vmware/ansible-for-nsxt vmware/ansible-for-nsxt

  • Stars
    star
    170
  • Rank 223,357 (Top 5 %)
  • Language
    Python
  • License
    Other
  • Created over 6 years ago
  • Updated 3 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
vmware/ansible-for-nsxt
github

vmware

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Ansible delivers simple IT automation that ends repetitive tasks and frees up DevOps teams for more strategic work. This project is to enable this automation for NSX-T installation.

Ansible for NSX-T

Overview

This repository contains NSX-T Ansible Modules, which one can use with Ansible to work with VMware NSX-T Data Center.

For general information about Ansible, visit the GitHub project page.

These modules are maintained by VMware.

Documentation on the NSX platform can be found at the NSX-T Documentation page

NSX Compatibility

The following versions of NSX are supported:

  • NSX-T 4.1
  • NSX-T 4.0
  • NSX-T 3.2
  • NSX-T 3.1
  • NSX-T 3.0
  • NSX-T 2.5.1

Prerequisites

Using Ansible-for-nsxt requires the following packages to be installated. Installation steps differ based on the platform (Mac/iOS, Ubuntu, Debian, CentOS, RHEL etc). Please follow the links below to pick the right platform.

Installation

ansible-for-nsxt modules are distributed as Ansible Galaxy collection. Please use the following command to install it

ansible-galaxy collection install git+https://github.com/vmware/ansible-for-nsxt

Specify latest supported release branch

ansible-galaxy collection install git+https://github.com/vmware/ansible-for-nsxt.git,v3.2.0

Usage

Once installed, the modules can be directly run with ansible-playbook. For example, you can run:

ansible-playbook  test_logical_switches.yml

The modules require you to provide details about how to authenticate with NSX-T.

Using modules in the tests folder

There are complete workflow example modules in the tests/playbooks folder. To use them, edit the corresponding vars file if rqeuired. Then run using ansible-playbook. For example,

ansible-playbook 01_create_t0_gateway.yml

Supported NSX Objects/Workflows

The modules in this repository are focused on enabling automation of installation workflows of NSX-T. We have modules that support the legacy MP and new Policy API.

MP API

MP API modules can be used to configure an NSX resource with one-to-one mapping.

Branch Information

This repository has different branches with each branch providing support for upto a specific NSX-T release. Below is the list:

  • Master: Latest code, under development
  • v3.2.0: NSX-T 3.2.x and below
  • v3.0.1: NSX-T 3.1.x and below
  • v3.0.0: NSX-T 3.0.x and below
  • v1.1.0: NSX-T 2.4, NSX-T 2.5
  • v1.0.0: NSX-T 2.3
Deployment and installation modules
  • nsxt_deploy_ova
  • nsxt_licenses
  • nsxt_manager_status
  • nsxt_licenses_facts
  • nsxt_edge_clusters
  • nsxt_edge_clusters_facts
  • nsxt_fabric_compute_managers
  • nsxt_fabric_compute_managers_facts
  • nsxt_ip_pools
  • nsxt_ip_pools_facts
  • nsxt_uplink_profiles
  • nsxt_uplink_profiles_facts
  • nsxt_transport_zones
  • nsxt_transport_zones_facts
  • nsxt_transport_nodes
  • nsxt_transport_nodes_facts
  • nsxt_transport_node_collections
  • nsxt_transport_node_collections_facts
  • nsxt_transport_node_profiles
  • nsxt_transport_node_profiles_facts
  • nsxt_controller_manager_auto_deployment
Logical networking modules
  • nsxt_logical_ports
  • nsxt_logical_ports_facts
  • nsxt_logical_routers
  • nsxt_logical_routers_facts
  • nsxt_logical_router_ports
  • nsxt_logical_router_ports_facts
  • nsxt_logical_router_static_routes
  • nsxt_logical_switches
  • nsxt_logical_switches_facts
  • nsxt_ip_blocks
  • nsxt_ip_blocks_facts

Policy API

Policy API modules are aggregated such that logical constructs related to an NSX resource can be configured using a single playbook. They can be identified with prefix nsxt_policy_. The below list outlines the supported modules and the resources that can be configured through a module.

Note that the Policy modules are supported only for NSX-T 3.0 and above.

