Showing posts with label ansible. Show all posts
Showing posts with label ansible. Show all posts

Monday, February 6, 2023

Provision ESXi host with Ansible

once you can reach your ESXi host on it management IP address. you will be able to use the below playbook to configure everything automatically with Ansible


Note: you will need to update the VLANs in this playbook

If you don't have NSX-T in your environment, you will ned to remove the tasks which create the vDS to the NSX.


Playbook on Github

at No comments:
Labels: , , , ,

Wednesday, January 18, 2023

Full backup to NSX-T with Ansible tower

Hereunder is a playbook to backup all your NSX-T components through simple API calls and then it will make another GET API call ?filter=Type- to backup everything in the NSX-T.

The Ansible playbook will save the output to a remote SFTP server

What you will need to update in the below playbook?

1. The SFTP server.

2. The components paths.


The Playbook on Github



- hosts: remotesftpserver
  vars:
    date: "{{ lookup('pipe', 'date +%Y%m%d') }}"
    whichnsx: "dev_nsx"
    host: "https://nsxturl/policy/api/v1/infra"
    nsxpassword: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          6632653863dfsdfsdufghjkfdsjfhsdifhsdjndsjkchusihcsdciyugsdlchjo
  tasks:
  - name: NSX-T Components Backup
    uri:
      url: "{{ host }}{{ item }}"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: admin
      password: "{{ nsxpassword }}"
      method: GET
      status_code: "200"
      body_format: json
    with_items:
      - /segments
      - /domains/default/groups
      - /domains/security-policies
      - /tier-0s/Test-T0
      - /tier-0s/Test-T0/locale-services/default/bgp
      - /tier-0s/Test-T0/locale-services/default/bgp/neighbors
      - /tier-0s/Test-T0/locale-services/default/interfaces
      - /tier-1s/T1
    register: components
  - debug: var=components

  - local_action:
      module: copy
      content: "{{ components }}"
      dest: "/tmp/components.json"


  - name: NSX-T All components Backup
    uri:
      url: "{{ host }}{{ item }}"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: admin
      password: "{{ nsxpassword }}"
      method: GET
      status_code: "200"
      body_format: json
    with_items:
      - ?filter=Type-
    register: all
  - debug: var=all

  - local_action:
      module: copy
      content: "{{ all }}"
      dest: "/tmp/all.json"


  - name: Create the backup directory
    file:
     path: /backup/nsx_backup/api/{{ whichnsx }}_{{ date }}
     state: directory
     owner: root
     group: root
     mode: 0750


  - name: Copy the first file to a remote FTP remotesftpserver
    copy:
      src='/tmp/components.json'
      dest='/backup/nsx_backup/api/{{ whichnsx }}_{{ date }}/components.json'


  - name: Copy the second file to a remote FTP remotesftpserver
    copy:
      src='/tmp/all.json'
      dest='/backup/nsx_backup/api/{{ whichnsx }}_{{ date }}/all.json'













































































































at No comments:
Labels: , , , ,

Thursday, January 5, 2023

Ansible Playbook to backup all NSX-T components

Herebelow you will find an ansible playbook to backup all your NSX-T components. You can add more tasks for your different NSX-Ts. In my playbook I use 2 tasks for my DEV NSX-T. but I have another URL variable and I can use it in another 2 tasks.

The first task will get the output of the listed items (Segmets, Groups, FW Policies,...etc). and the second task will get everything. but it will not be easy to work on teh second task during crisies. because it contains a lot of data and you will get lost 😂.

Note: you can use the second task response to restore your NSX-T environment. 

- hosts: localhost
  connection: local
  gather_facts: no
  vars:
    host:
      dev:
        - https://URL1/policy/api/v1/infra
      prod:
        - https://URL2/policy/api/v1/infra/
    nsxpassword: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          6632653863373166623766653666666666666666661393965633934386536363463386463
          
  tasks:
  - name: DEV NSX-T Backup
    uri:
      url: "{{ host.dev[0] }}{{ item }}"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: admin
      password: "{{ nsxpassword }}"
      method: GET
      status_code: "200"
      body_format: json
    with_items:
      - /segments
      - /domains/default/groups
      - /domains/security-policies
      - /tier-0s/Test-T0
      - /tier-0s/Test-T0/locale-services/default/bgp
      - /tier-0s/Test-T0/locale-services/default/bgp/neighbors
      - /tier-0s/Test-T0/locale-services/default/interfaces
      - /tier-1s/T1
    register: response
  - debug: var=response

  - name: DEV NSX-T All components Backup
    uri:
      url: "{{ host.dev[0] }}{{ item }}"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: admin
      password: "{{ nsxpassword }}"
      method: GET
      status_code: "200"
      body_format: json
    with_items:
      - ?filter=Type-
    register: response
  - debug: var=response
















































































































































at No comments:
Labels: , , , ,

Thursday, December 22, 2022

Ansible Playbook to backup NSX-T Segments

Ansible Playbook to backup NSX-T Segments


I thought a lot before I write this blog here. but as it is about the NSX , I will put it here. 

I will not go into how to setup Ansible Tower. I assume that you have Ansible Tower and Versioning Control System in your environment.

Hereunder is the playbook that you can use. but I need to show you how you can encrypt your password. 

- hosts: all
  connection: local
  gather_facts: false
  vars:
    host:
      devNsx:
        - https://FirstNSX.xyz.com/policy/api/v1/infra
      prodNsx:
        - https://SecondNSX.xyz.com/policy/api/v1/infra/
    urls:
      - /segments
  tasks:
  - name: DEV NSX-T Test Calls
    uri:
      url: "{{ host.devNsx[0] }}{{ urls[0] }}"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: admin
      password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
      66326538633731666237666536306338656131616564376261393965633934386536363463386463

      method: GET
      status_code: "200"
      body_format: json
    register: response
  - debug: var=response.json


Here how I encrypted the password 

root@AnsibleServerCli:~/ansible#  ansible-vault encrypt_string 'MyPassword'  --name 'password'
New Vault password:
Confirm New Vault password:

password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          66326538633731666237666536306338656131616564376261393965633934386536363463386463
          
Encryption successful


This website can do it for you https://ansible-vault-tool.com/ . but I don't recommend to do so.


 I created a credential with type vault and I used it in the AWX template

 









in case you don't have AWX and you use ansible through CLI , you can use the below command:


ansible-playbook YOURPLAYBOOKNAME  --vault-id @prompt



























































at No comments:
Labels: , , , ,

Monday, October 31, 2022

How to automate the deletion of NSX components with Ansible (2)

 Hereunder I delete several LSWs in one playbook


root@dcex1510ctrl001:~# cat ansible/playbooks/nsx-delete-bridges.yaml
- hosts: nsxtdev
  connection: local
  gather_facts: false
  vars:
    host:
      dev:
        - https://dcea-ptdnsxmgrvip/policy/api/v1/infra/segments/
  tasks:
  - name: DEV NSX-T delete all the LSWs for the bridged LSWs
    uri:
      url: "{{ host.dev[0] }}LSW-DCE-{{ item }}b-01"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: USERNAME
      password: PASSWORD
      method: DELETE
      status_code: "200"
      body_format: json
    with_items:
      - 121
      - 141
      - 142
   loop_control:
        pause: 2



root@dcex1510ctrl001:~# cat /root/ansible/hosts/hostsNsx.ini
[nsxtdev]
dcea-ptdnsxmgrvip

then we will execute it 

ansible-playbook -i /root/ansible/hosts/hostsNsx.ini /root/ansible/playbooks/nsx-delete-bridges.yaml

























































at No comments:
Labels: , , ,

Friday, October 28, 2022

How to automate the deletion of NSX components with Ansible

 Hereunder I delete the LSW, SG and a Firewall policy with Ansible Playbook.

Note: the LSW is a member in the SG , and the SG is a member in the FWP , so it has to be done in this order: delete the FW policy then the SG then the LSW


root@dcex1510ctrl001:~# cat ansible/hosts/hostsNsx.ini
[nsxtdev]
dcea-ptdnsxmgrvip.test.local


root@dcex1510ctrl001:~# cat ansible/playbooks/nsx-delete-bridges.yaml
- hosts: nsxtdev
  connection: local
  gather_facts: false
  vars:
    host:
      dev:
        - https://dcea-ptdnsxmgrvip/policy/api/v1/infra/
  tasks:
  - name: DEV NSX-T Delete the unneeded components 
    uri:
      url: "{{ host.dev[0] }}{{ item  }}"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: USERNAME
      password: PASSWORD
      method: DELETE
      status_code: "200"
      body_format: json
    with_items:
      - domains/default/security-policies/FWP-VPC-122v
      - domains/default/groups/SG-LSW-DCE-122v
      - segments/LSW-DCE-122v-01
    loop_control:
        pause: 5



root@dcex1510ctrl001:~# ansible-playbook -i /root/ansible/hosts/hostsNsx.ini /root/ansible/playbooks/nsx-delete-bridges.yaml































































at No comments:
Labels: , , , ,

Tuesday, July 12, 2022

How to make API call on NSX-T with ansible

 We will make execute an ansible playbook to get all the NSX-T segments for us



cat /root/ansible/hosts/hostsNsx.ini
[nsxtdev]
NSX-T.abc.com


cat /root/ansible/playbooks/nsx.yaml
- hosts: nsxtdev
  connection: local
  gather_facts: false
  tasks:
  - name: Get all the NSX-T Segments
    uri:
      url: https://NSX-T/policy/api/v1/infra/segments
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: USERNAME
      password: PASSWORD
      method: GET
      status_code: "200"
      body_format: json


ansible-playbook -i /root/ansible/hosts/hostsNsx.ini /root/ansible/playbooks/nsx.yaml -vvvv


to avoid using  -vvvv and to get the only API call result , you can use the following playbook

 
- hosts: nsxtdev
  connection: local
  gather_facts: false
  tasks:
  - name: Get all the NSX-T Segments
    uri:
      url: https://NSX-T/policy/api/v1/infra/segments
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: USERNAME
      password: PASSWORD
      method: GET
      status_code: "200"
      body_format: json
    register: response
  - debug: var=response.json


ansible-playbook -i /root/ansible/hosts/hostsNsx.ini /root/ansible/playbooks/nsx.yaml
at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)

NSX-T (local log in) with VIDM integration

We will explain how to log in with a local account to your NSX-T which integrated with VIDM. We integrated our NSX-T into the VIDM. We had a...