Nsxansible
A set of example Ansible Modules using the above two projects as the basis
Install / Use
/learn @vmware-archive/NsxansibleREADME
NSX for vSphere Ansible Modules
This repository contains a number of Ansible modules, written in Python, that can be used to create, read, update and delete objects in NSX for vSphere.
Version notice
Due to the latest changes to the way schemas are handled in the nsxraml file starting with NSX-v version 6.2.3, nsxansible requires nsxramlclient 2.0.0 or later. To upgrade the nsxramlclient you can do a sudo pip install --upgrade nsxramlclient. Also please use the latest version of the RAML spec.
Requirements
This module requires the NSX for vSphere RAML spec (RAML based documentation). The latest version of the NSX for vSphere RAML spec (raml file + schema files) can be found and downloaded here: http://github.com/vmware/nsxraml.
The Python based nsxramlclient must also be installed and needs to be on version 2.0.0. Example of installing using pip:
sudo pip install nsxramlclient
More details on this Python client for the NSX for vSphere API can be found here: http://github.com/vmware/nsxramlclient. Additional details on installation is also available.
In addition, the 'vcenter_gather_facts' and 'deploy_nsx_ova' modules require that you have the vCenter python client 'Pyvmomi' installed. Example of installing PyVmomi using pip:
sudo pip install pyvmomi
More details on this Python client for vCenter can be found here: http://github.com/vmware/pyvmomi. Additional details on installation is also available.
The 'deploy_nsx_ova' module also requires that the machine on which the play is executed has ovftool installed.
Ovftool is part of VMware Fusion on Mac, and can be installed on most Linux systems. For more information see https://www.vmware.com/support/developer/ovf/
How to use these modules
Before using these modules the library from nsxansible needs to be either copied into the top level ansible directory where playbooks are stored or there needs to be a soft link to the library directory.
All modules need to be executed on a host that has nsxramclient installed and the host must have access to a copy of the NSX RAML File. In most deployments this likely to be localhost.
---
- hosts: localhost
connection: local
gather_facts: False
Each module needs an array called nsxmanager_spec with following parameters supplied:
- The location of the NSX-v RAML file describing the NSX for vSphere API
- The NSX Manager where the API is running. Can be referenced by either a hostname or an IP Address.
- The NSX Manager username
- The NSX Manager password for the above user
These parameters are usually placed in a common variables file:
answerfile.yml
nsxmanager_spec:
raml_file: '/raml/nsxraml/nsxvapiv614.raml'
host: 'nsxmanager.invalid.org'
user: 'admin'
password: 'vmware'
test_logicalswitch.yml
---
- hosts: localhost
connection: local
gather_facts: False
vars_files:
- answerfile.yml
tasks:
- name: logicalSwitch Operation
nsx_logical_switch:
nsxmanager_spec: "{{ nsxmanager_spec }}"
state: present
transportzone: "TZ"
name: "TestLS"
controlplanemode: "UNICAST_MODE"
description: "My Great Logical Switch"
register: create_logical_switch
- debug: var=create_logical_switch
The example shows thes nsxmanager_spec is read out of the file answerfile.yml.
Module specific parameters
Every module has specific parameters that are explained in the following sections:
Module nsx_logical_switch
Create, update and delete logical Switches
- state: present or absent, defaults to present
- name: Mandatory: Name of the logical switch. Updating the name creates a new switch as it is the unique identifier.
- transportzone: Mandatory: Name of the transport zone in which the logical switch is created.
- controlplanemode: Mandatory: Control plane mode for the logical switch. The value can be 'UNICAST_MODE', 'HYBRID_MODE' or 'MULTICAST_MODE'. Default is 'UNICAST_MODE'.
- description: Optional: Free text description for the logical switch.
Example:
---
- hosts: localhost
connection: local
gather_facts: False
vars_files:
- answerfile.yml
tasks:
- name: logicalSwitch Operation
nsx_logical_switch:
nsxmanager_spec: "{{ nsxmanager_spec }}"
state: absent
transportzone: "TZ"
name: "TestLS"
controlplanemode: "UNICAST_MODE"
description: "My Great Logical Switch"
register: create_logical_switch
#- debug: var=create_logical_switch
Module vcenter_nsx_license
Adds a license key to the vCenter license manager and applies it to NSX
- vcenter: Mandatory: Hostname or IP address of the vCenter server
- vcusername: Mandatory: Username on the vCenter
- vcpassword: Mandatory: Password of the vCenter
- license_key: Mandatory: License to be added and attached to NSX
Note: vcenter_nsx_license should only be run after vcenter_vc_registation is complete.
