Update VMware ESXi Hosts with Ansible


Ansible is a great tool to perform various automation tasks quickly and easily. I really enjoy using it in the home lab to automate various tasks. Have you ever wanted to update multiple standalone ESXi hosts in an automated way? Do you SSH into each of your hosts and run the ESXCLI update command manually? In this quick automation post, let’s take a look at how you can update VMware ESXi hosts with Ansible.

Can Ansible Update ESXi?

When i first started looking at how to do this, I was assuming their many be a special VMware Ansible command to update ESXi hosts, however, I didn’t not find it (correct me if I missed it altogether.

However, I found that in general, if you setup Ansible to talk to ESXi like you would most other Linux hosts, SSH connections can be successfully made and shell commands can be executed against your ESXi host.

You can simply pass your esxcli software profile update command in the shell command of an Ansible playbook, and it will run it as you would expect.

Configuring Ansible to Connect to ESXi

Just a bit of background on my environment. On my Ubuntu Ansible VM, I have Ansible 2.8.8 running. In addition, I have an inventory file that defines the ESXi hosts, a group vars directory that contains group variables for my specific ESXi hosts, and then also a playbook specific to my vmware hosts.

The inventory.yml file looks like the following:


My vmware.yml file contains the following:


  - hosts: vmware
      - vmware

My group_vars folder looks like the following. As you can see I have my various files specific to what I am working with.

|-- group_vars
|   |-- dcs.yml
|   |-- linux.yml
|   |-- oneoff.yml
|   |-- vmware.yml
|   |-- winservers.yml
|   `-- workstations.yml

The vmware.yml file in the group_vars folder listed above, contains the following:

ansible_user: root
ansible_port: 22
host_key_checking: false

The vmware role folder contains the following:

|-- vmware
|   |-- tasks
|   |   `-- main.yml
|   `-- templates

My Ansible task file main.yml underneath my vmware role folder contains the following:


- name: Test command
  shell: esxcli software profile update -d /vmfs/volumes/<datastore name>/ESXi670-201912001.zip --profile=ESXi-6.7.0-20191204001-standard

If you want to pull from the online VMware patch depot, just use the same with the following change:


- name: Test command
  shell: esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.7.0-20191204001-standard

Update VMware ESXi Hosts with Ansible

Now, to actually run the VMware ESXi host update using Ansible. This can easily be done in Ansible 2.8.8 with the following command:

ansible-playbook vmware.yml

AS you can see below, the ansible-playbook command is passed the file specific to our vmware role. The -vvv adds extra verbosity and the –ask-pass as you would imagine is what causes the prompt for the SSH password.

Running-Ansible-to-update-your-ESXi-host-and-entering-the-SSH-password Update VMware ESXi Hosts with Ansible
Running Ansible to update your ESXi host and entering the SSH password

After running the esxcli update command via Ansible, it completes successfully and you will see the same messages you are used to when updating from the ESXi shell. A reboot is prompted.

ESXCLI-update-command-finishes-running-and-prompted-for-reboot Update VMware ESXi Hosts with Ansible
ESXCLI update command finishes running and prompted for reboot

You will see the normal ok and changed output from your Ansible playbook.

Ansible-playbook-finishes-running-on-an-ESXi-host Update VMware ESXi Hosts with Ansible

Wrapping Up

Using Ansible you can do all kinds of configuration management of your VMware vSphere environment. While there isn’t an Ansible module explicitly for this purpose, Ansible can talk natively to ESXi as it would with any Linux host via SSH.

This allows doing many cool things like update VMware ESXi Hosts with Ansible. Using Ansible makes it easy to quickly and easily update many standalone ESXi hosts that you may want to update without SSH’ing into each one, manually running the commands, and moving on to the next host. This provides a much quicker way to get all your hosts up to a specific patch level without using VMware vSphere Update Manager.

StarWind VSAN