VMware : Using Ansible to update VMware vSphere

12 March 2021 | Bilel KAMMOUN | VMware

In any environment, small or large, it’s always considered best practices to keep a platform up to date especially with all the CVE we have seen recently.

With Update Manager or Lifecycle Manager, ESXi patches shouldn’t be that painful. But planning to patch your environment composed of many hosts, on different vSphere Clusters and vCenters may be a challenge for a sysadmin.

Ansible has by default a lot of VMware modules that can help to automate VMware vSphere tasks and resources. With these modules, you can perform many kind of configuration management which allows you to save time on day 2 operational tasks such as updating your ESXi hosts.

In this post, we will learn how we can use Ansible to patch and upgrade your ESXi hosts. First, we recommend you to set up an Ansible project directory and create an inventory file that looks like the one below:

[ESXi]

Host1.domain.com ansible_ssh_pass=xxxxxxxx  ansible_ssh_user=root

Host2.domain.com ansible_ssh_pass=xxxxxxxx  ansible_ssh_user=root

…..

Hostn.domain.com ansible_ssh_pass=xxxxxxxx  ansible_ssh_user=root

The playbook will perform 5 tasks on each host described on the inventory file above.

 The code can be found on GitHub.

---
- hosts: ESXi
  serial: 1 
  
  vars:
   vcenter_hostname : "Your vcenter hostname"
   vcenter_username: "Your vcenter username"
   vcenter_password: "Your vcenter password"
 
  tasks:
  - name: ESXi enter maintenance 
    register: status
    vmware_maintenancemode:
     hostname: "{{ vcenter_hostname }}"
     username: "{{ vcenter_username }}"
     password: "{{ vcenter_password }}"
     esxi_hostname: "{{ inventory_hostname }}"
     evacuate: yes
     validate_certs: no
     timeout: 3600
     state: present
    delegate_to: localhost
  - debug: var=status.msg 
   
  - name: ESXi Install Update 
    shell: 
      "esxcli software profile update -d /vmfs/volumes/XXXXXXXXXXX/ESXi670-202102001.zip -p ESXi-6.7.0-20210204001-standard" 
    register: vib 
    
  - debug:
     msg: vib  
  - name: ESXi reboot 
    vmware_host_powerstate: 
        hostname: "{{ vcenter_hostname }}"
        username: "{{ vcenter_username }}"
        password: "{{ vcenter_password }}"
        esxi_hostname: "{{ inventory_hostname  }}"
        validate_certs: no
        timeout: 3600
        state: reboot-host
    delegate_to: localhost
    register: reboot_host
  
  - name: ESXi wait for the reboot to complete
    wait_for:
      host: "{{inventory_hostname }}"
      port: 443
      delay: 360
      state: started
      timeout: 3600
    delegate_to: localhost  
  - name: ESXi exit maintenance 
    vmware_maintenancemode:
     hostname: "{{ vcenter_hostname }}"
     username: "{{ vcenter_username }}"
     password: "{{ vcenter_password }}"
     esxi_hostname: "{{ inventory_hostname  }}"
     evacuate: yes
     validate_certs: no
     timeout: 3600
     state: absent
    delegate_to: localhost
  - debug: var=status.msg

Feel free to modify or suggest improvements.

Enjoy!

Leave a Reply

Your email address will not be published. Required fields are marked *