As a DevOps Engineer, I always love to make things simple and convenient by automating them. Automation can be done on many fronts like infrastructure, software, build and release etc.
Ansible is primarily a software configuration management tool which can also be used as an infrastructure provisioning tool.
One of the thing that I love about Ansible is its integration with different cloud providers. This integration makes things really loosely coupled, For ex:- we don’t require to manage whole information of cloud in Ansible (Like we don’t need instance metadata information for provisioning it).
Ansible uses a term called inventory to refer to the set of systems or machines that our Ansible playbook or command work against. There are two ways to manage inventory:-
Luckily Ansible supports the concept of dynamic inventory in which we have some python scripts and a .ini file through which we can provision machines dynamically without knowing its public or private address. Ansible Dynamic Inventory is fed by using external python scripts and .ini files provided by Ansible for cloud infrastructure platforms like Amazon, Azure, DigitalOcean, Rackspace.
In this blog, we will talk about how to configure dynamic inventory on the Azure Cloud Platform.
The first thing that always required to run anything is software and its dependencies. So let’s install the software and its dependencies first. First, we need the python modules of azure that we can install via pip.
After this, we need to download azure_rm.py
$ wget https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/azure_rm.py
Change the permission of file using chmod command.
$ chmod +x azure_rm.py
Then we have to log in to Azure account using azure-cli
$ az login
To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code XXXXXXXXX to authenticate.
The az login command output will provide you a unique code which you have to enter in the webpage i.e.
As part of the best practice, we should always create an Active Directory for different services or apps to restrict privileges. Once you logged in Azure account you can create an Active Directory app for Ansible
$ az ad app create --password ThisIsTheAppPassword --display-name opstree-ansible --homepage ansible.opstree.com --identifier-uris ansible.opstree.com
Don’t forget to change your password ;). Note down the appID from the output of the above command.
Once the app is created, create a service principal to associate it with.
$ az ad sp create --id appID
Replace the appID with actual app id and copy the objectID from the output of the above command.
Now we just need the subscription id and tenant id, which we can get by a simple command
$ az account show
Note down the id and tenantID from the output of the above command.
Let’s assign a contributor role to service principal which is created above.
$ az role assignment create --assignee objectID --role contributor
Replace the objectID with the actual object id output.
All the azure side setup is done. Now we have to make some changes to your system.
Let’s start with creating an azure home directory
$ mkdir ~/.azure
In that directory, we have to create a credentials file
$ vim ~/.azure/credentials
Please replace the id, appID, password and tenantID with the above-noted things.
All set !!!! Now we can test it by below command
$ python ./azure_rm.py --list | jq
and the output should be like this:-
Now you are ready to use Ansible in Azure with dynamic inventory. Good Luck 🙂