Automate Infrastructure Deployments in the Cloud with Ansible and Azure Pipelines

Posted on Dickson Victor By Dickson Victor No Comments on Automate Infrastructure Deployments in the Cloud with Ansible and Azure Pipelines
Webp.net-resizeimage-1

Ansible is an open-source product that automates cloud provisioning, configuration management, and application deployments. When using Ansible you can easily provision virtual machines, containers, and networks and complete cloud infrastructures. Also, Ansible allows you to automate the deployment and configuration of resources in your environment. In this article, you will learn how to Automate Deployments in the Cloud with Ansible & Azure Pipelines. Please see Concept of Ansible on Windows using Cygwin, Concept of Ansible on Windows using Cygwin, How To Use Azure Key Vault secrets in Azure Pipelines, and how to fix “Ansible error: Server unreachable, ssl: auth method ssl requires a password“.

Ansible includes a suite of Ansible modules that can be executed directly on remote hosts or via playbooks. Users can also create their own modules. Modules can be used to control system resources – such as services, packages, files or execute system commands.

In this article, you will be learning how Ansible can be used to implement Infrastructure as Code (IaC), and how to automate infrastructure deployments in the Cloud with Ansible and Azure pipelines.

Also refer to some of the related guides: How to install Ansible on Windows with Cygwin, how to install and configure Ansible on Ubuntu, how to configure a remote server (windows) to Support Ansible, and how to install Kerberos packages in Windows via Cygwin.

Prerequisites to Setting up the Ansible and Azure Pipelines

To get started, you will need a valid and active Azure account. If you do not have one, you can sign up here.

  • You will need an Azure DevOps account. If you do not have one, you can sign up here.
  • You can as well use the Azure DevOps Demo Generator to provision the project on your Azure DevOps organization. This URL will automatically select the Ansible template in the demo generator.

Create an Azure service principal with Azure CLI

Ansible includes a suite of modules for interacting with Azure Resource Manager, giving you the tools to easily create and orchestrate infrastructure on the Microsoft Azure Cloud. Using the Azure Resource Manager modules requires authenticating with the Azure API. In this lab, you will use Azure service principal for authentication.

  • Login to the Azure portal
  • Click Cloud Shell and select Bash.
capture

Enter the following command by replacing ServicePrincipalName with your desired value.

az ad sp create-for-rbac --name ServicePrincipalName

It will give you a JSON output as shown in the image. Copy the output to notepad. This details required in your next tasks.

capture-1

Enter the following command to get Azure SubscriptionID and copy the same to notepad.

az account show
capture-3

Please see Using Awx to deploy, schedule and run playbooks, How to sync on-premises AD with Azure AD via Azure AD Connect, and How to deploy MBAM for Bitlocker Administration.

Configure Ansible on a Linux machine

To create and provision the resources in Azure with Ansible, we need to have a Linux VM with Ansible configured. In this article, you will deploy an Azure Linux VM which is pre-installed and configured with Ansible. Click here to Deploy to Azure  an Ubuntu 18.04 VM with Ansible.

Provide all the necessary information as is shown o the image below. this takes approximately 5-10 minutes to complete the deployment.

capture-4

Once the deployment is successful, navigate to the resource group and select the VM.

capture-5

Connect to the VM via SSH

Click Connect and copy the login command under the SSH tab.

capture-7
capture-8

Open a Command prompt and paste the copied login command and log in. It will prompt for confirmation to connect, type Yes and provide the Password you have given in step 1.

ssh vmadmin@23.96.12.128
capture-9

Now we must create a directory named .azure in the home directory and a credentials file under it. Type the following commands to create them.

- mkdir ~/.azure
- nano ~/.azure/credentials

Insert the following lines into the credentials file. Replace the placeholders with the information from the service principal details you copied in the previous task. Press Ctrl+O to save the file and Ctrl+X to exit from the text editor.

subscription_id=<your-Azure-subscription_id>

client_id=<azure service-principal-appid>

secret=<azure service-principal-password>

tenant=<azure serviceprincipal-tenant>

Create a pair of private and public keys

Ansible is an agentless architecture-based automation tool . Only it needs ssh authentication using Ansible Control Machine private/public key pair. Now let us create a pair of private and public keys. Run the following command to generate a private/public key pair for ssh and to install the public key in the local machine.

ssh-keygen -t rsa

chmod 755 ~/.ssh

touch ~/.ssh/authorized_keys

chmod 644 ~/.ssh/authorized_keys

ssh-copy-id vmadmin@127.0.0.1

Note: Replace vmadmin with your VM username in the above command.

capture-10
cat ~/.ssh/id_rsa

In the next task, you need SSH private key to create SSH endpoint in the Azure DevOps service. Run the following command to get the private key. Copy the private key to Notepad.

capture-11

Create a SSH Service Connection in Azure DevOps

To connect and run playbooks through Ansible VM in Azure pipelines, we need to have a connection between Azure DevOps and Ansible VM. This service connection provides authentication to Ansible.

  1. Navigate to the project we created above using Azure DevOps Demo Generator.
  2. Navigate to Project Settings –> Service Connections. Select +New service connection and select SSH
capture-12

In Add an SSH service connection window provide the required details and click OK to save the connection.

capture-13

Use Case 1: Examine the Ansible playbook (IaC) in your Source code

We will use SmartHotel360-CouponManagement, a sample Java application backed by a MySQL database. We will examine the Ansible playbook which helps you to provision the Azure resources required to deploy SmartHotel java application.

  1. Navigate to your project. Select Repos.
  2. Select the webapp.yml file under the ansible-scripts folder. Go through the code.
capture-14

What is a webapp.yml file?

webapp.yml is an Ansible playbook file written in YAML format. Ansible Playbooks are Ansible’s configuration, deployment, and orchestration language. They can describe a policy you want your remote systems to enforce or a set of steps in a general IT process. These playbooks use the YAML file format to define a model of a configuration or a process.

Ansible includes a suite of modules for interacting with Azure Resource Manager, giving you the tools to easily create and orchestrate infrastructure on the Microsoft Azure Cloud.

In this article, we want to deploy an Azure Resource Group, App service plan, App Service, and MySQL database required to deploy the website.

And we have added a playbook file (Infrastructure as Code) to the source control repository in your Azure DevOps project which can deploy the required Azure resources.

Update the playbook webapp.yml as the following. On line no_23 change the name of the App service from Linux to Windows as the following image

capture-15

Then commit

capture-17

Also, on the line no_66 change the EndIpAddress from 255.255.255.255 to 0.0.0.0 as the following image

capture-16

Use Case 2: Build your application using Azure CI Pipeline

Let’s build an application and publish the required files to an artifact called Drop. Navigate to Pipeline > Builds. Select Ansible-CI and click Edit.

capture-19

Your build pipeline will look like as below. This CI pipeline has tasks to compile Java project. The Maven in the pipeline will restore dependencies, build, test and publish the build output into a war file (package) which can be deployed to a web application.

capture-21

In addition to the application build, we need to publish Ansible scripts so that it will be available in CD pipeline. So, we configured Copy files task to copy Ansible playbook .yml and the java web package .war file to Artifacts directory.

capture-22
capture-23

Now click Queue at the top to trigger the build. Once the build success, verify that the artifacts have ansible_scripts folder and ROOT.war file in the drop.

capture-24

Use Case 3: Deploy resources using Ansible in Azure CD Pipeline

We will create azure resources using Ansible as part of our deployment (CD) pipeline and deploy the SmartHotel Coupon management application to the App service provisioned by Ansible.

Navigate to your Pipeline > Releases. Select Ansible-CD and click Edit pipeline.
capture-25

Then select Azure Dev stage and click View stage tasks to view the pipeline tasks.

capture-26

Then you will see the tasks as below.

capture-27

Select the Replace Tokens task.

capture-28

If you observe the webapp.yml file in Use Case 1Step 2 you will see there are few values are suffixed and prefixed with __. For example __ webappName __. Using Replace tokens task we will replace those values with the variable values defined in the release pipeline.

capture-29

Your CD pipeline is provisioned with some default values. If required you can change the variable values.

Deploy Azure Resources via the Playbook

Select the Ansible task. We have to integrate with Ansible. This task executes a given Ansible playbook on a specified list of Inventory nodes via the command line interface.

This task requires that the Playbook files be located either on a private Linux agent or on a remote machine where the Ansible automation engine has been installed. Select Ansible Location as Remote Machine and select Ansible SSH endpoint that you created earlier following the image below.

capture-30

Under the Inventory section, select Host list as inventory location and enter pubic ip of your ansible vm in Host list field as shown below.

capture-31

Select Azure App Service Deploy task. Select the Azure subscription from the drop-down list and click Authorize to configure Azure service connection.

And this application requires few app settings to connect to the MySQL database provisioned using Ansible script. That we are updating using the App settings parameter in the task.

This task will deploy the SmartHotel360-CouponManagement package to Azure app service which is provisioned by the Ansible task in the previous step.

capture-32

Once you are done Save the changes and Create a release.

capture-33
capture-34
capture-35

Once the release is successful navigate to your Azure portal. Search for smh360web in App services.

capture-36

Select the app that was created with smh360-xxxx and browse to view the application deployed.

capture-37

You can Login to the site with the following credentials.

Username: me@smarthotel360.com

Password: 1234
capture-38

In this article, you have learned how to automate Infrastructure Deployments in the Cloud with Ansible and Azure Pipelines.

Rate this post
AWS/Azure/OpenShift, Linux Tags:,

Related Posts

More Related Articles

Webp.net resizeimage 4 Create a Service Fabric Cluster using the Azure Stack Hub portal and the CLI AWS/Azure/OpenShift
VBAWS comprehensive guide Deep Dive into Protecting AWS EC2, RDS Instances and VPC AWS/Azure/OpenShift
Azure Backup 1 How to Install Azure Backup Agent AWS/Azure/OpenShift
portainer feature How to Install Docker Portainer on Linux Containers
sdfdghjk How to fix “Job for Mattermost service failed” error Linux
Linux basic commands Linux

Leave a Reply