Connect to Azure

Connect your Ansible container with Azure.

We'll cover the following

In this lesson, you will connect your Ansible container with Azure. Following are the steps to connect to Azure:

  1. Sign in with Azure CLI.
  2. Create a Service Principal.
  3. Assign a role to the Service Principal.
  4. Create Environment Variables.
  5. Install the Azure Python module.

Prerequisites#

You need to create an account on Azure. You can subscribe to Azure here.

Sign in with Azure CLI#

You will use Azure CLI to create a service principal for Azure. Before you can do that, you will need a few tools to be installed and updated first. To set up Azure CLI in your development container, run the following command:

Install Azure CLI

Docker Setup
All the software packages are already installed. You can verify this by executing the az --version command in the terminal.

Once installed, run the following command:

Verify CLI installation

Sign in#

You will need to sign in using the Azure CLI. Sign in to Azure using the az login cmdlet. Run the following command:

Sign into Azure using Azure CLI

Create an Azure service principal#

Ansible uses a service principal to authenticate to Azure. You can use Azure CLI to create a password-based account and assign permissions to the account. You can do that by running the following command:

Create service principal

Replace the ServicePrincipalName with the name of your choice.

Copy the contents of the output and save it on your machine. You will use them in the upcoming chapters. The output will look like the one below:

Create Service Principal Output

Let’s look at the code output and try to make sense of it.

az ad sp create-for-rbac: We first create the password-based service principal by specifying the following:

  • ad: Active Directory
  • sp: Service Principal

Output: The output consists of:

  • password: Auto-generated by Azure.
  • appId and tenant keys: Used in service principal authentication.
Breaking down the code.

Assign a role to the service principal#

You use the az role assignment to assign Contributor to the service principal in your subscription.

The az role assignment requires two parameters:

  • Assignee
  • RoleDefinitionName

Let’s look at how you can store them and assign the Contributor role by reviewing the code snippet below:

Assign contributor permissions to the subscription

Assignee#

Use the appId you got as an output from the create-for-rbac command.

Role#

Use the Contributor role.

You can modify the scope and role definition to be more restrictive.

Verify that the role has been assigned by executing the following command:

Verify role assignment

Create the environment variable#

Ansible uses the following environment variables for its configuration to authenticate to Azure:

  • AZURE_SUBSCRIPTION_ID
  • AZURE_CLIENT_ID
  • AZURE_SECRET
  • AZURE_TENANT

Getting the Azure information#

Use the az to populate bash variables exported as environment variables later.

Run the following commands in the terminal one by one:

Export environment variables

Your Ansible environment is now connected to Azure.

Echo the variables and copy and store these variables as well; you will use them in the upcoming chapters.

Print the variables

Create an Azure resource group with Ansible#

Use the Ansible azure_rm_resourcegroup command to create a resource group in Azure.

You will learn more about Ansible commands in an upcoming chapter.

Run the following command in the terminal:

Create a resource group

Re-execute the azure_rm_resourcegroup command below in the terminal:

Create a resource group

Verify#

Trust but verify. Double-check that the resource is created by either logging into the Azure Portal or using the az group list cmdlet. Run the following command in the terminal:

Verify resource creation

Practice all the commands covered in this lesson one be one in the terminal. We have provided a summarized view of the commands below:

Connect to Azure
Terminal 1
Terminal

Click to Connect...

Troubleshooting tips#

Missing ansible[azure] module
You might come across the following message.
Failed to import the required Python library (packaging) on 5fbb354c4e23 Python /usr/bin/python2. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible uses the wrong Python interpreter, please consult the documentation on ansible_python_interpreter.”

You require the ansible[azure] python module to run the Azure Ansible modules.

Install the Azure Python module#

You can install the ansible[azure] module by executing the following command:

Install Azure Python module

Update Dockerfile#

You made some changes inside your container. If that container is deleted, all the changes will be lost. You can save your changes by updating the Dockerfile and rebuilding the image.

Dockerfile

In this lesson, we introduced azure cli modules for sign in, created a service principal, and assigned permissions. Once connected, you created a resource group in Azure.

Connect to AWS
Summary
Mark as Completed
Report an Issue