1 Comment

Configuration Management (CM) refers to the process of handling configuration changes that ensure configuration consistency over time. In the dark corners of the server room, we call this “snowflake avoidance”.  Configuration Management establishes a single source of truth for a set of configuration management item(s).  In the case of vRealize Automation(vRA), configuration management item applies to application stack deployment running on top of the SDDC infrastructure.

There are many configuration management tools in the market, each with its set of strength and weakness. Due to agentless nature, extensive support of Linux distributions, Ansible has gained significant customer adoption and becoming the preferred CM solution in the DevOps community.

With the release of vRealize Automation (vRA) 7.5, Ansible is now a first-class citizen and built directly into the GUI.  SovLabs plugin is leveraged for the integration. While creating blueprints, you can now drag and drop the Ansible component (playbooks) onto the blueprint design canvas.  Ansible playbooks are discovered from the Ansible Tower by the vRA.  As part of the platform provisioning process vRA will update the Ansible tower inventory based on assigned VM IP address/FQDN and invoke the right playbook to deploy and configure applications requested from the Service Catalog.  Highlights of the Ansible integration are:

  • Dynamic discovery of Ansible Tower projects
  • Ansible job templates and application blueprinting binding
  • Ansible Tower inventory management
  • Lifecycle support – Provisioning & De-provisioning
  • Late and early binding to reduce blueprint / catalog sprawl

In this post, we will take a deep dive into each of these areas to gain an understanding of how this integration works under the hood.


Integration Steps:

Defining the Ansible tower endpoint is the first step in this integration.  Like everything else in vRA, we simplified this by providing an awesome self-driven GUI configuration wizard to guide you at each stage.   Most of the required inputs are simple to understand and self-explanatory.  If dynamic custom inventory is needed, it is necessary to provide the vRO credentials and select from a list of pre-defined inventory creation scripts based on application requirements.  You can view a summary of configured options under the Ansible endpoint definition:





SovLabs plugin will take the setup information and create the corresponding organization and inventory definition in the Ansible Tower by associating with the pre-selected custom inventory script defined as part of Ansible endpoint definition.


You can then follow the standard Ansible tower workflow to onboard playbooks from a standard GIT repository.



Cloud Administrator maintains synchronization of Ansible playbook and GIT repository within the Ansible Tower.  “Start an SCM update” button in the Ansible Tower GUI pulls in playbook changes made in GIT.



Ansible Tower maintains and creates Ansible job templates.  vRA will discover newly created templates and repository and make it available as part of the blueprint design process


Both vRA and Ansible Tower report on job execution status.  Job execution report is viewable directly with the vRA deployment or from the Ansible Tower Job report.




Playbook Binding

Playbook binding can be set within the blueprint (early binding) or during the time of the request (late binding).  Early binding simplifies catalog consumption as the Cloud Admin predetermines application playbook to deployment blueprint mapping.  Early binding also assumes a Cloud Admin is application aware and have a process in place to manage a larger number of blueprints.  Late binding delegates application awareness to the end user.  Instead of separate catalog items for each application, a cloud admin can offer T-shirt sizes of deployment and allow the consumer of the service determine which application playbook to map to a deployment request.





vRA controls deployments scale in/out, along with re-execution of the Ansible playbook.




With the release of the Ansible Tower integration in vRA 7.5, levering the SovLabs plugin, a Cloud Administrator can automate the entire configuration and provisioning process, allowing IT teams to treat the infrastructure and application deployment in the same way application developers treat their application – with code.    A detailed recording of this integration along with production deployment use-cases is available at VMworld On-Demand Video Library.


Call to Action:

If you are attending VMworld Barcelona, I encourage you to attend the following sessions on vRealize Automation:

NET1723BE – Day 2 Automation of NSX Data Center Using vRealize Suite

MGT1652BE – Application Networking and Security with vRealize Automation and NSX-T

MGT2242BE – What’s New in vRealize Automation

MGT2528BE – vRealize Automation Architecture and Troubleshooting Deep Dive

MGT1773BE – Container Management and VMware PKS Support for vRealize Automation

MGT1312BE – Intro to VMware’s Cloud Management Automation Services. You agile enough?