Deploying NSX-T Using Ansible – Part 1: Setting Up The Environment

When I saw the release of NSX-T 2.4, I decided that I would upgrade my compute clusters to utilise this new version. Since I manage the compute NSX managers mostly through the API, I figured this would provide me with some good experience and also allow me to understand how this is deployed.

In my lab I run vRealize Automation with a management cluster (CMP stack), 2 nested vCenter Servers and ESXi Clusters (compute) that mimic two geographically dispersed data centres. Until now I had deployed a dedicated NSX-V instance for each of my three vCenter deployments, that provides the logical switching and routing required for my lab.

I didn’t want to create yet another ‘how to’ guide on how to do this using the GUI, so instead, I am going to attempt to accomplish this using Ansible. VMware have handily made available Ansible modules for NSX-T, which are supported for the 2.4 release and above (note that these are still in preview). I will attempt to make use of these modules, but if I discover broken or missing functionality, then I will revert to using the NSX-T Rest API.

Link to the VMware Github repository for Ansible NSX-T: https://github.com/vmware/ansible-for-nsxt

Link to my Github Ansible NSX-T Deployment Playbooks: https://github.com/nmshadey/Ansible-NSXT

I am going to provide a series of posts that will cover the set up of the Ansible environment, how to install the VMware NSX-T modules and use the playbooks and roles that I have created to deploy NSX-T in your environments.

Environment Preparation & Overview

In my environment I have a dedicated virtual machine that I develop and run my playbooks on. I run CentOS 7.x using the default Python 2.7. I had attempted to get these modules to work within a Python3 virtual environment, but I haven’t had much luck. I will attempt again on a new CentOS build and update this page in due course.

Environment Overview

Prepare Environment

Ensure that the system is up-to-date by running:

sudo yum -y update

Install yum-utils

sudo yum -y install yum-utils

It’s also a good idea to ensure the latest version of pip and setuptools is installed.

sudo pip install --upgrade pip setuptools

Install GIT

Git will be used to clone the VMware NSX-T Ansible module repository, so that these can be used within our environment.

sudo yum -y install git

Install OVFTool

The OVFTool is used to deploy the NSX-T manager and additional cluster nodes. You will have to first download the file from VMware. Once the file has been downloaded, place it in your home directory (or somewhere suitable) on the Ansible server. This file is an installer that will need to be set to executable and then run as root:

chmod +x VMware-ovftool-4.3.0-7948156-lin.x86_64.bundle
sudo ./VMware-ovftool-4.3.0-7948156-lin.x86_64.bundle

Accept the EULA and all default options. Once the installation is complete, you can confirm the installation using the following:

ovftool --version

Install Ansible

Ansible will be installed using the Python Package Manager (PIP):

pip install ansible

Once this has completed, you can verify that Ansible is installed and at the required version:

ansible --version

Install Pre-requisites Required by VMware NSX-T Ansible Modules

The following packages are pre-requisites for using the NSX-T Ansible modules:

pip install --upgrade pyvmomi pyvim requests

The installation also states to update ‘ssl‘ but I had problems doing this in my environment. It looks like a potential bug in the latest package. I have stuck to using the version that was already installed and haven’t experienced any issues.

Install VMware NSX-T Ansible Modules

The VMware NSX-T Ansible modules are not yet part of the core Ansible modules so we will need to download these from the git repository for the project. The best way to do this is to clone the repository using the git client.

By default, Ansible will check for additional modules in the ‘/usr/share/ansible/plugins/modules/’ path. If this location does not exist then create it as follows:

sudo mkdir -p /usr/share/ansible/plugins/modules/

Next, clone the Git repository (using sudo as only root has write access to this location)

cd /usr/share/ansible/plugins/modules/
sudo git clone https://github.com/vmware/ansible-for-nsxt.git

To test that the modules have been installed correctly, we can use the ansible-doc command:

ansible-doc -t module nsxt_deploy_ova

This will complain that no documentation exists but does confirm that the module is found (otherwise it would complain that the module doesn’t exist).

Download Ansible NSX-T Deployment Playbooks

Now that the environment is ready you can go ahead and clone my Ansible NSX-T playbooks.

git clone https://github.com/nmshadey/Ansible-NSXT.git

The directory tree looks as follows:

├── ansible.cfg
├── group_vars
│   ├── all
│   ├── nsxt_managers_controllers
│   ├── site_a
│   └── site_a_cmp_nsxt
├── host_vars
│   └── sg1-nsx002
├── inventory
│   └── hosts
├── nsxt_create_environment.yml
├── README.md
├── roles
│   ├── nsxt_add_compute_managers
│   ├── nsxt_apply_license
│   ├── nsxt_check_manager_status
│   ├── nsxt_configure_transport_clusters
│   ├── nsxt_create_ip_pools
│   ├── nsxt_create_transport_profiles
│   ├── nsxt_create_transport_zones
│   ├── nsxt_create_uplink_profiles
│   └── nsxt_deploy_ova
├── ssh_config

Configure Ansible (optional)

Now that Ansible and all required packages have been installed and the VMware NSX-T modules are in place, some configuration is required so that Ansible is aware of these new modules.If you are installing everything to the same location as I have, then the ansible.cfg file provided with my playbooks will already include these settings.

When you clone the VMware NSX-T for Ansible modules, they will be placed under ‘/usr/share/ansible/plugins/modules/ansible-for-nsxt/‘ (if you followed my install). The ‘library‘ configuration option can be used to tell Ansible where to find these.

The VMware NSX-T for Ansible modules also contains a module helper script under ‘/usr/share/ansible/plugins/modules/ansible-for-nsxt/module_utils/‘. The ‘module_utils‘ configuration option can be used to tell Ansible where to find these.

Below is an example of my ansible.cfg file:

[defaults]
inventory = inventory
roles_path = roles:~/Ansible/roles:/etc/ansible/roles
library = library:/usr/share/ansible/plugins/modules
module_utils = module_utils:/usr/share/ansible/plugins/modules/ansible-for-nsxt/module_utils
retry_files_enabled = True # Do not create them
retry_files_save_path = "/tmp/"

[ssh_connection]
ssh_args = -F ssh_config

The environment is now ready to begin deploying and managing NSX-T. In my next post I will cover how to use the Ansible playbooks that I have created to achieve a complete automated deployment of NSX-T across one or more environments.

In my next post, I will cover how to configure the playbook to deploy NSX-T in your environment(s).

I hope this has been helpful. If you discover any bugs or require some help, then please drop me a message via the Drift app.