  1. Tier-0 Gateway (nsxt_policy_tier0)
    1. Tier-0 Locale Services
    2. Tier-0 Static Routes
    3. Tier-0 Interface
    4. Tier-0 BGP
    5. Tier-0 BGP Neighbors
    6. Tier-0 VRF
    7. Tier-0 BFD Peers
  2. Tier-1 Gateway (nsxt_policy_tier1)
    1. Tier-1 Locale Services
    2. Tier-1 Static Routes
    3. Tier-1 Interface
  3. Segment (nsxt_policy_segment)
    1. Segment Port
  4. Policy Group (nsxt_policy_group)
  5. Security Policy and Firewall rules (nsxt_policy_security_policy)
  6. IP Pools (nsxt_policy_ip_pool)
    1. IP Address Pool Block Subnet
    2. IP Address Pool Static Subnet
  7. IP Blocks (nsxt_policy_ip_block)
  8. BFD Profile (nsxt_policy_bfd_profile)
  9. VM Tags (nsxt_vm_tags)
  10. Gateway Policy (nsxt_policy_gateway_policy)
  11. L2 Bridge Endpoint Profile (nsxt_policy_l2_bridge_ep_profile)

Note that to add a new modules in Policy API, it's base class name should be added in the BASE_RESOURCES in module_utils/nsxt_base_resource.py

Build & Run

Install PyVmOmi

pip install --upgrade pyvmomi pyvim requests ssl

Download and Install Ovf tool 4.3 - Ovftool

(Note: Using ovftool version 4.0/4.1 causes OVA/OVF deployment failure with Error: cURL error: SSL connect error\nCompleted with errors\n)

Authentication

Using MP API

Ansible-for-nsxt supports two types of authentication using MP API.

  1. Basic server authentication
  2. Certificate based authentication
Basic server authentication

In basic server authentication, client has to explicitly provide NSX username and password for the NSX manager. The credentials have to be listed in ansible-playbook.

Certificate based authentication

In certificate based authentication, client has to register their certificates to NSX manager using nsxt_certificates task. After registering the certificates, client has to create its own principal identity on NSX manager using nsxt_principal_identities taks. The process of certificate registration and creation of principal identity has to be done using basic server authentication. Use test_certificates.yml and test_principal_identities.yml to match the values according to the client's environment.

ansible-playbook test_certificates.yml -vvv
ansible-playbook test_principal_identities -vvv

The path of the .p12 file i.e the file containing public and private key has to be set to an environment variable named NSX_MANAGER_CERT_PATH. Note: Make sure NSX_MANAGER_CERT_PATH is set in the same remote host, where modules would be executed.

Generating certificates?

Following commands can be used in order to generate certificates.

openssl req -newkey rsa:2048 -extensions usr_cert -nodes -keyout nsx_certificate.key -x509 -days 365 -out nsx_certificate.crt -subj "/C=US/ST=California/L=PaloAlto/O=VMware/CN=certauth-test" -sha256

openssl pkcs12 -export -out nsx_certificate.pfx -inkey nsx_certificate.key -in nsx_certificate.crt

openssl pkcs12 -in nsx_certificate.pfx -out nsx_certificate.p12 -nodes

The nsx_certificate.crt file generated as output from the above command contains the public key certificate. the file nsx_certificate.p12 file contains the public and private key generated. The path of nsx_certificate.p12 file has to be set in the environment variable NSX_MANAGER_CERT_PATH.

Note: usr_cert tells OpenSSL to generate a client certificate. This must be defined in openssl.cnf.

Validate CA in MP API

To validate ceritificate authority (CA), set NSX_MANAGER_CA_PATH environment variable on Ansible control node pointing to CA certificate of NSX manager and pass validate_certs as True in ansible playbook.

Using Policy API

All the Policy API based Ansible Modules provide the following authentication mechanisms:

Basic Authentication

This is the same as in MP API. It can be used by specifying the following fields in the playbook:

  1. username: The username to authenticate with the NSX manager
  2. password: The password to authenticate with the NSX manager

For example:

- hosts: localhost
  tasks:
    - name: Update Tier0
      nsxt_policy_tier0:
        hostname: "default"
        username: admin
        password: my-password
        validate_certs: False
        display_name: test-tier0-1
        state: present
Prinicipal Identity

There are 2 ways to consume the Principal Identity certificates.

Using Environment variable

This is same as explained in the previous section: Certificate based authentication

Specifying in the playbook

By specifying the following fields in the playbook:

  1. nsx_cert_path: Path to the certificate created for the Principal Identity using which the CRUD operations should be performed. If the certificate is a .p12 file, only this attribute is required. Otherwise, nsx_key_path is also required.
  2. nsx_key_path: Path to the certificate key created for the Principal Identity using which the CRUD operations should be performed

For example:

- hosts: localhost
  tasks:
    - name: Update Tier0
      nsxt_policy_tier0:
        hostname: "default"
        nsx_cert_path: /root/com.vmware.nsx.ncp/nsx.crt
        nsx_key_path: /root/com.vmware.nsx.ncp/nsx.key
        validate_certs: False
        display_name: test-tier0-1
        state: present
vIDM

When NSX-T is configured to use VMware Identity Manager (vIDM) for authentication, you can supply an Authorization header with an authentication type of Remote. The header content should consist of a base64-encoded string containing the username@domain and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.

