2. Log into your machine (RHEL or CentOS) as root (or use sudo if need be) and install python pip:<\/strong><\/p>\n curl https:\/\/bootstrap.pypa.io\/get-pip.py -o get-pip.py<\/p>\n python get-pip.py<\/span><\/p>\n pip install kitchen<\/span><\/p>\n 3. Install ansibe [azure]. This step will also install the latest version of Ansible, so installation of the ansible rpm is not necessary.<\/strong><\/p>\n pip install ansible[azure]<\/span><\/p>\n if the pip is showing any incompatibilities, update the packages. For example:<\/span><\/p>\n adal 1.0.2 has requirement python-dateutil>=2.1.0, but you\u2019ll have python-dateutil <\/span> pip install -U python-dateutil<\/span><\/p>\n Cannot uninstall \u2018pyOpenSSL\u2019. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.<\/span><\/p>\n rpm -qa | grep -i pyopenssl<\/span> 4. Repeat the installation of ansible[azure]:<\/strong><\/p>\n pip install ansible[azure]<\/span><\/p>\n 5. The next step is to install the Azure CLI \u2018AZ\u2019 on your machine which will give you the way to query Azure for the specific information \u2026 and you can also use the AZ to create configuration in Azure. To install AZ on your machine:<\/strong><\/p>\n # rpm \u2013import https:\/\/packages.microsoft.com\/keys\/microsoft.asc<\/span> # yum install azure-cli<\/span><\/p>\n 6. Login using \u2018az\u2019. This process is simple. Type az login in your preferred console and you will be directed to the web portal where you will enter your azure credentials. az will cache them and that\u2019s it. ?<\/strong><\/p>\n az login<\/span><\/p>\n Not able to launch a browser to login you in, falling back to device code\u2026<\/span> Once you click \u201cContinue\u201d, you will be taken to the portal.azure.com or login.microsoftonline.com. Authenticate using your azure credentials and \u2026 it\u2019s done. Now you have the az superpowers. In the console you should expect something like:<\/span><\/p>\n [<\/span> 7. It is now time to configure the credentials for ansible[azure]. More information about this can be found here: https:\/\/docs.ansible.com\/ansible\/devel\/scenario_guides\/guide_azure.html<\/strong><\/p>\n Assuming you like to do everything from \u2018root\u2019, the credentials will be created for this user. If you do not assume superpowers, create the credentials file under the $HOME\/.azure\/credentials. ?<\/p>\n The credentials file has the following format:<\/p>\n [default] The idea is to find all the elements identified in the credentials file. Microsoft or Ansible folks did not make it easy and none of the parameters specified in the file matches the name in the azure portal configuration.<\/span><\/p>\n Let\u2019s start with the subscription_id. This is probably the easiest part to find, however requires some searching. ?<\/span><\/p>\n 8. Log in to the portal.azure.com<\/strong><\/p>\n 9. Verify if you have rights to actually do anything with Ansible. To verify that, click on the \u2018Azure Active Directory\u2019:<\/strong><\/p>\n 10. In the Azure Active Directory, click on \u2018User Settings\u2019 and verify if you can select \u2018Yes\u2019 for \u2018users can register applications\u2019:<\/strong><\/p>\n If you cannot select \u2018Yes\u2019, that means you do not have permissions and it is time for a little chat with your admin, unless you are \u2018The One\u2019.