Ansible Dynamic Inventory plugin for vmware

The best way to interact with your hosts is to use the VMware dynamic inventory plugin, which dynamically queries VMware APIs and tells Ansible what nodes can be managed.

Reference: https://docs.ansible.com/ansible/latest/collections/community/vmware/docsite/vmware_scenarios/vmware_inventory.html

Requirements

To use the VMware dynamic inventory plugins, you must install pyVmomi on your control node (the host running Ansible).

To include tag-related information for the virtual machines in your dynamic inventory, you also need the vSphere Automation SDK, which supports REST API features like tagging and content libraries, on your control node. You can install the vSphere Automation SDK following these instructions.$ pip install pyvmomi

To use this VMware dynamic inventory plugin, you need to enable it first by specifying the following in the ansible.cfg file:

[inventory]
enable_plugins = vmware_vm_inventory

Then, create a file that ends in .vmware.yml or .vmware.yaml in your working directory.

The vmware_vm_inventory script takes in the same authentication information as any VMware module.

Here’s an example of a valid inventory file:
plugin: vmware_vm_inventory
strict: False hostname: 10.65.223.31
username: administrator@vsphere.local
password: Esxi@123$%
validate_certs: False
with_tags: True

Executing ansible-inventory --list -i <filename>.vmware.yml will create a list of VMware instances that are ready to be configured using Ansible.

Using vaulted configuration files

Since the inventory configuration file contains vCenter password in plain text, a security risk, you may want to encrypt your entire inventory configuration file.

You can encrypt a valid inventory configuration file as follows:$ ansible-vault encrypt <filename>.vmware.yml New Vault password: Confirm New Vault password: Encryption successful

And you can use this vaulted inventory configuration file using:$ ansible-inventory -i filename.vmware.yml –list –vault-password-file=/path/to/vault_password_file

My sample dynamic_inventory.vmware.yml

—

plugin: vmware_vm_inventory

strict: False

hostname: vcenter_hostname

username: vcenter_username

password: vcenter_password

validate_certs: False

#This will make sure vm’s filter based on tags

with_tags: True

#This option will help to use for dynamic fetch and no cache on disk

cache: no

# Create/filter groups basedo on tags, ex: below one fetch all the linux machines along with tag and we can use -l option to limit the execution

properties:

– ‘config.name’

– ‘guest.ipAddress’

– ‘guest.guestFamily’

– ‘summary.runtime.powerState’

keyed_groups:

– key: tag_category.Tier

prefix: “vmware_tag_category_”

separator: “”

with_nested_properties: True

filters:

– summary.runtime.powerState == “poweredOn”

– guest.guestFamily == “windowsGuest”

– guest.guestFamily == “linuxGuest”

hostnames:

– ‘config.name’

sample.yml:
—
– name: Sample Dynamic Inventory Check

hosts: all

gather_facts: False

vars:

ansible_ssh_extra_args: ‘-o StrictHostKeyChecking=no’

tasks:

– name: List Home dir

command: ls /home

register: output

– debug:

msg: Listing the home directory {{ output.stdout_lines }}

How to run and test the inventory:

ansible-inventory -i dynamic_inventory.vmware.yml –grapth (use list also –list)

ansible-playbook -i dynamic_inventory.vmware.yml -l <Prod> sample.yaml

Ref/: https://runebook.dev/en/docs/ansible/collections/community/vmware/vmware_vm_inventory_inventory