Using vSphere 6.5 APIs with Ansible

With the release of vSphere 6.5 comes a new set of REST APIs for interacting with various vSphere components such as the vCenter Server Appliance (VCSA) and vCenter components such as VMs, or clusters. Kyle Ruddy has a great post on getting started with the Sphere APIs. After reading his post, I wondered if I could use the vSphere APIs from an Ansible playbook via the URI module. The remainder of this post is really just smashing together Kyle’s post and the Ansible URI module documentation - huge thank you to both Kyle and the folks from Ansible for the great documentation.

I learned from Kyle’s post the first thing I need to do is authenticate in order to call any of the APIs. That was fairly straight forward thanks to the Ansible docs and examples.

   - name: vcenter login
      uri:
        url: https://cloudvc.student.lab/rest/com/vmware/cis/session
        force_basic_auth: yes
        method: POST
        user: [email protected]
        password: [email protected]
        status_code: 200
        validate_certs: no
      register: login

A quick review of that code block: I provided a name for the task (I personally like doing that so I can see each play run), used the uri module with the options you see below it - URL, method, etc. Finally I registered the results in a variable called login. I will use login in the subsequent plays to authenticate. Status_code is optional, since I am still learning how to do this I left it in to see what I might do with it, I am reasonbly confident you could remove it. Validate_certs set to no is required if you are using self signed certs (another side note, that didn’t seem to work with some of the community VMware modules in 2.0 - curious if I can get those working now).

As an example, since this was simple, I wanted to see if I could disable SSH access on the VCSA. The /appliance/access/ssh API uses a PUT method, so in our play below you’ll notice that instead of method: POST I’ll use method: PUT

    - name: disable ssh
      uri:
        url: https://cloudvc.student.lab/rest/appliance/access/ssh
        force_basic_auth: yes
        method: PUT
        body_format: json
        body: ""
        validate_certs: no
        headers:
          Cookie: check the example playbook below, done fighting with markdown for today :)

Very similar to the vCenter login play, what is differnet here is I am putting the necessary JSON into a file called sshoff.json in the same directory as the Ansible playbook and defined the body_format as json. At the bottom of the play notice the headers: Cookie - login is what I registered in the login play and passing that back vCenter. The contents of the sshoff.json file were pulled from the API explorer (https://vcenter.fqdn/apiexplorer).

Before running the play I used Postman to verify that ssh returned a value of true, ran the play with a value of false in the json file, and verified that after successfully running the playbook, SSH was now disabled on VCSA!

This is just a basic example, I will be looking into more now that I have the basic structure down. You can find an example playbook here Hope this helps!

Related Posts