Deploying NSX-T Using Ansible – Part 1: Setting Up The Environment

Posts in the Series: Deploying NSX-T Using Ansible
  1. Deploying NSX-T Using Ansible – Part 1: Setting Up The Environment
  2. Deploying NSX-T Using Ansible – Part 2: Setting Up The Playbook
  3. Deploying NSX-T Using Ansible – Part 3: Running The Playbook

When I saw the release of NSX-T 2.4, I decided that I would upgrade my compute clusters to utilise this new version. Since I manage the compute NSX managers mostly through the API, I figured this would provide me with some good experience and also allow me to understand how this is deployed.

In my lab I run vRealize Automation with a management cluster (CMP stack), 2 nested vCenter Servers and ESXi Clusters (compute) that mimic two geographically dispersed data centres. Until now I had deployed a dedicated NSX-V instance for each of my three vCenter deployments, that provides the logical switching and routing required for my lab.

I didn’t want to create yet another ‘how to’ guide on how to do this using the GUI, so instead, I am going to attempt to accomplish this using Ansible. VMware have handily made available Ansible modules for NSX-T, which are supported for the 2.4 release and above (note that these are still in preview). I will attempt to make use of these modules, but if I discover broken or missing functionality, then I will revert to using the NSX-T Rest API.

Link to the VMware Github repository for Ansible NSX-T: https://github.com/vmware/ansible-for-nsxt

Link to my Github Ansible NSX-T Deployment Playbooks: https://github.com/nmshadey/Ansible-NSXT

I am going to provide a series of posts that will cover the set up of the Ansible environment, how to install the VMware NSX-T modules and use the playbooks and roles that I have created to deploy NSX-T in your environments.

Environment Preparation & Overview

In my environment I have a dedicated virtual machine that I develop and run my playbooks on. I run CentOS 7.x using the default Python 2.7. I had attempted to get these modules to work within a Python3 virtual environment, but I haven’t had much luck. I will attempt again on a new CentOS build and update this page in due course.

Environment Overview

CentOS CentOS Linux release 7.6.1810 (Core)
Ansible 2.7.9 (NSX-T for Ansible supports 2.7+)
Python 2.7 (installed by default on CentOS)
OVFTool 4.3.0 for Linux 64 bit (Please note, that this is a newer version of the tool than what is linked in the VMware NSXT Git README.md)

Prepare Environment

Ensure that the system is up-to-date by running:

sudo yum -y update

Install yum-utils

sudo yum -y install yum-utils

It’s also a good idea to ensure the latest version of pip and setuptools is installed.

sudo pip install --upgrade pip setuptools

Install GIT

Git will be used to clone the VMware NSX-T Ansible module repository, so that these can be used within our environment.

sudo yum -y install git

Install OVFTool

The OVFTool is used to deploy the NSX-T manager and additional cluster nodes. You will have to first download the file from VMware. Once the file has been downloaded, place it in your home directory (or somewhere suitable) on the Ansible server. This file is an installer that will need to be set to executable and then run as root:

chmod +x VMware-ovftool-4.3.0-7948156-lin.x86_64.bundle
sudo ./VMware-ovftool-4.3.0-7948156-lin.x86_64.bundle

Accept the EULA and all default options. Once the installation is complete, you can confirm the installation using the following:

ovftool --version

Install Ansible

Ansible will be installed using the Python Package Manager (PIP):

pip install ansible

Once this has completed, you can verify that Ansible is installed and at the required version:

ansible --version

Install Pre-requisites Required by VMware NSX-T Ansible Modules

The following packages are pre-requisites for using the NSX-T Ansible modules:

pip install --upgrade pyvmomi pyvim requests

The installation also states to update ‘ssl‘ but I had problems doing this in my environment. It looks like a potential bug in the latest package. I have stuck to using the version that was already installed and haven’t experienced any issues.

Install VMware NSX-T Ansible Modules

The VMware NSX-T Ansible modules are not yet part of the core Ansible modules so we will need to download these from the git repository for the project. The best way to do this is to clone the repository using the git client.

By default, Ansible will check for additional modules in the ‘/usr/share/ansible/plugins/modules/’ path. If this location does not exist then create it as follows:

sudo mkdir -p /usr/share/ansible/plugins/modules/

Next, clone the Git repository (using sudo as only root has write access to this location)

cd /usr/share/ansible/plugins/modules/
sudo git clone https://github.com/vmware/ansible-for-nsxt.git

To test that the modules have been installed correctly, we can use the ansible-doc command:

ansible-doc -t module nsxt_deploy_ova

This will complain that no documentation exists but does confirm that the module is found (otherwise it would complain that the module doesn’t exist).

