Ansible Playbooks for VM Compliance Reporting on Nutanix

Paul Bryant

6 months ago

Introduction

Enforcing configuration standards across Nutanix AHV VMs is critical for operational consistency and audit readiness. This article walks through an Ansible playbook that checks VM power state, memory, CPU, disk, and tags, reporting back on any non-compliant settings.

My Personal Repository on GitHub

Nutanix Repository on GitHub

Diagram: VM Compliance Audit Flow

Use Case

Confirm VMs match baseline specs
Detect oversized or powered-off systems
Audit tags or business unit assignments

Define Compliance Policy

vm_policy:
  min_memory_mib: 4096
  allowed_power_states: ["on"]
  required_tags:
    - "env:prod"
    - "owner:ops"

Playbook: `vm_compliance_audit.yml`

- name: Nutanix VM Compliance Audit
  hosts: localhost
  gather_facts: false
  collections:
    - nutanix.ncp
  vars_files:
    - nutanix_credentials.yml
  vars:
    vm_policy:
      min_memory_mib: 4096
      allowed_power_states: ["on"]
      required_tags:
        - "env:prod"
        - "owner:ops"
  tasks:

    - name: Get all VMs
      nutanix.ncp.vms_info:
        cluster_name: "prod-cluster"
      register: vm_info

    - name: Audit VM settings
      loop: "{{ vm_info.vms }}"
      loop_control:
        loop_var: vm
      block:
        - name: Check power state
          debug:
            msg: "{{ vm.name }}: Power state '{{ vm.power_state }}' is {{ 'OK' if vm.power_state in vm_policy.allowed_power_states else 'Non-compliant' }}"

        - name: Check memory
          debug:
            msg: "{{ vm.name }}: Memory = {{ vm.memory_size_mib }} MB → {{ 'OK' if vm.memory_size_mib >= vm_policy.min_memory_mib else 'Too low' }}"

        - name: Check tags
          debug:
            msg: "{{ vm.name }} tags = {{ vm.categories | default([]) }} → OK if contains {{ vm_policy.required_tags }}"

Output Example

web01: Power state 'on' is OK
web01: Memory = 8192 MB → OK
web01 tags = ['env:prod', 'owner:ops'] → OK
db01: Power state 'off' is Non-compliant

Optional Enhancements

Export results to CSV or JSON
Send summary via email or Slack
Auto-tag non-compliant VMs

Run the Playbook

ansible-playbook vm_compliance_audit.yml --ask-vault-pass -i inventory.yml

Summary

With just a few lines of YAML, Ansible can audit VM configuration drift across your Nutanix AHV estate. Extend this playbook to report exceptions, trigger remediation, or meet internal compliance policies.

External Documentation:

Patching and Updating Prism Services via Playbooks

Introduction Nutanix Prism Central and Prism Element updates are essential for security and performance. But manual patching risks inconsistencies, missed steps, and...

Auto-Generate Nutanix Reports with Ansible and Email Integration

Introduction Nutanix operations teams benefit from having a consolidated daily snapshot of cluster health, VM status, and storage capacity. With Ansible, you can automate report generation and email delivery. This…