Working with Azure using Ansible

Ansible includes a suite of modules for interacting with “Azure Resource Manager”, giving you the tools to easily create and orchestrate infrastructure on the Microsoft Azure Cloud.

Step 1 – Requirements – Azure SDK in Ansible Control Server
Using the Azure Resource Manager modules requires having specific Azure SDK modules installed on the host running Ansible.’

Note – You can also directly run Ansible in Azure Cloud Shell, where Ansible is pre-installed.

Step 2 – Authenticating with Azure
Using the Azure Resource Manager modules requires authenticating with the Azure API. You can choose from two authentication strategies:

  • Active Directory Username/Password
  • Active Directory Username/Password

Step 3 – Setting up “Service Principal Credentials”

Please follow this steps – https://docs.microsoft.com/en-gb/azure/active-directory/develop/howto-create-service-principal-portal

After stepping through the tutorial you will have:

Client ID – Your Client ID, which is found in the “client id” box in the “Configure” page of your application in the Azure portal

Secret key – Your Secret key, generated when you created the application. You cannot show the key after creation. If you lost the key, you must create a new one in the “Configure” page of your application.

tenant ID – And finally, a tenant ID. It’s a UUID (e.g. ABCDEFGH-1234-ABCD-1234-ABCDEFGHIJKL) pointing to the AD containing your application. You will find it in the URL from within the Azure portal, or in the “view endpoints” of any given URL.

Azure Subscription Id –

Step 4 – Providing Credentials to Azure Modules

Method – 1 – Ansible Tower, you will most likely want to use environment variables. To pass service principal credentials via the environment, define the following variables:
AZURE_CLIENT_ID
AZURE_SECRET
AZURE_SUBSCRIPTION_ID
AZURE_TENANT

Method – 2 – A file within your home directory. The modules will look for credentials in $HOME/.azure/credentials [default]
subscription_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
client_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
secret=xxxxxxxxxxxxxxxxx
tenant=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Method – 3 – Pass credentials as parameters to a task within a playbook. If you wish to pass credentials as parameters to a task, use the following parameters for service principal:
client_id
secret
subscription_id
tenant

Step 4 – Creating a Virtual Machine with Default Options
If you simply want to create a virtual machine without specifying all the details, you can do that as well. The only caveat is that you will need a virtual network with one subnet already in your resource group. Assuming you have a virtual network already with an existing subnet, you can run the following to create a VM:

Step 5 – Creating Individual Components
An Azure module is available to help you create a storage account, virtual network, subnet, network interface, security group and public IP. Here is a full example of creating each of these and passing the names to the azure_rm_virtualmachine module at the end: