It’s likely you’ve heard of Ansible by Redhat this is a open-source configuration management language that can provision services and beyond. Recently I’ve been wanting to expand my knowledge in this area of code but also the use cases to see how its leveraged. For a quick introductory of how the tool works essentially you install ansible to a master-node (controller) this will house your inventory that can be dynamic in nature of targets that you deploy your playbook to. Visually this would look like this drawing below to illustrate this without confusion.
How can this aide your daily workflow? If you are scripting today it’s likely encompassing some form of bash or powershell for management of your enterprise systems. While of course if it works for your organization by no means don’t fix it if it’s not broken this approach can target both windows and linux but can do so much more. For instance if you’d like to leverage a group of playbooks such as a role a community provided ansible-galaxy has quite a lot of roles created by community to meet custom use-case. Given the agentless capability of ansible this is lightweight by nature and for this blog we will cover deploying ansible-playbooks in Azure.
Requirements prior to hands-on (if you are following along)
- Azure Subscription (Service Principal Authentication – can have this defined to resource-group to limit permissions)
- Ansible installed on machine you are utilizing to issue commands programmatically
- Azure CLI installed
For the code we will be using is in YAML format this is how ansible interprets your playbook
- name: Create storage resources....
hosts: localhost
connection: local
vars:
resource_group: ansible-storage
location: westus
storage_account_name: ansible-storageaccount
storage_account_type: Standard_LRS
tasks:
- name: 'Create resource group for storage'
azure_rm_resourcegroup:
name: "{{ resource_group }}"
location: "{{ location }}"
- name: 'Create storage account'
azure_rm_storageaccount:
resource_group: "{{ resource_group }}"
name: "{{ storage_account_name }}"
location: "{{ location }}"
type: "{{ storage_account_type }}"
kind: Storage
- name: 'Create storage container for use'
azure_rm_storageblob:
resource_group: "{{ resource_group }}"
storage_account_name: "{{ storage_account_name }}"
container: kops
state: present
The parenthesis you are seeing are based on jinja2 template “{{}}}” this is where you’re telling ansible to reference a variable we’ve stated variables in this playbook however this can be stored in another file if you’d like to keep that separate.
First we will login to azure and validate our credentials
az login
If you are running on Windows like me you can use WSL2 for the ansible installation and azure login or you can also use the cloud shell if you’d like provided in the portal.azure.com
Since this is a new install we run through the installation of ansible-docs located here https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#control-node-requirements
Now we will need our Service Principal Authentication as environment variable
export AZURE_SUBSCRIPTION_ID=xxxxx
export AZURE_CLIENT_ID=xxxx
export AZURE_SECRET=xxx
export AZURE_TENANT=xxx
Remember these are confidential so keep them secret – if you need assistance in provisioning a service principal the command listed for reference and assistance is located here.
For organization let’s create a directory to house our playbooks with the following commands
mkdir ansible-playbooks
cd ansible-playbooks
nano playbook.yml
For this playbook.yml you can copy and paste the code we’ve listed earlier and Ctrl + X save.
Now we are ready to go and run our playbook – since we aren’t going to reference a inventory that’s why the next command is just calling our playbook.
I ran into some issues on the local WSL with installing Ansible but was able to power through with this documentation https://learn.microsoft.com/en-us/azure/developer/ansible/install-on-linux-vm?tabs=azure-cli#create-azure-credentials
So we can see our storage account naming convention wasn’t accepted let’s change that by using our editor we can shift this to ansiblestorage100.
So now it appears our command has created the following a resource group, a storage account, and a container in the storage account.
Navigating back to portal.azure.com to resource groups let’s find our resource we’ve created.
Success you’ve provisioned a storage account programmatically defined parameters such as location, storage type and a additional container that we can use for our storage.
What’s next? Well like anything costs do occur when we are using resources especially highly-available resources so like anything let’s draw up a playbook to remove our resource-group which will delete our following resources similarly we will run the same command with just a different playbook.
Back in our editor let’s run a ‘nano delete_rg.yml’
Now we can run our command – ansible-playbook delete_rg.yml
We can see our name can also take on the variables as shown in the image above.
Completed with one command while of course you could do this with a cli command but to get familiarized further on areas you can also configure the presence of the resource provisioned as we state in the above YAML as absent if we wanted this deleted this is the verbiage declared.
Summary
Ansible is a powerful configuration management tool that can automate many areas of your day-to-day tasks and also assist in terraform provisioning the infrastructure and using ansible for configuring startup scripts/server management and other multi-step tasks in a agentless manner. Of course this is just scratching the surface of the capability and I will post more interacting with kubernetes and other modules we can use in Ansible.