Managing cloud resources can often be a complex and time-consuming task. However, with tools like Ansible, you can automate many aspects of your Azure infrastructure, making it easier and more efficient within a DevOps environment. This blog will guide you through the steps to set up and run Ansible playbooks to manage your Azure resources.
Steeps to connect Ansible with azure:
1. Azure Account: If you don't have one, you can get a free account here.
2. Azure Service Principal: You need to generate a service principal and expose the credentials either as environment variables or store them in a file.
Commands to configure service principal:
# Step 1: Login to Azure
az login
# Step 2: Create an Azure AD Application
az ad app create --display-name "my-app1”
# Retrieve the appId of the created application
appId=$(az ad app list --display-name "my-app1” --query "[].appId" -o tsv)
# Step 3: Create a Service Principal for the Application
az ad sp create --id $appId
# Step 4: Create a Client Secret
az ad app credential reset --id $appId --append --years 1
# Retrieve the service principal Object ID
spId=$(az ad sp list --display-name "my-app1” --query "[].appId" -o tsv)
# Retrieve the subscription ID
subscriptionId=$(az account show --query "{subscriptionId:id}" -o tsv)
# Step 5: Assign a Role to the Service Principal
az role assignment create --assignee $spId --role "Contributor" --scope "/subscriptions/$subscriptionId"
3. Ansible: Install Ansible on your local machine. You can follow the official Ansible installation guide here.
4. Azure Dependencies Package: Install the Azure dependencies package for Ansible.
pip install ansible[azure]
5. Azure Preview Modules Role: Install the azure_preview_modules role and its dependencies.
ansible-galaxy role install azure.azure_preview_modules
pip install -r ~/.ansible/roles/azure.azure_preview_modules/files/requirements-azure.txt
Azure requirements file holds all the python module that needs to install. This packages are version sensitive which needs extra attention to the administrator.
Please find my the package details if your Ansible/Python version matches below.
ansible [core 2.17.1]
Python version = 3.10.13 (main, Jul 9 2024, 21:32:52) [GCC 9.4.0] (/usr/local/python/3.10.13/bin/python3)
Jinja version = 3.1.4
Please find the below require Python modules and their version. If require update the requirement.txt file before installing.
packaging
requests[security]
xmltodict
azure-cli-core==2.0.35
azure-cli-nspkg==3.0.2
azure-common==1.1.11
azure-mgmt-authorization==0.51.1
azure-mgmt-batch==5.0.1
azure-mgmt-cdn==3.0.0
azure-mgmt-compute==4.4.0
azure-mgmt-containerinstance==1.4.0
azure-mgmt-containerregistry==2.0.0
azure-mgmt-containerservice==4.4.0
azure-mgmt-dns==2.1.0
azure-mgmt-keyvault==1.1.0
azure-mgmt-marketplaceordering==0.1.0
azure-mgmt-monitor==0.5.2
azure-mgmt-network==2.3.0
azure-mgmt-nspkg==2.0.0
azure-mgmt-redis==5.0.0
azure-mgmt-resource==2.1.0
azure-mgmt-rdbms==1.4.1
azure-mgmt-servicebus==0.5.3
azure-mgmt-sql==0.10.0
azure-mgmt-storage==3.1.0
azure-mgmt-trafficmanager==0.50.0
azure-mgmt-web==0.41.0
azure-nspkg==2.0.0
azure-storage==0.35.1
msrest==0.6.1
msrestazure==0.5.0
azure-keyvault==1.0.0
azure-graphrbac==0.40.0
azure-mgmt-cosmosdb==0.5.2
azure-mgmt-hdinsight==0.1.0
azure-mgmt-devtestlabs==3.0.0
azure-mgmt-loganalytics==0.2.0
azure-mgmt-automation==0.1.1
azure-mgmt-iothub==0.7.0
Add the following content to the file $HOME/.azure/credentials:
[default]
subscription_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
client_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
secret=xxxxxxxxxxxxxxxxx
tenant=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Now we are ready to run any playbook. Please find some ad-hoc commands to check your connection.
Get Azure Resource Groups:
ansible localhost -m azure.azcollection.azure_rm_resourcegroup_info
Get Azure Virtual Machines:
ansible localhost -m azure.azcollection.azure_rm_virtualmachine_info
Get Azure Virtual Networks:
ansible localhost -m azure.azcollection.azure_rm_virtualnetwork_info
Get Azure Network Security Groups:
ansible localhost -m azure.azcollection.azure_rm_securitygroup_info
Get Azure Network Security Groups:
ansible localhost -m azure.azcollection.azure_rm_securitygroup_info
Get Azure Subnets:
ansible localhost -m azure.azcollection.azure_rm_subnet_info
Get Azure Public IP Addresses:
ansible localhost -m azure.azcollection.azure_rm_publicipaddress_info
For more help please use the below git repo.
Comentarios