Skip to content

Files

Latest commit

3ab8ba9 · Dec 29, 2021

History

History
1574 lines (1300 loc) · 49.4 KB

File metadata and controls

1574 lines (1300 loc) · 49.4 KB

十一、构建 VMware 部署

现在,我们知道了如何在 AWS 中启动网络和服务,接下来我们将讨论在 VMware 环境中部署类似的设置,并讨论核心 VMware 模块。

在本章中,我们将:

  • 快速介绍 VMware
  • 查看 Ansible 的 VMware 模块
  • 完成一个启动几台虚拟机的示例行动手册

技术要求

在本章中,我们将讨论 VMware 产品系列的各种组件,以及如何使用 Ansible 与它们进行交互。虽然本章中有一个示例行动手册,但它可能不容易转移到您的安装中。因此,不建议您在没有首先更新的情况下使用本章中的任何示例。

对 VMware 的介绍

VMware 有近 20 年的历史,从一家隐形初创公司到被戴尔拥有并被 EMC 收购,收入高达 79.2 亿美元。VMware 产品组合中目前有大约 30 种产品可用;最常见的是其虚拟机管理程序,有两种不同的类型。

第一个虚拟机管理程序是 VMware ESXi,它是一种类型 1,使用大多数现代 64 位英特尔和 AMD 处理器中的指令集直接在硬件上运行。其最初的第 2 类虚拟机管理程序不需要像第 1 类虚拟机管理程序那样在 CPU 中存在虚拟化指令。它的正式名称是 GSX;该虚拟机管理程序先于类型 1 虚拟机管理程序,这意味着它可以支持更旧的 CPU。

VMware 在大多数企业中极为常见;它允许管理员跨众多基于 x86 的标准硬件配置和类型快速部署虚拟机。

VMware 模块

如前所述,VMware 系列大约有 30 种产品;这些涵盖了从虚拟机管理程序到虚拟交换机、虚拟存储以及用于与基于 VMware 的主机和虚拟机进行交互的多个界面的所有内容。在本节中,我们将介绍 Ansible 附带的核心模块,以管理您的 VMware 资产的各个方面。

我已经尝试将它们分成逻辑组,对于每个组,我将简要解释模块所针对的产品。

要求

这些模块都有一个共同点:都需要安装一个名为PyVmomi的 Python 模块。要安装它,运行以下pip命令:

$ sudo pip install PyVmomi

本模块包含 VMware vSphere API Python 绑定,如果没有它,我们将在本章中介绍的模块将无法与您的 VMware 安装进行交互。

虽然本章中的模块已经用 vSphere 5.5 到 6.5 进行了测试,但是您可能会发现一些较旧的模块在 vs sphere 的较新版本中存在一些问题。

空气

vCloud Air 是 VMware 的基础架构即服务 ( IaaS )产品,我说,因为 vCloud Air 业务部门和负责该服务的团队在 2017 年年中被法国托管和云公司 OVH 从 VMware 手中收购。有三个 Ansible 模块提供对 vCloud Air 的直接支持,以及 VMware vCloud 混合服务 ( vCHS )和 VMware vCloud 控制器 ( vCD )。

电压控制模块

此模块使您能够在 vCloud Air 网关中添加和删除防火墙规则。以下示例向您展示了如何添加允许 SSH 流量的规则:

- name: example fireware rule
  vca_fw:
   instance_id: "abcdef123456-1234-abcd-1234-abcdef123456"
   vdc_name: "my_vcd"
   service_type: "vca"
   state: "present"
   fw_rules:
     - description: "Allow SSH"
       source_ip: "10.20.30.40"
       source_port: "Any"
       dest_port: "22"
       dest_ip: "192.0.10.20"
       is_enable: "true"
       enable_logging: "false"
       protocol: "Tcp"
       policy: "allow"

注意我们是如何通过一个service_type;这可能是vcavcdvchs

vca_nat 模块

该模块允许您管理网络地址转换 ( NAT )规则。在以下示例中,我们要求所有到达公共 IP 地址为123.123.123.123的端口2222的流量被转发到 IP 地址为192.0.10.20的虚拟机上的端口22:

- name: example nat rule
  vca_nat:
   instance_id: "abcdef123456-1234-abcd-1234-abcdef123456"
   vdc_name: "my_vcd"
   service_type: "vca"
   state: "present"
   nat_rules:
      - rule_type: "DNAT"
        original_ip: "123.123.123.123"
        original_port: "2222"
        translated_ip: "192.0.10.20"
        translated_port: "22"

这意味着要从我们的外部网络访问虚拟机192.0.10.20上的 SSH,我们需要运行如下命令:

$ ssh username@123.123.123.123 -p2222

假设我们有正确的防火墙规则,我们应该通过192.0.10.20虚拟机进行路由。

vca_vapp 模块

本模块用于创建和管理虚拟应用。vApp 是一个或多个虚拟机,它们组合起来提供一个应用:

- name: example vApp
  vca_vapp:
    vapp_name: "Example"
    vdc_name: "my_vcd"
    state: "present"
    operation: "poweron"
    template_name: "CentOS7 x86_64 1804"

前面的例子是一个非常基本的例子,说明了如何使用vca_vapp模块来确保存在一个名为Example的 vApp 并通电。

VMware 虚拟圈

VMware vSphere 是一套来自 VMware 的软件,由几个 VMware 组件组成。这是 VMware 可能会有点困惑的地方,因为 VMware vSphere 由 VMware vCentre 和 VMware ESXi 组成,它们都有自己的 Ansible 模块,从表面上看,它们似乎完成了类似的任务。

vmware_cluster 模块

本模块允许您管理您的 VMware 虚拟圈集群。VMware vSphere 集群是主机的集合,当集群在一起时,这些主机共享资源,允许您添加高可用性 ( HA )并启动分布式资源调度程序 ( DRS )来管理集群内工作负载的放置:

- name: Create a cluster
  vmware_cluster:
    hostname: "{{ item.ip }}"
    datacenter_name: "my_datacenter"
    cluster_name: "cluster"
    enable_ha: "yes"
    enable_drs: "yes"
    enable_vsan: "yes"
    username: "{{ item.username }}"
    password: "{{ item.password }}"
  with_items: "{{ vsphere_hosts }}"

前面的代码将遍历主机、用户名和密码列表来创建一个集群。

vmware_datacenter 模块

VMware 虚拟空间数据中心是为支持您的集群的物理资源、主机、存储和网络的集合命名的:

- name: Create a datacenter
  vmware_datacenter:
    hostname: "{{ item.ip }}"
    username: "{{ item.username }}"
    password: "{{ item.password }}"
    datacenter_name: "my_datacenter"
    state: present
  with_items: "{{ vsphere_hosts }}"

上一个示例将vsphere_hosts中列出的主机添加到my_datacenterVMware vssphere 数据中心。

vmware_vm_facts 模块

本模块可用于收集运行在您的 VMware 虚拟圈集群中的虚拟机或模板的信息:

- name: Gather facts on all VMs in the cluster
  vmware_vm_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    vm_type: "vm"
  delegate_to: "localhost"
  register: vm_facts

前面的例子只收集了用我们的集群创建的虚拟机的信息,并将结果注册为vm_facts变量。如果我们想只在模板上找到信息,我们可以将vm_type更新为模板,或者我们可以通过将vm_type更新为全部来列出所有虚拟机和模板。

vmware_vm_shell 模块

此模块可用于使用 VMware 连接到虚拟机并运行 shell 命令。Ansible 在任何时候都不需要使用基于网络的服务(如 SSH)连接到虚拟机,这对于在虚拟机进入网络之前进行配置非常有用:

- name: Shell example
  vmware_vm_shell:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    datacenter: "my_datacenter"
    folder: "/my_vms"
    vm_id: "example_vm"
    vm_username: "root"
    vm_password: "supersecretpassword"
    vm_shell: "/bin/cat"
    vm_shell_args: " results_file "
    vm_shell_env:
      - "PATH=/bin"
      - "VAR=test"
    vm_shell_cwd: "/tmp"
  delegate_to: "localhost"
  register: shell_results

前面的示例连接到一个名为example_vm的虚拟机,该虚拟机存储在my_datacenter数据中心根目录下的my_vms文件夹中。使用我们提供的用户名和密码连接后,它会运行以下命令:

$ /bin/cat results_file

在虚拟机上的/tmp文件夹中,运行命令的输出被注册为shell_results,以便我们以后使用。

vmware _ vm _ vm _ drs _ 规则模块

通过本模块,您可以配置 VMware DRS 相似性规则。这些允许您控制虚拟机在集群中的放置:

- name: Create DRS Affinity Rule for VM-VM
  vmware_vm_vm_drs_rule:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    cluster_name: "cluster"
    vms: "{{ item }}"
    drs_rule_name: ""
    enabled: "True"
    mandatory: "True"
    affinity_rule: "True"
  with_items:
    - "example_vm"
    - "another_example_vm"

在前面的示例中,我们创建了一个规则,该规则将导致虚拟机example_vmanother_example_vm永远不会在同一个物理主机上运行。

vmware _ vm _ vss _ dvs _ 迁移模块

本模块将命名虚拟机从连接到单个主机的标准虚拟交换机迁移到集群中可用的分布式虚拟交换机:

- name: migrate vm to dvs
  vmware_vm_vss_dvs_migrate"
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    vm_name: "example_vm"
    dvportgroup_name: "example_portgroup"
  delegate_to: localhost

如您所见,我们正在将example_vm从标准虚拟交换机移动到名为example_portgroup的分布式虚拟交换机。

vsphere _ copy 模块

本模块的目的只有一个——将本地文件复制到远程数据存储:

- name: copy file to datastore
  vsphere_copy:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    src: "/path/to/local/file"
    datacenter: "my_datacenter"
    datastore: "my_datastore"
    path: "path/to/remove/file"
  transport: local

如您所见,我们正在my_datacenter数据中心托管的my_datastore数据存储中将文件从/path/to/local/file复制到path/to/remove/file

vsphere _ guest 模块

此模块已被弃用,将在 Ansible 2.9 中删除;建议您改用vmware_guest模块。

vmware vcenter

VMware vCentre 是 VMware vSphere 套件的重要组成部分;它支持诸如 vMotion、VMware 分布式资源调度器和 VMware 高可用性等功能的集群。

vcenter_folder 模块

此模块启用 vCenter 文件夹管理。例如,以下示例为您的虚拟机创建一个文件夹:

- name: Create a vm folder
  vcenter_folder:
    hostname: "{{ item.ip }}"
    username: "{{ item.username }}"
    password: "{{ item.password }}"
    datacenter_name: "my_datacenter"
    folder_name: "virtual_machines"
    folder_type: "vm"
    state: "present"

以下是为您的主机创建文件夹的示例:

- name: Create a host folder
  vcenter_folder:
    hostname: "{{ item.ip }}"
    username: "{{ item.username }}"
    password: "{{ item.password }}"
    datacenter_name: "my_datacenter"
    folder_name: "hosts"
    folder_type: "host"
    state: "present"

vcenter_license 模块

本模块允许您添加和删除 VMware vCenter 许可证:

- name: Add a license
  vcenter_license:
    hostname: "{{ item.ip }}"
    username: "{{ item.username }}"
    password: "{{ item.password }}"
    license: "123abc-456def-abc456-def123"
    state: "present"
  delegate_to: localhost

vmware_guest 模块

此模块允许您启动和管理 VMware 集群中的虚拟机;以下示例显示了如何使用模板启动虚拟机:

- name: Create a VM from a template
  vmware_guest:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter: "my-datacenter"
    folder: "/vms"
    name: "yet_another_example_vm"
    state: "poweredon"
    template: "centos7-x86_64-1804"
    disk:
      - size_gb: "40"
        type: "thin"
        datastore: "my_datastore"
    hardware:
      memory_mb: "4048"
      num_cpus: "4"
      max_connections: "3"
      hotadd_cpu: "True"
      hotremove_cpu: "True"
      hotadd_memory: "True"
    networks:
      - name: "VM Network"
        ip: "192.168.1.100"
        netmask: "255.255.255.0"
        gateway: "192.168.1.254"
        dns_servers:
          - "192.168.1.1"
          - "192.168.1.2"
    wait_for_ip_address: "yes"
  delegate_to: "localhost"
  register: deploy

如您所见,我们对虚拟机及其配置有很大的控制权。硬件、网络和存储配置有单独的部分;我们将在本章末尾更详细地了解这个模块。

vmware_guest_facts 模块

本模块收集已创建虚拟机的信息:

- name: Gather facts on the yet_another_example_vm vm
  vmware_guest_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter: "my-datacenter"
    folder: "/vms"
    name: "yet_another_example_vm"
  delegate_to: localhost
  register: facts

前面的例子收集了我们在前面部分定义的机器上的大量信息,并将这些信息注册为变量,以便我们可以在我们的剧本运行中的其他地方使用它。

vmware 来宾文件操作模块

这个模块是在 Ansible 2.5 中引入的;它允许您从虚拟机添加和获取文件,而无需虚拟机位于网络上。它还允许您在虚拟机中创建文件夹。以下示例在虚拟机中创建一个目录:

- name: create a directory on a vm
  vmware_guest_file_operation:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter: "my-datacenter"
    vm_id: "yet_another_example_vm"
    vm_username: "root"
    vm_password: "supersecretpassword"
    directory:
      path: "/tmp/imported/files"
      operation: "create"
      recurse: "yes"
  delegate_to: localhost

以下示例将名为config.zip的文件从我们的 Ansible 主机复制到之前创建的目录中:

- name: copy file to vm
  vmware_guest_file_operation:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter: "my-datacenter"
    vm_id: "yet_another_example_vm"
    vm_username: "root"
    vm_password: "supersecretpassword"
    copy:
        src: "files/config.zip"
        dest: "/tmp/imported/files/config.zip"
        overwrite: "False"
  delegate_to: localhost

vmware 来宾查找模块

我们知道运行虚拟机的文件夹的名称。如果没有,或者因为任何原因发生了变化,我们可以使用vmware_guest_find模块来动态发现位置:

- name: Find vm folder location
  vmware_guest_find:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    name: "yet_another_example_vm"
  register: vm_folder

文件夹的名称将被注册为vm_folder

vmware_guest_powerstate 模块

该模块不言自明;它用于管理虚拟机的电源阶段。以下示例对虚拟机进行电源循环:

- name: Powercycle a vm
  vmware_guest_powerstate:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    folder: "/vms"
    name: "yet_another_example_vm"
    state: "reboot-guest"
  delegate_to: localhost

您还可以安排对电源状态的更改。以下示例在 2019 年 4 月 1 日上午 9 点关闭虚拟机:

- name: April fools
  vmware_guest_powerstate:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    folder: "/vms"
    name: "yet_another_example_vm"
    state: "powered-off"
    scheduled_at: "01/04/2019 09:00"
  delegate_to: localhost

我绝不会做那样的事!

vmware _ 来宾 _ 快照模块

此模块允许您管理虚拟机快照;例如,下面创建了一个快照:

- name: Create a snapshot
  vmware_guest_snapshot:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter: "my-datacenter"
    folder: "/vms"
    name: "yet_another_example_vm"
    snapshot_name: "pre-patching"
    description: "snapshot made before patching"
    state: "present"
  delegate_to: localhost

从前面的示例中可以看到,拍摄此快照是因为我们即将对虚拟机进行修补。如果修补按预期进行,那么我们可以运行以下任务:

- name: Remove a snapshot
  vmware_guest_snapshot:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter: "my-datacenter"
    folder: "/vms"
    name: "yet_another_example_vm"
    snapshot_name: "pre-patching"
    state: "remove"
  delegate_to: localhost

如果一切都没有按计划进行,并且修补程序破坏了我们的虚拟机,那么不用担心,我们有一个可以恢复的快照:

- name: Revert to a snapshot
  vmware_guest_snapshot:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter: "my-datacenter"
    folder: "/vms"
    name: "yet_another_example_vm"
    snapshot_name: "pre-patching"
    state: "revert"
  delegate_to: localhost

祈祷你永远不必恢复到快照(除非它是计划好的)。

vmware _ 来宾 _ 工具 _ 等待模块

本节的最后一个模块是另一个不言自明的模块;它只是等待 VMware 工具可用,然后在机器上收集事实:

- name: Wait for VMware tools to become available by name
  vmware_guest_tools_wait:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    folder: "/vms"
    name: "yet_another_example_vm"
  delegate_to: localhost
  register: facts

VMware tools 是在虚拟机内部运行的应用。一旦启动,它允许 VMware 与虚拟机交互,从而允许vmware_guest_file_operationvmware_vm_shell等模块运行。

VMware ESXi

大多数 VMware 安装的核心是许多 VMware ESXi 主机。VMware ESXi 是第 1 类虚拟机管理程序,支持虚拟机运行。Ansible 提供了几个模块,允许您配置 VMware ESXi 主机并与之交互。

vmware_dns_config 模块

此模块允许您管理 ESXi 主机的 DNS 方面;它允许您设置主机名、域和 DNS 解析器:

- name: Configure the hostname and dns servers
  local_action
    module: vmware_dns_config:
    hostname: "{{ exsi_host }}"
    username: "{{ exsi_username }}"
    password: "{{ exsi_password }}"
    validate_certs: "no"
    change_hostname_to: "esxi-host-01"
    domainname: "my-domain.com"
    dns_servers:
        - "8.8.8.8"
        - "8.8.4.4"

在前面的例子中,我们将主机的 FQDN 设置为esxi-host-01.my-domain.com,并将主机配置为使用谷歌公共域名解析器。

vmware _ 主机 _dns_facts 模块

下面是一个简单的模块,它收集了关于您的 VMware ESXi 主机的 DNS 配置的事实:

- name: gather facts on dns config
  vmware_host_dns_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    cluster_name: "my_cluster"

vmware_host 模块

您可以使用此模块将您的 ESXi 主机连接到 vCenter:

- name: add an esxi host to vcenter
  vmware_host:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    datacenter_name: "my-datacenter"
    cluster_name: "my_cluster"
    esxi_hostname: "{{ exsi_host }}"
    esxi_username: "{{ exsi_username }}"
    esxi_password: "{{ exsi_password }}"
    state: present

您也可以使用该模块将主机重新连接到您的 vCenter 集群:

- name: reattach an esxi host to vcenter
  vmware_host:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    datacenter_name: "my-datacenter"
    cluster_name: "my_cluster"
    esxi_hostname: "{{ exsi_host }}"
    esxi_username: "{{ exsi_username }}"
    esxi_password: "{{ exsi_password }}"
    state: reconnect

您还可以从 vCenter 集群中删除主机:

- name: remove an esxi host to vcenter
  vmware_host:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    datacenter_name: "my-datacenter"
    cluster_name: "my_cluster"
    esxi_hostname: "{{ exsi_host }}"
    esxi_username: "{{ exsi_username }}"
    esxi_password: "{{ exsi_password }}"
    state: absent

vmware_host_facts 模块

正如您可能已经猜到的,本模块收集了有关您的虚拟环境或 vCenter 集群中的 VMware ESXi 主机的事实:

- name: Find out facts on the esxi hosts
  vmware_host_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
  register: host_facts
  delegate_to: localhost

vmware _ 主机 _ 验收模块

使用此模块,您可以管理您的 VMware ESXi 主机的接受级别。VMware 支持四种接受级别,它们是:

  • VMwareCertified
  • 虚拟机已接受
  • 合作伙伴支持
  • 社区支持

这些级别控制可以安装在 ESXi 主机上的 VIBsVIB 是一个 ESXi 软件包。这通常决定了您将从 VMware 或 VMware 合作伙伴那里获得的支持级别。以下任务将命名集群中所有 ESXi 主机的接受级别设置为社区支持:

- name: Set acceptance level for all esxi hosts in the cluster
  vmware_host_acceptance:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    cluster_name: "my_cluster"
    acceptance_level: "community"
    state: present
  register: cluster_acceptance_level

vmware 主机配置管理器模块

使用本模块,您可以在各个 VMware ESXi 主机上设置配置选项,例如:

- name: Set some options on our esxi host
  vmware_host_config_manager:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    esxi_hostname: "{{ exsi_host }}"
    options:
        "Config.HostAgent.log.level": "verbose"
        "Annotations.WelcomeMessage": "Welcome to my awesome Ansible managed ESXi host"
        "Config.HostAgent.plugins.solo.enableMob": "false"

Ansible 从您的 VMware 主机映射高级配置选项,因此有关可用选项的更多信息,请参考您的文档。

vmware _ 主机 _ 数据存储模块

本模块使您能够在 VMware ESXi 主机上装载和卸载数据存储区;在以下示例中,我们将在清单中的所有 VMware ESXi 主机上装载三个数据存储区:

- name: Mount datastores on our cluster
  vmware_host_datastore:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter_name: "my-datacenter"
    datastore_name: "{{ item.name }}"
    datastore_type: "{{ item.type }}"
    nfs_server: "{{ item.server }}"
    nfs_path: "{{ item.path }}"
    nfs_ro: "no"
    esxi_hostname: "{{ inventory_hostname }}"
    state: present
  delegate_to: localhost
  with_items:
      - { "name": "ds_vol01", "server": "nas", "path": "/mnt/ds_vol01", 'type': "nfs"} 
      - { "name": "ds_vol02", "server": "nas", "path": "/mnt/ds_vol02", 'type': "nfs"} 
      - { "name": "ds_vol03", "server": "nas", "path": "/mnt/ds_vol03", 'type': "nfs"} 

vmware _ 主机 _ 防火墙 _ 管理器模块

本模块允许您在 VMware ESXi 主机上配置防火墙规则:

- name: set some firewall rules on the esxi hosts
  vmware_host_firewall_manager:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    esxi_hostname: "{{ inventory_hostname }}"
    rules:
      - name: "vvold"
        enabled: "True"
      - name: "CIMHttpServer"
        enabled: "False"

前面的示例在主机清单中的每个 VMware ESXi 主机上启用vvold和禁用CIMHttpServer

vmware _ 主机 _ 防火墙 _ 事实模块

正如您已经猜到的,该模块与其他 facts 模块一样,用于收集集群中所有主机的防火墙配置的事实:

- name: Get facts on all cluster hosts
  vmware_host_firewall_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    cluster_name: "my_cluster"

它也可以只为一台主机收集:

- name: Get facts on a single host
  vmware_host_firewall_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    esxi_hostname: "{{ exsi_host }}"

vmware 主机锁定模块

此模块附带一条警告,内容如下:此模块具有破坏性,因为管理员权限是使用所用的 API 进行管理的,请仔细阅读选项并继续..

您可以使用以下代码锁定主机:

- name: Lockdown an ESXi host
  vmware_host_lockdown:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    esxi_hostname: "{{ exsi_host }}"
    state: "present"

您可以使用以下方法解除主机锁定:

- name: Remove the lockdown on an ESXi host
  vmware_host_lockdown:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    esxi_hostname: "{{ exsi_host }}"
    state: "absent"

如前所述,此模块可能会有一些意想不到的副作用,因此您可能希望针对每台主机执行此操作,而不是使用以下选项,该选项会将命名集群中的所有主机锁定:

- name: Lockdown all the ESXi hosts
  vmware_host_lockdown:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    cluster_name: "my_cluster"
    state: "present"

vmware_host_ntp 模块

使用本模块,您可以管理每个 VMware ESXi 主机的 NTP 设置。以下示例将所有主机配置为使用同一组 NTP 服务器:

- name: Set NTP servers for all hosts
  vmware_host_ntp:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    cluster_name: "my_cluster"
    state: present
    ntp_servers:
        - 0.pool.ntp.org
        - 1.pool.ntp.org
        - 2.pool.ntp.org

vmware_host_package_facts 模块

本模块可用于收集集群中所有 VMware ESXi 主机的事实:

- name: Find out facts about the packages on all the ESXi hosts
  vmware_host_package_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    cluster_name: "my_cluster"
  register: cluster_packages

与其他 facts 模块一样,它也可以只为一台主机收集:

- name: Find out facts about the packages on a single ESXi host
  vmware_host_package_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    esxi_hostname: "{{ exsi_host }}"
  register: host_packages

vmware 主机服务管理器模块

此模块允许您管理所有集群成员或单个主机上的 ESXi 服务器:

- name: Start the ntp service on all esxi hosts
  vmware_host_service_manager:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    cluster_name: "my_cluster"
    service_name: "ntpd"
    service_policy: "automatic"
    state: "present"

在本例中,我们正在集群内的所有主机上启动 NTP 服务(service_name);由于我们将service_policy定义为automatic,只有在配置了与防火墙规则相对应的服务时,服务才会启动。如果我们希望服务启动,而不考虑防火墙规则,那么我们可以将service_policy设置为on,或者如果我们希望服务停止,那么service_policy应该设置为off

vmware _ 主机 _ 服务 _ 事实模块

通过本模块,您可以了解集群中每个 VMware ESXi 主机上配置的服务的事实:

- name: Find out facts about the services on all the ESXi hosts
  vmware_host_service_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    cluster_name: "my_cluster"
  register: cluster_services

vmware 数据存储事实模块

这是旧式 facts 模块之一,可用于收集数据中心中配置的数据存储的信息:

- name: Find out facts about the datastores
  vmware_datastore_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter: "my_datacenter"
  delegate_to: localhost
  register: datastore_facts

您可能会注意到,这个模块和前面的 facts 模块在语法上有一点不同。

vmware_host_vmnic_facts 模块

从旧式的事实模块到新的事实模块,此模块可用于收集 VMware ESXi 主机上物理网络接口的信息:

- name: Find out facts about the vmnics on all the ESXi hosts
  vmware_host_vmnic_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter: "my_datacenter"
  register: cluster_vmnics

对于单个 ESXi 主机,我们可以使用以下任务:

- name: Find out facts about the vmnics on a single ESXi host
  vmware_host_vmnic_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    esxi_hostname: "{{ exsi_host }}"
  register: host_vmnics

vmware_local_role_manager 模块

使用此模块,您可以在集群上配置角色;这些角色可用于分配权限。在以下示例中,我们为vmware_qa角色分配了一些权限:

- name: Add a local role
  vmware_local_role_manager:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
  local_role_name: "vmware_qa"
  local_privilege_ids: [ "Folder.Create", "Folder.Delete"]
  state: "present"

vmware 本地用户管理器模块

使用此模块,您可以通过添加用户和设置他们的密码来管理本地用户:

- name: Add local user to ESXi
  vmware_local_user_manager:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    local_user_name: "myuser"
    local_user_password: "my-super-secret-password"
    local_user_description: "An example user added by Ansible"
  delegate_to: "localhost"

vmware_cfg_backup 模块

使用本模块,您可以创建 VMware ESXi 主机配置的备份:

- name: Create an esxi host configuration backup
  vmware_cfg_backup:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    state: "saved"
    dest: "/tmp/"
    esxi_hostname: "{{ exsi_host }}"
  delegate_to: "localhost"
  register: cfg_backup

请注意,该模块将自动对主机进行维护,然后保存配置。在上例中,从/tmp开始,您可以使用fetch模块使用注册的信息来获取备份的副本。

您也可以使用此模块来恢复配置:

- name: Restore an esxi host configuration backup
  vmware_cfg_backup:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    state: "loaded"
    dest: "/tmp/my-host-backup.tar.gz"
    esxi_hostname: "{{ exsi_host }}"
  delegate_to: "localhost"

最后,您还可以通过运行以下代码将主机配置重置回其默认设置:

- name: Reset a host configuration to the default values
  vmware_cfg_backup:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    state: "absent"
    esxi_hostname: "{{ exsi_host }}"
  delegate_to: "localhost"

vmware_vmkernel 模块

本模块允许您添加虚拟机内核接口,也称为主机上的虚拟网卡:

- name: Add management port with a static ip
   vmware_vmkernel:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    esxi_hostname: "{{ exsi_host }}"
  vswitch_name: "my_vSwitch"
  portgroup_name: "my_portgroup"
  vlan_id: "the_vlan_id"
  network:
    type: "static"
    ip_address: "192.168.127.10"
    subnet_mask: "255.255.255.0"
  state: "present"
  enable_mgmt: "True"

在前面的例子中,我们添加了一个管理界面;还有以下选项:

  • enable_ft:启用容错流量接口
  • enable_mgmt:启用管理流量的接口
  • enable_vmotion:启用 VMotion 流量接口
  • enable_vsan:启用 VSAN 流量接口

vmware_vmkernel_facts 模块

还有一个事实模块,这是一个新型模块;您可能已经猜到了任务的样子:

- name: Find out facts about the vmkernel on all the ESXi hosts
  vmware_vmkernel_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    cluster_name: "my_cluster"
  register: cluster_vmks

- name: Find out facts about the vmkernel on a single ESXi host
  vmware_vmkernel_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    esxi_hostname: "{{ exsi_host }}"
  register: host_vmks

vmware_target_canonical_facts 模块

使用这个模块,您可以找到 SCSI 目标的规范名称;您只需要知道目标设备的标识:

- name: Get Canonical name of SCSI device
  vmware_target_canonical_facts"
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    target_id: "6"
   register: canonical_name

vmware_vmotion 模块

您可以使用此模块执行虚拟机从一台 VMware ESXi 主机到另一台的 vMotion:

- name: Perform vMotion of VM
  vmware_vmotion
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    vm_name: "example_vm"
    destination_host: "esxi-host-02"
  delegate_to: "localhost"
  register: vmotion_results

vmware _ vsan _ 集群模块

您可以使用此模块注册 VSAN 集群;本模块的工作方式与本章中的其他模块略有不同,首先需要在单个主机上生成集群 UUID,然后使用生成的 uuid 在其余主机上部署 VSAN。

以下任务假设您有一个名为esxi_hosts的主机组,它包含多个主机。第一个任务将 VSAN 分配给组中的第一台主机,然后注册结果:

- name: Configure VSAN on first host in the group
  vmware_vsan_cluster:
    hostname: "{{ groups['esxi_hosts'][0] }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
  register: vsan_cluster

注册为vsan_cluster的结果包含 VSAN 集群 UUID,我们将需要该集群中的其他主机。以下代码在其余主机上配置集群,跳过原始主机:

- name: Configure VSAN on the remaining hosts in the group
  vmware_vsan_cluster:
    hostname: "{{ item }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    cluster_uuid: "{{ vsan_cluster.cluster_uuid }}"
  with_items: "{{ groups['esxi_hosts'][1:] }}"

vmware _ vswitch 模块

使用此模块,您可以向 ESXi 主机添加或删除 VMware 标准交换机 ( 虚拟交换机):

- name: Add a vSwitch
  vmware_vswitch:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    switch: "vswitch_name"
    nics:
      - "vmnic1"
      - "vmnic2"
    mtu: "9000"
  delegate_to: "localhost"

在本例中,我们添加了一个连接到多个虚拟机的虚拟交换机。

vmware_drs_rule_facts 模块

您可以使用本模块收集整个集群或单个数据中心中配置的 DRS 的事实:

- name: Find out facts about drs on all the hosts in the cluster
  vmware_drs_rule_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    cluster_name: "my_cluster"
  delegate_to: "localhost"
  register: cluster_drs

- name: Find out facts about drs in a single data center
  vmware_drs_rule_facts:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter: "my_datacenter"
  delegate_to: "localhost"
  register: datacenter_drs

vmware_dvswitch 模块

此模块允许您创建和删除分布式虚拟交换机:

- name: Create dvswitch
  vmware_dvswitch:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter: "my_datacenter"
    switch_name: "my_dvSwitch"
    switch_version: "6.0.0"
    mtu: "9000"
    uplink_quantity: "2"
    discovery_proto: "lldp"
    discovery_operation: "both"
    state: present
  delegate_to: "localhost"

vmware _ dvs _ 主机模块

使用此模块,您可以在分布式虚拟交换机中添加或删除主机:

- name: Add host to dvs
  vmware_dvs_host:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    esxi_hostname: "{{ exsi_host }}"
    switch_name: "my_dvSwitch"
    vmnics:
      - "vmnic1"
      - "vmnic2"
    state: "present"
  delegate_to: "localhost"

vmware_dvs_portgroup 模块

使用本模块,您可以管理您的 DVS 端口组:

- name: Create a portgroup with vlan 
  vmware_dvs_portgroup:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    portgroup_name: "my_portgroup_vlan123"
    switch_name: "my_dvSwitch"
    vlan_id: "123"
    num_ports: "120"
    portgroup_type: "earlyBinding"
    state: "present"
  delegate_to: "localhost"

vmware 维护模式模块

使用此模块,您可以将主机置于维护模式。以下示例向您展示了如何在维护 VSAN 上的对象可用性的同时维护主机:

- name: Put host into maintenance mode
  vmware_maintenancemode:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    esxi_hostname: "{{ exsi_host }}"
    vsan: "ensureObjectAccessibility"
    evacuate: "yes"
    timeout: "3600"
    state: "present"
  delegate_to: "localhost"

vmware_portgroup 模块

本模块允许您在给定集群中的主机上创建 VMware 端口组:

- name: Create a portgroup with vlan
  vmware_portgroup:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    cluster_name: "my_cluster"
    switch_name: "my_switch"
    portgroup_name: "my_portgroup_vlan123"
    vlan_id: "123"
  delegate_to: "localhost"

vmware 资源池模块

有了这个,我们要看的最后一个模块,您可以创建一个资源库。如何做到这一点的一个例子如下:

- name: Add resource pool
  vmware_resource_pool:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: "no"
    datacenter: "my_datacenter"
    cluster: "my_new_cluster"
    resource_pool: "my_resource_pool"
    mem_shares: "normal"
    mem_limit: "-1"
    mem_reservation: "0"
    mem_expandable_reservations: "True"
    cpu_shares: "normal"
    cpu_limit: "-1"
    cpu_reservation: "0"
    cpu_expandable_reservations: "True"
    state: present
  delegate_to: "localhost"

范例剧本

在我们完成本章之前,我将分享我为在 VMware 集群中部署少量虚拟机而编写的示例行动手册。该项目的想法是将七台虚拟机引入客户的网络,如下所示:

  • 一台 Linux 跳转主机
  • 一台 NTP 服务器
  • 一个负载平衡器
  • 两台网络服务器
  • 两台数据库服务器

所有虚拟机都必须根据现有模板构建;不幸的是,这个模板是用/etc/sysconfig/network文件中192.168.1.254的硬编码网关 IP 地址构建的。这意味着,为了让这些机器正确地出现在网络上,我必须在每个虚拟机启动后对它们进行更改。

我从在我的group_vars文件夹中建立一个名为vmware.yml的文件开始;其中包含连接到我的 VMware 安装所需的信息以及虚拟机的默认凭据:

vcenter:
  host: "cluster.cloud.local"
  username: "svc_ansible@cloud.local"
  password: "mymegasecretpassword"

wait_for_ip_address: "yes"
machine_state: "poweredon"

deploy:
  datacenter: "Cloud DC4"
  folder: "/vm/Ansible"
  resource_pool: "/Resources/"

vm_shell:
  username: "root"
  password: "hushdonttell"
  cwd: "/tmp"
  cmd: "/bin/sed"
  args: "-i 's/GATEWAY=192.168.1.254/GATEWAY={{ item.gateway }}/g' /etc/sysconfig/network"

我将使用我将运行的两个角色中定义的变量。接下来是group_vars/vms.yml文件;这包含在我的 VMware 环境中启动虚拟机所需的所有信息:

vm:
  - name: "NTPSERVER01"
    machine_name: "ntpserver01"
    machine_template: "RHEL6_TEMPLATE"
    guest_id: "rhel6_64Guest"
    host: "compute-host-01.cloud.local"
    cpu: "1"
    ram: "1024"
    networks: 
      - name: "CLOUD-CUST|Customer|MANGMENT"
        ip: "192.168.99.10"
        netmask: "255.255.255.0"
        device_type: "vmxnet3"
    gateway: "192.168.99.254"
    disk:
      - size_gb: "30"
        type: "thin"
        datastore: "cust_sas_esx_nfs_01"
  - name: "JUMPHOST01"
    machine_name: "jumphost01"
    machine_template: "RHEL6_TEMPLATE"
    guest_id: "rhel6_64Guest"
    host: "compute-host-02.cloud.local"
    cpu: "1"
    ram: "1024"
    networks: 
      - name: "CLOUD-CUST|Customer|MANGMENT"
        ip: "192.168.99.20"
        netmask: "255.255.255.0"
        device_type: "vmxnet3"
    gateway: "192.168.99.254"
    disk:
      - size_gb: "30"
        type: "thin"
        datastore: "cust_sas_esx_nfs_01"
  - name: "LOADBALANCER01"
    machine_name: "loadbalancer01"
    machine_template: "LB_TEMPLATE"
    guest_id: "rhel6_64Guest"
    host: "compute-host-03.cloud.local"
    cpu: "4"
    ram: "4048"
    networks: 
      - name: "CLOUD-CUST|Customer|DMZ"
        ip: "192.168.98.100"
        netmask: "255.255.255.0"
        device_type: "vmxnet3"
    gateway: "192.168.99.254"
    disk:
      - size_gb: "30"
        type: "thin"
        datastore: "cust_sas_esx_nfs_02"    
  - name: "WEBSERVER01"
    machine_name: "webserver01"
    machine_template: "RHEL6_TEMPLATE"
    guest_id: "rhel6_64Guest"
    host: "compute-host-01.cloud.local"
    cpu: "1"
    ram: "1024"
    networks: 
      - name: "CLOUD-CUST|Customer|APP"
        ip: "192.168.100.10"
        netmask: "255.255.255.0"
        device_type: "vmxnet3"
    gateway: "192.168.100.254"
    disk:
      - size_gb: "30"
        type: "thin"
        datastore: "cust_sas_esx_nfs_01"
  - name: "WEBSERVER02"
    machine_name: "webserver02"
    machine_template: "RHEL6_TEMPLATE"
    guest_id: "rhel6_64Guest"
    host: "compute-host-02.cloud.local"
    cpu: "1"
    ram: "1024"
    networks: 
      - name: "CLOUD-CUST|Customer|APP"
        ip: "192.168.100.20"
        netmask: "255.255.255.0"
        device_type: "vmxnet3"
    gateway: "192.168.100.254"
    disk:
      - size_gb: "30"
        type: "thin"
        datastore: "cust_sas_esx_nfs_02"      
  - name: "DBSERVER01"
    machine_name: "dbserver01"
    machine_template: "RHEL6_TEMPLATE"
    guest_id: "rhel6_64Guest"
    host: "compute-host-10.cloud.local"
    cpu: "8"
    ram: "32000"
    networks: 
      - name: "CLOUD-CUST|Customer|DB"
        ip: "192.168.101.10"
        netmask: "255.255.255.0"
        device_type: "vmxnet3"
    gateway: "192.168.101.254"
    disk:
      - size_gb: "30"
        type: "thin"
        datastore: "cust_sas_esx_nfs_01"
      - size_gb: "250"
        type: "thick"
        datastore: "cust_ssd_esx_nfs_01" 
      - size_gb: "250"
        type: "thick"
        datastore: "cust_ssd_esx_nfs_01" 
      - size_gb: "250"
        type: "thick"
        datastore: "cust_ssd_esx_nfs_01" 
  - name: "DBSERVER02"
    machine_name: "dbserver02"
    machine_template: "RHEL6_TEMPLATE"
    guest_id: "rhel6_64Guest"
    host: "compute-host-11.cloud.local"
    cpu: "8"
    ram: "32000"
    networks: 
      - name: "CLOUD-CUST|Customer|DB"
        ip: "192.168.101.11"
        netmask: "255.255.255.0"
        device_type: "vmxnet3"
    gateway: "192.168.101.254"
    disk:
      - size_gb: "30"
        type: "thin"
        datastore: "cust_sas_esx_nfs_02"
      - size_gb: "250"
        type: "thick"
        datastore: "cust_ssd_esx_nfs_02" 
      - size_gb: "250"
        type: "thick"
        datastore: "cust_ssd_esx_nfs_02" 
      - size_gb: "250"
        type: "thick"
        datastore: "cust_ssd_esx_nfs_02"

如您所见,我正在为所有七个虚拟机定义规格、网络和存储;在可能的情况下,我会精简资源调配存储,并确保当一个角色中有多个虚拟机时,我会使用不同的存储池。

现在我已经拥有了虚拟机所需的所有细节,我可以创建角色了。首先有roles/vmware/tasks/main.yml:

- name: Launch the VMs
  vmware_guest:
    hostname: "{{vcenter.host}}"
    username: "{{ vcenter.username }}"
    password: "{{ vcenter.password }}"
    validate_certs: no
    datacenter: "{{ deploy.datacenter }}"
    folder: "{{ deploy.folder }}"
    name: "{{ item.machine_name | upper }}"
    state: "{{ machine_state }}"
    guest_id: "{{ item.guest_id }}"
    esxi_hostname: "{{ item.host }}"
    hardware:
      memory_mb: "{{ item.ram }}"
      num_cpus: "{{ item.cpu }}"
    networks: "{{ item.networks }}"
    disk: "{{ item.disk }}"
    template: "{{ item.machine_template }}"
    wait_for_ip_address: "{{ wait_for_ip_address }}"
    customization:
      hostname: "{{ item.machine_name | lower }}"
  with_items: "{{ vm }}"

可以看到,这个任务循环遍历vm变量中的项目;虚拟机启动后,它将等待我分配的 IP 地址在 VMware 中可用。这可确保在继续启动下一个虚拟机或继续下一个角色之前,虚拟机已正确启动。

下一个角色解决了192.168.1.254在虚拟机模板中被硬编码为网关的问题;可以在roles/fix/tasks/main.yml中找到。角色中有两个任务;第一个更新将网关更新为虚拟机已在其中启动的网络的正确网关:

- name: Sort out the wrong IP address in the /etc/sysconfig/network file on the vms
  vmware_vm_shell:
    hostname: "{{vcenter.host}}"
    username: "{{ vcenter.username }}"
    password: "{{ vcenter.password }}"
    validate_certs: no
    vm_id: "{{ item.machine_name | upper }}"
    vm_username: "{{ vm_shell.username }}"
    vm_password: "{{ vm_shell.password }}"
    vm_shell: "{{ vm_shell.cmd }}"
    vm_shell_args: " {{ vm_shell.args }} "
    vm_shell_cwd: "{{ vm_shell.cwd }}"
  with_items: "{{ vm }}"

如您所见,这将遍历定义为vm的虚拟机列表,并执行我们在group_vars/vmware.yml文件中定义的sed命令。一旦这个任务已经运行,我们需要再运行一个任务。这将在所有虚拟机上重新启动网络,以便获得对网关的更改:

- name: Restart networking on all VMs
  vmware_vm_shell:
    hostname: "{{vcenter.host}}"
    username: "{{ vcenter.username }}"
    password: "{{ vcenter.password }}"
    validate_certs: no
    vm_id: "{{ item.machine_name | upper }}"
    vm_username: "{{ vm_shell.username }}"
    vm_password: "{{ vm_shell.password }}"
    vm_shell: "/sbin/service"
    vm_shell_args: "network restart"
  with_items: "{{ vm }}"

当我运行行动手册时,运行时间大约为 30 分钟,但在运行结束时,我启动了七台虚拟机并可供使用,因此我能够运行引导环境就绪的行动手册集,这样我就可以将它们交给客户,让他们部署应用。

摘要

正如您从很长的模块列表中看到的,您可以使用 Ansible 完成作为 VMware 管理员应该完成的大多数常见任务。除此之外,我们还在第 7 章中查看了用于管理网络设备的核心网络模块,以及支持 NetApp 存储设备的模块,您可以构建一些相当复杂的行动手册,涵盖物理设备、VMware 元素,甚至运行在虚拟化基础架构中的虚拟机。

在下一章中,我们将看到如何使用游民在本地构建我们的 Windows 服务器,然后将我们的行动手册带到公共云中。

问题

  1. 你需要在你的 Ansible 控制器上安装哪个 Python 模块才能与 vSphere 交互?
  2. 对或错:vmware_dns_config仅允许您在 ESXi 主机上设置 DNS 解析器。
  3. 说出我们已经介绍过的可用于启动虚拟机的两个模块;有三种,但有一种不推荐使用。
  4. 在进行通过 VMware 与虚拟机交互的任务之前,您会使用我们研究过的哪些模块来确保虚拟机完全可用?
  5. 真或假:可以使用 Ansible 安排电源状态的更改。

进一步阅读

为了更好地了解 VMware vSphere,我推荐以下视频:https://www.youtube.com/watch?v=3OvrKZYnzjM