For example, to authenticate a request using the credentials of user [email protected] with password Sk2LkPM!, include the following key:value pair under request_headers in the playbook::

  • Authorization: 'Remote anNtaXRoQGV4YW1wbGUuY29tOlNrMkxrUE0h'

For example:

- hosts: localhost
  tasks:
    - name: Update Tier0
      nsxt_policy_tier0:
        hostname: "default"
        request_headers:
          Authorization: 'Remote anNtaXRoQGV4YW1wbGUuY29tOlNrMkxrUE0h'
        validate_certs: False
        display_name: test-tier0-1
        state: present
SSL Verification

You can use the flag validate_certs to perform SSL verification. You can also specify the path to a CA bundle using the paratemer ca_path in the playbook.

For example:

- hosts: localhost
  tasks:
    - name: Update Tier0
      nsxt_policy_tier0:
        hostname: "default"
        nsx_cert_path: /root/com.vmware.nsx.ncp/nsx.crt
        nsx_key_path: /root/com.vmware.nsx.ncp/nsx.key
        validate_certs: True
        ca_path: /path/to/my/ca-bundle
        display_name: test-tier0-1
        state: present

Contributing

The ansible-for-nsxt project team welcomes contributions from the community. Before you start working with ansible-for-nsxt, please read our Developer Certificate of Origin. All contributions to this repository must be signed as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on as an open-source patch. For more detailed information, refer to CONTRIBUTING.md.

Please open a Pull-Request against the Master branch.

Support

Released NSX-T Ansible modules are fully supported by VMware. The released modules are available in the specific numbered release branches:

  • v3.2.0
  • v3.0.1
  • v3.0.0
  • v1.1.0
  • v1.0.0

They are also available for download from VMware's download page.

The master branch contains the latest development code which is community supported.

For bugs and feature requests, please open a Github Issue and label it appropriately.

License

Copyright (c) 2020 VMware, Inc. All rights reserved

The NSX-T Ansible modules in this repository are available under BSD-2 license or GPLv3 applies to all parts of the ansible-for-nsxt. You may not use them except in compliance with the License.

More Repositories

1

photon

Minimal Linux container host
Python
3,017
star
2

govmomi

Go library for the VMware vSphere API
Go
2,286
star
3

open-vm-tools

Official repository of VMware open-vm-tools project
C
2,226
star
4

pyvmomi

VMware vSphere API Python Bindings
Python
2,208
star
5

differential-datalog

DDlog is a programming language for incremental computation. It is well suited for writing programs that continuously update their output in response to input changes. A DDlog programmer does not write incremental algorithms; instead they specify the desired input-output mapping in a declarative manner.
Java
1,362
star
6

pyvmomi-community-samples

A place for community contributed samples for the pyVmomi library.
Python
1,014
star
7

PowerCLI-Example-Scripts

PowerShell
753
star
8

vsphere-automation-sdk-python

Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
Python
744
star
9

splinterdb

High Performance Embedded Key-Value Store
C
684
star
10

vic

vSphere Integrated Containers Engine is a container runtime for vSphere.
Go
639
star
11

burp-rest-api

REST/JSON API to the Burp Suite security tool.
Java
546
star
12

versatile-data-kit

One framework to develop, deploy and operate data workflows with Python and SQL.
Python
420
star
13

concord-bft

Concord byzantine fault tolerant state machine replication library
C++
378
star
14

chap

chap analyzes un-instrumented core files for leaks, memory growth, and corruption
C++
362
star
15

kube-fluentd-operator

Auto-configuration of Fluentd daemon-set based on Kubernetes metadata
Go
319
star
16

vsphere-automation-sdk-java

Java samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
Java
208
star
17

goipmi

Go IPMI library
Go
181
star
18

vic-product

vSphere Integrated Containers enables VMware customers to deliver a production-ready container solution to their developers and DevOps teams.
RobotFramework
177
star
19

mangle

Git Repository for the Mangle tool
Java
162
star
20

vmware-go-kcl

KCL Implementation in Go lang by VMware
Go
154
star
21

weathervane

Virtual-Infrastructure and Cloud Performance Benchmark
Java
153
star
22

terraform-provider-vcd

Terraform VMware Cloud Director provider
Go
147
star
23

dod-compliance-and-automation

Security hardening content for VMware solutions to US Department of Defense standards
Ruby
144
star
24

