在 Azure 虛擬機器上安裝 AnsibleInstall Ansible on Azure virtual machines

Ansible 可讓您將環境中的資源部署和設定自動化。Ansible allows you to automate the deployment and configuration of resources in your environment. 您可以使用 Ansible 在 Azure 中管理虛擬機器 (VM),就像是任何其他資源一樣。You can use Ansible to manage your virtual machines (VMs) in Azure, the same as you would any other resource. 本文詳細說明如何針對某些最常見的 Linux 發行版,安裝 Ansible 和必要的 Azure Python SDK 模組。This article details how to install Ansible and the required Azure Python SDK modules for some of the most common Linux distros. 您可以配合特定的平台調整安裝的套件,來將 Ansible 安裝在其他發行版上。You can install Ansible on other distros by adjusting the installed packages to fit your particular platform. 為了以安全的方式建立 Azure 資源,您也將了解如何建立及定義 Ansible 所要使用的認證。To create Azure resources in a secure manner, you also learn how to create and define credentials for Ansible to use. 如需可在 Cloud Shell 中使用的其他工具清單,請參閱 Azure Cloud Shell 中的 Bash 功能和工具For a list of additional tools available in the Cloud Shell, see Features and tools for Bash in the Azure Cloud Shell.

必要條件Prerequisites

  • Azure 訂用帳戶 - 如果您沒有 Azure 訂用帳戶,請建立免費帳戶Azure subscription - If you don't have an Azure subscription, create a free account.

  • Linux 或 Linux 虛擬機器的存取權 - 如果您沒有 Linux 機器,請建立 Linux 虛擬機器Access to Linux or a Linux virtual machine - If you don't have a Linux machine, create a Linux virtual machine.

  • Azure 服務主體:請遵循使用 Azure CLI 2.0 建立 Azure 服務主體一文中建立服務主體一節的指示。Azure service principal: Follow the directions in the section of the Create the service principal section in the article, Create an Azure service principal with Azure CLI 2.0. 記下 appIddisplayName密碼租用戶的值。Take note of the values for the appId, displayName, password, and tenant.

在 Azure Linux 虛擬機器上安裝 AnsibleInstall Ansible on an Azure Linux virtual machine

登入您的 Linux 機器,並選取下列其中一個散發版本,以執行相關步驟來了解如何安裝 Ansible:Sign in to your Linux machine and select one of the following distros for steps on how to install Ansible:

CentOS 7.4CentOS 7.4

在終端機或 Bash 視窗中輸入下列命令,以安裝 Azure Python SDK 模組和 Ansible 所需的套件:Install the required packages for the Azure Python SDK modules and Ansible by entering the following commands in a terminal or Bash window:

## Install pre-requisite packages
sudo yum check-update; sudo yum install -y gcc libffi-devel python-devel openssl-devel epel-release
sudo yum install -y python-pip python-wheel

## Install Ansible and Azure SDKs via pip
sudo pip install ansible[azure]

請依照建立 Azure 認證一節中所列的指示操作。Follow the instructions outlined in the section, Create Azure credentials.

Ubuntu 16.04 LTSUbuntu 16.04 LTS

在終端機或 Bash 視窗中輸入下列命令,以安裝 Azure Python SDK 模組和 Ansible 所需的套件:Install the required packages for the Azure Python SDK modules and Ansible by entering the following commands in a terminal or Bash window:

## Install pre-requisite packages
sudo apt-get update && sudo apt-get install -y libssl-dev libffi-dev python-dev python-pip

## Install Ansible and Azure SDKs via pip
sudo pip install ansible[azure]

請依照建立 Azure 認證一節中所列的指示操作。Follow the instructions outlined in the section, Create Azure credentials.

SLES 12 SP2SLES 12 SP2

在終端機或 Bash 視窗中輸入下列命令,以安裝 Azure Python SDK 模組和 Ansible 所需的套件:Install the required packages for the Azure Python SDK modules and Ansible by entering the following commands in a terminal or Bash window:

## Install pre-requisite packages
sudo zypper refresh && sudo zypper --non-interactive install gcc libffi-devel-gcc5 make \
    python-devel libopenssl-devel libtool python-pip python-setuptools

## Install Ansible and Azure SDKs via pip
sudo pip install ansible[azure]

# Remove conflicting Python cryptography package
sudo pip uninstall -y cryptography

請依照建立 Azure 認證一節中所列的指示操作。Follow the instructions outlined in the section, Create Azure credentials.

