Introduction
Enforcing configuration standards across Nutanix AHV VMs is critical for operational consistency and audit readiness. This article walks through an Ansible playbook that checks VM power state, memory, CPU, disk, and tags, reporting back on any non-compliant settings.
My Personal Repository on GitHub
Diagram: VM Compliance Audit Flow
Use Case
- Confirm VMs match baseline specs
- Detect oversized or powered-off systems
- Audit tags or business unit assignments
Define Compliance Policy
vm_policy:
min_memory_mib: 4096
allowed_power_states: ["on"]
required_tags:
- "env:prod"
- "owner:ops"
Playbook: vm_compliance_audit.yml
- name: Nutanix VM Compliance Audit
hosts: localhost
gather_facts: false
collections:
- nutanix.ncp
vars_files:
- nutanix_credentials.yml
vars:
vm_policy:
min_memory_mib: 4096
allowed_power_states: ["on"]
required_tags:
- "env:prod"
- "owner:ops"
tasks:
- name: Get all VMs
nutanix.ncp.vms_info:
cluster_name: "prod-cluster"
register: vm_info
- name: Audit VM settings
loop: "{{ vm_info.vms }}"
loop_control:
loop_var: vm
block:
- name: Check power state
debug:
msg: "{{ vm.name }}: Power state '{{ vm.power_state }}' is {{ 'OK' if vm.power_state in vm_policy.allowed_power_states else 'Non-compliant' }}"
- name: Check memory
debug:
msg: "{{ vm.name }}: Memory = {{ vm.memory_size_mib }} MB → {{ 'OK' if vm.memory_size_mib >= vm_policy.min_memory_mib else 'Too low' }}"
- name: Check tags
debug:
msg: "{{ vm.name }} tags = {{ vm.categories | default([]) }} → OK if contains {{ vm_policy.required_tags }}"
Output Example
web01: Power state 'on' is OK
web01: Memory = 8192 MB → OK
web01 tags = ['env:prod', 'owner:ops'] → OK
db01: Power state 'off' is Non-compliant
Optional Enhancements
- Export results to CSV or JSON
- Send summary via email or Slack
- Auto-tag non-compliant VMs
Run the Playbook
ansible-playbook vm_compliance_audit.yml --ask-vault-pass -i inventory.yml
Summary
With just a few lines of YAML, Ansible can audit VM configuration drift across your Nutanix AHV estate. Extend this playbook to report exceptions, trigger remediation, or meet internal compliance policies.
External Documentation:
Patching and Updating Prism Services via Playbooks
Introduction Nutanix Prism Central and Prism Element updates are essential for security and performance. But manual patching risks inconsistencies, missed steps, and...