现在,我们知道了如何在 AWS 中启动网络和服务,接下来我们将讨论在 VMware 环境中部署类似的设置,并讨论核心 VMware 模块。
在本章中,我们将:
- 快速介绍 VMware
- 查看 Ansible 的 VMware 模块
- 完成一个启动几台虚拟机的示例行动手册
在本章中,我们将讨论 VMware 产品系列的各种组件,以及如何使用 Ansible 与它们进行交互。虽然本章中有一个示例行动手册,但它可能不容易转移到您的安装中。因此,不建议您在没有首先更新的情况下使用本章中的任何示例。
VMware 有近 20 年的历史,从一家隐形初创公司到被戴尔拥有并被 EMC 收购,收入高达 79.2 亿美元。VMware 产品组合中目前有大约 30 种产品可用;最常见的是其虚拟机管理程序,有两种不同的类型。
第一个虚拟机管理程序是 VMware ESXi,它是一种类型 1,使用大多数现代 64 位英特尔和 AMD 处理器中的指令集直接在硬件上运行。其最初的第 2 类虚拟机管理程序不需要像第 1 类虚拟机管理程序那样在 CPU 中存在虚拟化指令。它的正式名称是 GSX;该虚拟机管理程序先于类型 1 虚拟机管理程序,这意味着它可以支持更旧的 CPU。
VMware 在大多数企业中极为常见;它允许管理员跨众多基于 x86 的标准硬件配置和类型快速部署虚拟机。
如前所述,VMware 系列大约有 30 种产品;这些涵盖了从虚拟机管理程序到虚拟交换机、虚拟存储以及用于与基于 VMware 的主机和虚拟机进行交互的多个界面的所有内容。在本节中,我们将介绍 Ansible 附带的核心模块,以管理您的 VMware 资产的各个方面。
我已经尝试将它们分成逻辑组,对于每个组,我将简要解释模块所针对的产品。
这些模块都有一个共同点:都需要安装一个名为PyVmomi
的 Python 模块。要安装它,运行以下pip
命令:
$ sudo pip install PyVmomi
本模块包含 VMware vSphere API Python 绑定,如果没有它,我们将在本章中介绍的模块将无法与您的 VMware 安装进行交互。
虽然本章中的模块已经用 vSphere 5.5 到 6.5 进行了测试,但是您可能会发现一些较旧的模块在 vs sphere 的较新版本中存在一些问题。
vCloud Air 是 VMware 的基础架构即服务 ( IaaS )产品,我说是,因为 vCloud Air 业务部门和负责该服务的团队在 2017 年年中被法国托管和云公司 OVH 从 VMware 手中收购。有三个 Ansible 模块提供对 vCloud Air 的直接支持,以及 VMware vCloud 混合服务 ( vCHS )和 VMware vCloud 控制器 ( vCD )。
此模块使您能够在 vCloud Air 网关中添加和删除防火墙规则。以下示例向您展示了如何添加允许 SSH 流量的规则:
- name: example fireware rule
vca_fw:
instance_id: "abcdef123456-1234-abcd-1234-abcdef123456"
vdc_name: "my_vcd"
service_type: "vca"
state: "present"
fw_rules:
- description: "Allow SSH"
source_ip: "10.20.30.40"
source_port: "Any"
dest_port: "22"
dest_ip: "192.0.10.20"
is_enable: "true"
enable_logging: "false"
protocol: "Tcp"
policy: "allow"
注意我们是如何通过一个service_type
;这可能是vca
、vcd
或vchs
。
该模块允许您管理网络地址转换 ( NAT )规则。在以下示例中,我们要求所有到达公共 IP 地址为123.123.123.123
的端口2222
的流量被转发到 IP 地址为192.0.10.20
的虚拟机上的端口22
:
- name: example nat rule
vca_nat:
instance_id: "abcdef123456-1234-abcd-1234-abcdef123456"
vdc_name: "my_vcd"
service_type: "vca"
state: "present"
nat_rules:
- rule_type: "DNAT"
original_ip: "123.123.123.123"
original_port: "2222"
translated_ip: "192.0.10.20"
translated_port: "22"
这意味着要从我们的外部网络访问虚拟机192.0.10.20
上的 SSH,我们需要运行如下命令:
$ ssh username@123.123.123.123 -p2222
假设我们有正确的防火墙规则,我们应该通过192.0.10.20
虚拟机进行路由。
本模块用于创建和管理虚拟应用。vApp 是一个或多个虚拟机,它们组合起来提供一个应用:
- name: example vApp
vca_vapp:
vapp_name: "Example"
vdc_name: "my_vcd"
state: "present"
operation: "poweron"
template_name: "CentOS7 x86_64 1804"
前面的例子是一个非常基本的例子,说明了如何使用vca_vapp
模块来确保存在一个名为Example
的 vApp 并通电。
VMware vSphere 是一套来自 VMware 的软件,由几个 VMware 组件组成。这是 VMware 可能会有点困惑的地方,因为 VMware vSphere 由 VMware vCentre 和 VMware ESXi 组成,它们都有自己的 Ansible 模块,从表面上看,它们似乎完成了类似的任务。
本模块允许您管理您的 VMware 虚拟圈集群。VMware vSphere 集群是主机的集合,当集群在一起时,这些主机共享资源,允许您添加高可用性 ( HA )并启动分布式资源调度程序 ( DRS )来管理集群内工作负载的放置:
- name: Create a cluster
vmware_cluster:
hostname: "{{ item.ip }}"
datacenter_name: "my_datacenter"
cluster_name: "cluster"
enable_ha: "yes"
enable_drs: "yes"
enable_vsan: "yes"
username: "{{ item.username }}"
password: "{{ item.password }}"
with_items: "{{ vsphere_hosts }}"
前面的代码将遍历主机、用户名和密码列表来创建一个集群。
VMware 虚拟空间数据中心是为支持您的集群的物理资源、主机、存储和网络的集合命名的:
- name: Create a datacenter
vmware_datacenter:
hostname: "{{ item.ip }}"
username: "{{ item.username }}"
password: "{{ item.password }}"
datacenter_name: "my_datacenter"
state: present
with_items: "{{ vsphere_hosts }}"
上一个示例将vsphere_hosts
中列出的主机添加到my_datacenter
VMware vssphere 数据中心。
本模块可用于收集运行在您的 VMware 虚拟圈集群中的虚拟机或模板的信息:
- name: Gather facts on all VMs in the cluster
vmware_vm_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
vm_type: "vm"
delegate_to: "localhost"
register: vm_facts
前面的例子只收集了用我们的集群创建的虚拟机的信息,并将结果注册为vm_facts
变量。如果我们想只在模板上找到信息,我们可以将vm_type
更新为模板,或者我们可以通过将vm_type
更新为全部来列出所有虚拟机和模板。
此模块可用于使用 VMware 连接到虚拟机并运行 shell 命令。Ansible 在任何时候都不需要使用基于网络的服务(如 SSH)连接到虚拟机,这对于在虚拟机进入网络之前进行配置非常有用:
- name: Shell example
vmware_vm_shell:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
datacenter: "my_datacenter"
folder: "/my_vms"
vm_id: "example_vm"
vm_username: "root"
vm_password: "supersecretpassword"
vm_shell: "/bin/cat"
vm_shell_args: " results_file "
vm_shell_env:
- "PATH=/bin"
- "VAR=test"
vm_shell_cwd: "/tmp"
delegate_to: "localhost"
register: shell_results
前面的示例连接到一个名为example_vm
的虚拟机,该虚拟机存储在my_datacenter
数据中心根目录下的my_vms
文件夹中。使用我们提供的用户名和密码连接后,它会运行以下命令:
$ /bin/cat results_file
在虚拟机上的/tmp
文件夹中,运行命令的输出被注册为shell_results
,以便我们以后使用。
通过本模块,您可以配置 VMware DRS 相似性规则。这些允许您控制虚拟机在集群中的放置:
- name: Create DRS Affinity Rule for VM-VM
vmware_vm_vm_drs_rule:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
cluster_name: "cluster"
vms: "{{ item }}"
drs_rule_name: ""
enabled: "True"
mandatory: "True"
affinity_rule: "True"
with_items:
- "example_vm"
- "another_example_vm"
在前面的示例中,我们创建了一个规则,该规则将导致虚拟机example_vm
和another_example_vm
永远不会在同一个物理主机上运行。
本模块将命名虚拟机从连接到单个主机的标准虚拟交换机迁移到集群中可用的分布式虚拟交换机:
- name: migrate vm to dvs
vmware_vm_vss_dvs_migrate"
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
vm_name: "example_vm"
dvportgroup_name: "example_portgroup"
delegate_to: localhost
如您所见,我们正在将example_vm
从标准虚拟交换机移动到名为example_portgroup
的分布式虚拟交换机。
本模块的目的只有一个——将本地文件复制到远程数据存储:
- name: copy file to datastore
vsphere_copy:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
src: "/path/to/local/file"
datacenter: "my_datacenter"
datastore: "my_datastore"
path: "path/to/remove/file"
transport: local
如您所见,我们正在my_datacenter
数据中心托管的my_datastore
数据存储中将文件从/path/to/local/file
复制到path/to/remove/file
。
此模块已被弃用,将在 Ansible 2.9 中删除;建议您改用vmware_guest
模块。
VMware vCentre 是 VMware vSphere 套件的重要组成部分;它支持诸如 vMotion、VMware 分布式资源调度器和 VMware 高可用性等功能的集群。
此模块启用 vCenter 文件夹管理。例如,以下示例为您的虚拟机创建一个文件夹:
- name: Create a vm folder
vcenter_folder:
hostname: "{{ item.ip }}"
username: "{{ item.username }}"
password: "{{ item.password }}"
datacenter_name: "my_datacenter"
folder_name: "virtual_machines"
folder_type: "vm"
state: "present"
以下是为您的主机创建文件夹的示例:
- name: Create a host folder
vcenter_folder:
hostname: "{{ item.ip }}"
username: "{{ item.username }}"
password: "{{ item.password }}"
datacenter_name: "my_datacenter"
folder_name: "hosts"
folder_type: "host"
state: "present"
本模块允许您添加和删除 VMware vCenter 许可证:
- name: Add a license
vcenter_license:
hostname: "{{ item.ip }}"
username: "{{ item.username }}"
password: "{{ item.password }}"
license: "123abc-456def-abc456-def123"
state: "present"
delegate_to: localhost
此模块允许您启动和管理 VMware 集群中的虚拟机;以下示例显示了如何使用模板启动虚拟机:
- name: Create a VM from a template
vmware_guest:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter: "my-datacenter"
folder: "/vms"
name: "yet_another_example_vm"
state: "poweredon"
template: "centos7-x86_64-1804"
disk:
- size_gb: "40"
type: "thin"
datastore: "my_datastore"
hardware:
memory_mb: "4048"
num_cpus: "4"
max_connections: "3"
hotadd_cpu: "True"
hotremove_cpu: "True"
hotadd_memory: "True"
networks:
- name: "VM Network"
ip: "192.168.1.100"
netmask: "255.255.255.0"
gateway: "192.168.1.254"
dns_servers:
- "192.168.1.1"
- "192.168.1.2"
wait_for_ip_address: "yes"
delegate_to: "localhost"
register: deploy
如您所见,我们对虚拟机及其配置有很大的控制权。硬件、网络和存储配置有单独的部分;我们将在本章末尾更详细地了解这个模块。
本模块收集已创建虚拟机的信息:
- name: Gather facts on the yet_another_example_vm vm
vmware_guest_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter: "my-datacenter"
folder: "/vms"
name: "yet_another_example_vm"
delegate_to: localhost
register: facts
前面的例子收集了我们在前面部分定义的机器上的大量信息,并将这些信息注册为变量,以便我们可以在我们的剧本运行中的其他地方使用它。
这个模块是在 Ansible 2.5 中引入的;它允许您从虚拟机添加和获取文件,而无需虚拟机位于网络上。它还允许您在虚拟机中创建文件夹。以下示例在虚拟机中创建一个目录:
- name: create a directory on a vm
vmware_guest_file_operation:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter: "my-datacenter"
vm_id: "yet_another_example_vm"
vm_username: "root"
vm_password: "supersecretpassword"
directory:
path: "/tmp/imported/files"
operation: "create"
recurse: "yes"
delegate_to: localhost
以下示例将名为config.zip
的文件从我们的 Ansible 主机复制到之前创建的目录中:
- name: copy file to vm
vmware_guest_file_operation:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter: "my-datacenter"
vm_id: "yet_another_example_vm"
vm_username: "root"
vm_password: "supersecretpassword"
copy:
src: "files/config.zip"
dest: "/tmp/imported/files/config.zip"
overwrite: "False"
delegate_to: localhost
我们知道运行虚拟机的文件夹的名称。如果没有,或者因为任何原因发生了变化,我们可以使用vmware_guest_find
模块来动态发现位置:
- name: Find vm folder location
vmware_guest_find:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
name: "yet_another_example_vm"
register: vm_folder
文件夹的名称将被注册为vm_folder
。
该模块不言自明;它用于管理虚拟机的电源阶段。以下示例对虚拟机进行电源循环:
- name: Powercycle a vm
vmware_guest_powerstate:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
folder: "/vms"
name: "yet_another_example_vm"
state: "reboot-guest"
delegate_to: localhost
您还可以安排对电源状态的更改。以下示例在 2019 年 4 月 1 日上午 9 点关闭虚拟机:
- name: April fools
vmware_guest_powerstate:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
folder: "/vms"
name: "yet_another_example_vm"
state: "powered-off"
scheduled_at: "01/04/2019 09:00"
delegate_to: localhost
我绝不会做那样的事!
此模块允许您管理虚拟机快照;例如,下面创建了一个快照:
- name: Create a snapshot
vmware_guest_snapshot:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter: "my-datacenter"
folder: "/vms"
name: "yet_another_example_vm"
snapshot_name: "pre-patching"
description: "snapshot made before patching"
state: "present"
delegate_to: localhost
从前面的示例中可以看到,拍摄此快照是因为我们即将对虚拟机进行修补。如果修补按预期进行,那么我们可以运行以下任务:
- name: Remove a snapshot
vmware_guest_snapshot:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter: "my-datacenter"
folder: "/vms"
name: "yet_another_example_vm"
snapshot_name: "pre-patching"
state: "remove"
delegate_to: localhost
如果一切都没有按计划进行,并且修补程序破坏了我们的虚拟机,那么不用担心,我们有一个可以恢复的快照:
- name: Revert to a snapshot
vmware_guest_snapshot:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter: "my-datacenter"
folder: "/vms"
name: "yet_another_example_vm"
snapshot_name: "pre-patching"
state: "revert"
delegate_to: localhost
祈祷你永远不必恢复到快照(除非它是计划好的)。
本节的最后一个模块是另一个不言自明的模块;它只是等待 VMware 工具可用,然后在机器上收集事实:
- name: Wait for VMware tools to become available by name
vmware_guest_tools_wait:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
folder: "/vms"
name: "yet_another_example_vm"
delegate_to: localhost
register: facts
VMware tools 是在虚拟机内部运行的应用。一旦启动,它允许 VMware 与虚拟机交互,从而允许vmware_guest_file_operation
和vmware_vm_shell
等模块运行。
大多数 VMware 安装的核心是许多 VMware ESXi 主机。VMware ESXi 是第 1 类虚拟机管理程序,支持虚拟机运行。Ansible 提供了几个模块,允许您配置 VMware ESXi 主机并与之交互。
此模块允许您管理 ESXi 主机的 DNS 方面;它允许您设置主机名、域和 DNS 解析器:
- name: Configure the hostname and dns servers
local_action
module: vmware_dns_config:
hostname: "{{ exsi_host }}"
username: "{{ exsi_username }}"
password: "{{ exsi_password }}"
validate_certs: "no"
change_hostname_to: "esxi-host-01"
domainname: "my-domain.com"
dns_servers:
- "8.8.8.8"
- "8.8.4.4"
在前面的例子中,我们将主机的 FQDN 设置为esxi-host-01.my-domain.com
,并将主机配置为使用谷歌公共域名解析器。
下面是一个简单的模块,它收集了关于您的 VMware ESXi 主机的 DNS 配置的事实:
- name: gather facts on dns config
vmware_host_dns_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
cluster_name: "my_cluster"
您可以使用此模块将您的 ESXi 主机连接到 vCenter:
- name: add an esxi host to vcenter
vmware_host:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
datacenter_name: "my-datacenter"
cluster_name: "my_cluster"
esxi_hostname: "{{ exsi_host }}"
esxi_username: "{{ exsi_username }}"
esxi_password: "{{ exsi_password }}"
state: present
您也可以使用该模块将主机重新连接到您的 vCenter 集群:
- name: reattach an esxi host to vcenter
vmware_host:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
datacenter_name: "my-datacenter"
cluster_name: "my_cluster"
esxi_hostname: "{{ exsi_host }}"
esxi_username: "{{ exsi_username }}"
esxi_password: "{{ exsi_password }}"
state: reconnect
您还可以从 vCenter 集群中删除主机:
- name: remove an esxi host to vcenter
vmware_host:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
datacenter_name: "my-datacenter"
cluster_name: "my_cluster"
esxi_hostname: "{{ exsi_host }}"
esxi_username: "{{ exsi_username }}"
esxi_password: "{{ exsi_password }}"
state: absent
正如您可能已经猜到的,本模块收集了有关您的虚拟环境或 vCenter 集群中的 VMware ESXi 主机的事实:
- name: Find out facts on the esxi hosts
vmware_host_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
register: host_facts
delegate_to: localhost
使用此模块,您可以管理您的 VMware ESXi 主机的接受级别。VMware 支持四种接受级别,它们是:
- VMwareCertified
- 虚拟机已接受
- 合作伙伴支持
- 社区支持
这些级别控制可以安装在 ESXi 主机上的 VIBsVIB 是一个 ESXi 软件包。这通常决定了您将从 VMware 或 VMware 合作伙伴那里获得的支持级别。以下任务将命名集群中所有 ESXi 主机的接受级别设置为社区支持:
- name: Set acceptance level for all esxi hosts in the cluster
vmware_host_acceptance:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
cluster_name: "my_cluster"
acceptance_level: "community"
state: present
register: cluster_acceptance_level
使用本模块,您可以在各个 VMware ESXi 主机上设置配置选项,例如:
- name: Set some options on our esxi host
vmware_host_config_manager:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
esxi_hostname: "{{ exsi_host }}"
options:
"Config.HostAgent.log.level": "verbose"
"Annotations.WelcomeMessage": "Welcome to my awesome Ansible managed ESXi host"
"Config.HostAgent.plugins.solo.enableMob": "false"
Ansible 从您的 VMware 主机映射高级配置选项,因此有关可用选项的更多信息,请参考您的文档。
本模块使您能够在 VMware ESXi 主机上装载和卸载数据存储区;在以下示例中,我们将在清单中的所有 VMware ESXi 主机上装载三个数据存储区:
- name: Mount datastores on our cluster
vmware_host_datastore:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter_name: "my-datacenter"
datastore_name: "{{ item.name }}"
datastore_type: "{{ item.type }}"
nfs_server: "{{ item.server }}"
nfs_path: "{{ item.path }}"
nfs_ro: "no"
esxi_hostname: "{{ inventory_hostname }}"
state: present
delegate_to: localhost
with_items:
- { "name": "ds_vol01", "server": "nas", "path": "/mnt/ds_vol01", 'type': "nfs"}
- { "name": "ds_vol02", "server": "nas", "path": "/mnt/ds_vol02", 'type': "nfs"}
- { "name": "ds_vol03", "server": "nas", "path": "/mnt/ds_vol03", 'type': "nfs"}
本模块允许您在 VMware ESXi 主机上配置防火墙规则:
- name: set some firewall rules on the esxi hosts
vmware_host_firewall_manager:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
esxi_hostname: "{{ inventory_hostname }}"
rules:
- name: "vvold"
enabled: "True"
- name: "CIMHttpServer"
enabled: "False"
前面的示例在主机清单中的每个 VMware ESXi 主机上启用vvold
和禁用CIMHttpServer
。
正如您已经猜到的,该模块与其他 facts 模块一样,用于收集集群中所有主机的防火墙配置的事实:
- name: Get facts on all cluster hosts
vmware_host_firewall_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
cluster_name: "my_cluster"
它也可以只为一台主机收集:
- name: Get facts on a single host
vmware_host_firewall_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
esxi_hostname: "{{ exsi_host }}"
此模块附带一条警告,内容如下:此模块具有破坏性,因为管理员权限是使用所用的 API 进行管理的,请仔细阅读选项并继续..