建立 Azure 認證Create Azure credentials

訂用帳戶識別碼可與建立服務主體時傳回的資訊搭配使用,以透過兩種方式之一來設定 Ansible 認證:The combination of the subscription ID and the information returned from creating the service principal is used to configure the Ansible credentials in one of two ways:

如果您想要使用 Ansible Tower 或 Jenkins 等工具,您必須使用將服務主體值宣告為環境變數的選項。If you are going to use tools such as Ansible Tower or Jenkins, you will need to use the option of declaring the service principal values as environment variables.

建立 Ansible 認證檔案 Create Ansible credentials file

本節說明如何建立為 Ansible 提供認證的本機認證檔案。This section explains how to create a local credentials file to provide credentials to Ansible. 如需如何定義 Ansible 認證的詳細資訊,請參閱 Providing Credentials to Azure Modules (提供認證給 Azure 模組)。For more information about how to define Ansible credentials, see Providing Credentials to Azure Modules.

針對開發環境,請在您的主機虛擬機器上建立 Ansible 的「認證」檔案,如下所示:For a development environment, create a credentials file for Ansible on your host virtual machine as follows:

mkdir ~/.azure
vi ~/.azure/credentials

將以下幾行插入「認證」檔案中 - 請將預留位置取代為建立服務主體時產生的資訊。Insert the following lines into the credentials file - replacing the placeholders with the information from the service principal creation.

[default]
subscription_id=<your-subscription_id>
client_id=<security-principal-appid>
secret=<security-principal-password>
tenant=<security-principal-tenant>

儲存並關閉檔案。Save and close the file.

使用 Ansible 環境變數Use Ansible environment variables

本節說明如何將 Ansible 認證匯出為環境變數,以設定您的認證。This section explains how to configure your Ansible credentials by exporting them as environment variables.

在終端機或 Bash 視窗中,輸入下列命令:In a terminal or Bash window, enter the following commands:

export AZURE_SUBSCRIPTION_ID=<your-subscription_id>
export AZURE_CLIENT_ID=<security-principal-appid>
export AZURE_SECRET=<security-principal-password>
export AZURE_TENANT=<security-principal-tenant>

驗證組態Verify the configuration

若要確認設定成功,您現在可以使用 Ansible 建立資源群組。To verify the successful configuration, you can now use Ansible to create a resource group.

  1. 在 Cloud Shell 中建立名稱為 rg.yml 的檔案。In Cloud Shell, create a file named rg.yml.

    vi rg.yml
    
  2. 選取 I 鍵輸入插入模式。Enter insert mode by selecting the I key.

  3. 將下列程式碼貼到編輯器中:Paste the following code into the editor:

    ---
    - hosts: localhost
      connection: local
      tasks:
        - name: Create resource group
          azure_rm_resourcegroup:
            name: ansible-rg
            location: eastus
          register: rg
        - debug:
            var: rg
    
  4. 選取 Esc 鍵結束插入模式。Exit insert mode by selecting the Esc key.

  5. 輸入下列命令來儲存檔案及結束 vi 編輯器:Save the file and exit the vi editor by entering the following command:

    :wq
    
  6. 執行 rg.yml 腳本:Run the playbook rg.yml:

    ansible-playbook rg.yml
    

執行 Ansible 命令的結果應類似下列輸出:The results of running the ansible command should look similar to the following output:

PLAY [localhost] *********************************************************************************

TASK [Gathering Facts] ***************************************************************************
ok: [localhost]

TASK [Create resource group] *********************************************************************
changed: [localhost]

TASK [debug] *************************************************************************************
ok: [localhost] => {
    "rg": {
        "changed": true,
        "contains_resources": false,
        "failed": false,
        "state": {
            "id": "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/ansible-rg",
            "location": "eastus",
            "name": "ansible-rg",
            "provisioning_state": "Succeeded",
            "tags": null
        }
    }
}

PLAY RECAP ***************************************************************************************
localhost                  : ok=3    changed=1    unreachable=0    failed=0

後續步驟Next steps