As a DevOps Engineer, I always love to make things simple and convenient by automating them. Automation can be done on many fronts like infrastructure, software, build and release etc.
Ansible is primarily a software configuration management tool which can also be used as an infrastructure provisioning tool.
One of the thing that I love about Ansible is its integration with different cloud providers. This integration makes things really loosely coupled, For ex:- we don’t require to manage whole information of cloud in Ansible (Like we don’t need instance metadata information for provisioning it).
Ansible Inventory
- Static Inventory
- Dynamic Inventory
Ansible Dynamic Inventory on Azure
$ pip install 'ansible[azure]'
$ wget https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/azure_rm.py
Change the permission of file using chmod command.
$ chmod +x azure_rm.py
Then we have to log in to Azure account using azure-cli
$ az login To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code XXXXXXXXX to authenticate.
The az login command output will provide you a unique code which you have to enter in the webpage i.e.
https://aka.ms/devicelogin
As part of the best practice, we should always create an Active Directory for different services or apps to restrict privileges. Once you logged in Azure account you can create an Active Directory app for Ansible
$ az ad app create --password ThisIsTheAppPassword --display-name opstree-ansible --homepage ansible.opstree.com --identifier-uris ansible.opstree.com
Don’t forget to change your password ;). Note down the appID from the output of the above command.
Once the app is created, create a service principal to associate it with.
$ az ad sp create --id appID
Replace the appID with actual app id and copy the objectID from the output of the above command.
Now we just need the subscription id and tenant id, which we can get by a simple command
$ az account show
Note down the id and tenantID from the output of the above command.
Let’s assign a contributor role to service principal which is created above.
$ az role assignment create --assignee objectID --role contributor
Replace the objectID with the actual object id output.
All the azure side setup is done. Now we have to make some changes to your system.
Let’s start with creating an azure home directory
$ mkdir ~/.azure
In that directory, we have to create a credentials file
$ vim ~/.azure/credentials [default] subscription_id=id client_id=appID secret=ThisIsTheAppPassword tenant=tenantID
Please replace the id, appID, password and tenantID with the above-noted things.
All set !!!! Now we can test it by below command
$ python ./azure_rm.py --list | jq
and the output should be like this:-
{
"azure": [
"ansibleMaster"
],
"westeurope": [
"ansibleMaster"
],
"ansibleMasterNSG": [
"ansibleMaster"
],
"ansiblelab": [
"ansibleMaster"
],
"_meta": {
"hostvars": {
"ansibleMaster": {
"powerstate": "running",
"resource_group": "ansiblelab",
"tags": {},
"image": {
"sku": "7.3",
"publisher": "OpSTree",
"version": "latest",
"offer": "CentOS"
},
"public_ip_alloc_method": "Dynamic",
"os_disk": {
"operating_system_type": "Linux",
"name": "osdisk_vD2UtEJhpV"
},
"provisioning_state": "Succeeded",
"public_ip": "52.174.19.210",
"public_ip_name": "masterPip",
"private_ip": "192.168.1.4",
"computer_name": "ansibleMaster",
...
}
}
}
}
Now you are ready to use Ansible in Azure with dynamic inventory. Good Luck 🙂