Last time we have installed NGINX package on Azure VM using AWX. In this chapter we will create an Azure environment using AWX.
Ansible ships with several modules (called the ‘module library’) that can be executed directly on remote hosts or through Playbooks. For interacting with Azure services, Ansible includes a suite of Ansible cloud modules that provides the tools to easily create and orchestrate Azure.
This time we shall need azure_rm_virtualmachine module, which is used by azure-vm-creation/main.yml Playbook. Playbook we be executed on host itself:
To be able to create a new resources in Azure we will need an account with some privilege level. Azure Resource Management model provides granular Role-Based Access Control model for assigning privileges. The account, to which privilege will be assigned, could be as an official documentation says a user account or a service principal (aka SPN). In our case we will use service principal option and for that we will need to get following parameters:
- CLIENT ID
- CLIENT SECRET
- SUBSCRIPTION ID
- TENANT ID
We will create a new service principal account and grant 'Contributor' role for a Resource Group (you can choose whatever resource group you want for that). Instruction how-to create SPN and assign role to it is in the text below(please store somewhere values marked with red):
- Create Service principal
- Generate a secret (aka application key)
- Go to the chosen Resource Group
- Grant 'Contributor' role
- Find Tenant ID
Now we can add Azure SPN to AWX:
As we already added the SCM in the previous chapter we only need to update our project:
As the Playbook will be executed on Tower host itself - we need to create new inventory (no need to add a host):
To be able to run our deployment Playbook on different environment and don't expose security data, it contains following variables (wrapped into double curly brackets):
- vm_resource_group - deployment Azure Resource Group name
- vm_name - newly created Azure Virtual Machine name
- vm_admin_username - Azure VM username (which match username requirements)
- vm_admin_password - Azure VM password (which match password requirements)
As our Playbook repository is publicly visible we can't use group variables to assign values to the variables. Instead we can use extra variables. Below you can copy a blank, which you need to fill (with values obtained in previous heading):
---
vm_resource_group: xxxxxxxxxxxx
vm_name: xxxxxxxxxxxx
vm_admin_username: xxxxxxxxxxxx
vm_admin_password: xxxxxxxxxxxx
Now we can create a new project (don't forget to specify extra variables) and run it:
If everything went according to plan and job was successful - in the Resource Group should appear a new virtual machine.
