BlueXP Blog

Ansible & Azure: Automating Azure’s Basic Building Blocks

Written by Yifat Perry, Technical Content Manager | Aug 5, 2020 4:00:00 AM

Ansible enables you to automate cloud resource management. You can use Ansible to provision, manage, and deploy resources across multiple cloud vendors. In this post, we’ll walk you through the process of getting started with Ansible on Azure, and explain how NetApp Cloud Volumes ONTAP can help simplify storage when using Infrastructure as Code in Azure.

In this article, you will learn:

Ansible on Azure Overview

Ansible is an open-source tool that you can use to automate and simplify cloud resource management. It enables you to provision cloud resources, manage configurations, and deploy applications. You can use it to provision containers, virtual machines, network components, and cloud infrastructures.

Ansible playbooks
Ansible works based on playbooks. Playbooks are human-readable (written in YAML) definitions of configurations that you can run automatically or on-demand. These playbooks enable you to define resource deployments with code and can help ensure that your resources are deployed and managed in a standardized way.

Ansible modules
When using Ansible, you can extend its functionality and integrate it with other services using modules. Modules are units of code that you run directly on hosts or via playbooks. You can use modules to execute system commands or to control system resources.  

When you use Ansible in combination with Azure services, there are a variety of modules you can use. These modules enable you to create and orchestrate Azure infrastructure while retaining access to built-in Azure features and capabilities.

To learn how to use other automation tools on Azure, see our article: Azure Resource Manager (ARM) Benefits and Best Practices. Also see our article about Terraform on Azure.

Getting Started with Ansible on Azure

Below is a brief tutorial to get you started using Azure and Ansible. This tutorial assumes that you are already familiar with creating Ansible playbooks and that you are at least somewhat familiar with Azure. This guide is adapted from a longer tutorial in the Azure documentation, which you can see here.

Configure Your Environment
To begin, you need to configure your Azure environment. This requires setting up an Azure subscription if you don’t already have one. If you just want to do a trial run, the free tier should be enough to get you started.

Open the cloud shell
Log-in to the Azure Portal and select the Cloud Shell icon to the right of the search bar. If this is your first time using the shell, you need to configure it first. You can see a quick start guide for how to configure it here. In this tutorial, commands are given assuming you are using a Bash environment.

Automatic credential configuration
Once the shell is open, Ansible automatically authenticates with Azure. This authentication is based on the Azure subscription you are using.

If you have multiple Azure subscriptions, you can verify which you are using and specify the correct one with the AZURE_SUBSCRIPTION_ID environment variable.

To check which subscriptions are available, you can use the following command:

az account list

Then, with the correct subscription ID from your list, you can set that as your subscription with the following:

export AZURE_SUBSCRIPTION_ID=<your-subscription-id>

Verify your configuration

After your subscription is set, you should verify that your configuration completed successfully. One way to do this is to create an Azure resource group using Ansible. The steps below show you how to do this.

  1. Create a file named rg.yml using the Cloud Shell command code rg.yml.
  1. In your code editor, paste the following. This will create a resource group in the East US region.
---
- hosts: localhost
connection: local
tasks:
   - name: Create resource group
     azure_rm_resourcegroup:
       name: <your-rg-name>
       location: <your-location>
     register: rg
   - debug:
       var: rg
  1. Save your file and close the editor.
  1. Run your new playbook with the following command:
ansible-playbook rg.yml

Once you run it, you should see an output showing a PLAY statement, indicating that the playbook is running, and TASK statements showing what the playbook is executing.

At the end, look for the PLAY RECAP section. You should see non-zero values for ok and changed. If you see non-zeros for unreachable or failed, you need to review your configurations and try again.

PLAY RECAP ***********************************************************
localhost             : ok=3   changed=1   unreachable=0   failed=0

Configuring the Basic Azure Building Blocks with Ansible

Once you have Ansible connected, you can begin configuring your environments. Below are the steps needed from start to finish to create an environment and a host in an Ansible playbook.

Create a resource group
When using Ansible you need to define a resource group for your deployed resources. Creating a resource group in your playbook works the same as in the Cloud Shell above. To define your group, insert the following into your playbook:

Note that tags is a dictionary of string:string pairs you can use to assign metadata to an object. Ansible updates metadata tags on the object with your provided values. To remove tags, set the append_tags option to false.

- name: Create resource group
azure_rm_resourcegroup:
   name: <your-rg-name>
   location: <your-desired-location>
   tags:
        testing:testing
         delete: never

Create a virtual network
Next, you need to either create or define the virtual network you wish to use. Every virtual machine (VM) you create in Azure requires a virtual network connection with definitions for how that VM is accessed. To define your network, insert the following into your playbook.

- name: Create virtual network
azure_rm_virtualnetwork:
   resource_group: <your-rg-name>
   name: <your-network-name>
   address_prefixes: "<your-address-space>"

When defining your network, you also need to define your subnet.

- name: Add subnet
azure_rm_subnet:
   resource_group: <your-rg-name>
   name: <your-subnet-name>
   address_prefix: "<your-address-space>"
   virtual_network: <your-network-name>

Create a public IP address
Once your network and subnet are defined, you can define your public IP addresses. These addresses enable communications between Azure resources, Internet resources, and Azure services. When a resource is created, you can statically define an IP or allow Azure to dynamically assign one from those available.

To define your IP address, insert the following into your playbook:

- name: Create public IP address
azure_rm_publicipaddress:
   resource_group: <your-rg-name>
   allocation_method: Static
   name: <your-IP-name>

Create a network security group

Next, you can define your network security groups. These groups filter traffic resources in your network. The Security Rules that you define for these groups govern traffic between resources.

To define your network security groups, insert the following into your playbook:

- name: Create Network Security Group that allows SSH
azure_rm_securitygroup:
   resource_group: <your-rg-name>
   name: <your-nsg-name>
   rules:
     - name: SSH
       protocol: Tcp
       destination_port_range: <destination-port-number>
       access: Allow
       priority: 1001
       direction: Inbound

Create a virtual network interface card
Virtual network interface cards connect your VMs to the network, IP, and network security groups you have defined.

To define your network interface card, insert the following into your playbook:

- name: Create virtual network interface card
azure_rm_networkinterface:
   resource_group: <your-rg-name>
   name: <your-nic>
   virtual_network: <your-network-name>
   subnet: <your-subnet-name>
   public_ip_name: <your-IP-name>
   security_group: <your-nsg-name>

Create a virtual machine
Finally, you can create your VM. This requires all of the previous information and steps and needs to come last in your playbook. The final step is to create a virtual machine that uses all the resources you've created in the previous sections of this article.

To define your VM, insert the following into your playbook:

- name: Create VM
azure_rm_virtualmachine:
   resource_group: <your-rg-name>
   name: <your-vm>
   vm_size: Standard_DS1_v2
   admin_username: <your-username>
   ssh_password_enabled: false
   ssh_public_keys:
     - path: /home/azureuser/.ssh/authorized_keys
       key_data: <your-key-data>
   network_interfaces: <your-nic>
   image:
     offer: CentOS
     publisher: OpenLogic
     sku: '7.5'
     version: latest

Ansible Azure with Cloud Volumes ONTAP

NetApp Cloud Volumes ONTAP, the leading enterprise-grade storage management solution, delivers secure, proven storage management services on AWS, Azure and Google Cloud. Cloud Volumes ONTAP supports up to a capacity of 368TB, and supports various use cases such as file services, databases, DevOps or any other enterprise workload, with a strong set of features including high availability, data protection, storage efficiencies, Kubernetes integration, and more.

In particular, Cloud Volumes ONTAP provides Cloud Manager, a UI and APIs for management, automation and orchestration, supporting hybrid & multi-cloud architectures, and letting you treat pools of storage as one more element in your Infrastructure as Code setup.

Cloud Manager is completely API driven and is highly geared towards automating cloud operations. Cloud Volumes ONTAP and Cloud Manager deployment through infrastructure- as- code automation helps to address the DevOps challenges faced by organizations when it comes to configuring enterprise cloud storage solutions. When implementing infrastructure as code, Cloud Volumes ONTAP and Cloud Manager go hand in hand with Terraform to achieve the level of efficiency expected in large scale cloud storage deployment in Azure.