This guide shows you how to prepare an ESXi host, so that Ansible can be used with SSH Key-Based Authentication to automate administration tasks.
Did you know, it’s possible to automate admin tasks on VMware vSphere ESXi hosts with Ansible? For example, you might want to modify the hosts file on hundreds of ESXi hosts in your cluster. Or you could even automate the installation of Lets Encrypt SSL certificates on each host.
This post will show you how to prepare your hosts so that Ansible can communicate with them, allowing you to write playbooks for any kind of task you want to run.
The first thing we need to do is enable SSH on our ESXi hosts. Login to each host via the web client and perform the following steps.
Click Services, scroll down and click on TSM-SSH, click Actions, Policy then Start and stop with host.
Click Actions again, then click Start.
Test you can connect to the host via SSH by running the following command at the terminal (replacing 10.1.1.11 with the IP of your host):
$ ssh firstname.lastname@example.org
The time and date of this login have been sent to the system logs.
All commands run on the ESXi shell are logged and may be included in
support bundles. Do not provide passwords directly on the command line.
Most tools can prompt for secrets or accept them from standard input.
VMware offers supported, powerful system administration tools. Please
see www.vmware.com/go/sysadmintools for details.
The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
Step 2: Copy your SSH public key to the ESXi Host
You’ll notice in the previous step, a password was required when connecting via SSH. I’ve found Key-Based Authentication works better with Ansible so we’ll configure our host to use it in the following steps.
The ssh-copy-id command won’t work with ESXi hosts because the authorized_keys file is in a none standard location.
Assuming you’ve already created a key pair on your local machine, running the following command on each host should copy your public key to the correct location.