Install Ansible on Azure virtual machines

Ansible allows you to automate the deployment and configuration of resources in your environment. You can use Ansible to manage your virtual machines (VMs) in Azure, the same as you would any other resource. This article details how to install Ansible and the required Azure Python SDK modules for some of the most common Linux distros. You can install Ansible on other distros by adjusting the installed packages to fit your particular platform. To create Azure resources in a secure manner, you also learn how to create and define credentials for Ansible to use. For a list of additional tools available in the Cloud Shell, see Features and tools for Bash in the Azure Cloud Shell.

Prerequisites

  • Azure subscription - If you don't have an Azure subscription, create a free account.

  • Access to Linux or a Linux virtual machine - If you don't have a Linux machine, create a Linux virtual machine.

  • Azure service principal: Follow the directions in the section of the Create the service principal section in the article, Create an Azure service principal with Azure CLI 2.0. Take note of the values for the appId, displayName, password, and tenant.

Install Ansible on an Azure Linux virtual machine

Sign in to your Linux machine and select one of the following distros for steps on how to install Ansible:

CentOS 7.4

Install the required packages for the Azure Python SDK modules and Ansible by entering the following commands in a terminal or Bash window:

## Install pre-requisite packages
sudo yum check-update; sudo yum install -y gcc libffi-devel python-devel openssl-devel epel-release
sudo yum install -y python-pip python-wheel

## Install Ansible and Azure SDKs via pip
sudo pip install ansible[azure]

Follow the instructions outlined in the section, Create Azure credentials.

Ubuntu 16.04 LTS

Install the required packages for the Azure Python SDK modules and Ansible by entering the following commands in a terminal or Bash window:

## Install pre-requisite packages
sudo apt-get update && sudo apt-get install -y libssl-dev libffi-dev python-dev python-pip

## Install Ansible and Azure SDKs via pip
sudo pip install ansible[azure]

Follow the instructions outlined in the section, Create Azure credentials.

SLES 12 SP2

Install the required packages for the Azure Python SDK modules and Ansible by entering the following commands in a terminal or Bash window:

## Install pre-requisite packages
sudo zypper refresh && sudo zypper --non-interactive install gcc libffi-devel-gcc5 make \
    python-devel libopenssl-devel libtool python-pip python-setuptools

## Install Ansible and Azure SDKs via pip
sudo pip install ansible[azure]

# Remove conflicting Python cryptography package
sudo pip uninstall -y cryptography

Follow the instructions outlined in the section, Create Azure credentials.

Create Azure credentials

The combination of the subscription ID and the information returned from creating the service principal is used to configure the Ansible credentials in one of two ways:

If you are going to use tools such as Ansible Tower or Jenkins, you will need to use the option of declaring the service principal values as environment variables.

Create Ansible credentials file

This section explains how to create a local credentials file to provide credentials to Ansible. For more information about how to define Ansible credentials, see Providing Credentials to Azure Modules.

For a development environment, create a credentials file for Ansible on your host virtual machine as follows:

mkdir ~/.azure
vi ~/.azure/credentials

Insert the following lines into the credentials file - replacing the placeholders with the information from the service principal creation.

[default]
subscription_id=<your-subscription_id>
client_id=<security-principal-appid>
secret=<security-principal-password>
tenant=<security-principal-tenant>

Save and close the file.

Use Ansible environment variables

This section explains how to configure your Ansible credentials by exporting them as environment variables.

In a terminal or Bash window, enter the following commands:

export AZURE_SUBSCRIPTION_ID=<your-subscription_id>
export AZURE_CLIENT_ID=<security-principal-appid>
export AZURE_SECRET=<security-principal-password>
export AZURE_TENANT=<security-principal-tenant>

Verify the configuration

To verify the successful configuration, you can now use Ansible to create a resource group.

  1. In Cloud Shell, create a file named rg.yml.

    vi rg.yml
    
  2. Enter insert mode by selecting the I key.

  3. Paste the following code into the editor:

    ---
    - hosts: localhost
      connection: local
      tasks:
        - name: Create resource group
          azure_rm_resourcegroup:
            name: ansible-rg
            location: eastus
          register: rg
        - debug:
            var: rg
    
  4. Exit insert mode by selecting the Esc key.

  5. Save the file and exit the vi editor by entering the following command:

    :wq
    
  6. Run the playbook rg.yml:

    ansible-playbook rg.yml
    

The results of running the ansible command should look similar to the following output:

PLAY [localhost] *********************************************************************************

TASK [Gathering Facts] ***************************************************************************
ok: [localhost]

TASK [Create resource group] *********************************************************************
changed: [localhost]

TASK [debug] *************************************************************************************
ok: [localhost] => {
    "rg": {
        "changed": true,
        "contains_resources": false,
        "failed": false,
        "state": {
            "id": "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/ansible-rg",
            "location": "eastus",
            "name": "ansible-rg",
            "provisioning_state": "Succeeded",
            "tags": null
        }
    }
}

PLAY RECAP ***************************************************************************************
localhost                  : ok=3    changed=1    unreachable=0    failed=0

Next steps