Example:
---
- hosts: localhost
connection: local
gather_facts: False
vars_files:
- answerfile_TPM_Lab_deploy.yml
tasks:
- name: Apply NSX License
vcenter_nsx_license:
vcenter: "{{ vcHostname }}"
vcenter_user: "{{ vcUser }}"
vcenter_passwd: '"{{ vcPassword }}"'
license_key: "L029P-JLL8K-28089-0UCK6-1TCH1"
# Note: The above license is an old time bombed license. Don't apply it to production!
register: nsxlic
tags: nsx_license
- debug: msg="{{ nsxlic }}"
Module nsx_vc_registration
Registers NSX Manager to VC or changes the registration
- vcenter: Mandatory: Hostname or IP address of the vCenter server to which NSX Manager should be registered/
- vcusername: Mandatory: Username on the vCenter that should be used to register NSX Manager.
- vcpassword: Mandatory: Password of the vCenter user used to register NSX Manager.
- vccertthumbprint: Mandatory if 'accept_all_certs' is not 'True': Certificate thumbprint of vCenter service.
- accept_all_certs: Mandatory if 'vccertthumbprint' is not supplied: If set to 'True', NSX Manager will be connected to any vCenter Server without checking the certificate thumbprint
Note: 'accept_all_certs' and 'vccertthumbprint' are mutualy exclusive
Example:
---
- hosts: localhost
connection: local
gather_facts: False
vars_files:
- answerfile_new_nsxman.yml
tasks:
- name: NSX Manager VC Registration
nsx_vc_registration:
nsxmanager_spec: "{{ nsxmanager_spec }}"
vcenter: 'testvc.emea.nicira'
vcusername: 'administrator@vsphere.local'
vcpassword: 'vmware'
#vccertthumbprint: '04:9D:9B:64:97:73:89:AF:16:4F:60:A0:F8:59:3A:D3:B8:C4:4B:A2'
accept_all_certs: true
register: register_to_vc
# - debug: var=register_to_vc
Module nsx_sso_registration
Registers NSX Manager to SSO or changes and deletes the SSO Registration
- state: present or absent, defaults to present
- sso_lookupservice_url: Mandatory: SSO Lookup Service url. Example format: 'lookupservice/sdk'
- sso_lookupservice_port: Mandatory: SSO Lookup Service port. E.g. '7444'
- sso_lookupservice_server: Mandatory: SSO Server Hostname, FQDN or IP Address. E.g. 'testvc.emea.nicira'
- sso_admin_username: Mandatory: Username to register to SSO. Typically thi sis administrator@vsphere.local
- sso_admin_password: Mandatory: Password of the SSO user used to register.
- sso_certthumbprint: Mandatory if 'accept_all_certs' is not 'True': Certificate thumbprint of SSO service.
- accept_all_certs: Mandatory if 'sso_certthumbprint' is not supplied: If set to 'True', NSX Manager will be connected to any SSO Server without checking the certificate thumbprint
Note: 'accept_all_certs' and 'vccertthumbprint' are mutualy exclusive
Example:
---
- hosts: localhost
connection: local
gather_facts: False
vars_files:
- answerfile_new_nsxman.yml
tasks:
- name: NSX Manager SSO Registration
nsx_sso_registration:
state: present
nsxmanager_spec: "{{ nsxmanager_spec }}"
sso_lookupservice_url: 'lookupservice/sdk'
sso_lookupservice_port: 7444
sso_lookupservice_server: 'testvc.emea.nicira'
sso_admin_username: 'administrator@vsphere.local'
sso_admin_password: 'vmware'
#sso_certthumbprint: 'DE:D7:57:DC:D3:E4:40:4E:AA:4A:3A:56:91:B0:48:92:6E:68:E6:03'
accept_all_certs: true
register: register_to_sso
# - debug: var=register_to_sso
Module nsx_manager_roles
Configures user role permission within NSX Manager
- state: present, update, or absent, defaults to present
- name: Mandatory: User ID. To specify a domain user, use user@domain not domain\user
- role_type: User assigned role. Possible roles are super_user, vshield_admin, enterprise_admin, security_admin, auditor
- is_group: Set to true to apply to a group; set to false to apply to an individual user. Default is false.
Example:
---
- hosts: all
connection: local
gather_facts: False
tasks:
- name: Configure NSX Manager roles
nsx_manager_roles:
nsxmanager_spec: "{{ nsxmanager_spec }}"
state: present
name: "{{ nsx_uid }}"
is_group: "{{ nsx_role_group }}"
role_type: "{{ nsx_role }}"
register: add_nsx_role
Module nsx_manager_syslog
Add and delete a syslog server configuration in NSX Manager
- state: present or absent, defaults to present
- syslog_server: Mandatory: FQDN or IP address of remote syslog server
- syslog_port: Remote syslog server port. Defaults to 514
- syslog_protocol: Remote syslog server protocol. Choices are udp or tcp. Defaults to udp.
Example:
---
- hosts: all
connection: local
gather_facts: False
tasks:
- name: Configure NSX Manager syslog
nsx_manager_syslog:
nsxmanager_spec: "{{ nsxmanager_spec }}"
state: present
syslog_server: "{{ syslog_server }}"
syslog_port: "{{ syslog_port }}"
syslog_proto
Related Skills
node-connect
332.9kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
81.9kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
332.9kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
81.9kCommit, push, and open a PR
