Opensource Configuration Management tools integration with vRealize Automation Cloud – Part 2
VMwarename: Ansible Control Machine
version: 1
formatVersion: 1
inputs:
ansible_username:
type: string
description: The username for the ansible user account
default: ansible
ansible_user_password:
type: string
description: ‘The password for the ansible user. The connection from Cloud Assembly currently uses password based auth, so this is a mandatory requirement.’
ansible_vault_password:
type: string
description: The password that will be written to the Vault file.
ansible_ssh_key:
type: string
encrypted: true
description: The public half of SSH key used for authentication to this box. Not to be confused with the SSH key that will be used by the ansible user account to SSH into managed instances.
slack_webhook:
type: string
description: A webhook for Slack notifications. This will be used to send the public key details of the generated keypair that ansible will use to connect to remote hosts.
resources:
Ansible_Control_Node:
type: Cloud.Machine
properties:
image: ddeswart–Ubuntu
flavor: ddeswart–small
constraints:
– tag: ‘platform:vsphere’
cloudConfig: |
#cloud-config
repo_update: true
apt:
sources:
ansible–ubuntu–ansible.list:
source: “ppa:ansible/ansible”
keyserver: ‘keyserver.ubuntu.com’
keyid: 7BB9C367
packages:
– ansible
write_files:
– path: /etc/ansible/playbooks/ansiblecn.yml
content: |
—–
– name: Install and Configure Ansible Control Node for use with VMware vRA Cloud
hosts: localhost
gather_facts: true
vars:
ansible_username: “${input.ansible_username}”
ansible_user_password: “${input.ansible_user_password}”
ansible_vault_password: “${input.ansible_vault_password}”
ansible_ssh_key: “${input.ansible_ssh_key}”
slack_notification_content: “{{ lookup(‘file’, ‘/home/ansible/.ssh/id_rsa.pub’) }}”
slack_notification_webhook: “${input.slack_webhook}”
tasks:
– name: Create Ansible User
become: true
user:
name: “{{ ansible_username }}”
groups: sudo
shell: /bin/bash
generate_ssh_key: yes
password: “{{ ansible_user_password | password_hash(‘sha512’) }}”
– name: Set Authorised Key for Ansible User
authorized_key:
user: “{{ ansible_username }}”
key: “{{ ansible_ssh_key }}”
– name: Set Ansible Directory Permissions
file:
owner: “{{ ansible_username }}”
path: /etc/ansible
recurse: yes
state: directory
– name: Create Cleartext Vault Pass File
lineinfile:
create: yes
owner: “{{ ansible_username }}”
path: /etc/ansible/vault_pass.txt
line: “{{ ansible_vault_password }}”
– name: Create Ansible Log file
lineinfile:
create: yes
owner: “{{ ansible_username }}”
path: /var/log/ansible.log
line: “ansible_log_file”
– name: Update Config with Pass File Location
lineinfile:
owner: “{{ ansible_username }}”
path: /etc/ansible/ansible.cfg
regexp: “vault_password_file”
line: “vault_password_file = /etc/ansible/vault_pass.txt”
– name: Update Config with Private Key Location
lineinfile:
owner: “{{ ansible_username }}”
path: /etc/ansible/ansible.cfg
regexp: “private_key_file”
line: “private_key_file = /home/{{ ansible_username }}/.ssh/id_rsa”
– name: Update Config with Host Key Check Setting
lineinfile:
owner: “{{ ansible_username }}”
path: /etc/ansible/ansible.cfg
regexp: “host_key_checking”
line: “host_key_checking = False”
– name: Update Config with Roles path
lineinfile:
owner: “{{ ansible_username }}”
path: /etc/ansible/ansible.cfg
regexp: “roles_path”
line: “roles_path = /etc/ansible/roles”
– name: Update Config with Ansible Log location
lineinfile:
owner: “{{ ansible_username }}”
path: /etc/ansible/ansible.cfg
regexp: “log_path”
line: “log_path = /var/log/ansible.log”
– name: Create localhost entry in Hosts File
lineinfile:
create: yes
owner: “{{ ansible_username }}”
path: /etc/ansible/hosts
line: “localhost”
– name: Enable Password Based Auth
become: true
lineinfile:
path: /etc/ssh/sshd_config
state: present
regexp: “PasswordAuthentication no”
line: “PasswordAuthentication yes”
– name: Restart sshd
become: True
systemd:
name: sshd
state: restarted
– name: Send Ansible Public Key to Slack
uri:
method: POST
url: “{{ slack_notification_webhook }}”
body: {“text”: “Your ansible public key is “`{{ slack_notification_content | regex_replace(‘ansible-generated on.*’) }}“`”}
body_format: json
runcmd:
– ansible–playbook —connection=local —inventory 127.0.0.1, /etc/ansible/playbooks/ansiblecn.yml
networks:
– network: ‘${resource.VM_network.id}’
VM_network:
type: Cloud.Network
properties:
name: VM network
networkType: existing