Automating CSR and ESXI Deployments with Ansible!

Labbing is an important way to improve your skills and gain experiences with new technologies! There are tons of ways to Lab with a lot of professionals transitioning from Physical to Virtual Labs especially with CML, GNS3 and EVE-NG. In my Lab, I have been using a lot of Virtual Appliances (CSR, FTDv, PALOv, ESXI, etc) as I prefer to run directly on the Hypervisor/Network without introducing additional layers of virtualization if possible.

When running directly on the hypervisor/network, you lose the ability to “drag a router” onto your topology and cable it up. Instead you need to deploy an OVA and populate all the parameters before it is ready to go. Doing this once or twice is fine but if you are looking to deploy 10 virtual CSRs it becomes a lot of repeat clicking and importing. So I automated this with Ansible!

This code is publically available on my github (@VirTaylor)! It is currently set up for the CSRs running IOS XE 17.2 as well as the Nested ESXI OVA that has been made famous by William Lam at VirtuallyGhetto. I have plans to create/update to support the deployment of FTDv and PALOv but in theory this could be adapted to deploy an OVA. Lets see how it works!

At the core, the playbooks leveragte the community.vmware collection that is available from This allows the “deploy_ovf” module to be called within the playbook. I have structured all the tasks in each of the “main.yml” files to leverage variables which are defined and controlled in the “answerfile.yml”.

# Infrastructure
vcenter: "enter-fqdn-or-ip-of-vcenter" # vcsa.lab.local
vc_user: "enter-username-of-ansible-account-to-deploy-ova" # [email protected]
vc_pass: "enter-password-of-ansible-account-to-deploy-ova" # Password123
vc_dc: "enter-name-of-destination-dataceter" # Lab Datacenter
vc_cluster: "enter-name-of-destination-cluster" # Lab Cluster
datastore: "enter-name-destination-datastore" # datastore1

# CSR Deployment Options
csr_abs_ova_path: "enter-absolute-path-of-ova" # /mnt/s/Cisco/csr1000v-universalk9.17.02.02.ova
csr_folder: "enter-vsphere-folder-path-for-organizartion" # Datacenter/vm/CSR
csr_gig1: "enter-port-group-for-interface3" # VM Network
csr_gig2: "enter-port-group-for-interface1" # VM Network
csr_gig3: "enter-port-group-for-interface3" # VM Network
csr_admin_username: "enter-default-admin-username" # admin
csr_admin_password: "enter-default-admin-password" # Password123
csr_domain_name: "enter-domain-name" # lab.local
csr_mgmt_mask: "enter-mgmt-subnet-mask" #
csr_enable_password: "enter-enable-password" # Enable123
csr_license_level: "ax" # ax
csr_mgmt_gateway: "enter-mgmt-gateway" #

# ESXI Deployment Options
esxi_abs_ova_path: "enter-absolute-path-of-ova" # /mnt/s/ESXI/Nested_ESXi7.0u1_Appliance_Template_v1.ova
esxi_folder: "enter-vsphere-folder-path-for-organizartion" # Datacenter/vm/ESXI
esxi_int: "enter-port-group-for-interface" # VM Network
esxi_root_password: "enter-nexted-esxi-root-password" # Password123
esxi_domain_name: "enter-domain-name" # lab.local
esxi_mgmt_mask: enter-mgmt-subnet-mask" #
esxi_mgmt_gateway: "enter-mgmt-gateway" #
esxi_mgmt_vlan: "enter-mgmt-vlan-id" # 1
esxi_dns_servers: "enter-dns-servers-comma-seperated" #,

These values are referenced during the deployment/configuration of the Virtual Appliances. You may be wondering how we are able to configure the appliance during deployment. With every OVA, there are a series of “VAPP Properties” that are defined and then passed through to the VM during the boot process. You can view these values by going to the following configuration path within vCenter.

Name of Virtual Machine -> Configure -> Settings -> VAPP Properties. If you are looking at a CSR, it will look something like this:

VAPP Properties of a Virtual Cloud Service Router

These values are setup as a Key Value Pair and are also visable when you deploy the OVA Manual. Often there are additional keys that can be leveraged and understood by the deployment. For example the CSRs will understand the following:

 type: string
 value: insert_standard_ios_configuration_here

This allows you to enter any IOS configuration that is installed to the configuration on first bootup. I am using this to create a Management VRF and configure GigabitEthernet3 as the Management Interface. The options are endless, you can theoretically pass the configuration for TACACS or your initial dynamic routing configuration. Just make sure to increment the X in the ID for each command (1 being the first command).

So how do I run this in my environment?

First you should validate that you have installed the various packages that are listed in the repository on github. Then you will want to update the answerfile.yml and inventory file to match your environment and specifications. You may be required to download the appropriate OVAs if those are not readily available. If you are only using this code to deploy the CSRs, you can skip the handful of variables that are within the ESXI Deployment section. When it is time to run the playbook, use the following command:

ansible-playbook deploy_ova.yml -i inventory -l <host_group>

The “-l <host_group> is not required if you have a clean and commented inventory file.

Reach out on Twitter (@VirTaylor) if you are using my code. I want to know the things that work well and the things that do not work at all! Intend to keep expanding on this to include additional products! If you have any recommendations do not be shy!

Happy Automating!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s