VMware : Using Ansible to update VMware vSphere
In any environment, small or large, it’s always considered best practices to keep a platform up to date especially with all the CVE we have seen recently.
With Update Manager or Lifecycle Manager, ESXi patches shouldn’t be that painful. But planning to patch your environment composed of many hosts, on different vSphere Clusters and vCenters may be a challenge for a sysadmin.
Ansible has by default a lot of VMware modules that can help to automate VMware vSphere tasks and resources. With these modules, you can perform many kind of configuration management which allows you to save time on day 2 operational tasks such as updating your ESXi hosts.
In this post, we will learn how we can use Ansible to patch and upgrade your ESXi hosts. First, we recommend you to set up an Ansible project directory and create an inventory file that looks like the one below:
[ESXi]
Host1.domain.com ansible_ssh_pass=xxxxxxxx ansible_ssh_user=root
Host2.domain.com ansible_ssh_pass=xxxxxxxx ansible_ssh_user=root
…..
Hostn.domain.com ansible_ssh_pass=xxxxxxxx ansible_ssh_user=root
The playbook will perform 5 tasks on each host described on the inventory file above.
The code can be found on GitHub.
---
- hosts: ESXi
serial: 1
vars:
vcenter_hostname : "Your vcenter hostname"
vcenter_username: "Your vcenter username"
vcenter_password: "Your vcenter password"
tasks:
- name: ESXi enter maintenance
register: status
vmware_maintenancemode:
hostname: "{{ vcenter_hostname }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
esxi_hostname: "{{ inventory_hostname }}"
evacuate: yes
validate_certs: no
timeout: 3600
state: present
delegate_to: localhost
- debug: var=status.msg
- name: ESXi Install Update
shell:
"esxcli software profile update -d /vmfs/volumes/XXXXXXXXXXX/ESXi670-202102001.zip -p ESXi-6.7.0-20210204001-standard"
register: vib
- debug:
msg: vib
- name: ESXi reboot
vmware_host_powerstate:
hostname: "{{ vcenter_hostname }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
esxi_hostname: "{{ inventory_hostname }}"
validate_certs: no
timeout: 3600
state: reboot-host
delegate_to: localhost
register: reboot_host
- name: ESXi wait for the reboot to complete
wait_for:
host: "{{inventory_hostname }}"
port: 443
delay: 360
state: started
timeout: 3600
delegate_to: localhost
- name: ESXi exit maintenance
vmware_maintenancemode:
hostname: "{{ vcenter_hostname }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
esxi_hostname: "{{ inventory_hostname }}"
evacuate: yes
validate_certs: no
timeout: 3600
state: absent
delegate_to: localhost
- debug: var=status.msg
Feel free to modify or suggest improvements.
Enjoy!