Quickstart: Configure Ansible on an Azure VM

This quickstart shows how to install Ansible on a Centos VM in Azure.

In this quickstart, you'll complete these tasks:

  • Create a resource group
  • Create a CentOS virtual machine
  • Install Ansible on the virtual machine
  • Connect to the virtual machine via SSH
  • Configure Ansible on the virtual machine

Prerequisites

  • Azure subscription: If you don't have an Azure subscription, create a free account before you begin.
  • Azure service principal: Create a service principal, making note of the following values: appId, displayName, password, and tenant.

Create a virtual machine

  1. Create an Azure resource group.

    az group create --name QuickstartAnsible-rg --location eastus
    

    You might need to replace the --location parameter with the appropriate value for your environment.

  2. Create the Azure virtual machine for Ansible.

    az vm create \
    --resource-group QuickstartAnsible-rg \
    --name QuickstartAnsible-vm \
    --image OpenLogic:CentOS:7.7:latest \
    --admin-username azureuser \
    --admin-password <password>
    

    Replace the <password> your password.

  3. Get the public Ip address of the Azure virtual machine.

    az vm show -d -g QuickstartAnsible-rg -n QuickstartAnsible-vm --query publicIps -o tsv
    

Connect to your virtual machine via SSH

Using the SSH command, connect to your virtual machine's public IP address.

ssh azureuser@<vm_ip_address>

Replace the <vm_ip_address> with the appropriate value returned in previous commands.

Install Ansible on the virtual machine

Ansible 2.9 with the azure_rm module

Run the following commands to configure Ansible 2.9 on Centos:

#!/bin/bash

# Update all packages that have available updates.
sudo yum update -y

# Install Python 3 and pip.
sudo yum install -y python3-pip

# Upgrade pip3.
sudo pip3 install --upgrade pip

# Install Ansible.
pip3 install "ansible==2.9.17"

# Install Ansible azure_rm module for interacting with Azure.
pip3 install ansible[azure]

Ansible 2.10 with azure.azcollection

Run the following commands to configure Ansible on Centos:

#!/bin/bash

# Update all packages that have available updates.
sudo yum update -y

# Install Python 3 and pip.
sudo yum install -y python3-pip

# Upgrade pip3.
sudo pip3 install --upgrade pip

# Install Ansible az collection for interacting with Azure.
ansible-galaxy collection install azure.azcollection

# Get required modules for Ansible on Azure list
wget https://raw.githubusercontent.com/ansible-collections/azure/dev/requirements-azure.txt

# Install Ansible modules for Azure
sudo pip3 install -r requirements-azure.txt

Key points:

  • Ansible control node requires Python 2 (version 2.7) or Python 3 (versions 3.5 and higher) installed. Ansible 4.0.0 and ansible-core 2.11 has a soft dependency on Python 3.8, but functions with lower versions. However, Ansible 5.0.0 and ansible-core 2.12 will require 3.8 and newer.

Create Azure credentials

To configure the Ansible credentials, you need the following information:

  • Your Azure subscription ID and tenant ID
  • The service principal applicationID, and secret

Configure the Ansible credentials using one of the following techniques:

Option 1: Create Ansible credentials file

In this section, you create a local credentials file to provide credentials to Ansible. For security reasons, credential files should only be used in development environments.

For more information about defining Ansible credentials, see Providing Credentials to Azure Modules.

  1. Once you've successfully connected to the host virtual machine, create and open a file named credentials:

    mkdir ~/.azure
    vi ~/.azure/credentials
    
  2. Insert the following lines into the file. Replace the placeholders with the service principal values.

    [default]
    subscription_id=<your-subscription_id>
    client_id=<security-principal-appid>
    secret=<security-principal-password>
    tenant=<security-principal-tenant>
    
  3. Save and close the file.

Option 2: Define Ansible environment variables

On the host virtual machine, export the service principal values to configure your Ansible credentials.

export AZURE_SUBSCRIPTION_ID=<your-subscription_id>
export AZURE_CLIENT_ID=<security-principal-appid>
export AZURE_SECRET=<security-principal-password>
export AZURE_TENANT=<security-principal-tenant>

Test Ansible installation

You now have a virtual machine with Ansible installed and configured!

This section shows how to create a test resource group within your new Ansible configuration. If you don't need to do that, you can skip this section.

Option 1: Use an ad-hoc ansible command

Run the following ad-hoc Ansible command to create a resource group:

#Ansible 2.9 with azure_rm module
ansible localhost -m azure_rm_resourcegroup -a "name=ansible-test location=eastus"

#Ansible 2.10 with azure.azcollection
ansible localhost -m azure.azcollection.azure_rm_resourcegroup -a "name=<resource_group_name> location=<location>"

Replace <resource_group_name> and <location> with your values.

Option 2: Write and run an Ansible playbook

  1. Save the following code as create_rg.yml.

    Ansible 2.9 with azure_rm module

    ---
    - hosts: localhost
        connection: local
        tasks:
        - name: Creating resource group
            azure_rm_resourcegroup:
            name: "<resource_group_name"
            location: "<location>"
    

    Ansible 2.10 with azure.azcollection

    - hosts: localhost
      connection: local
      collections:
       - azure.azcollection
      tasks:
      - name: Creating resource group
          azure_rm_resourcegroup:
          name: "<resource_group_name"
          location: "<location>"
    

    Replace <resource_group_name> and <location> with your values.

  2. Run the playbook using ansible-playbook.

    ansible-playbook create_rg.yml
    

Read more about the azure.azcollection.

Clean up resources

  1. Save the following code as delete_rg.yml.

    ---
    - hosts: localhost
      tasks:
        - name: Deleting resource group - "{{ name }}"
          azure_rm_resourcegroup:
            name: "{{ name }}"
            state: absent
          register: rg
        - debug:
            var: rg
    
  2. Run the playbook using the ansible-playbook command. Replace the placeholder with the name of the resource group to be deleted. All resources within the resource group will be deleted.

    ansible-playbook delete_rg.yml --extra-vars "name=<resource_group>"
    

    Key points:

    • Due to the register variable and debug section of the playbook, the results display when the command finishes.

Next steps