vCommander Build:  7.0.1


Files for this Scenario: Download from GitHub


This scenario enables you to use Embotics vCommander to run an Ansible playbook on a target VM using the ansible-playbook command.

Prerequisites

  • This scenario requires vCommander release 7.0 or higher.

  • Target systems must be accessible for Guest OS commands (VMware tools or SSH).

  • Ansible must be installed on the target system (see below).

Installing Ansible on target instances

Ansible can be installed as part of the bootstrapping of the instance or with a Run Command in Guest workflow step. The method of installing Ansible varies for the different Linux distributions.


Note: The commands below use "sudo", but if you're running these commands as the root user, sudo isn't necessary.


Amazon Linux

For Amazon Linux, Ansible can be installed using pip. You can use the following commands:

sudo easy_install pip
sudo pip install ansible

Ubuntu / Debian

For Ubuntu, you can install Ansible using the default package manager. Use this command:

sudo apt-get update && sudo apt-get install software-properties-common
sudo apt-add-repository ppa:ansible/ansible -y
sudo apt-get update && sudo apt-get install ansible -y

RedHat 7 /CentOS 7

For RedHat 7, you can install Ansible by enabling the epel repo. Use the following commands:

sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum -y install ansible

Scenario Setup

This section describes how to define a service that allows a user to select Ansible playbooks from a list and have them run as part of service provisioning.

Create a custom attribute to hold the list of available playbooks

Note: To update this list automatically, see "Updating the list of playbooks automatically" below.

  1. Create a custom attribute with Type as list and Applies to as form.                              

  2. Add values for each playbook that can be run.                               

Install a plug-in workflow step package

Go to the Embotics GitHub Repository and download and install the Ansible plug-in workflow step package, which contains a step that runs the ansible-playbook command. The completion workflow in this scenario references the plug-in step.

To learn how to download and install workflow plug-in steps, see Adding Workflow Plug-In Steps.

Create guest OS credentials

The completion workflows require guest OS credentials to run Ansible playbooks on the deployed VM. Before importing the workflow, you must create a set of guest OS credentials.

  1. In vCommander, go to Configuration > Credentials.
  2. Click Add.
  3. In the Add Credentials dialog:                         

    a. Select Username/Password for the Credentials Type.

        Note: For Amazon EC2 instances, you must create RSA Key credentials instead.

    b. Enter admin for the Name.

        This name is hard-coded in the completion workflow, so enter the name exactly as shown. Note that the Name field is vCommander-specific, and is separate from the Username field.

    c. Enter the required username (for example root, ec2-user, or ubuntu) and password.

    e. Enter a description to help clarify the purpose of these credentials.

    f. For Category, select Guest OS Credentials.

    g. Click OK.


Download and edit the Ansible completion workflow

We've published a completion workflow, Ansible-vm-component-completion-wf, that you can download from our GitHub repo and then import into vCommander. 

To learn how to import workflows, see Exporting and Importing Workflow Definitions.

The workflow contains two instances of the Run ansible-playbook step. The first step shows you how to run Ansible playbooks using inline playbook YAML:

Note: The YAML in this step is an example that works for Amazon EC2 instances, since it includes the action "ec2_facts". Edit the YAML for your target as required. 


The second shows you how to use playbook URLs instead:

These steps are configured to execute when specific conditions are met. For example, when "apache" is selected for the value of the Ansible Playbook custom attribute, the completion workflow runs the Apache playbook. 

You need to add a Run ansible-playbook step for each playbook on offer, using either inline YAML or playbook URLs.

Note: On the Assigned Components page of the wizard, you can keep the default setting, Do not apply this workflow to any component, for now. You will apply the workflow when you create the service.

Create the service catalog blueprint

  1. Create a service catalog entry with a Linux template as the component.                    

    Note: If this template does not have Ansible pre-installed, you must configure the completion workflow to install Ansible.

  2. On the Infrastructure tab, specify the Ansible-vm-component-completion-wf workflow you downloaded.
  3. On the Attributes tab, add the Ansible Playbook attribute you created.            

  4. On the Form tab, add the the Ansible Playbook attribute you created and enable Select Multiple.                            

  5. Click Finish to save the service.

Optional: Allowing end users to upload their own playbooks

To allow your end users to provide their own Ansible playbooks:

  1. Edit the service catalog entry you created:               
    • On the Form tab for the Linux template, add the File Upload form element. 
    • Name the form element Uploaded Playbook.
  2. Edit the VM completion workflow you downloaded:             
    • In the Playbook YAML field for the Run ansible-playbook step, enter the following to retrieve the contents of the playbook uploaded through the request form:                

      #{target.settings.uploadedFile['Uploaded Playbook'].file[1].content}

Optional: Updating the list of playbooks automatically

If you maintain a repository of playbooks and wish to offer all of them to your end users, vCommander can retrieve the list of playbooks from your repository and update the service catalog and workflow as the list of playbooks changes. We've published a command workflow, Update CA, that performs this task. This command workflow has no inventory target and can be scheduled to run regularly.


Create system credentials

The command workflow requires system credentials to execute a vCommander REST API call. Before importing the workflow, you must create a set of system credentials.

  1. In vCommander, go to Configuration > Credentials.
  2. Click Add.
  3. In the Add Credentials dialog:                         

    a. Select Username/Password for the Credentials Type.

    b. Enter vCommander superuser for the Name.

        This name is hard-coded in the command workflow, so enter the name exactly as shown.

    c. Enter the username and password for the vCommander Superuser account.

    e. Enter a description if you wish.

    f. For Category, select System.

    g. Click OK.

Import the command workflow

  1. Go to the Embotics Git repository and download the Update CA workflow. 
  2. In vCommander, go to Configuration > Service Request Configuration > Command Workflows.
  3. Click Import and browse to the Upload CA file you downloaded.
  4. vCommander automatically validates the workflow. Click Import.

Edit the command workflow

  1. Select the imported workflow in the list and click Edit.
  2. Replace the first workflow step with one or more steps that obtain the list of new playbooks by querying your remote repository. You must format the list as follows:        


    <allowedValues>value1</allowedValues><allowedValues>value2</allowedValues>


  3. The second step, Get Attribute ID, retrieves the ID of the Ansible Playbooks custom attribute. Edit the URL as required.
  4. The third step, Update Attribute, updates the values for the Ansible Playbooks custom attribute, using the output of the first step in the workflow. Edit the URL as required.
  5. Click Next, enter a description of your changes, and click Finish.

Schedule the command workflow

  1. Select the imported workflow in the list and click Schedule > Schedule.

  2. Configure the desired schedule.

  3. Click Next and Finish