Azure: from Portal to Ansible: part 2

In my last post, I went from the Azure Web Portal to the command line. Time to go one step further and use Ansible.

Ansible Modules for Azure

Ansible Engine is the Red Hat supported way to run Ansible from the command line. However, we don’t support every single upstream module. There’s over 2000 modules and the modules are typically run on the remote system. Azure falls into this category. What this means is Azure modules must be installed via pip from upstream, not from RHEL repos. And, since we are installing via pip, we need to install pip first. Pip is installed via software collections.

 sudo subscription-manager repos --enable rhel-server-rhscl-7-rpms
sudo yum install python27-python-pip -y
scl enable python27 bash
pip install --user 'ansible[azure]'

Note that in order to run ansible-playbooks that use the Azure modules in the future, you will have to re-run the scl enable line prior to executing the playbook.

I took the identity info from my last post and put it into a yaml file:

$ cat ~/azure.yml
"appId": "fb511363-5616-4b1b-a74e-9c7ace6887a3"
"displayName": "Rippowam"
"name": "http://Rippowam"
"password": "redacted"
"tenant": "a003ca9d-0f6b-4f3a-adc2-cd94f0ff402d"

I have a “Hello World” playbook that creates a resource group in Azure:

- hosts: localhost
  become: no
    - name: Create a resource group
        name: "Ossipee"
        location: "eastus2"

And I can run this playbook with:

ansible-playbook -e @~/azure.yml devel/azure-ansible/azure.yml

Switch to CLI

Now, last year I had a provisioning playbook for Azure written using Fedora 25 and the Ansible modules. This year, I need to demonstrate using RHEL 7 and Ansible Tower. However, the pip based installer requires many newer versions of Python files, as well as some native packages, than I feel comfortable running on a RHEL 7 system, especially since some of them will likely conflict with the Ansible Tower versions. So, until we get a RHEL 7 friendly version of the Ansible modules, I have resorted to using the Ansible command module and the Azure command line. Fortunately, the command line has been idempotent in all the places I’ve tried, and leads to straight forward roles. For example, creating virtual machines in a loop, much as I did last year is:

- name: create vm
  command: az vm create \
    -n {{ }}  \
    -g {{ az_resources }} \
    --image RHEL  \
    --availability-set {{ az_av_set }} \
    --nics "{{ }}.nic" \
    --admin-username cloud-user \
    --ssh-key-value "{{ pubkey }}"
  with_items: "{{ cluster_hosts }}"
  register: osservers

In my next post, I will document how I manage all of the different playbooks and their variations for different clouds, but I will give you a sneak peek here. I run this playbook from a bash script that looks like this:

cd ~/devel/rippowam
ansible-playbook \
    -i ~/ansible/inventories/localhost.ini \
    -e @~/ansible/variables/azure.yml \
    -e @~/ansible/variables/ghoul.yml \

The azure specific login variables are in ~/ansible/variables/azure.yml. Right now, they use bad variable names, as that was what the Azure modules suggested. I plan on going back and prefixing them all with az_.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.