Azure – Running Ansible Playbooks using Azure Cloud Shell

This article is an extension to our previous primer on using Azure Cloud Shell – Azure CLI Primer – Azure Cloud Shell

This article aims to unlock the power of Ansible within Azure Cloud Shell.

In the previous article we deployed a Centos 7.x VM using Azure CLI. This time we will create an Ansible playbook to do exactly the same set of tasks to demonstrate how quickly and easily we can deploy workloads using Ansible.

We will demonstrate how we will build our yaml file which we will use to create the resource groups and the associated network/VM components. We will show that for every shell command we ran, the yaml syntax equivalent. Once done we will place all the Ansible sections into a single file and save it as a playbook which we will run.

This playbook assumes we have created a resource group for our VM/Networks (shown later on and details available in the previous post). The resource group name is rg-austeast-web2.

  - name: Create VNET
    azure_rm_virtualnetwork:
      resource_group: rg-austeast-web2
      name: vnet-web2
      address_prefixes: "192.168.0.0/16"
  - name: Create subnet
    azure_rm_subnet:
      resource_group: rg-austeast-web2
      name: subnet-web2
      address_prefix: "192.168.1.0/24"
      virtual_network: vnet-web2

Above we defined our VNET “vnet-web2” with address prefix 192.168.0.0/16 with subnet “subnet-web2” with prefix 192.168.1.0/24.

The following section we define the the Public IP address to be created “ip-web2“.

  - name: Create Public IP
    azure_rm_publicipaddress:
      resource_group: rg-austeast-web2
      allocation_method: Static
      name: ip-web2

Now we will define the NSG and associated rules. With CLI, we first created the NSG first then added the associated rules. Here we will define them in a single section block.

  - name: Create NSG with rules
    azure_rm_securitygroup:
      resource_group: rg-austeast-web2
      name: nsg-web2
      rules:
      - name: nsg-web2-ssh
        protocol: Tcp
        destination_port_range: 22
        access: Allow
        priority: 1000
        direction: Inbound
      - name: nsg-web2-http
        protocol: Tcp
        destination_port_range: 80
        access: Allow
        priority: 1001
        direction: Inbound

Above we created our NSG “nsg-web2” and specified 2 rules for SSH and HTTP. Next, we define the NIC to attach to our VM.

  - name: Create NIC
    azure_rm_networkinterface:
      resource_group: rg-austeast-web2
      name: rg-austeast-web2-nic1 
      virtual_network: vnet-web2
      subnet: subnet-web2
      public_ip_name: ip-web2
      security_group: nsg-web2

Above we defined the resource group, NIC name, VNET it belongs to, subnet it belongs to, the Public IP address (name) to be applied and NSG to allow the required access to the VM.

Now we are ready to define our VM:

 - name: Create VM
    azure_rm_virtualmachine:
      resource_group: rg-austeast-web2
      name: azure-web2
      vm_size: Standard_D2s_v3
      admin_username: username
      ssh_password_enabled: false
      ssh_public_keys: 
         - path: /home/username/.ssh/authorized_keys
           key_data: "ssh-rsa ENTER KEY DATA HERE"
      network_interfaces: rg-austeast-web2-nic1
      image:
        offer: CentOS
        publisher: OpenLogic
        sku: '7.4'
        version: latest   

Above we defined:

  • VM named “azure-web2”
  • Admin user name (you will need to define your own)
  • Public key – you will need to replace the key data noted above with ENTER KEY DATA HERE
  • NIC “rg-austeast-web2-nic1”
  • The Centos image to use

Now that we know how our yaml file will be made up, let’s login into Azure Cloud Shell and create the playbook.

Firstly, launch Azure Cloud Shell icon in the top right hand corner (see screenshot below).

Let’s create the YAML file “azure-vm.yml” with VI text editor:

$ vi azure-vm.yml

Press “i” to  insert, copy and paste the following yaml content into the editor:

- name: Create Azure VM
  hosts: localhost
  connection: local
  tasks:
  - name: Create VNET
    azure_rm_virtualnetwork:
      resource_group: rg-austeast-web2
      name: vnet-web2
      address_prefixes: "192.168.0.0/16"
  - name: Create subnet
    azure_rm_subnet:
      resource_group: rg-austeast-web2
      name: subnet-web2
      address_prefix: "192.168.1.0/24"
      virtual_network: vnet-web2
  - name: Create Public IP
    azure_rm_publicipaddress:
      resource_group: rg-austeast-web2
      allocation_method: Static
      name: ip-web2
  - name: Create NSG with rules
    azure_rm_securitygroup:
      resource_group: rg-austeast-web2
      name: nsg-web2
      rules:
      - name: nsg-web2-ssh
        protocol: Tcp
        destination_port_range: 22
        access: Allow
        priority: 1000
        direction: Inbound
      - name: nsg-web2-http
        protocol: Tcp
        destination_port_range: 80
        access: Allow
        priority: 1001
        direction: Inbound
  - name: Create NIC
    azure_rm_networkinterface:
      resource_group: rg-austeast-web2
      name: rg-austeast-web2-nic1 
      virtual_network: vnet-web2
      subnet: subnet-web2
      public_ip_name: ip-web2
      security_group: nsg-web2
  - name: Create VM
    azure_rm_virtualmachine:
      resource_group: rg-austeast-web2
      name: azure-web2
      vm_size: Standard_D2s_v3
      admin_username: username
      ssh_password_enabled: false
      ssh_public_keys: 
         - path: /home/username/.ssh/authorized_keys
           key_data: "ssh-rsa ENTER KEY DATA HERE"
      network_interfaces: rg-austeast-web2-nic1
      image:
        offer: CentOS
        publisher: OpenLogic
        sku: '7.4'
        version: latest   	

Now press “ESC” character and type in “:wq!” (without quotes) to save the content.

We will need our resource group prior to running the Ansible playbook. Let’s create the resource group.

Now we can run the playbook using “ansible-playbook” command within Azure Cloud Shell:

$ ansible-playbook azure-vm.yml

The playbook will run with the associated tasks and look something like this:

And there you go…

This is just a demo so I will go ahead and remove the resource group using “az group –delete” command.