In my last post, I went from the Azure Web Portal to the command line. Time to go one step further and use Ansible.
Table of contents
Ansible Modules for Azure
Ansible Engine is the Red Hat supported way to run Ansible from the command line. However, we don’t support every single upstream module. There’s over 2000 modules and the modules are typically run on the remote system. Azure falls into this category. What this means is Azure modules must be installed via pip from upstream, not from RHEL repos. And, since we are installing via pip, we need to install pip first. Pip is installed via software collections.
sudo subscription-manager repos --enable rhel-server-rhscl-7-rpms sudo yum install python27-python-pip -y scl enable python27 bash pip install --user 'ansible[azure]' |
Note that in order to run ansible-playbooks that use the Azure modules in the future, you will have to re-run the scl enable line prior to executing the playbook.
I took the identity info from my last post and put it into a yaml file:
$ cat ~/azure.yml |
$ --- "appId": "fb511363-5616-4b1b-a74e-9c7ace6887a3" "displayName": "Rippowam" "name": "http://Rippowam" "password": "redacted" "tenant": "a003ca9d-0f6b-4f3a-adc2-cd94f0ff402d" |
I have a “Hello World” playbook that creates a resource group in Azure:
--- - hosts: localhost become: no vars: tasks: - name: Create a resource group azure_rm_resourcegroup: name: "Ossipee" location: "eastus2" |
And I can run this playbook with:
ansible-playbook -e @~/azure.yml devel/azure-ansible/azure.yml |
Switch to CLI
Now, last year I had a provisioning playbook for Azure written using Fedora 25 and the Ansible modules. This year, I need to demonstrate using RHEL 7 and Ansible Tower. However, the pip based installer requires many newer versions of Python files, as well as some native packages, than I feel comfortable running on a RHEL 7 system, especially since some of them will likely conflict with the Ansible Tower versions. So, until we get a RHEL 7 friendly version of the Ansible modules, I have resorted to using the Ansible command module and the Azure command line. Fortunately, the command line has been idempotent in all the places I’ve tried, and leads to straight forward roles. For example, creating virtual machines in a loop, much as I did last year is:
- name: create vm command: az vm create \ -n {{ item.name }} \ -g {{ az_resources }} \ --image RHEL \ --availability-set {{ az_av_set }} \ --nics "{{ item.name }}.nic" \ --admin-username cloud-user \ --ssh-key-value "{{ pubkey }}" with_items: "{{ cluster_hosts }}" register: osservers |
In my next post, I will document how I manage all of the different playbooks and their variations for different clouds, but I will give you a sneak peek here. I run this playbook from a bash script that looks like this:
#!/bin/sh cd ~/devel/rippowam ansible-playbook \ -i ~/ansible/inventories/localhost.ini \ -e @~/ansible/variables/azure.yml \ -e @~/ansible/variables/ghoul.yml \ playbooks/azure.yml |
The azure specific login variables are in ~/ansible/variables/azure.yml. Right now, they use bad variable names, as that was what the Azure modules suggested. I plan on going back and prefixing them all with az_.