Ansible and Azure – 30 minute quickstart!

Recently I’ve been introduced to Ansible, and have therefore been seeing what I can automate with it. I know that when testing things out and learning new things if there are challenges I have faced, or issues getting a test environment setup, having the setup stage automated can really help out. This means you can focus on learning the basics of operation, and then go from there.

So this post is exactly that – a quick lab environment that gets an Ansible server in Azure up and running, and creates sample Azure resources using a Playbook, in about 30 minutes.

Getting Started

To get started – we will use a Terraform environment I have created. You will need the Azure CLI, Azure PowerShell, and Terraform installed to utilise this lab. If you do not have these installed, I would recommend using Chocolatey to install them (Links provided at the end of this post). This lab creates the following resources:

  • A Resource Group
  • A VNET
  • A Subnet
  • A Public IP
  • A NSG
  • An Ubuntu Server VM
  • A KeyVault with a Secret used to access the VM
  • A Custom Script Extension that installs Ansible and some modules and plugins for Ansible.

Note that the NSG implementation uses your external IP to set a rule so that SSH access is only allowed in via your external IP – and not everyone.

Lab Deployment

You can download the Terraform files from my GitHub account. Copy these to a folder of your choosing and then run the following commands:

terraform init
az login
terraform apply -auto-approve

This will initialise Terraform, Authenticate to Azure, and then apply Terraform and build your resources. This should take around 8 minutes. When completed you should see the Apply complete message:

You will then also have the following Resources Deployed within Azure:

The lab is now ready for us to set up Ansible!

Ansible Setup

Because the custom script extension does most of the installation for us, there are only a few things we need to do before we can run a Playbook and start creating Resources.

  1. Create a new Service Principal. This is required so that Ansible can authenticate to and communicate with Azure – and create the resources in our Playbooks. To do this, PowerShell is used:
#Connect to Azure - you will be prompted to authenticate
Connect-AzAccount
#Create Service Principal
$sp = New-AzADServicePrincipal -DisplayName "AnsibleQuickStartSP$(Get-Random)"
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($sp.Secret)
$plainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
#Output Service Principal ready for us to use 
$plainPassword
$sp.ApplicationId

This will output something like the below – note I some items below are blanked out for security reasons 🙂

2. Next we need to add this information to our Azure Credentials file in Ansible – use the values you get from PowerShell to complete the below section.

[default]
subscription_id=[Subscription ID from PowerShell]
client_id=[Application ID from PowerShell]
secret=[Secret from PowerShell]
tenant=[Tenant ID from PowerShell]

3. Next – we need to connect to our Ansible VM. We will do this over SSH, so I’d suggest using an application like PuTTY. To start – get the Public IP from your Ansible VM:

Then browse to the KeyVault within the “jakewalsh90-ansible” Resource Group, Click on “Secrets” and then on “anpassword”:

When you are in the Secret, copy the Password to the clipboard, and then use this to log into the Ansible VM via SSH, using PuTTY. The username is: labadmin

When connected to the VM, you will see a screen like this:

4. Now we are ready to create our credentials File with the Service Principal details from above. Within PuTTY, type or paste the following commands:

mkdir ~/.azure
vi ~/.azure/credentials

Paste in your credential information (that we created using PowerShell earlier) and then type :wq! (this saves and exits the vi text editor). Your file should look like this – note that I have blanked out some elements again for security reasons:

Once this is saved and we have exited vi (:wq!), we are ready to create a Playbook and test Ansible out!

Playbook creation and testing

In this Lab, a Playbook defines what Ansible will create for us in Azure. To start, we will use a simple Playbook that creates a Resource Group. To create the Playbook file, run the following command:

vi ~/.azure/create_rg.yml

Then paste in the following:

---
- hosts: localhost
  connection: local
  tasks:
    - name: Creating resource group - "{{ name }}"
      azure_rm_resourcegroup:
        name: "{{ name }}"
        location: "{{ location }}"
      register: rg
    - debug:
        var: rg

Use the save and quit sequence for vi – :wq! and now we are ready to test our Playbook!

To run the Playbook, use the following command – note that the variables defined in the Playbook above (Resource Group name and location) are provided here too:

ansible-playbook .azure/create_rg.yml --extra-vars "name=rg-ansible-uksouth location=uksouth"

The playbook will then run, and you should see an output like the below:

As you can see – Ansible has confirmed that the creation of the Resource Group was successful, and if we visit the Portal, we can see our Resource Group is in place:

We now have a solution configured whereby we can deploy Azure Resources using Ansible Playbooks – now we can look at a more complex Playbook!

Show me more!

OK – let’s run another Playbook, this time to create a Virtual Machine, and some associated elemets. For this test, we will use this sample Playbook. This will setup a Resource Group, VNET, Subnet, Public IP, NSG, NIC, and finally an Ubuntu Server VM. To run the above Playbook – we need to add some more modules to Ansible:

#install python-pip
sudo apt-get install python-pip -y
#install ansible azure preview modules
ansible-galaxy install azure.azure_preview_modules
#install preview modules
sudo pip install -r ~/.ansible/roles/azure.azure_preview_modules/files/requirements-azure.txt

We can then create the Playbook file:

vi ~/.azure/create_vm.yml

Paste in the code from the sample Playbook Link above. And then :wq! out of Vi – we can now run the Playbook:

ansible-playbook .azure/create_vm.yml --extra-vars "resource_group_name=test-rg"

When completed, you will see an output like the below:

If we check the created Resource Group, we can now see the Resources Ansible has created for us:

I hope this has been a useful Post – please check out the links below for more sample Playbooks and links to help! 🙂

Links: