?name=VM Network" password: "VMware123!" privilege: "WRITE_ACCESS" username: "administrator@vsphere.local" vcenter_url: "192.168.222.129" use_content_lib: false vtype: CLOUD_VCENTER - name: Create a VMware cloud with write access mode again avi_cloud: avi_credentials: "{{ avi_credentials }}" dhcp_enabled: true enable_vip_static_routes: false dns_resolution_on_se: false name: VMware ipam_provider_ref: "/api/ipamdnsproviderprofile?name=ipam" vcenter_configuration: datacenter: "Datacenter" management_network: "/api/vimgrnwruntime?name=VM Network" password: "VMware123!" privilege: "WRITE_ACCESS" username: "administrator@vsphere.local" vcenter_url: "192.168.222.129" use_content_lib: false vtype: CLOUD_VCENTER - name: Modify Network Object vmware.alb.avi_network: avi_credentials: "{{ avi_credentials }}" configured_subnets: - prefix: ip_addr: addr: "192.168.222.0" type: "V4" mask: 24 static_ip_ranges: - range: begin: addr: "192.168.222.110" type: "V4" end: addr: "192.168.222.119" type: "V4" type: STATIC_IPS_FOR_VIP_AND_SE name: "VM Network

- hosts: localhost
  connection: local
  collections:
  - vmware.alb
  vars:
    avi_credentials:
      controller: "192.168.222.125"
      username: "admin"
      password: "VMware123!"
      api_version: "22.1.2"

  tasks:
  - name: Change avi_backupconfiguration
    avi_backupconfiguration:
      avi_credentials: "{{ avi_credentials }}"
      save_local: true
      backup_passphrase: "VMware123!"
      state: present
      name: "Backup-Configuration"

  - name: Change avi_systemconfiguration
    vmware.alb.avi_systemconfiguration:
      avi_credentials: "{{ avi_credentials }}"
      dns_configuration:
        server_list:
        - type: V4
          addr: 192.168.222.2
      email_configuration:
        smtp_type: SMTP_NONE
      state: present
      welcome_workflow_complete: true
      default_license_tier: ESSENTIALS

  - name: Create IPAM DNS provider setting
    avi_ipamdnsproviderprofile:
      avi_credentials: "{{ avi_credentials }}"
      name: ipam
      internal_profile:
        ttl: 30
      type: IPAMDNS_TYPE_INTERNAL

  - name: Create a VMware cloud with write access mode once
    avi_cloud:
      avi_credentials: "{{ avi_credentials }}"
      dhcp_enabled: true
      enable_vip_static_routes: false
      dns_resolution_on_se: false
      name: VMware
      ipam_provider_ref: "/api/ipamdnsproviderprofile?name=ipam"
      vcenter_configuration:
        datacenter: "Datacenter"
        management_network: "/api/vimgrnwruntime?name=VM Network"
        password: "VMware123!"
        privilege: "WRITE_ACCESS"
        username: "administrator@vsphere.local"
        vcenter_url: "192.168.222.129"
        use_content_lib: false
      vtype: CLOUD_VCENTER

  - name: Create a VMware cloud with write access mode again
    avi_cloud:
      avi_credentials: "{{ avi_credentials }}"
      dhcp_enabled: true
      enable_vip_static_routes: false
      dns_resolution_on_se: false
      name: VMware
      ipam_provider_ref: "/api/ipamdnsproviderprofile?name=ipam"
      vcenter_configuration:
        datacenter: "Datacenter"
        management_network: "/api/vimgrnwruntime?name=VM Network"
        password: "VMware123!"
        privilege: "WRITE_ACCESS"
        username: "administrator@vsphere.local"
        vcenter_url: "192.168.222.129"
        use_content_lib: false
      vtype: CLOUD_VCENTER

  - name: Modify Network Object
    vmware.alb.avi_network:
      avi_credentials: "{{ avi_credentials }}"
      configured_subnets:
      -  prefix:
           ip_addr:
              addr: "192.168.222.0"
              type: "V4"
           mask: 24
         static_ip_ranges:
         - range:
             begin:
               addr:  "192.168.222.110"
               type: "V4"
             end:
               addr: "192.168.222.119"
               type: "V4"
           type: STATIC_IPS_FOR_VIP_AND_SE
      name: "VM Network

Create Certificate

Create by CUI. Command execution example

configure sslkeyandcertificate controller

type ssl_certificate_type_system

certificate

self_signed subject_alt_names 192.168.222.125

subject

common_name 192.168.222.125

exit

configure sslkeyandcertificate controller type ssl_certificate_type_system certificate self_signed subject_alt_names 192.168.222.125 subject common_name 192.168.222.125 exit exit exit

configure sslkeyandcertificate controller
type ssl_certificate_type_system
certificate
self_signed subject_alt_names 192.168.222.125
subject
common_name 192.168.222.125
exit
exit
exit

run Ansible-Playbook(Apply Certificate)

- hosts: localhost

connection: local

collections:

- vmware.alb

vars:

avi_credentials:

controller: "192.168.222.125"

username: "admin"

password: "VMware123!"

api_version: "22.1.2"

tasks:

- name: Apply Certificate

vmware.alb.avi_systemconfiguration:

avi_credentials: "{{ avi_credentials }}"

dns_configuration:

server_list:

- type: V4

addr: 192.168.222.2

email_configuration:

smtp_type: SMTP_NONE

state: present

portal_configuration:

sslkeyandcertificate_refs: [ "/api/sslkeyandcertificate?name=controller" ]

welcome_workflow_complete: true

default_license_tier: ESSENTIALS

- hosts: localhost
  connection: local
  collections:
    - vmware.alb
  vars:
    avi_credentials:
      controller: "192.168.222.125"
      username: "admin"
      password: "VMware123!"
      api_version: "22.1.2"

  tasks:
    - name: Apply Certificate
      vmware.alb.avi_systemconfiguration:
        avi_credentials: "{{ avi_credentials }}"
        dns_configuration:
          server_list:
          - type: V4
            addr: 192.168.222.2
        email_configuration:
          smtp_type: SMTP_NONE
        state: present
        portal_configuration:
          sslkeyandcertificate_refs: [ "/api/sslkeyandcertificate?name=controller" ]
        welcome_workflow_complete: true
        default_license_tier: ESSENTIALS