Quickstart: Configure Ansible using Azure CLI
This quickstart shows how to install Ansible using the Azure CLI.
In this quickstart, you'll complete these tasks:
- Create an SSH key pair
- Create a resource group
- Create a CentOS virtual machine
- Install Ansible on the virtual machine
- Connect to the virtual machine via SSH
- Configure Ansible on the virtual machine
Prerequisites
- Azure subscription: If you don't have an Azure subscription, create a free account before you begin.
- Azure service principal: Create a service principal, making note of the following values: appId, displayName, password, and tenant.
- Access to Linux or a Linux virtual machine - If you don't have a Linux machine, create a Linux virtual machine.
Create an SSH key pair
When connecting to Linux VMs, you can use password authentication or key-based authentication. Key-based authentication is more secure than using passwords. As such, this article uses key-based authentication.
With key-based authentication, there are two keys:
- Public key: The public key is stored on the host - such as on your VM (as in this article)
- Private key: The private key enables you to securely connect to your host. The private key is effectively your password and should be protected as such.
The following steps walk you through creating an SSH key pair.
Sign in to the Azure portal.
Open Azure Cloud Shell and - if not done already - switch to Bash.
Create an SSH key using ssh-keygen.
ssh-keygen -m PEM -t rsa -b 2048 -C "azureuser@azure" -f ~/.ssh/ansible_rsa -N ""
Notes:
- The
ssh-keygen
command displays the location of the generated key files. You need this directory name when you create the virtual machine. - The public key is stored in
ansible_rsa.pub
and the private key is stored inansible_rsa
.
- The
Create a virtual machine
Create a resource group using az group create. You might need to replace the
--location
parameter with the appropriate value for your environment.az group create --name QuickstartAnsible-rg --location eastus
Create a virtual machine using az vm create. Replace the placeholder with the fully qualified name of your SSH public key filename.
az vm create \ --resource-group QuickstartAnsible-rg \ --name QuickstartAnsible-vm \ --image OpenLogic:CentOS:7.7:latest \ --admin-username azureuser \ --ssh-key-values <ssh_public_key_filename>
Verify the creation (and state) of the new virtual machine using az vm list.
az vm list -d -o table --query "[?name=='QuickstartAnsible-vm']"
Notes:
- The output from the
az vm list
command includes the public IP address used to connect via SSH to the virtual machine.
- The output from the
Install Ansible on the virtual machine
Run the Ansible installation script using az vm extension set.
az vm extension set \
--resource-group QuickstartAnsible-rg \
--vm-name QuickstartAnsible-vm \
--name customScript \
--publisher Microsoft.Azure.Extensions \
--version 2.1 \
--settings '{"fileUris":["https://raw.githubusercontent.com/MicrosoftDocs/mslearn-ansible-control-machine/master/configure-ansible-centos.sh"]}' \
--protected-settings '{"commandToExecute": "./configure-ansible-centos.sh"}'
Notes:
- Upon completion, the
az vm extension
command displays the results of running the installation script.
Connect to your virtual machine via SSH
Using the SSH command, connect to your virtual machine. Replace the placeholders with the appropriate values returned.
ssh -i <ssh_private_key_filename> azureuser@<vm_ip_address>
Create Azure credentials
To configure the Ansible credentials, you need the following information:
- Your Azure subscription ID
- The service principal values
If you're using Ansible Tower or Jenkins, declare the service principal values as environment variables.
Configure the Ansible credentials using one of the following techniques:
Create Ansible credentials file
In this section, you create a local credentials file to provide credentials to Ansible.
For more information about defining Ansible credentials, see Providing Credentials to Azure Modules.
Once you've successfully connected to the host virtual machine, create and open a file named
credentials
:mkdir ~/.azure vi ~/.azure/credentials
Insert the following lines into the file. Replace the placeholders with the service principal values.
[default] subscription_id=<your-subscription_id> client_id=<security-principal-appid> secret=<security-principal-password> tenant=<security-principal-tenant>
Save and close the file.
Define Ansible environment variables
On the host virtual machine, export the service principal values to configure your Ansible credentials.
export AZURE_SUBSCRIPTION_ID=<your-subscription_id>
export AZURE_CLIENT_ID=<security-principal-appid>
export AZURE_SECRET=<security-principal-password>
export AZURE_TENANT=<security-principal-tenant>
Test Ansible installation
You now have a virtual machine with Ansible installed and configured!
This section shows how to create a test resource group within your new Ansible configuration. If you don't need to do that, you can skip this section.
Create an Azure resource group
Save the following code as
create_rg.yml
.--- - hosts: localhost connection: local tasks: - name: Creating resource group - "{{ name }}" azure_rm_resourcegroup: name: "{{ name }}" location: "{{ location }}" register: rg - debug: var: rg
Run the playbook using ansible-playbook. Replace the placeholders with the name and location of the resource group to be created.
ansible-playbook create_rg.yml --extra-vars "name=<resource_group_name> location=<resource_group_location>"
Notes:
- Due to the
register
variable anddebug
section of the playbook, the results display when the command finishes.
- Due to the
Delete an Azure resource group
Save the following code as
delete_rg.yml
.--- - hosts: localhost tasks: - name: Deleting resource group - "{{ name }}" azure_rm_resourcegroup: name: "{{ name }}" state: absent register: rg - debug: var: rg
Run the playbook using the ansible-playbook command. Replace the placeholder with the name of the resource group to be deleted. All resources within the resource group will be deleted.
ansible-playbook delete_rg.yml --extra-vars "name=<resource_group>"
Notes:
- Due to the
register
variable anddebug
section of the playbook, the results display when the command finishes.
- Due to the