{"id":5948,"date":"2019-02-20T09:25:40","date_gmt":"2019-02-20T09:25:40","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=5948"},"modified":"2021-11-16T11:45:51","modified_gmt":"2021-11-16T11:45:51","slug":"working-with-azure-using-ansible","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/working-with-azure-using-ansible\/","title":{"rendered":"Working with Azure using Ansible"},"content":{"rendered":"\n
\"\"<\/figure><\/div>\n\n\n\n

Ansible includes a suite of modules for interacting with “Azure Resource Manager”, giving you the tools to easily create and orchestrate infrastructure on the Microsoft Azure Cloud.<\/p>\n\n\n\n

Step 1 – Requirements – Azure SDK in Ansible Control Server<\/strong>
Using the Azure Resource Manager modules requires having specific Azure SDK modules installed on the host running Ansible.’<\/p>\n\n\n

$ pip install 'ansible[azure]'<\/span><\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n\n\n
Note – You can also directly run Ansible in Azure Cloud Shell, where Ansible is pre-installed.<\/p>\n\n\n\n
Step 2 – Authenticating with Azure<\/strong>
 Using the Azure Resource Manager modules requires authenticating with the Azure API. You can choose from two authentication strategies:<\/p>\n\n\n\n
  • Active Directory Username\/Password<\/li>
  • Active Directory Username\/Password<\/li><\/ul>\n\n\n\n
    Step 3 – Setting up “Service Principal Credentials”<\/strong><\/p>\n\n\n\n
    Please follow this steps – https:\/\/docs.microsoft.com\/en-gb\/azure\/active-directory\/develop\/howto-create-service-principal-portal<\/p>\n\n\n\n
    After stepping through the tutorial you will have:<\/p>\n\n\n\n
    Client ID – <\/strong>Your Client ID, which is found in the \u201cclient id\u201d box in the \u201cConfigure\u201d page of your application in the Azure portal<\/p>\n\n\n\n
    Secret key – <\/strong>Your Secret key, generated when you created the application. You cannot show the key after creation. If you lost the key, you must create a new one in the \u201cConfigure\u201d page of your application.<\/p>\n\n\n\n
    tenant ID –<\/strong> And finally, a tenant ID. It\u2019s a UUID (e.g. ABCDEFGH-1234-ABCD-1234-ABCDEFGHIJKL) pointing to the AD containing your application. You will find it in the URL from within the Azure portal, or in the \u201cview endpoints\u201d of any given URL.<\/p>\n\n\n\n
    Azure Subscription Id –<\/strong><\/p>\n\n\n\n
    Step 4 –  Providing Credentials to Azure Modules<\/strong><\/p>\n\n\n\n
    <\/p>\n\n\n\n
    Method – 1 –    <\/strong>Ansible Tower, you will most likely want to use environment variables. To pass service principal credentials via the environment, define the following variables:
     AZURE_CLIENT_ID
     AZURE_SECRET
     AZURE_SUBSCRIPTION_ID
     AZURE_TENANT<\/p>\n\n\n\n
    Method – 2 – <\/strong>A file within your home directory. The modules will look for credentials in $HOME\/.azure\/credentials [default]
     subscription_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
     client_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
     secret=xxxxxxxxxxxxxxxxx
     tenant=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx<\/p>\n\n\n\n
    Method – 3 – <\/strong>Pass credentials as parameters to a task within a playbook. If you wish to pass credentials as parameters to a task, use the following parameters for service principal:
     client_id
     secret
     subscription_id
     tenant<\/p>\n\n\n\n
    Step 4 –  <\/strong>Creating a Virtual Machine with Default Options
     If you simply want to create a virtual machine without specifying all the details, you can do that as well. The only caveat is that you will need a virtual network with one subnet already in your resource group. Assuming you have a virtual network already with an existing subnet, you can run the following to create a VM:<\/p>\n\n\n
    azure_rm_virtualmachine:\n  resource_group: Testing\n  name<\/span>: testvm10\n  vm_size<\/span>: Standard_D1\n  admin_username<\/span>: chouseknecht\n  ssh_password_enabled<\/span>: false<\/span>\n  ssh_public_keys<\/span>: \"{{ ssh_keys }}\"<\/span>\n  image<\/span>:\n    offer: CentOS\n    publisher<\/span>: OpenLogic\n    sku<\/span>: '7.1'<\/span>\n    version<\/span>: latest<\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n\n\n
    Step 5 –  Creating Individual Components<\/strong>
     An Azure module is available to help you create a storage account, virtual network, subnet, network interface, security group and public IP. Here is a full example of creating each of these and passing the names to the azure_rm_virtualmachine module at the end:<\/p>\n\n\n
    - name: Create storage account\n  azure_rm_storageaccount:\n    resource_group: Testing\n    name: testaccount001\n    account_type: Standard_LRS\n\n- name: Create virtual network\n  azure_rm_virtualnetwork:\n    resource_group: Testing\n    name: testvn001\n    address_prefixes: \"10.10.0.0\/16\"<\/span>\n\n- name: Add subnet\n  azure_rm_subnet:\n    resource_group: Testing\n    name: subnet001\n    address_prefix: \"10.10.0.0\/24\"<\/span>\n    virtual_network: testvn001\n\n- name: Create public<\/span> ip\n  azure_rm_publicipaddress:\n    resource_group: Testing\n    allocation_method: Static<\/span>\n    name: publicip001\n\n- name: Create security group that allows SSH\n  azure_rm_securitygroup:\n    resource_group: Testing\n    name: secgroup001\n    rules:\n      - name: SSH\n        protocol: Tcp\n        destination_port_range: 22<\/span>\n        access: Allow\n        priority: 101<\/span>\n        direction: Inbound\n\n- name: Create NIC\n  azure_rm_networkinterface:\n    resource_group: Testing\n    name: testnic001\n    virtual_network: testvn001\n    subnet: subnet001\n    public_ip_name: publicip001\n    security_group: secgroup001\n\n- name: Create virtual machine\n  azure_rm_virtualmachine:\n    resource_group: Testing\n    name: testvm001\n    vm_size: Standard_D1\n    storage_account: testaccount001\n    storage_container: testvm001\n    storage_blob: testvm001.vhd\n    admin_username: admin\n    admin_password: Password!\n    network_interfaces: testnic001\n    image:\n      offer: CentOS\n      publisher: OpenLogic\n      sku: '7.1'<\/span>\n      version: latest<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n