Azure cloud provisioning using Ansible

                Automating the IT Infrastructure is today’s one of major focus of all organizations. This reduces the cost and human workloads. When you make a plan to automating your infrastructure, it should start with provisioning of the resources, this makes managing the resources very easy. Many businesses have adopted cloud computing in their operations in the past years because of its flexibility and high sociability features. When you integrate the cloud infrastructure with today’s open source DevOps tools available in the market, this makes your daily life easier to handling huge environments.

I would rather suggest to go with Ansible as the configuration management tool because of its simplicity and straight forward operation features. This came in market late, but gained solid footing and adopted by many DevOps professionals because of its unique features. Ansible offers huge number of modules for managing the cloud operations for all major cloud providers like Azure AWS and GCP.

The Ansible playbooks which I refer below will help you to provisioning cloud resources in Azure environment, which create a Window VM and configure the VM to connect with Ansible host for any post provision activities, The playbook will perform the following tasks.

  1. Create the resource groups and Network infrastructure
  2. Provisioning of windows VMs
  3. Adding the new host to dynamic inventory for any post provision activities
  4. Enabling the PowerShell execution policy to connect to WinRM
  5. Installing a Firefox package using ansible on the newly created VM
The playbook contains 3 roles which will create Network infrastructure, provision a windows VMs and install the Firefox package on it.
——————- advertisements ——————-
———————————————————-
Let’s go through the main playbook first which includes 3 roles First 2 will run against the localhost which creates the Network infrastructure and Virtual machine respectively. As you can see the third role which install the Firefox package is running against a host group azure_vms which will be created dynamically after provisioning the server

Now let’s go through the first role common which creates the resource group and network infrastructure.

 

- name: Create a resource group
   azure_rm_resourcegroup:      
     name: "{{ rg_name }}"      
     location: "{{ location }}"      
     state: present 

- name: Create a virtual network   
  azure_rm_virtualnetwork:      
    name: "{{ vitual_network }}"      
    resource_group: "{{ rg_name }}"      
    address_prefixes_cidr:         
      - "{{ CIDR }}" 
- name: Create network windows base_security groups   
  azure_rm_securitygroup:     
    resource_group: "{{ rg_name }}"     
    name: windows_base     
    purge_rules: yes     
    rules:        
     - name: 'AllowRDP'          
       protocol: Tcp          
       source_address_prefix: 0.0.0.0/0          
       destination_port_range: 3389          
       access: Allow          
       priority: 100          
       direction: Inbound        
     - name: 'AllowWinRM'          
       protocol: Tcp          
       source_address_prefix: 0.0.0.0/0          
       destination_port_range: 5986          
       priority: 102          
       direction: Inbound        
     - name: 'DenyAll'          
       protocol: Tcp          
       source_address_prefix: 0.0.0.0/0          
       destination_port_range: 0-65535          
       priority: 103          
       direction: Inbound

- name: Create a Subnet and adding the windows_base security group in to it
  azure_rm_subnet:
    name: "{{ subnet }}"
    virtual_network_name: "{{ vitual_network }}"
    resource_group: "{{ rg_name }}"
    address_prefix_cidr: "{{ subnet_CIDR }}"
    security_group_name: windows_base 

——————- advertisements ——————-
———————————————————-

Here it’s creating a Resource group, virtual network and a security group which allow incoming RDP and WinRM traffics. You can either add the security group to the NIC card or to the subnet where we create the Virtual machine. Azure will create a NIC card and allocate to the VM in default if you are not giving any custom NIC cards while provisioning. Here I am not creating any custom NIC cards for the server instead attaching the security group with the subnet.

Let’s go through the second role which creates the Virtual machine.


- name: Create a VM    
  azure_rm_virtualmachine:      
    os_type: Windows      
    resource_group: "{{ rg_name }}"      
    virtual_network_name: "{{ virtual_network_name }}"      
    name: "{{ vm_name }}"      
    admin_username: "{{ admin_user }}"      
    admin_password: "{{ admin_passwd }}"      
    vm_size: Standard_F2s_v2      
    image:         
      offer: WindowsServer         
      publisher: MicrosoftWindowsServer         
      sku: '2016-Datacenter'         
      version: latest    
  register: output  

- name: Add new instance to the host group    
  add_host:       
    hostname: "{{ vm_name }}"       
    ansible_host: "{{ azure_vm.properties.networkProfile.networkInterfaces[0].properties.ipConfigurations[0]. properties.publicIPAddress.properties.ipAddress }}"       
    ansible_user: "{{ admin_user }}"       
    ansible_password: "{{ admin_passwd }}"       
    ansible_connection: winrm       
    ansible_port: 5986       
    ansible_winrm_server_cert_validation: ignore       
    ansible_winrm_transport: ssl 
    groupname: azure_vms    
  with_items: output.instances   

- name: create Azure vm extension to enable HTTPS WinRM listener     
  azure_rm_virtualmachine_extension:        
    name: winrm-extension        
    resource_group: "{{ rg_name }}"        
    virtual_machine_name: "{{ vm_name }}"        
    publisher: Microsoft.Compute        
    virtual_machine_extension_type: CustomScriptExtension        
    type_handler_version: 1.9        
    settings: '{"commandToExecute": "powershell.exe -ExecutionPolicy ByPass -   EncodedCommand {{winrm_enable_script}}"}'        
    auto_upgrade_minor_version: true     
  with_items: output.instances   

- name: wait for the WinRM port to come online     
  wait_for:        
    port: 5986        
    host: '{{azure_vm.properties.networkProfile.networkInterfaces[0].properties.ipConfigurations[ 0].properties.publicIPAddress.properties.ipAddress}}'        
    timeout: 600     
  with_items: output.instances
——————- advertisements ——————-
———————————————————-
As you can see in the second task in the role, the newly created server will be added to a host group azure_vms using the ansible add_host module. The third and 4 th task will enable HTTPS WinRM listener for ansible communication.

The third and final role in the playbook will install a Firefox browser in the newly provisioned VM using the ansible win_chocolatey module.

 - name: Install Firefox 
   win_chocolatey:
     name: firefox
     state: present

Here is the main playbook which calls all the 3 roles

---
- hosts: localhost
  gather_facts: yes
  roles:
   - common
   - vm

- hosts: azure_vms
  gather_facts: no
  roles:
   - install_firefox

Hope this post helped you. Please share your feedback/suggestions in the comments below.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *