Deploying NSX-T Using Ansible – Part 2: Setting Up The Playbook

Posts in the Series: Deploying NSX-T Using Ansible
  1. Deploying NSX-T Using Ansible – Part 1: Setting Up The Environment
  2. Deploying NSX-T Using Ansible – Part 2: Setting Up The Playbook
  3. Deploying NSX-T Using Ansible – Part 3: Running The Playbook

In my previous post I covered how to prepare your Ansible environment and install the VMware NSX-T modules. I also provided the details on how to install my Ansible playbooks for deploying NSX-T in your environments.

In this post I am going to detail how to configure these playbooks to meet your environment/requirements. I have chosen to break out my variables into multiple files. This gives me the flexibility to assign values specific to a group of hosts, inherit values from a parent group and to store usernames, passwords and license information more securely, in their own Ansible Vault encrypted file.

The deployment examples that I will demonstrate include 2 sites, that each include the following:

  • A management environment at each site. This includes a vCenter Server instance with a single management cluster.
  • A compute resource (CMP) environment at each site. This includes a vCenter Server instance with a single resource cluster.

I will deploy an NSX-T instance at each management cluster. These NSX-T instances will be used to provide SDN capabilities to the compute resource clusters (when I get time I’ll create a diagram!).

An overview of the playbook tree:

Configure Inventory

The inventory is configured in the ‘inventory/hosts‘ file. I have used a single file for the inventory to try and keep things simple. You are not limited to using this approach and can do whatever fits best for your environment. As long as the hosts are defined and in their respective groups is all that matters.

So let’s take a look at my ‘inventory/hosts‘ file for a single site.

I have 3 hosts defined, the management vCenter Server, the CMP vCenter Server and the NSX-T instance that will be used for the CMP stack. Each of these hosts are placed into their respective, site specific groups, site_a_mgmt_vcenter, site_a_cmp_vcenter and site_a_cmp_nsxt.

I also have some additional groups:

Group Description Members
site_a_mgmt All management hosts in Site A site_a_mgmt_vcenter
site_a_cmp All CMP hosts in Site A site_a_cmp_vcenter site_a_cmp_nsxt
site_a All hosts in Site A site_a_mgmt
nsxt_managers_controllers All NSX-T Managers/Controllers site_a_cmp_nsxt

I like to use groups in this way as it allows me to use variable inheritance. This is useful, as you can re-use the same variables in your playbooks and have a different value assigned, for the host or group.

In summary, you only need to define your NSX-T hosts and you’re good to go. I have included my vCenter Server hosts so that you get the idea, but these aren’t required to be set for this playbook.

Configure Site Variables

I have variables that are site specific configured in the ‘group_vars/site_a/site_a_vars.yml‘ file. These include things like DNS and NTP servers. I also include the management vCenter Server details here so that they are accessible by all hosts in the site. I also use these variables when deploying NSX-T.

Make sure to set the vCenter Server variables to that where the NSX-T manager will be deployed to/hosted on.

When deploying NSX-T, only ‘dns_server_1‘ will be configured (this is a limitation of the module at this time).

The NSX-T ova module only supports the configuration of a single NTP server, so ‘ntp_server_default‘ is used.

Configure DNS Default Domain

You will need to configure the default DNS suffix/domain for your environment. This variable is appended to your NSX-T host definition to ensure that it resolves when making changes via the modules.

The default DNS domain is configured as a global variable in the yaml file under ‘group_vars/all/dns_vars.yml

Configure NSX-T Global Variables

I have a number of variables that are used globally across all NSX-T hosts, regardless of environment or site. I can use the ‘nsxt_managers_controllers‘ group to allow me to target variables in this way to all NSX-T hosts. In the Ansible way of doing things, I have a YAML file under ‘group_vars/nsxt_managers_controllers/nsxt_manager_global_vars.yml‘.

These variables should be pretty self-explanatory and can easily be overridden by creating the same variable names against other Ansible groups or even the host directly. This would allow you to specify values that differ between hosts for some reason.

Configure NSX-T Local Variables

I configure all variables for the NSX-T instance in ‘group_vars/site_a_cmp_nsxt/site_a_cmp_nsxt_vars.yml‘. Although this is a group, it only contains a single NSX-T host used for the compute resource (CMP) clusters.

Populate these values to match your environment.

Configure Credentials

I configure all credentials in their own files, which I then encrypt with Ansible Vault. For this deployment example, there are 2 credential files that need to be updated. Note, that I have not encrypted these files as they are just examples. Do not store production passwords in plain text and at the very least, use Ansible Vault.

The first is a site specific credentials file in ‘group_vars/site_a/site_a_vcenter_creds.yml‘. Here I like to add the administrator accounts for all vCenter Servers. This allows me to use these across multiple plays where admin access to vCenter is required. In this case, the administrator details to deploy the NSX-T ova.

The second is an NSX-T specific credentials file in ‘group_vars/site_a_cmp_nsxt/site_a_cmp_nsxt_creds.yml‘. In this file I add the NSX-T manager ‘admin‘ and ‘cli‘ accounts and the service account that will be used to connect with vCenter Server.

Configure License

The last thing to configure is the license that will be assigned to the NSX-T instance, which is specified in the file ‘group_vars/site_a_cmp_nsxt/site_a_cmp_nsxt_lic.yml‘.

That should be everything that is needed to complete the deployment of NSX-T. The examples above cover the deployment of NSX-T at one site. My downloadable examples will include details for 2 sites. If you require more, it should be easy to expand on the existing playbooks.

In my next post I will go through the actual run of the playbook and deploy NSX-T.

I hope this has been helpful. If you discover any bugs or require some help, then please drop me a message via the Drift app.

Series Navigation<< Deploying NSX-T Using Ansible – Part 1: Setting Up The EnvironmentDeploying NSX-T Using Ansible – Part 3: Running The Playbook >>

Please rate this post!

Average rating / 5. Vote count:

Leave a Reply

Notify of