Network managment

IP configuration

You can also use Ansible to get and configure the network stack of the VCSA.

Global network information

The appliance_networking_info exposes the state of the global network configuration:

- name: Get network information
  vmware.vmware_rest.appliance_networking_info:

response

{
    "changed": false,
    "value": {
        "dns": {
            "hostname": "vcenter.test",
            "mode": "DHCP",
            "servers": [
                "192.168.123.1"
            ]
        },
        "interfaces": {
            "nic0": {
                "ipv4": {
                    "address": "192.168.123.8",
                    "configurable": true,
                    "default_gateway": "192.168.123.1",
                    "mode": "DHCP",
                    "prefix": 24
                },
                "mac": "52:54:00:80:b3:86",
                "name": "nic0",
                "status": "up"
            }
        },
        "vcenter_base_url": "https://vcenter.test:443"
    }
}

And you can adjust the parameters with the appliance_networking module.

- name: Set network information
  vmware.vmware_rest.appliance_networking:
    ipv6_enabled: False

response

{
    "changed": true,
    "id": null,
    "value": {}
}

Network Interface configuration

The appliance_networking_interfaces_info returns a list of the Network Interface of the system:

- name: Get a list of the network interfaces
  vmware.vmware_rest.appliance_networking_interfaces_info:

response

{
    "changed": false,
    "value": [
        {
            "ipv4": {
                "address": "192.168.123.8",
                "configurable": true,
                "default_gateway": "192.168.123.1",
                "mode": "DHCP",
                "prefix": 24
            },
            "mac": "52:54:00:80:b3:86",
            "name": "nic0",
            "status": "up"
        }
    ]
}

You can also use the interface_name parameter to just focus on one single entry:

- name: Get details about one network interfaces
  vmware.vmware_rest.appliance_networking_interfaces_info:
    interface_name: nic0

response

{
    "changed": false,
    "id": "nic0",
    "value": {
        "ipv4": {
            "address": "192.168.123.8",
            "configurable": true,
            "default_gateway": "192.168.123.1",
            "mode": "DHCP",
            "prefix": 24
        },
        "mac": "52:54:00:80:b3:86",
        "name": "nic0",
        "status": "up"
    }
}

DNS configuration

The hostname configuration

The appliance_networking_dns_hostname_info module can be use to retrieve the hostname of the VCSA:

- name: Get the hostname configuration
  vmware.vmware_rest.appliance_networking_dns_hostname_info:

response

{
    "changed": false,
    "value": "vcenter.test"
}

The DNS servers

Use the appliance_networking_dns_servers_info to get DNS servers currently in use:

- name: Get the DNS servers
  vmware.vmware_rest.appliance_networking_dns_servers_info:
  ignore_errors: True  # May be failing because of the CI set-up

response

{
    "changed": false,
    "value": {
        "mode": "dhcp",
        "servers": [
            "192.168.123.1"
        ]
    }
}

The appliance_networking_dns_servers can be used to set a different name server.

- name: Set the DNS servers
  vmware.vmware_rest.appliance_networking_dns_servers:
    servers:
      - 192.168.123.1
    mode: is_static

response

{
    "changed": true,
    "value": {
        "mode": "is_static",
        "servers": [
            "192.168.123.1"
        ]
    }
}

You can test a list of servers if you set state=test:

- name: Test the DNS servers
  vmware.vmware_rest.appliance_networking_dns_servers:
    state: test
    servers:
      - var

response

{
    "changed": false,
    "value": {
        "messages": [
            {
                "message": "Failed to reach 'var'.",
                "result": "failure"
            }
        ],
        "status": "red"
    }
}

The search domain configuration

The search domain configuration can be done with appliance_networking_dns_domains and appliance_networking_dns_domains_info. The second module returns a list of domains:

- name: Get DNS domains configuration
  vmware.vmware_rest.appliance_networking_dns_domains_info:

response

{
    "changed": false,
    "value": [
        "foobar",
        "barfoo"
    ]
}

There is two way to set the search domain. By default the value you pass in domains will overwrite the existing domain:

- name: Update the domain configuration
  vmware.vmware_rest.appliance_networking_dns_domains:
    domains:
      - foobar

response

{
    "changed": true,
    "value": {}
}

If you instead use the state=add parameter, the domain value will complet the existing list of domains.

- name: Add another domain configuration
  vmware.vmware_rest.appliance_networking_dns_domains:
    domain: barfoo
    state: add

response

{
    "changed": false,
    "value": {}
}

Firewall settings

You can also configure the VCSA firewall. You can add new ruleset with the appliance_networking_firewall_inbound module. In this example, we reject all the traffic coming from the 1.2.3.0/24 subnet:

- name: Set a firewall rule
  vmware.vmware_rest.appliance_networking_firewall_inbound:
    rules:
      - address: 1.2.3.0
        prefix: 24
        policy: REJECT

response

{
    "changed": true,
    "value": {}
}

The appliance_networking_firewall_inbound_info module returns a list of the inbound ruleset:

- name: Get the firewall inbound configuration
  vmware.vmware_rest.appliance_networking_firewall_inbound_info:

response

{
    "changed": false,
    "value": [
        {
            "address": "1.2.3.0",
            "interface_name": "*",
            "policy": "REJECT",
            "prefix": 24
        }
    ]
}

HTTP proxy

You can also configurre the VCSA to go through a HTTP proxy. The collection provides a set of modules to configure the proxy server and manage the noproxy filter.

In this example, we will set up a proxy and configure the noproxy for redhat.com and ansible.com:

- name: Set the HTTP proxy configuration
  vmware.vmware_rest.appliance_networking_proxy:
    enabled: true
    server: https://datastore.test
    port: 3128
    protocol: https
- name: Set HTTP noproxy configuration
  vmware.vmware_rest.appliance_networking_noproxy:
    servers:
      - redhat.com
      - ansible.com

response

{
    "changed": true,
    "value": {}
}
{
    "changed": true,
    "value": {}
}

We can validate the configuration with the associated _info modules:

- name: Get the HTTP proxy configuration
  vmware.vmware_rest.appliance_networking_proxy_info:
- name: Get HTTP noproxy configuration
  vmware.vmware_rest.appliance_networking_noproxy_info:

response

{
    "changed": false,
    "value": {
        "ftp": {
            "enabled": false,
            "port": -1,
            "server": ""
        },
        "http": {
            "enabled": false,
            "port": -1,
            "server": ""
        },
        "https": {
            "enabled": true,
            "port": 3128,
            "server": "https://datastore.test"
        }
    }
}
{
    "changed": false,
    "value": [
        "redhat.com",
        "ansible.com",
        "localhost",
        "127.0.0.1"
    ]
}

And we finally reverse the configuration:

- name: Delete the HTTP proxy configuration
  vmware.vmware_rest.appliance_networking_proxy:
    config: {}
    protocol: http
    state: absent
- name: Remove the noproxy entries
  vmware.vmware_rest.appliance_networking_noproxy:
    servers: []

response

{
    "changed": true,
    "value": {}
}
{
    "changed": true,
    "value": {}
}