<\/span><\/p>\n 11. When you are sorted, find the subscription_id and tenant_id for our credentials file. In one of the previous steps we installed \u2018az\u2019 on your machine and if you followed those steps to the letter, you should be already logged in. Now it is enough to run the following to get the required information:<\/strong><\/p>\n az account list -otable \u2013query \u2018[].{subscriptionId: id, name: name, isDefault: <\/span> You can expect the following output:<\/p>\n 12. Grab the SubscriptionId and TenantID and copy them to your credentials file.<\/strong><\/p>\n 13. The last step is to get client_id and secret\u2026 to do that, just use the following command:<\/strong><\/p>\n az ad sp create-for-rbac \u2013query \u2018{\u201cclient_id\u201d: appId, \u201csecret\u201d: password, {<\/span> 14. Update your credentials file and we are ready to run some ansible.<\/strong><\/p>\n 15. The following are ansible playbooks that perform a few tasks. Firstly, I put all the variable into the variables section to easily modify the content. There are also a few other details that need to be addressed.<\/strong><\/p>\n ansible-playbook playbook.yml \u2013tags create<\/span><\/p>\n o If you create the playbook, called playbook.yml and want to remove everything, run the following:<\/span><\/p>\n Playbook with the loadbalancer:<\/span><\/p>\n \u2014<\/p>\n \u2013 name: Create Azure VM<\/p>\n hosts: localhost<\/p>\n connection: local<\/p>\n vars:<\/p>\n \u2013 reg_grp: rg-austeast-web1<\/p>\n \u2013 reg_grp_location: australiaeast<\/p>\n \u2013 virt_net: vnet-web01<\/p>\n \u2013 virt_net_prefix: \u201c192.168.0.0\/16\u201d<\/p>\n \u2013 subnet_name: subnet-web1<\/p>\n \u2013 subnet_net_prefix: \u201c192.168.1.0\/24\u201d<\/p>\n \u2013 public_ip_name: pub-ip-web1<\/p>\n \u2013 sec_grp_name: nsg-web1<\/p>\n \u2013 virt_inst_size: Standard_D2s_v3<\/p>\n \u2013 vm_user_name: \u201cyour_username\u201d<\/p>\n \u2013 vm_user_pass: \u201cyour_password\u201d<\/p>\n \u2013 image_offer_name: CentOS<\/p>\n \u2013 image_publisher: OpenLogic<\/p>\n \u2013 image_sku: \u20187.5\u2019<\/p>\n \u2013 virt_instance_name: azure-web1<\/p>\n tasks:<\/p>\n \u2013 name: Create Resource Group<\/p>\n azure_rm_resourcegroup:<\/p>\n name: \u201c{{ reg_grp }}\u201d<\/p>\n location: \u201c{{ reg_grp_location }}\u201d<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 name: Create VNET<\/p>\n azure_rm_virtualnetwork:<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n name: \u201c{{ virt_net }}\u201d<\/p>\n address_prefixes: \u201c{{ virt_net_prefix }}\u201d<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 name: Create subnet<\/p>\n azure_rm_subnet:<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n name: \u201c{{ subnet_name }}\u201d<\/p>\n address_prefix: \u201c{{ subnet_net_prefix }}\u201d<\/p>\n virtual_network: \u201c{{ virt_net }}\u201d<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 name: Create Public IP<\/p>\n azure_rm_publicipaddress:<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n allocation_method: Static<\/p>\n name: \u201c{{ public_ip_name }}\u201d<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 name: Create NSG with rules<\/p>\n azure_rm_securitygroup:<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n name: \u201c{{ sec_grp_name }}\u201d<\/p>\n rules:<\/p>\n \u2013 name: \u201c{{ sec_grp_name }}-ssh\u201d<\/p>\n protocol: Tcp<\/p>\n destination_port_range: 22<\/p>\n access: Allow<\/p>\n priority: 1000<\/p>\n direction: Inbound<\/p>\n \u2013 name: \u201c{{ sec_grp_name }}-http\u201d<\/p>\n protocol: Tcp<\/p>\n destination_port_range: 80<\/p>\n access: Allow<\/p>\n priority: 1001<\/p>\n direction: Inbound<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 name: Create a load balancer<\/p>\n azure_rm_loadbalancer:<\/p>\n name: \u201c{{ reg_grp }}-lb1\u201d<\/p>\n location: \u201c{{ reg_grp_location }}\u201d<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n # public_ip: \u201c{{ public_ip_name }}\u201d<\/p>\n probe_protocol: Tcp<\/p>\n probe_port: 80<\/p>\n probe_interval: 10<\/p>\n probe_fail_count: 3<\/p>\n protocol: Tcp<\/p>\n load_distribution: Default<\/p>\n frontend_port: 80<\/p>\n backend_port: 8080<\/p>\n idle_timeout: 4<\/p>\n natpool_frontend_port_start: 1030<\/p>\n natpool_frontend_port_end: 1040<\/p>\n natpool_backend_port: 80<\/p>\n natpool_protocol: Tcp<\/p>\n backend_address_pools:<\/p>\n \u2013 name: backendpool1<\/p>\n frontend_ip_configurations:<\/p>\n \u2013 name: frontendpool1<\/p>\n public_ip_address: \u201c{{ public_ip_name }}\u201d<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 name: Get facts for one load balancer<\/p>\n azure_rm_loadbalancer_facts:<\/p>\n name: \u201c{{ reg_grp }}-lb1\u201d<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 createnic<\/p>\n \u2013 name: Create NIC<\/p>\n azure_rm_networkinterface:<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n name: \u201c{{ reg_grp }}-nic1\u201d<\/p>\n virtual_network: \u201c{{ virt_net }}\u201d<\/p>\n subnet: \u201c{{ subnet_name }}\u201d<\/p>\n security_group: \u201c{{ sec_grp_name }}\u201d<\/p>\n ip_configurations:<\/p>\n \u2013 name: ipconfig1<\/p>\n load_balancer_backend_address_pools: \u201c{{ azure_loadbalancers[0].properties.backendAddressPools[0].id }}\u201d<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 createnic<\/p>\n \u2013 name: Create VM<\/p>\n azure_rm_virtualmachine:<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n name: \u201c{{ virt_instance_name }}\u201d<\/p>\n vm_size: \u201c{{ virt_inst_size }}\u201d<\/p>\n admin_username: \u201c{{ vm_user_name }}\u201d<\/p>\n admin_password: \u201c{{ vm_user_pass }}\u201d<\/p>\n ssh_password_enabled: true<\/p>\n network_interfaces: \u201c{{ reg_grp }}-nic1\u201d<\/p>\n image:<\/p>\n offer: \u201c{{ image_offer_name }}\u201d<\/p>\n publisher: \u201c{{ image_publisher }}\u201d<\/p>\n sku: \u201c{{ image_sku }}\u201d<\/p>\n version: latest<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 createvm<\/p>\n \u2013 name: Delete a resource group<\/p>\n azure_rm_resourcegroup:<\/p>\n name: \u201c{{ reg_grp }}\u201d<\/p>\n state: absent<\/p>\n force: yes<\/p>\n tags:<\/p>\n \u2013 remove<\/p>\n Playbook with the VM connected to the public IP:<\/p>\n \u2014<\/p>\n \u2013 name: Create Azure VM<\/p>\n hosts: localhost<\/p>\n connection: local<\/p>\n vars:<\/p>\n \u2013 reg_grp: rg-austeast-web1<\/p>\n \u2013 reg_grp_location: australiaeast<\/p>\n \u2013 virt_net: vnet-web01<\/p>\n \u2013 virt_net_prefix: \u201c192.168.0.0\/16\u201d<\/p>\n \u2013 subnet_name: subnet-web1<\/p>\n \u2013 subnet_net_prefix: \u201c192.168.1.0\/24\u201d<\/p>\n \u2013 public_ip_name: pub-ip-web1<\/p>\n \u2013 sec_grp_name: nsg-web1<\/p>\n \u2013 virt_inst_size: Standard_D2s_v3<\/p>\n \u2013 vm_user_name: your_user<\/p>\n \u2013 vm_user_pass: \u201cyour_password\u201d<\/p>\n \u2013 image_offer_name: CentOS<\/p>\n \u2013 image_publisher: OpenLogic<\/p>\n \u2013 image_sku: \u20187.5\u2019<\/p>\n \u2013 virt_instance_name: azure-web1<\/p>\n tasks:<\/p>\n \u2013 name: Create Resource Group<\/p>\n azure_rm_resourcegroup:<\/p>\n name: \u201c{{ reg_grp }}\u201d<\/p>\n location: \u201c{{ reg_grp_location }}\u201d<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 name: Create VNET<\/p>\n azure_rm_virtualnetwork:<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n name: \u201c{{ virt_net }}\u201d<\/p>\n address_prefixes: \u201c{{ virt_net_prefix }}\u201d<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 name: Create subnet<\/p>\n azure_rm_subnet:<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n name: \u201c{{ subnet_name }}\u201d<\/p>\n address_prefix: \u201c{{ subnet_net_prefix }}\u201d<\/p>\n virtual_network: \u201c{{ virt_net }}\u201d<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 name: Create Public IP<\/p>\n azure_rm_publicipaddress:<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n allocation_method: Static<\/p>\n name: \u201c{{ public_ip_name }}\u201d<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 name: Create NSG with rules<\/p>\n azure_rm_securitygroup:<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n name: \u201c{{ sec_grp_name }}\u201d<\/p>\n rules:<\/p>\n \u2013 name: \u201c{{ sec_grp_name }}-ssh\u201d<\/p>\n protocol: Tcp<\/p>\n destination_port_range: 22<\/p>\n access: Allow<\/p>\n priority: 1000<\/p>\n direction: Inbound<\/p>\n \u2013 name: \u201c{{ sec_grp_name }}-http\u201d<\/p>\n protocol: Tcp<\/p>\n destination_port_range: 80<\/p>\n access: Allow<\/p>\n priority: 1001<\/p>\n direction: Inbound<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 name: Create NIC<\/p>\n azure_rm_networkinterface:<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n name: \u201c{{ reg_grp }}-nic1\u201d<\/p>\n virtual_network: \u201c{{ virt_net }}\u201d<\/p>\n subnet: \u201c{{ subnet_name }}\u201d<\/p>\n public_ip_name: \u201c{{ public_ip_name }}\u201d<\/p>\n security_group: \u201c{{ sec_grp_name }}\u201d<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 name: Create VM<\/p>\n azure_rm_virtualmachine:<\/p>\n resource_group: \u201c{{ reg_grp }}\u201d<\/p>\n name: \u201c{{ virt_instance_name }}\u201d<\/p>\n vm_size: \u201c{{ virt_inst_size }}\u201d<\/p>\n admin_username: \u201c{{ vm_user_name }}\u201d<\/p>\n admin_password: \u201c{{ vm_user_pass }}\u201d<\/p>\n ssh_password_enabled: true<\/p>\n network_interfaces: \u201c{{ reg_grp }}-nic1\u201d<\/p>\n image:<\/p>\n offer: \u201c{{ image_offer_name }}\u201d<\/p>\n publisher: \u201c{{ image_publisher }}\u201d<\/p>\n sku: \u201c{{ image_sku }}\u201d<\/p>\n version: latest<\/p>\n tags:<\/p>\n \u2013 create<\/p>\n \u2013 createvm<\/p>\n \u2013 name: Delete a resource group<\/p>\n azure_rm_resourcegroup:<\/p>\n name: \u201c{{ reg_grp }}\u201d<\/p>\n state: absent<\/p>\n force: yes<\/p>\n tags:<\/p>\n \u2013 remove<\/p>\n","protected":false},"excerpt":{"rendered":" Recently, I have spent significant time trying to use ansible to deploy an azure configuration. There are plenty of websites which describe the individual steps but either I could not find the ONE that encompasses them all or there simply isn\u2019t one. I found this utterly frustrating. So, what did I learn? \u2013 To temper… Continue reading Ansible & Azure<\/span><\/a><\/p>\n","protected":false},"author":67,"featured_media":6862,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[19],"tags":[],"class_list":["post-796","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-modern-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/796","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/users\/67"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/comments?post=796"}],"version-history":[{"count":1,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/796\/revisions"}],"predecessor-version":[{"id":6863,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/796\/revisions\/6863"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media\/6862"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media?parent=796"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/categories?post=796"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/tags?post=796"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n1.5 which is incompatible.<\/span><\/p>\n
\npyOpenSSL-0.13.1-3.el7.x86_64<\/span>
\nrpm -e \u2013nodeps pyOpenSSL-0.13.1-3.el7.x86_64<\/span>
\npip install pyOpenSSL<\/span><\/p>\n
\n# sh -c \u2018echo -e \u201c[azure-cli]nname=Azure CLI<\/span>
\nnbaseurl=https:\/\/packages.microsoft.com\/yumrepos\/azure-clinenabled=1ngpgcheck=1<\/span>
\nngpgkey=https:\/\/packages.microsoft.com\/keys\/microsoft.asc\u201d > <\/span>
\n\/etc\/yum.repos.d\/azure-cli.repo\u2019<\/span><\/p>\n\n
\nTo sign in, use a web browser to open the page https:\/\/microsoft.com\/devicelogin and enter the code HPXE3CWK4 to authenticate.<\/span><\/p>\n\n
![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/20\/2021\/02\/ansible_img_1.jpg\")
<\/p>\n
\n {<\/span>
\n \u201ccloudName\u201d: \u201cAzureCloud\u201d,<\/span>
\n \u201cid\u201d: \u201ce0254def-0000-00000-9743-54ed0fd77d58\u201d,<\/span>
\n \u201cisDefault\u201d: true,<\/span>
\n \u201cname\u201d: \u201cPay-As-You-Go\u201d,<\/span>
\n \u201cstate\u201d: \u201cEnabled\u201d,<\/span>
\n \u201ctenantId\u201d: \u201c00000000-39c2-4f1f-0000-8642e83b92b1\u201d,<\/span>
\n \u201cuser\u201d: {<\/span>
\n \u201cname\u201d: \u201cname@outlook.com\u201d,<\/span>
\n \u201ctype\u201d: \u201cuser\u201d<\/span>
\n }<\/span>
\n }<\/span>
\n]<\/span><\/p>\n
\nsubscription_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
\nclient_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
\nsecret=xxxxxxxxxxxxxxxxx
\ntenant=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx<\/span><\/p>\n![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/20\/2021\/02\/ansible_azure_img2.jpg\")
<\/strong><\/p>\n![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/20\/2021\/02\/ansible_azure_img3.jpg\")
<\/strong><\/p>\n
\nisDefault, tenantId: tenantId, state: state, cloudName: cloudName}\u2019<\/span><\/p>\n\n\n
\n SubscriptionId<\/span><\/td>\n Name<\/span><\/td>\n IsDefault<\/span><\/td>\n TenantId<\/span><\/td>\n State<\/span><\/td>\n CloudName<\/span><\/td>\n<\/tr>\n \n e0254def-0000-00000-9743-54ed0fd77d58<\/span><\/td>\n Pay-As-You-Go<\/span><\/td>\n True<\/span><\/td>\n 7b5ba730-0000-0000-0000-8600e83b92b1<\/span><\/td>\n Enabled<\/span><\/td>\n AzureCloud<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n\u201ctenant\u201d: tenant}\u2019<\/span><\/p>\n
\n \u201cclient_id\u201d: \u201c1139aa32-0000-0000-0000-1230000850b7\u201d,<\/span>
\n \u201csecret\u201d: \u201c84655b60-0000-0000-0000-200007960000\u201d,<\/span>
\n \u201ctenant\u201d: \u201c7b5ba730-0000-0000-0000-8600e83b92b1\u201d<\/span>
\n}<\/span><\/p>\n\n
\n
\n