deploy VM from template and customize guest

Archives Ansible Project
1

I am trying to deploy VM from VM template with ansible. I got the playbook to deploy the VM. but how do I customize the guest:

I need to

  1. rename the guest name to VM name
  2. join domain
  3. put it in an specific OU

any udea?

2

Ive done this by using the customization argument of the vmware_guest module to join the domain. but prior to vmware_guest i use a win_domain_computer delegated to a windows utility box to prestage the computer object in the right ou

3

I got a customization template in vcenter. how do I specify using that template. Also the template looks like will override my static IP settings on my Vms.

4

for ansible, is there a reverse order to detroy the vms after the vm playbook has been run like terraform? Or do I need to create another playbook to destroy the vms?

5

I’ll assume you are refering to Custom Specs within vCenter :

You can use the following: https://docs.ansible.com/ansible/latest/modules/vmware_guest_module.html

6

So you want to do something like Terraform init / plan & Apply and once finished you want to do a Terraform Destroy?

No Ansible doesn’t do State Files

7

These are the two plays I use to do what you were asking about:

  • name: Ensure Computer Object exists in AD
    win_domain_computer:
    name: ‘{{ inventory_hostname_short }}’
    dns_hostname: ‘{{ inventory_hostname }}’
    domain_server: domaincontroller.fqdn
    sam_account_name: ‘{{ inventory_hostname_short }}$’
    ou: ‘{{ AD_OU }}’
    description: ‘{{ owner_email }}’
    enabled: yes
    state: present
    delegate_to: utilityserver.fqdn

  • name: Clone to VM from Template
    vmware_guest:
    hostname: ‘{{ vsphere_hostname }}’
    username: ‘{{ lookup(“env”, “VMWARE_USER”) }}’
    password: ‘{{ lookup(“env”, “VMWARE_PASSWORD”) }}’
    validate_certs: no
    folder: ‘{{ vmware_folder }}’
    annotation: “{{ owner_email }}”
    datacenter: ‘{{ vmware_datacenter }}’
    name: ‘{{ inventory_hostname_short }}’
    cluster: ‘{{ vmware_cluster }}’
    state: poweredon
    template: ‘{{ vmware_template }}’
    datastore: ‘{{ vmware_datastore }}’
    customization:
    domainadmin: ‘{{ lookup(“env”, “ANSIBLE_NET_USERNAME”) }}’
    domainadminpassword: ‘{{ lookup(“env”, “ANSIBLE_NET_PASSWORD”) }}’
    joindomain: domain.fqdn
    password: ‘{{ templatepwd }}’
    timezone: 004
    disk:

  • size_gb: 100
    type: thin

  • size_gb: 100
    type: thin
    hardware:
    memory_mb: ‘{{ vmware_mem }}’
    num_cpus: ‘{{ vmware_cpu }}’
    scsi: paravirtual
    hotadd_cpu: True
    hotremove_cpu: True
    hotadd_memory: True
    boot_firmware: “efi”
    networks:

  • name: ‘{{ vmware_network }}’
    ip: ‘{{ ipv4 }}’
    netmask: ‘255.255.255.0’
    gateway: ‘{{ ipv4_gateway }}’
    device_type: vmxnet3
    dns_servers:

  • ‘{{ dns_primary }}’

  • ‘{{ dns_secondary }}’
    wait_for_ip_address: yes
    wait_for_customization: yes
    delegate_to: localhost
    register: deploy

8

Thank you. So for the customization part, i didnt see a mention of the name of the customization template in vcenter.

so ansible does not use that ?

9

I’m not using a customization template, but it may be possible - I think that’s what David Foley was referencing.

Check out customization_spec within the vmware_guest module https://docs.ansible.com/ansible/latest/modules/vmware_guest_module.html

You can use the method im using OR you can call customization_spec

10

hi

for

customization:
domainadmin: ‘{{ lookup(“env”, “ANSIBLE_NET_USERNAME”) }}’
domainadminpassword: ‘{{ lookup(“env”, “ANSIBLE_NET_PASSWORD”) }}’

joindomain: domain.fqdn

what does this mean?

lookup(“env”, “ANSIBLE_NET_USERNAME”

are you manually putting the username and password in the answer file?

Can this be encrypted

11

ok I was able to use the customization_spec to join the machine to the domain

But how do I assign the statistic IP to the server?

my host file looks like this before using the customization_spec

[prod-k8s-workers]
prod-k8s-worker01 deploy_vsphere_datastore=‘RW-VA-NIM-VOL9’ guest_custom_ip=‘10.200.1.41’ guest_notes=‘Worker #01
prod-k8s-worker02 deploy_vsphere_datastore=‘RW-VA-NIM-VOL9’ guest_custom_ip=‘10.200.1.43’ guest_notes=‘Worker #02
#prod-k8s-worker03 deploy_vsphere_datastore=‘RW-VA-NIM-VOL9’ guest_custom_ip=‘10.200.1.44’ guest_notes=‘Worker #03
#prod-k8s-worker04 deploy_vsphere_datastore=‘RW-VA-NIM-VOL9’ guest_custom_ip=‘10.200.1.45’ guest_notes=‘Worker #04
#prod-k8s-worker05 deploy_vsphere_datastore=‘RW-VA-NIM-VOL9’ guest_custom_ip=‘10.200.1.46’ guest_notes=‘Worker #05

and in my roles file

networks:

  • name: ‘{{ guest_network }}’
    ip: ‘{{ guest_custom_ip }}’
    netmask: ‘{{ guest_netmask }}’
    gateway: ‘{{ guest_gateway }}’
    customization:
    dns_servers:
  • ‘{{ guest_dns_server }}’
    domain : ‘{{ guest_domain_name }}’
    hostname: '{{ inventory_hostname }}

I guess I cannot use the values in my roles file when using customization_spec?

12

can i get some help w this? My account to join the domain keeps getting locked out.

This password has spaces in it
like this
“This is my pa$$w0rd!”

but account keeps getting locked out