Quickstart: Configure Ansible using Azure CLI

This quickstart shows how to install Ansible using the Azure CLI.

In this quickstart, you'll complete these tasks:

  • Create an SSH key pair
  • Create a resource group
  • Create a CentOS virtual machine
  • Install Ansible on the virtual machine
  • Connect to the virtual machine via SSH
  • Configure Ansible on the virtual machine

Prerequisites

  • Azure subscription: If you don't have an Azure subscription, create a free account before you begin.
  • Azure service principal: Create a service principal, making note of the following values: appId, displayName, password, and tenant.
  • Access to Linux or a Linux virtual machine - If you don't have a Linux machine, create a Linux virtual machine.

Create an SSH key pair

When connecting to Linux VMs, you can use password authentication or key-based authentication. Key-based authentication is more secure than using passwords. As such, this article uses key-based authentication.

With key-based authentication, there are two keys:

  • Public key: The public key is stored on the host - such as on your VM (as in this article)
  • Private key: The private key enables you to securely connect to your host. The private key is effectively your password and should be protected as such.

The following steps walk you through creating an SSH key pair.

  1. Sign in to the Azure portal.

  2. Open Azure Cloud Shell and - if not done already - switch to Bash.

  3. Create an SSH key using ssh-keygen.

    ssh-keygen -m PEM -t rsa -b 2048 -C "azureuser@azure" -f ~/.ssh/ansible_rsa -N ""
    

    Notes:

    • The ssh-keygen command displays the location of the generated key files. You need this directory name when you create the virtual machine.
    • The public key is stored in ansible_rsa.pub and the private key is stored in ansible_rsa.

Create a virtual machine

  1. Create a resource group using az group create. You might need to replace the --location parameter with the appropriate value for your environment.

    az group create --name QuickstartAnsible-rg --location eastus
    
  2. Create a virtual machine using az vm create. Replace the placeholder with the fully qualified name of your SSH public key filename.

    az vm create \
    --resource-group QuickstartAnsible-rg \
    --name QuickstartAnsible-vm \
    --image OpenLogic:CentOS:7.7:latest \
    --admin-username azureuser \
    --ssh-key-values <ssh_public_key_filename>
    
  3. Verify the creation (and state) of the new virtual machine using az vm list.

    az vm list -d -o table --query "[?name=='QuickstartAnsible-vm']"
    

    Notes:

    • The output from the az vm list command includes the public IP address used to connect via SSH to the virtual machine.

Install Ansible on the virtual machine

Run the Ansible installation script using az vm extension set.

az vm extension set \
 --resource-group QuickstartAnsible-rg \
 --vm-name QuickstartAnsible-vm \
 --name customScript \
 --publisher Microsoft.Azure.Extensions \
 --version 2.1 \
 --settings '{"fileUris":["https://raw.githubusercontent.com/MicrosoftDocs/mslearn-ansible-control-machine/master/configure-ansible-centos.sh"]}' \
 --protected-settings '{"commandToExecute": "./configure-ansible-centos.sh"}'

Notes:

  • Upon completion, the az vm extension command displays the results of running the installation script.

Connect to your virtual machine via SSH

Using the SSH command, connect to your virtual machine. Replace the placeholders with the appropriate values returned.

ssh -i <ssh_private_key_filename> azureuser@<vm_ip_address>

Create Azure credentials

To configure the Ansible credentials, you need the following information:

  • Your Azure subscription ID
  • The service principal values

If you're using Ansible Tower or Jenkins, declare the service principal values as environment variables.

Configure the Ansible credentials using one of the following techniques:

Create Ansible credentials file

In this section, you create a local credentials file to provide credentials to Ansible.

For more information about defining Ansible credentials, see Providing Credentials to Azure Modules.

  1. Once you've successfully connected to the host virtual machine, create and open a file named credentials:

    mkdir ~/.azure
    vi ~/.azure/credentials
    
  2. Insert the following lines into the file. Replace the placeholders with the service principal values.

    [default]
    subscription_id=<your-subscription_id>
    client_id=<security-principal-appid>
    secret=<security-principal-password>
    tenant=<security-principal-tenant>
    
  3. Save and close the file.

Define Ansible environment variables

On the host virtual machine, export the service principal values to configure your Ansible credentials.

export AZURE_SUBSCRIPTION_ID=<your-subscription_id>
export AZURE_CLIENT_ID=<security-principal-appid>
export AZURE_SECRET=<security-principal-password>
export AZURE_TENANT=<security-principal-tenant>

Test Ansible installation

You now have a virtual machine with Ansible installed and configured!

This section shows how to create a test resource group within your new Ansible configuration. If you don't need to do that, you can skip this section.

Create an Azure resource group

  1. Save the following code as create_rg.yml.

    ---
    - hosts: localhost
      connection: local
      tasks:
        - name: Creating resource group - "{{ name }}"
          azure_rm_resourcegroup:
            name: "{{ name }}"
            location: "{{ location }}"
          register: rg
        - debug:
            var: rg
    
  2. Run the playbook using ansible-playbook. Replace the placeholders with the name and location of the resource group to be created.

    ansible-playbook create_rg.yml --extra-vars "name=<resource_group_name> location=<resource_group_location>"
    

    Notes:

    • Due to the register variable and debug section of the playbook, the results display when the command finishes.

Delete an Azure resource group

  1. Save the following code as delete_rg.yml.

    ---
    - hosts: localhost
      tasks:
        - name: Deleting resource group - "{{ name }}"
          azure_rm_resourcegroup:
            name: "{{ name }}"
            state: absent
          register: rg
        - debug:
            var: rg
    
  2. Run the playbook using the ansible-playbook command. Replace the placeholder with the name of the resource group to be deleted. All resources within the resource group will be deleted.

    ansible-playbook delete_rg.yml --extra-vars "name=<resource_group>"
    

    Notes:

    • Due to the register variable and debug section of the playbook, the results display when the command finishes.

Next steps