dscr-for-vmware

The Repository contains Microsoft PowerShell Desired State Configuration (DSC) Resources for managing VC and ESXi settings.
PowerShell
139
star
25

terraform-provider-nsxt

Terraform Provider for VMware NSX
Go
131
star
26

tdnf

Tiny Dandified Yum
C
115
star
27

open-vmdk

Python
113
star
28

ansible-module-vcloud-director

ansible-module-vcloud-director
Python
108
star
29

terraform-provider-vra

Terraform Provider for VMware Aria Automation
Go
101
star
30

powerclicore

PowerCLI Core Dockerfile
Dockerfile
99
star
31

load-balancer-and-ingress-services-for-kubernetes

Load Balancer and Ingress services for Kubernetes
Go
94
star
32

clarity-city

Clarity City
CSS
91
star
33

hamlet

Multi-Vendor Service Mesh Interoperation
86
star
34

go-vcloud-director

Golang SDK for VMware Cloud Director
Go
80
star
35

container-service-extension

Container Service for VMware vCloud Director
Python
78
star
36

vrealize-developer-tools

Extension for Visual Studio Code that provides code intelligence features and enables a more developer-friendly experience when creating vRealize content
TypeScript
75
star
37

flowgate

Project FlowGate is an open-source vendor-neutral project that helps enterprises integrate facility systems data and IT data to form a single holistic view of their operations. By combining these two disparate data sets into one view, data center operators/IT admins are better equipped to optimize operations which were previously impossible.
Java
73
star
38

nsx-t-datacenter-ci-pipelines

CI pipelines for VMware NSX-T Datacenter
Python
71
star
39

alb-sdk

Avi SDK and Utilities
Java
70
star
40

nsx-powerops

NSX-v Operationalization project. Automate Networking Documentation and HealthCheck.
Python
69
star
41

singleton

A service that provides support for Software Internationalization and Localization
Java
67
star
42

esx-boot

The ESXi bootloader
C
66
star
43

node-replication

An operation-log based approach for data replication.
Rust
62
star
44

data-annotator-for-machine-learning

Data annotator for machine learning allows you to centrally create, manage and administer annotation projects for machine learning
TypeScript
58
star
45

te-ns

Traffic Emulator for Network Services
C
55
star
46

go-vmware-nsxt

golang library for NSX-T REST API
Go
54
star
47

idm

51
star
48

bitfusion-with-kubernetes-integration

Bitfusion with Kubernetes Integration Support
Go
48
star
49

replay-app-for-tvos

tvOS application that converts an Apple TV into to a digital signage / kiosk
Swift
48
star
50

build-tools-for-vmware-aria

Build Tools for VMware Aria provides development and release management tools for implementing automation solutions based on the VMware Aria Suite and VMware Cloud Director. The solution enables Virtual Infrastructure Administrators and Automation Developers to use standard DevOps practices for managing and deploying content.
Java
47
star
51

photon-docker-image

Shell
45
star
52

power-validated-solutions-for-cloud-foundation

PowerShell Module for VMware Validated Solutions
PowerShell
44
star
53

nsx-alb-datascript-samples-library

DataScript Examples Library
Lua
41
star
54

go-ipfix

An ipfix library in Go
Go
39
star
55

c-rest-engine

C
39
star
56

terraform-provider-vra7

Terraform VMware vRealize Automation 7 provider - VMware has ended the active development of this Terraform Provider, so this repository will no longer be updated.
Go
39
star
57

ansible-vsphere-gos-validation

Guest OS validation test set for vSphere using Ansible
Python
38
star
58

terraform-provider-tanzu-mission-control

Terraform provider to manage resources of Tanzu Mission Control
Go
37
star
59

cluster-api-provider-cloud-director

Cluster API Provider for VMware Cloud Director. The project is an open source implementation of K8s ClusterAPI project and allows customers to provision resources directly from VMware Cloud Director. It enables Cloud Director powered Clouds to be treated as yet-another-cloud in the multi-cloud journey for VMware Cloud Providers.
Go
37
star
60

likewise-open

Likewise OSS project
C
37
star
61

harbor-boshrelease

CFF BOSH Release for Project Harbor
Shell
36
star
62

vrops-export

vRealize Operations Export Tool
Java
35
star
63

script-runtime-service-for-vsphere

The Repository contains Script Runtime Service for vSphere. A service for managing server-side PowerCLI instances to run commands and scripts against VCenter servers.
Smalltalk
35
star
64

powershell-module-for-vmware-cloud-foundation

PowerShell Module for VMware Cloud Foundation
PowerShell
34
star
65

photon-packer-templates

VMware Photon Packer Templates
HCL
33
star
66

network-config-manager

Network configuration manager is utility for easily configuring networking on a linux system
C
33
star
67

vsphere-automation-sdk-go

Go programming language SDK (Beta) for VMC. NSX-T and vSphere services will be added soon.
Go
32
star
68

terraform-provider-avi

Terraform AVI Networks provider
Go
31
star
69

nsx-container-plugin-operator

Kubernetes Operator for the NSX Container Plugin (NCP)
Go
30
star
70

nerpa

Network Programming with Relational and Procedural Abstractions (NERPA)
Rust
30
star
71

json-template-engine

This project provides implementations for the JSON template specification.
C++
30
star
72

vidm-saml-toolkit

VMware Identity Manager SAML Toolkit for Developers
Java
27
star
73

cloud-director-named-disk-csi-driver

Container Storage Interface (CSI) driver for VMware Cloud Director
Go
27
star
74

vic-ui

vSphere Integrated Containers Plug-In for vSphere Client provides information about your VIC setup and allows you to deploy VCHs directly from the vSphere Client.
TypeScript
26
star
75

terraform-provider-vmc

Terraform provider for VMware Cloud on AWS
Go
25
star
76

vsphere-guest-run

Python library for guest operations
Python
24
star
77

python-client-for-vmware-cloud-on-aws

Python Client for VMware Cloud on AWS is an open-source Python-based tool. Written in Python, the tool enables VMware Cloud on AWS users to automate the consumption of their VMware Cloud on AWS SDDC.
Python
24
star
78

vmware-openapi-generator

VMware-openapi-generator tool generates open-api documents from vapi metamodel format.
Python
23
star
79

workflowTools

Developer workflow tooling for jenkins, jira, reviewboard and git
Java
22
star
80

global-load-balancing-services-for-kubernetes

Global Load Balancing Services for Kubernetes
Go
22
star
81

nsx-advanced-load-balancer-tools

Repository to build Docker container with all Avi tools.
Dockerfile
22
star
82

vmware-go-kcl-v2

vmware-go-kcl is a vmware originated open-source project for AWS Kinesis Client Library in Go. It has been widely used by many external companies and internally by Carbon Black. vmware-go-kcl-v2 is its companion project by utilizing AWS Go SDK V2 which introduces lots of breaking changes. To keep the repo clean, it is better to have a separated repo vmware-go-kcl-v2 with better golang project structure improvement.
Go
22
star
83

vSphere-machine-learning-extension

vSphere Machine Learning Extension
Shell
21
star
84

ansible-collection-alb

VMware Advanced Load Balancer (formerly Avi) Ansible Collection
Python
20
star
85

cloud-provider-for-cloud-director

Kubernetes External Cloud Provider for VMware Cloud Director
Go
20
star
86

crest

Crest machine learning based automated accessibility tests
Python
20
star
87

network-event-broker

manages network configuration
Go
19
star
88

vra-sdk-go

VMware vRealize Automation SDK for Go
Python
19
star
89

terraform-provider-vcf

Terraform Provider for VMware Cloud Foundation
Go
19
star
90

django-yamlconf

Django settings values via external YAML formatted files simplifying the c onfiguration of Django applications
Python
19
star
91

kernel-event-collector-module

This is the Linux kernel module event collector for the Carbon Black Cloud.
C
18
star
92

cloud-director-extension-standard-library

Standard Library for VMware Cloud Director solutions add-ons and add-on elements.
TypeScript
18
star
93

upgrade-framework

A product-agnostic framework for defining and sequencing upgrades
Java
17
star
94

powershell-module-for-vmware-cloud-foundation-reporting

PowerShell Module for VMware Cloud Foundation Reporting
PowerShell
17
star
95

nsx-integration-for-openshift

NSX-T deployment playbooks for Openshift integration
Python
16
star
96

virtual-disks

Go Library for Virtual Disk Development Kit
Go
16
star
97

database-stream-processor-compiler

Infrastructure to run programs written in high-level languages on top of the Database Stream Processor (DBSP) runtime.
Rust
16
star
98

pmd

Photon Management Daemon
Go
15
star
99

antrea-operator-for-kubernetes

Antrea Operator for Kubernetes deployments
Go
15
star
100

vsan-integration-for-prometheus

vSAN Integration for Prometheus: making it easier using Prometheus to monitor vSAN performance
Python
15
star