Download Ansible NSX-T Deployment Playbooks

Now that the environment is ready you can go ahead and clone my Ansible NSX-T playbooks.

git clone https://github.com/nmshadey/Ansible-NSXT.git

The directory tree looks as follows:

├── ansible.cfg
├── group_vars
│   ├── all
│   ├── nsxt_managers_controllers
│   ├── site_a
│   └── site_a_cmp_nsxt
├── host_vars
│   └── sg1-nsx002
├── inventory
│   └── hosts
├── nsxt_create_environment.yml
├── README.md
├── roles
│   ├── nsxt_add_compute_managers
│   ├── nsxt_apply_license
│   ├── nsxt_check_manager_status
│   ├── nsxt_configure_transport_clusters
│   ├── nsxt_create_ip_pools
│   ├── nsxt_create_transport_profiles
│   ├── nsxt_create_transport_zones
│   ├── nsxt_create_uplink_profiles
│   └── nsxt_deploy_ova
├── ssh_config

Configure Ansible (optional)

Now that Ansible and all required packages have been installed and the VMware NSX-T modules are in place, some configuration is required so that Ansible is aware of these new modules.If you are installing everything to the same location as I have, then the ansible.cfg file provided with my playbooks will already include these settings.

When you clone the VMware NSX-T for Ansible modules, they will be placed under ‘/usr/share/ansible/plugins/modules/ansible-for-nsxt/‘ (if you followed my install). The ‘library‘ configuration option can be used to tell Ansible where to find these.

The VMware NSX-T for Ansible modules also contains a module helper script under ‘/usr/share/ansible/plugins/modules/ansible-for-nsxt/module_utils/‘. The ‘module_utils‘ configuration option can be used to tell Ansible where to find these.

Below is an example of my ansible.cfg file:

[defaults]
inventory = inventory
roles_path = roles:~/Ansible/roles:/etc/ansible/roles
library = library:/usr/share/ansible/plugins/modules
module_utils = module_utils:/usr/share/ansible/plugins/modules/ansible-for-nsxt/module_utils
retry_files_enabled = True # Do not create them
retry_files_save_path = "/tmp/"

[ssh_connection]
ssh_args = -F ssh_config

The environment is now ready to begin deploying and managing NSX-T. In my next post I will cover how to use the Ansible playbooks that I have created to achieve a complete automated deployment of NSX-T across one or more environments.

In my next post, I will cover how to configure the playbook to deploy NSX-T in your environment(s).

I hope this has been helpful. If you discover any bugs or require some help, then please drop me a message via the Drift app.

2.5 2 votes
Article Rating

Related Posts

Subscribe
Notify of
guest

4 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Richard Chu
Richard Chu
4 years ago

Dear sir,

First, I want to thank you for your information. I try to build the NSX-T via Ansible with your guide.
Now I get trouble in finding the moid with using powershell. I just use VSS in my lab and I can not find any portgroup_moid. Could you give me some guides for finding moid?
Thank you again.

Richard Chu
Richard Chu
4 years ago
Reply to  Richard Chu

I got the following message with Get-VirtualNetwork

PS /home/richard/Projects/ansible-nsxt> Get-VirtualNetwork

Name NetworkType
—- ———–
KH-VDS-VMOTION Distributed
KH-VDS-MGMT Distributed
KH-VDS-DVUplinks-68 Distributed
KH-VDS-vSANDEMO Distributed
KH-VDS-VMNETPUB Distributed
KH-VDS-DEMOVM Distributed
VM Network 5 Network
VM Network 3 Network
VM Network 1 Network
VM Network 4 Network
vSAN Network
VM Network 2 Network
VM Network Network

PS /home/richard/Projects/ansible-nsxt> Get-VirtualNetwork ‘VM Network’ | select id
Id

Network-network-468

teddy
teddy
2 years ago

wonderful peice you have here. too bad it’s not updated with how to get the modules in for 3.1. will you do an update?

Alex
Alex
1 year ago

Hello, Thank you for the post. its helpful. I am trying pretty new to ansible/vmware. And I am trying to validate vmware Nsx-T using ping module. I have created anisible.cfg with the inventory location details and host_key_checking set to false. Inventory file only contains NSX-T ip address and ansible_user,ansible_password, validate_certs=false. With this when I try ping module using adhoc command, I am getting connection timeout to port 22. Any idea on how to sort this error.
Normal ping command using port 22 is working from ansible host.

Last edited 1 year ago by Alex