Recently a requirement came, where VMware VCSA 6.x compliance need to be checked using Ansible. Vendor wants to use VMware RestApi [Not interested to use VMware Python SDK].
Note: VMware Ansible module comes with VMware Python SDK [PyVmomi]. This compliance check was having
ssh , ipv6, ntp, CA certs, DNS check and set (in case of value has changed). Most of the option was available except CA cert check. Below yaml code has three parts;
- VCSA login
- cert fetch
- logging
—-vc_cert_check.yaml–
This is used for Product hardening!!