Patching and Updating Prism Services via Playbooks

Paul Bryant

10 months ago

Introduction

Nutanix Prism Central and Prism Element updates are essential for security and performance. But manual patching risks inconsistencies, missed steps, and delays. With Ansible, you can validate upgrade readiness, schedule updates, and report results, all in a controlled and automated way.

My Personal Repository on GitHub

Nutanix Repository on GitHub

Diagram: Prism Update Automation Flow

Use Case

Automate pre-patch health checks
Install Prism Central or PE hotfixes
Schedule updates during change windows

Sample Playbook: `patch_prism_services.yml`

This example assumes you are using a REST API wrapper task or uri module until a dedicated Ansible module is available for LCM actions.

- name: Nutanix Prism Update Orchestration
  hosts: localhost
  gather_facts: false
  vars_files:
    - nutanix_credentials.yml
  vars:
    prism_host: "prism.example.com"
    patch_id: "PATCH-2025.07"
  tasks:

    - name: Check current Prism health
      uri:
        url: "https://{{ prism_host }}:9440/PrismGateway/services/rest/v2.0/cluster"
        method: GET
        user: "{{ nutanix_username }}"
        password: "{{ nutanix_password }}"
        force_basic_auth: true
        validate_certs: false
      register: cluster_health

    - name: Confirm cluster is healthy
      fail:
        msg: "Prism is not healthy. Aborting patch."
      when: cluster_health.json.cluster_info.state != "NORMAL"

    - name: Trigger patch download
      uri:
        url: "https://{{ prism_host }}:9440/api/nutanix/v3/lcm/entities/updates"
        method: POST
        headers:
          Content-Type: "application/json"
        body_format: json
        user: "{{ nutanix_username }}"
        password: "{{ nutanix_password }}"
        body:
          entity_ids: ["{{ patch_id }}"]
          operation_type: "DOWNLOAD_AND_INSTALL"
        force_basic_auth: true
        validate_certs: false
      register: patch_job

    - name: Report patch job status
      debug:
        msg: "Patch started. Job ID: {{ patch_job.json.status }}"

Notes on Patching Logic

Replace patch_id with the actual ID from Nutanix LCM
Use GET requests to monitor job status (/lcm/jobs/{job_id})
Validate API results post-update

Scheduling the Patch

Run via cron or Ansible Tower with approval workflows for staged updates.

Summary

Patching Nutanix Prism services via Ansible removes guesswork and downtime risk. By chaining readiness checks with upgrade jobs, you ensure repeatability and reduce reliance on the GUI. Future enhancements will integrate LCM modules into the Nutanix Ansible collection for native support.

External Documentation:

Nutanix LCM and Upgrade Documentation

User and Role Management via Ansible and Prism Central

Introduction Role-based access control (RBAC) in Nutanix is critical to secure infrastructure operations. Prism Central allows you to define users, roles, and...

Deploying Multi-VM Applications on AHV with Ansible

Introduction Many enterprise applications require multiple virtual machines, web frontends, app layers, and databases. With Ansible and Nutanix AHV, you can define entire application stacks in YAML and deploy them…