Labbing is an important way to improve your skills and gain experiences with new technologies! There are tons of ways to Lab with a lot of professionals transitioning from Physical to Virtual Labs especially with CML, GNS3 and EVE-NG. In my Lab, I have been using a lot of Virtual Appliances (CSR, FTDv, PALOv, ESXI, etc) as I prefer to run directly on the Hypervisor/Network without introducing additional layers of virtualization if possible.
When running directly on the hypervisor/network, you lose the ability to “drag a router” onto your topology and cable it up. Instead you need to deploy an OVA and populate all the parameters before it is ready to go. Doing this once or twice is fine but if you are looking to deploy 10 virtual CSRs it becomes a lot of repeat clicking and importing. So I automated this with Ansible!
This code is publically available on my github (@VirTaylor)! It is currently set up for the CSRs running IOS XE 17.2 as well as the Nested ESXI OVA that has been made famous by William Lam at VirtuallyGhetto. I have plans to create/update to support the deployment of FTDv and PALOv but in theory this could be adapted to deploy an OVA. Lets see how it works!
At the core, the playbooks leveragte the community.vmware collection that is available from https://galaxy.ansble.com. This allows the “deploy_ovf” module to be called within the playbook. I have structured all the tasks in each of the “main.yml” files to leverage variables which are defined and controlled in the “answerfile.yml”.
# Infrastructure vcenter: "enter-fqdn-or-ip-of-vcenter" # vcsa.lab.local vc_user: "enter-username-of-ansible-account-to-deploy-ova" # firstname.lastname@example.org vc_pass: "enter-password-of-ansible-account-to-deploy-ova" # Password123 vc_dc: "enter-name-of-destination-dataceter" # Lab Datacenter vc_cluster: "enter-name-of-destination-cluster" # Lab Cluster datastore: "enter-name-destination-datastore" # datastore1 # CSR Deployment Options csr_abs_ova_path: "enter-absolute-path-of-ova" # /mnt/s/Cisco/csr1000v-universalk9.17.02.02.ova csr_folder: "enter-vsphere-folder-path-for-organizartion" # Datacenter/vm/CSR csr_gig1: "enter-port-group-for-interface3" # VM Network csr_gig2: "enter-port-group-for-interface1" # VM Network csr_gig3: "enter-port-group-for-interface3" # VM Network csr_admin_username: "enter-default-admin-username" # admin csr_admin_password: "enter-default-admin-password" # Password123 csr_domain_name: "enter-domain-name" # lab.local csr_mgmt_mask: "enter-mgmt-subnet-mask" # 255.255.255.0 csr_enable_password: "enter-enable-password" # Enable123 csr_license_level: "ax" # ax csr_mgmt_gateway: "enter-mgmt-gateway" # 10.10.10.1 # ESXI Deployment Options esxi_abs_ova_path: "enter-absolute-path-of-ova" # /mnt/s/ESXI/Nested_ESXi7.0u1_Appliance_Template_v1.ova esxi_folder: "enter-vsphere-folder-path-for-organizartion" # Datacenter/vm/ESXI esxi_int: "enter-port-group-for-interface" # VM Network esxi_root_password: "enter-nexted-esxi-root-password" # Password123 esxi_domain_name: "enter-domain-name" # lab.local esxi_mgmt_mask: enter-mgmt-subnet-mask" # 255.255.255.0 esxi_mgmt_gateway: "enter-mgmt-gateway" # 10.10.10.1 esxi_mgmt_vlan: "enter-mgmt-vlan-id" # 1 esxi_dns_servers: "enter-dns-servers-comma-seperated" # 10.10.10.1, 10.10.10.2
These values are referenced during the deployment/configuration of the Virtual Appliances. You may be wondering how we are able to configure the appliance during deployment. With every OVA, there are a series of “VAPP Properties” that are defined and then passed through to the VM during the boot process. You can view these values by going to the following configuration path within vCenter.
Name of Virtual Machine -> Configure -> Settings -> VAPP Properties. If you are looking at a CSR, it will look something like this:
These values are setup as a Key Value Pair and are also visable when you deploy the OVA Manual. Often there are additional keys that can be leveraged and understood by the deployment. For example the CSRs will understand the following:
id: com.cisco.csr1000v.ios-config-000X.1 type: string value: insert_standard_ios_configuration_here
This allows you to enter any IOS configuration that is installed to the configuration on first bootup. I am using this to create a Management VRF and configure GigabitEthernet3 as the Management Interface. The options are endless, you can theoretically pass the configuration for TACACS or your initial dynamic routing configuration. Just make sure to increment the X in the ID for each command (1 being the first command).
So how do I run this in my environment?
First you should validate that you have installed the various packages that are listed in the repository on github. Then you will want to update the answerfile.yml and inventory file to match your environment and specifications. You may be required to download the appropriate OVAs if those are not readily available. If you are only using this code to deploy the CSRs, you can skip the handful of variables that are within the ESXI Deployment section. When it is time to run the playbook, use the following command:
ansible-playbook deploy_ova.yml -i inventory -l <host_group>
The “-l <host_group> is not required if you have a clean and commented inventory file.
Reach out on Twitter (@VirTaylor) if you are using my code. I want to know the things that work well and the things that do not work at all! Intend to keep expanding on this to include additional products! If you have any recommendations do not be shy!