您可以使用以下代码锁定主机:
- name: Lockdown an ESXi host
vmware_host_lockdown:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
esxi_hostname: "{{ exsi_host }}"
state: "present"
您可以使用以下方法解除主机锁定:
- name: Remove the lockdown on an ESXi host
vmware_host_lockdown:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
esxi_hostname: "{{ exsi_host }}"
state: "absent"
如前所述,此模块可能会有一些意想不到的副作用,因此您可能希望针对每台主机执行此操作,而不是使用以下选项,该选项会将命名集群中的所有主机锁定:
- name: Lockdown all the ESXi hosts
vmware_host_lockdown:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
cluster_name: "my_cluster"
state: "present"
使用本模块,您可以管理每个 VMware ESXi 主机的 NTP 设置。以下示例将所有主机配置为使用同一组 NTP 服务器:
- name: Set NTP servers for all hosts
vmware_host_ntp:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
cluster_name: "my_cluster"
state: present
ntp_servers:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
本模块可用于收集集群中所有 VMware ESXi 主机的事实:
- name: Find out facts about the packages on all the ESXi hosts
vmware_host_package_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
cluster_name: "my_cluster"
register: cluster_packages
与其他 facts 模块一样,它也可以只为一台主机收集:
- name: Find out facts about the packages on a single ESXi host
vmware_host_package_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
esxi_hostname: "{{ exsi_host }}"
register: host_packages
此模块允许您管理所有集群成员或单个主机上的 ESXi 服务器:
- name: Start the ntp service on all esxi hosts
vmware_host_service_manager:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
cluster_name: "my_cluster"
service_name: "ntpd"
service_policy: "automatic"
state: "present"
在本例中,我们正在集群内的所有主机上启动 NTP 服务(service_name
);由于我们将service_policy
定义为automatic
,只有在配置了与防火墙规则相对应的服务时,服务才会启动。如果我们希望服务启动,而不考虑防火墙规则,那么我们可以将service_policy
设置为on
,或者如果我们希望服务停止,那么service_policy
应该设置为off
。
通过本模块,您可以了解集群中每个 VMware ESXi 主机上配置的服务的事实:
- name: Find out facts about the services on all the ESXi hosts
vmware_host_service_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
cluster_name: "my_cluster"
register: cluster_services
这是旧式 facts 模块之一,可用于收集数据中心中配置的数据存储的信息:
- name: Find out facts about the datastores
vmware_datastore_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter: "my_datacenter"
delegate_to: localhost
register: datastore_facts
您可能会注意到,这个模块和前面的 facts 模块在语法上有一点不同。
从旧式的事实模块到新的事实模块,此模块可用于收集 VMware ESXi 主机上物理网络接口的信息:
- name: Find out facts about the vmnics on all the ESXi hosts
vmware_host_vmnic_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter: "my_datacenter"
register: cluster_vmnics
对于单个 ESXi 主机,我们可以使用以下任务:
- name: Find out facts about the vmnics on a single ESXi host
vmware_host_vmnic_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
esxi_hostname: "{{ exsi_host }}"
register: host_vmnics
使用此模块,您可以在集群上配置角色;这些角色可用于分配权限。在以下示例中,我们为vmware_qa
角色分配了一些权限:
- name: Add a local role
vmware_local_role_manager:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
local_role_name: "vmware_qa"
local_privilege_ids: [ "Folder.Create", "Folder.Delete"]
state: "present"
使用此模块,您可以通过添加用户和设置他们的密码来管理本地用户:
- name: Add local user to ESXi
vmware_local_user_manager:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
local_user_name: "myuser"
local_user_password: "my-super-secret-password"
local_user_description: "An example user added by Ansible"
delegate_to: "localhost"
使用本模块,您可以创建 VMware ESXi 主机配置的备份:
- name: Create an esxi host configuration backup
vmware_cfg_backup:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
state: "saved"
dest: "/tmp/"
esxi_hostname: "{{ exsi_host }}"
delegate_to: "localhost"
register: cfg_backup
请注意,该模块将自动对主机进行维护,然后保存配置。在上例中,从/tmp
开始,您可以使用fetch
模块使用注册的信息来获取备份的副本。
您也可以使用此模块来恢复配置:
- name: Restore an esxi host configuration backup
vmware_cfg_backup:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
state: "loaded"
dest: "/tmp/my-host-backup.tar.gz"
esxi_hostname: "{{ exsi_host }}"
delegate_to: "localhost"
最后,您还可以通过运行以下代码将主机配置重置回其默认设置:
- name: Reset a host configuration to the default values
vmware_cfg_backup:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
state: "absent"
esxi_hostname: "{{ exsi_host }}"
delegate_to: "localhost"
本模块允许您添加虚拟机内核接口,也称为主机上的虚拟网卡:
- name: Add management port with a static ip
vmware_vmkernel:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
esxi_hostname: "{{ exsi_host }}"
vswitch_name: "my_vSwitch"
portgroup_name: "my_portgroup"
vlan_id: "the_vlan_id"
network:
type: "static"
ip_address: "192.168.127.10"
subnet_mask: "255.255.255.0"
state: "present"
enable_mgmt: "True"
在前面的例子中,我们添加了一个管理界面;还有以下选项:
enable_ft
:启用容错流量接口enable_mgmt
:启用管理流量的接口enable_vmotion
:启用 VMotion 流量接口enable_vsan
:启用 VSAN 流量接口
还有一个事实模块,这是一个新型模块;您可能已经猜到了任务的样子:
- name: Find out facts about the vmkernel on all the ESXi hosts
vmware_vmkernel_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
cluster_name: "my_cluster"
register: cluster_vmks
- name: Find out facts about the vmkernel on a single ESXi host
vmware_vmkernel_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
esxi_hostname: "{{ exsi_host }}"
register: host_vmks
使用这个模块,您可以找到 SCSI 目标的规范名称;您只需要知道目标设备的标识:
- name: Get Canonical name of SCSI device
vmware_target_canonical_facts"
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
target_id: "6"
register: canonical_name
您可以使用此模块执行虚拟机从一台 VMware ESXi 主机到另一台的 vMotion:
- name: Perform vMotion of VM
vmware_vmotion
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
vm_name: "example_vm"
destination_host: "esxi-host-02"
delegate_to: "localhost"
register: vmotion_results
您可以使用此模块注册 VSAN 集群;本模块的工作方式与本章中的其他模块略有不同,首先需要在单个主机上生成集群 UUID,然后使用生成的 uuid 在其余主机上部署 VSAN。
以下任务假设您有一个名为esxi_hosts
的主机组,它包含多个主机。第一个任务将 VSAN 分配给组中的第一台主机,然后注册结果:
- name: Configure VSAN on first host in the group
vmware_vsan_cluster:
hostname: "{{ groups['esxi_hosts'][0] }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
register: vsan_cluster
注册为vsan_cluster
的结果包含 VSAN 集群 UUID,我们将需要该集群中的其他主机。以下代码在其余主机上配置集群,跳过原始主机:
- name: Configure VSAN on the remaining hosts in the group
vmware_vsan_cluster:
hostname: "{{ item }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
cluster_uuid: "{{ vsan_cluster.cluster_uuid }}"
with_items: "{{ groups['esxi_hosts'][1:] }}"
使用此模块,您可以向 ESXi 主机添加或删除 VMware 标准交换机 ( 虚拟交换机):
- name: Add a vSwitch
vmware_vswitch:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
switch: "vswitch_name"
nics:
- "vmnic1"
- "vmnic2"
mtu: "9000"
delegate_to: "localhost"
在本例中,我们添加了一个连接到多个虚拟机的虚拟交换机。
您可以使用本模块收集整个集群或单个数据中心中配置的 DRS 的事实:
- name: Find out facts about drs on all the hosts in the cluster
vmware_drs_rule_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
cluster_name: "my_cluster"
delegate_to: "localhost"
register: cluster_drs
- name: Find out facts about drs in a single data center
vmware_drs_rule_facts:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter: "my_datacenter"
delegate_to: "localhost"
register: datacenter_drs
此模块允许您创建和删除分布式虚拟交换机:
- name: Create dvswitch
vmware_dvswitch:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter: "my_datacenter"
switch_name: "my_dvSwitch"
switch_version: "6.0.0"
mtu: "9000"
uplink_quantity: "2"
discovery_proto: "lldp"
discovery_operation: "both"
state: present
delegate_to: "localhost"
使用此模块,您可以在分布式虚拟交换机中添加或删除主机:
- name: Add host to dvs
vmware_dvs_host:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
esxi_hostname: "{{ exsi_host }}"
switch_name: "my_dvSwitch"
vmnics:
- "vmnic1"
- "vmnic2"
state: "present"
delegate_to: "localhost"
使用本模块,您可以管理您的 DVS 端口组:
- name: Create a portgroup with vlan
vmware_dvs_portgroup:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
portgroup_name: "my_portgroup_vlan123"
switch_name: "my_dvSwitch"
vlan_id: "123"
num_ports: "120"
portgroup_type: "earlyBinding"
state: "present"
delegate_to: "localhost"
使用此模块,您可以将主机置于维护模式。以下示例向您展示了如何在维护 VSAN 上的对象可用性的同时维护主机:
- name: Put host into maintenance mode
vmware_maintenancemode:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
esxi_hostname: "{{ exsi_host }}"
vsan: "ensureObjectAccessibility"
evacuate: "yes"
timeout: "3600"
state: "present"
delegate_to: "localhost"
本模块允许您在给定集群中的主机上创建 VMware 端口组:
- name: Create a portgroup with vlan
vmware_portgroup:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
cluster_name: "my_cluster"
switch_name: "my_switch"
portgroup_name: "my_portgroup_vlan123"
vlan_id: "123"
delegate_to: "localhost"
有了这个,我们要看的最后一个模块,您可以创建一个资源库。如何做到这一点的一个例子如下:
- name: Add resource pool
vmware_resource_pool:
hostname: "{{ vsphere_host }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: "no"
datacenter: "my_datacenter"
cluster: "my_new_cluster"
resource_pool: "my_resource_pool"
mem_shares: "normal"
mem_limit: "-1"
mem_reservation: "0"
mem_expandable_reservations: "True"
cpu_shares: "normal"
cpu_limit: "-1"
cpu_reservation: "0"
cpu_expandable_reservations: "True"
state: present
delegate_to: "localhost"
在我们完成本章之前,我将分享我为在 VMware 集群中部署少量虚拟机而编写的示例行动手册。该项目的想法是将七台虚拟机引入客户的网络,如下所示:
- 一台 Linux 跳转主机
- 一台 NTP 服务器
- 一个负载平衡器
- 两台网络服务器
- 两台数据库服务器
所有虚拟机都必须根据现有模板构建;不幸的是,这个模板是用/etc/sysconfig/network
文件中192.168.1.254
的硬编码网关 IP 地址构建的。这意味着,为了让这些机器正确地出现在网络上,我必须在每个虚拟机启动后对它们进行更改。
我从在我的group_vars
文件夹中建立一个名为vmware.yml
的文件开始;其中包含连接到我的 VMware 安装所需的信息以及虚拟机的默认凭据:
vcenter:
host: "cluster.cloud.local"
username: "svc_ansible@cloud.local"
password: "mymegasecretpassword"
wait_for_ip_address: "yes"
machine_state: "poweredon"
deploy:
datacenter: "Cloud DC4"
folder: "/vm/Ansible"
resource_pool: "/Resources/"
vm_shell:
username: "root"
password: "hushdonttell"
cwd: "/tmp"
cmd: "/bin/sed"
args: "-i 's/GATEWAY=192.168.1.254/GATEWAY={{ item.gateway }}/g' /etc/sysconfig/network"
我将使用我将运行的两个角色中定义的变量。接下来是group_vars/vms.yml
文件;这包含在我的 VMware 环境中启动虚拟机所需的所有信息:
vm:
- name: "NTPSERVER01"
machine_name: "ntpserver01"
machine_template: "RHEL6_TEMPLATE"
guest_id: "rhel6_64Guest"
host: "compute-host-01.cloud.local"
cpu: "1"
ram: "1024"
networks:
- name: "CLOUD-CUST|Customer|MANGMENT"
ip: "192.168.99.10"
netmask: "255.255.255.0"
device_type: "vmxnet3"
gateway: "192.168.99.254"
disk:
- size_gb: "30"
type: "thin"
datastore: "cust_sas_esx_nfs_01"
- name: "JUMPHOST01"
machine_name: "jumphost01"
machine_template: "RHEL6_TEMPLATE"
guest_id: "rhel6_64Guest"
host: "compute-host-02.cloud.local"
cpu: "1"
ram: "1024"
networks:
- name: "CLOUD-CUST|Customer|MANGMENT"
ip: "192.168.99.20"
netmask: "255.255.255.0"
device_type: "vmxnet3"
gateway: "192.168.99.254"
disk:
- size_gb: "30"
type: "thin"
datastore: "cust_sas_esx_nfs_01"
- name: "LOADBALANCER01"
machine_name: "loadbalancer01"
machine_template: "LB_TEMPLATE"
guest_id: "rhel6_64Guest"
host: "compute-host-03.cloud.local"
cpu: "4"
ram: "4048"
networks:
- name: "CLOUD-CUST|Customer|DMZ"
ip: "192.168.98.100"
netmask: "255.255.255.0"
device_type: "vmxnet3"
gateway: "192.168.99.254"
disk:
- size_gb: "30"
type: "thin"
datastore: "cust_sas_esx_nfs_02"
- name: "WEBSERVER01"
machine_name: "webserver01"
machine_template: "RHEL6_TEMPLATE"
guest_id: "rhel6_64Guest"
host: "compute-host-01.cloud.local"
cpu: "1"
ram: "1024"
networks:
- name: "CLOUD-CUST|Customer|APP"
ip: "192.168.100.10"
netmask: "255.255.255.0"
device_type: "vmxnet3"
gateway: "192.168.100.254"
disk:
- size_gb: "30"
type: "thin"
datastore: "cust_sas_esx_nfs_01"
- name: "WEBSERVER02"
machine_name: "webserver02"
machine_template: "RHEL6_TEMPLATE"
guest_id: "rhel6_64Guest"
host: "compute-host-02.cloud.local"
cpu: "1"
ram: "1024"
networks:
- name: "CLOUD-CUST|Customer|APP"
ip: "192.168.100.20"
netmask: "255.255.255.0"
device_type: "vmxnet3"
gateway: "192.168.100.254"
disk:
- size_gb: "30"
type: "thin"
datastore: "cust_sas_esx_nfs_02"
- name: "DBSERVER01"
machine_name: "dbserver01"
machine_template: "RHEL6_TEMPLATE"
guest_id: "rhel6_64Guest"
host: "compute-host-10.cloud.local"
cpu: "8"
ram: "32000"
networks:
- name: "CLOUD-CUST|Customer|DB"
ip: "192.168.101.10"
netmask: "255.255.255.0"
device_type: "vmxnet3"
gateway: "192.168.101.254"
disk:
- size_gb: "30"
type: "thin"
datastore: "cust_sas_esx_nfs_01"
- size_gb: "250"
type: "thick"
datastore: "cust_ssd_esx_nfs_01"
- size_gb: "250"
type: "thick"
datastore: "cust_ssd_esx_nfs_01"
- size_gb: "250"
type: "thick"
datastore: "cust_ssd_esx_nfs_01"
- name: "DBSERVER02"
machine_name: "dbserver02"
machine_template: "RHEL6_TEMPLATE"
guest_id: "rhel6_64Guest"
host: "compute-host-11.cloud.local"
cpu: "8"
ram: "32000"
networks:
- name: "CLOUD-CUST|Customer|DB"
ip: "192.168.101.11"
netmask: "255.255.255.0"
device_type: "vmxnet3"
gateway: "192.168.101.254"
disk:
- size_gb: "30"
type: "thin"
datastore: "cust_sas_esx_nfs_02"
- size_gb: "250"
type: "thick"
datastore: "cust_ssd_esx_nfs_02"
- size_gb: "250"
type: "thick"
datastore: "cust_ssd_esx_nfs_02"
- size_gb: "250"
type: "thick"
datastore: "cust_ssd_esx_nfs_02"
如您所见,我正在为所有七个虚拟机定义规格、网络和存储;在可能的情况下,我会精简资源调配存储,并确保当一个角色中有多个虚拟机时,我会使用不同的存储池。
现在我已经拥有了虚拟机所需的所有细节,我可以创建角色了。首先有roles/vmware/tasks/main.yml
:
- name: Launch the VMs
vmware_guest:
hostname: "{{vcenter.host}}"
username: "{{ vcenter.username }}"
password: "{{ vcenter.password }}"
validate_certs: no
datacenter: "{{ deploy.datacenter }}"
folder: "{{ deploy.folder }}"
name: "{{ item.machine_name | upper }}"
state: "{{ machine_state }}"
guest_id: "{{ item.guest_id }}"
esxi_hostname: "{{ item.host }}"
hardware:
memory_mb: "{{ item.ram }}"
num_cpus: "{{ item.cpu }}"
networks: "{{ item.networks }}"
disk: "{{ item.disk }}"
template: "{{ item.machine_template }}"
wait_for_ip_address: "{{ wait_for_ip_address }}"
customization:
hostname: "{{ item.machine_name | lower }}"
with_items: "{{ vm }}"
可以看到,这个任务循环遍历vm
变量中的项目;虚拟机启动后,它将等待我分配的 IP 地址在 VMware 中可用。这可确保在继续启动下一个虚拟机或继续下一个角色之前,虚拟机已正确启动。
下一个角色解决了192.168.1.254
在虚拟机模板中被硬编码为网关的问题;可以在roles/fix/tasks/main.yml
中找到。角色中有两个任务;第一个更新将网关更新为虚拟机已在其中启动的网络的正确网关:
- name: Sort out the wrong IP address in the /etc/sysconfig/network file on the vms
vmware_vm_shell:
hostname: "{{vcenter.host}}"
username: "{{ vcenter.username }}"
password: "{{ vcenter.password }}"
validate_certs: no
vm_id: "{{ item.machine_name | upper }}"
vm_username: "{{ vm_shell.username }}"
vm_password: "{{ vm_shell.password }}"
vm_shell: "{{ vm_shell.cmd }}"
vm_shell_args: " {{ vm_shell.args }} "
vm_shell_cwd: "{{ vm_shell.cwd }}"
with_items: "{{ vm }}"
如您所见,这将遍历定义为vm
的虚拟机列表,并执行我们在group_vars/vmware.yml
文件中定义的sed
命令。一旦这个任务已经运行,我们需要再运行一个任务。这将在所有虚拟机上重新启动网络,以便获得对网关的更改:
- name: Restart networking on all VMs
vmware_vm_shell:
hostname: "{{vcenter.host}}"
username: "{{ vcenter.username }}"
password: "{{ vcenter.password }}"
validate_certs: no
vm_id: "{{ item.machine_name | upper }}"
vm_username: "{{ vm_shell.username }}"
vm_password: "{{ vm_shell.password }}"
vm_shell: "/sbin/service"
vm_shell_args: "network restart"
with_items: "{{ vm }}"
当我运行行动手册时,运行时间大约为 30 分钟,但在运行结束时,我启动了七台虚拟机并可供使用,因此我能够运行引导环境就绪的行动手册集,这样我就可以将它们交给客户,让他们部署应用。
正如您从很长的模块列表中看到的,您可以使用 Ansible 完成作为 VMware 管理员应该完成的大多数常见任务。除此之外,我们还在第 7 章、中查看了用于管理网络设备的核心网络模块,以及支持 NetApp 存储设备的模块,您可以构建一些相当复杂的行动手册,涵盖物理设备、VMware 元素,甚至运行在虚拟化基础架构中的虚拟机。
在下一章中,我们将看到如何使用游民在本地构建我们的 Windows 服务器,然后将我们的行动手册带到公共云中。
- 你需要在你的 Ansible 控制器上安装哪个 Python 模块才能与 vSphere 交互?
- 对或错:
vmware_dns_config
仅允许您在 ESXi 主机上设置 DNS 解析器。 - 说出我们已经介绍过的可用于启动虚拟机的两个模块;有三种,但有一种不推荐使用。
- 在进行通过 VMware 与虚拟机交互的任务之前,您会使用我们研究过的哪些模块来确保虚拟机完全可用?
- 真或假:可以使用 Ansible 安排电源状态的更改。
为了更好地了解 VMware vSphere,我推荐以下视频:https://www.youtube.com/watch?v=3OvrKZYnzjM。