How to deploy infrastructure on Azure using Ansible (IaC)

Ansible as IaC – Infrastructure Deployment on Azure

/ Ansible / By /

Last Updated on February 5, 2024 by cscontents

Introduction

Infrastructure as code (IaC) is crucial when we think about automation. There are many benefits of using IaC like less manual intervention in resource deployment, and code reusability.

In this article, we will discuss on how to use Ansible to write Infrastructure as Code (IaC) to deploy infrastructure in the Azure cloud. Though Ansible is mostly known as a configuration management tool. But it can be used to deploy infrastructure components in the cloud. Ansible has many modules which support resource deployment in Azure, AWS, etc.

In this article, we will see how to deploy a Linux virtual machine (VM) on Azure using Ansible.

Brief Introduction to Ansible

Ansible is one of the most popular IT automation tools. We can automate many IT tasks like software provisioning, configuration, etc. using Ansible. If you want to get a quick high-level understanding of Ansible please head over to the below article.

Introduction to Ansible | High-Level Understanding of Ansible

Prerequisite

To complete this tutorial, you need the below –

Prerequisite Knowledge

  • Hands-on knowledge of using Ansible Playbook
  • Azure cloud

Prerequisite setup

  • One Linux machine. In this tutorial, we will use Ubuntu 20.04.5 LTS, where we will install ansible.
  • Azure cloud subscription.

Components required to deploy a VM on Azure

As mentioned above in this article we will discuss on deploying a VM using Ansible. You can deploy any other resource, but for learning purposes let’s focus on deploying a VM.

To deploy a VM we need the below component as mentioned in order –

  1. Resource Group
  2. Virtual network
  3. Subnet
  4. Public IP address
  5. Network Security Group which allows port 22 to SSH
  6. Network Interface Card (NIC), and attach the public IP with the NIC.

Once the above 6 components is deployed we will be able to deploy a VM.

Since Ansible uses a procedural method, so we need to write code for all the above 6 components sequentially.

Ansible modules that will be used to deploy the above resources

Below are the ansible modules which will be used in our playbook to deploy a VM and its prerequisite resources in Azure.

  1. azure_rm_resourcegroup
  2. azure_rm_virtualnetwork
  3. azure_rm_subnet
  4. azure_rm_publicipaddress
  5. azure_rm_securitygroup
  6. azure_rm_networkinterface
  7. azure_rm_virtualmachine

Steps to Deploy infrastructure on Azure using Ansible

Follow the below step-by-step guide to deploy infrastructure on azure using Ansible.

Step – 1: Install Ansible on the Linux machine

Here we are using ubuntu OS in this demo. Let’s start with updating the Linux OS package.

sudo apt update

Ensure python3 is installed.

python3 --version

Install Ansible by running the below command.

sudo apt install ansible

Once Ansible is installed you can verify it by running the below command.

ansible --version

Step – 2: Verify azure.azcollection is installed

To verify whether azure.azcollection is installed or not, we need to run the below command.

ansible-galaxy collection list

The above command should list all the collections available.

In the output, you should see azure.azcollection

If the above command gives the below error where it shows ‘list’ as an invalid choice, then you need to upgrade your ansible.

usage: ansible-galaxy collection [-h] COLLECTION_ACTION ...
ansible-galaxy collection: error: argument COLLECTION_ACTION: invalid choice: 'list' (choose from 'init', 'build', 'publish', 'install')

To update ansible, first ensure pip is installed.

python3 -m pip -V

Output: pip 20.0.2 from /usr/lib/python3/dist-packages/pip (python 3.8)

If pip is not installed, install pip by running the below commands.

curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py

and

python3 get-pip.py --user

Now, to upgrade ansible you need to run the below command.

pip3 install --upgrade ansible

Once you upgrade ansible, the list command below should work fine. Now run that command again and see if azure.azcollection is available or not.

ansible-galaxy collection list

If azure.azcollection is unavailable, you need to install it by running the below command.

ansible-galaxy collection install azure.azcollection

Step – 3: Authenticate Ansible with Azure

We need to authenticate ansible with azure so that ansible can deploy resources on the Azure cloud. For this, we need to run the ‘az login’ command from that Linux machine where ansible is installed.

But before we need to install ‘Azure CLI’.

To install Azure CLI, you can follow this official document from Microsoft https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt

Once you have installed ‘Azure CLI’, run the below command and follow the instruction which will be printed at the output to authenticate ansible with azure.

az login

Output:

To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code ********* to authenticate.

Step – 4: Create Ansible playbook

We need to create an ansible playbook (YAML file) with all the details of the required resources to deploy the same on the Azure cloud. Below is the ansible playbook in our case. You can edit the below playbook as per your requirement.

- name: Create a VM on Azure cloud
  hosts: localhost
  connection: local

  vars_prompt:
    - name: admin_password
      prompt: "Enter Local Admin Password"  

  tasks:
  - name: Create a Resource Group
    azure_rm_resourcegroup:
      name: myResourceGroup
      location: eastus
  - name: Create a Virtual Network (VNET)
    azure_rm_virtualnetwork:
      resource_group: myResourceGroup
      name: myVnet
      address_prefixes: "10.0.0.0/16"
  - name: Add a subnet in the VNET
    azure_rm_subnet:
      resource_group: myResourceGroup
      name: mySubnet
      address_prefix: "10.0.1.0/24"
      virtual_network: myVnet
  - name: Create a public IP address
    azure_rm_publicipaddress:
      resource_group: myResourceGroup
      allocation_method: Static
      name: myPublicIP
    register: output_ip_address
  - name: Print Public IP of VM
    debug:
      msg: "The public IP of VM is {{ output_ip_address.state.ip_address }}."
  - name: Create a Network Security Group (NSG) that allows SSH (port 22)
    azure_rm_securitygroup:
      resource_group: myResourceGroup
      name: myNetworkSecurityGroup
      rules:
        - name: SSH
          protocol: Tcp
          destination_port_range: 22
          access: Allow
          priority: 1001
          direction: Inbound
  - name: Create a virtual Network Interface Card (NIC)
    azure_rm_networkinterface:
      resource_group: myResourceGroup
      name: myNIC
      virtual_network: myVnet
      subnet: mySubnet
      public_ip_name: myPublicIP
      security_group: myNetworkSecurityGroup
  - name: Create a VM
    azure_rm_virtualmachine:
      resource_group: myResourceGroup
      name: myVM
      vm_size: Standard B2s
      admin_username: ubuntu
      admin_password: "{{ admin_password }}"
      network_interfaces: myNIC
      image:
        offer: 0001-com-ubuntu-server-focal
        publisher: canonical
        sku: '20_04-lts-gen2'
        version: latest

In the above playbook, we have hard-coded the admin_username, this is the username with which you will need to log in for the first time. And for admin_password it will ask while you execute the playbook.

Step – 5: Run the ansible playbook

In step – 4 we have created one ansible playbook, in this step, we will run it by running the below command. The name of our playbook is azure-resource-deploy.yml

ansible-playbook azure-resource-deploy.yml -vv

Once you run the above command it will ask for admin_password, you need to enter that password and keep it safe. This same password will be used to log into the VM.

 

Thank You.

If you are interested in learning DevOps, please have a look at the below articles, which will help you greatly.