Skip to content

Instantly share code, notes, and snippets.

@dmc5179

dmc5179/README.md

Created December 4, 2025 15:55
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dmc5179/db744d990f394977dad86703178755ba to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dmc5179/db744d990f394977dad86703178755ba to your computer and use it in GitHub Desktop.
Download ZIP
Ansible playbook to create roles in vCenter with privileges
Raw
README.md

Ansible playbook to create roles in vCenter with privileges to install an OCP cluster using IPI mode

Requirements

ansible-galaxy collection install community.vmware

python3 -m pip install pyVim PyVmomi

Running the playbook

ansible-playbook --extra-vars "vcenter_hostname=vcenter.fqdn vcenter_username=username vcenter_password=something" ocp_vmware_roles.yml
Raw
ocp_vmware_roles.yml
---
- name: Create a vCenter Roles with privileges in support of installing an OpenShift cluster on VMWare with IPI
hosts: localhost
gather_facts: false
vars:
# --- vCenter Connection Variables ---
vcenter_hostname: "" # Replace with your vCenter FQDN or IP
vcenter_username: "" # Replace with your administrative user
vcenter_password: "" # Use Ansible Vault for production!
validate_certs: false # Set to true if you are using trusted certificates
# --- Role Variables ---
new_role_name: "OpenShift-vCenter-abc123" # Note: abc123 is appended to these names just to attempt to ensure uniqueness in a shared testing environment
OpenShift_vCenter_privileges: # Validated against OCP 4.20 docs
- Cns.Searchable
- InventoryService.Tagging.AttachTag
- InventoryService.Tagging.CreateCategory
- InventoryService.Tagging.CreateTag
- InventoryService.Tagging.DeleteCategory
- InventoryService.Tagging.DeleteTag
- InventoryService.Tagging.EditCategory
- InventoryService.Tagging.EditTag
- Sessions.ValidateSession
- StorageProfile.Update
- StorageProfile.View
OpenShift_Cluster_privileges: # Validated against OCP 4.20 docs
- Host.Config.Storage
- Resource.AssignVMToPool
- VApp.AssignResourcePool
- VApp.Import
- VirtualMachine.Config.AddNewDisk
OpenShift_ResourcePool_privileges: # Validated against OCP 4.20 docs
#- Host.Config.Storage
- Resource.AssignVMToPool
- VApp.AssignResourcePool
- VApp.Import
- VirtualMachine.Config.AddNewDisk
OpenShift_Datastore_privileges: # Validated against OCP 4.20 docs
- Datastore.AllocateSpace
- Datastore.Browse
- Datastore.FileManagement
- InventoryService.Tagging.ObjectAttachable
OpenShift_PortGroup_privileges: # Validated against OCP 4.20 docs
- Network.Assign
OpenShift_VMFolder_privileges: # Validated against OCP 4.20 docs
- InventoryService.Tagging.ObjectAttachable
- Resource.AssignVMToPool
- VApp.Import
- VirtualMachine.Config.AddExistingDisk
- VirtualMachine.Config.AddNewDisk
- VirtualMachine.Config.AddRemoveDevice
- VirtualMachine.Config.AdvancedConfig
- VirtualMachine.Config.Annotation
- VirtualMachine.Config.CPUCount
- VirtualMachine.Config.DiskExtend
- VirtualMachine.Config.DiskLease
- VirtualMachine.Config.EditDevice
- VirtualMachine.Config.Memory
- VirtualMachine.Config.RemoveDisk
- VirtualMachine.Config.Rename
- Host.Config.Storage
- VirtualMachine.Config.ResetGuestInfo
- VirtualMachine.Config.Resource
- VirtualMachine.Config.Settings
- VirtualMachine.Config.UpgradeVirtualHardware
- VirtualMachine.Interact.GuestControl
- VirtualMachine.Interact.PowerOff
- VirtualMachine.Interact.PowerOn
- VirtualMachine.Interact.Reset
- VirtualMachine.Inventory.Create
- VirtualMachine.Inventory.CreateFromExisting
- VirtualMachine.Inventory.Delete
- VirtualMachine.Provisioning.Clone
- VirtualMachine.Provisioning.DeployTemplate
- VirtualMachine.Provisioning.MarkAsTemplate
OpenShift_Datacenter_privileges: # Validated against OCP 4.20 docs
- InventoryService.Tagging.ObjectAttachable
- Resource.AssignVMToPool
- VApp.Import
- VirtualMachine.Config.AddExistingDisk
- VirtualMachine.Config.AddNewDisk
- VirtualMachine.Config.AddRemoveDevice
- VirtualMachine.Config.AdvancedConfig
- VirtualMachine.Config.Annotation
- VirtualMachine.Config.CPUCount
- VirtualMachine.Config.DiskExtend
- VirtualMachine.Config.DiskLease
- VirtualMachine.Config.EditDevice
- VirtualMachine.Config.Memory
- VirtualMachine.Config.RemoveDisk
- VirtualMachine.Config.Rename
- VirtualMachine.Config.ResetGuestInfo
- VirtualMachine.Config.Resource
- VirtualMachine.Config.Settings
- VirtualMachine.Config.UpgradeVirtualHardware
- VirtualMachine.Interact.GuestControl
- VirtualMachine.Interact.PowerOff
- VirtualMachine.Interact.PowerOn
- VirtualMachine.Interact.Reset
- VirtualMachine.Inventory.Create
- VirtualMachine.Inventory.CreateFromExisting
- VirtualMachine.Inventory.Delete
- VirtualMachine.Provisioning.Clone
- VirtualMachine.Provisioning.DeployTemplate
- VirtualMachine.Provisioning.MarkAsTemplate
- Folder.Create
- Folder.Delete
tasks:
- name: Create or add to Openshift-vCenter role with privileges to vCenter
community.vmware.vmware_local_role_manager:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
validate_certs: "{{ validate_certs }}"
local_role_name: "OpenShift-vCenter-abc123"
local_privilege_ids: "{{ OpenShift_vCenter_privileges }}"
state: present
delegate_to: localhost
- name: Create or add to OpenShift-Cluster role with privileges to vCenter
community.vmware.vmware_local_role_manager:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
validate_certs: "{{ validate_certs }}"
local_role_name: "OpenShift-Cluster-abc123"
local_privilege_ids: "{{ OpenShift_Cluster_privileges }}"
state: present
delegate_to: localhost
- name: Create or add to OpenShift-ResourcePool role with privileges to vCenter
community.vmware.vmware_local_role_manager:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
validate_certs: "{{ validate_certs }}"
local_role_name: "OpenShift-ResourcePool-abc123"
local_privilege_ids: "{{ OpenShift_ResourcePool_privileges }}"
state: present
delegate_to: localhost
- name: Create or add to OpenShift-Datastore role with privileges to vCenter
community.vmware.vmware_local_role_manager:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
validate_certs: "{{ validate_certs }}"
local_role_name: "OpenShift-Datastore-abc123"
local_privilege_ids: "{{ OpenShift_Datastore_privileges }}"
state: present
delegate_to: localhost
- name: Create or add to OpenShift-PortGroup role with privileges to vCenter
community.vmware.vmware_local_role_manager:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
validate_certs: "{{ validate_certs }}"
local_role_name: "OpenShift-PortGroup-abc123"
local_privilege_ids: "{{ OpenShift_PortGroup_privileges }}"
state: present
delegate_to: localhost
- name: Create or add to OpenShift-VMFolder role with privileges to vCenter
community.vmware.vmware_local_role_manager:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
validate_certs: "{{ validate_certs }}"
local_role_name: "OpenShift-VMFolder-abc123"
local_privilege_ids: "{{ OpenShift_VMFolder_privileges }}"
state: present
delegate_to: localhost
- name: Create or add to OpenShift-Datacenter role with privileges to vCenter
community.vmware.vmware_local_role_manager:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
validate_certs: "{{ validate_certs }}"
local_role_name: "OpenShift-Datacenter-abc123"
local_privilege_ids: "{{ OpenShift_Datacenter_privileges }}"
state: present
delegate_to: localhost
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment