Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Ansible authenticate to Microsoft Azure using credential inside yaml file

Ansible authenticate to Microsoft Azure using credential profiles Part 1
Ansible authenticate to Microsoft Azure using credential profiles Part 2

This is continuation of  the authentication to azure with ansible parts. While working on Ansible AWX tower controller, I wanted to create profile, but due to limited access to AWX tower and also I wanted to encrypt credentials (You can store authentication information under awx credentials). There are 4 parameters can be used in yaml files instead profile as highlighted in the yaml script.

subscription_id
tenant
client_id
secret

#Ansible variable yaml file - subnetinfo_var.yml
---
rg_name: vcloud-lab.com
vnet_name: global_vnet_eastus
subnet_name: prod01-10.10.1.x


#Ansible variable yaml file - subnetinfo.yaml
---
- name: Get Azure subnet information
  hosts: localhost
  connection: local
  gather_facts: false

  collections:
    - azure.azcollection

  tasks:
  - name: Include variable file
    ansible.builtin.include_vars:
      file: subnetinfo_var.yml
      name: subnetinfo

  - name: Get information subnet in virtual network
    azure_rm_subnet_info:
      resource_group: "{{ subnetinfo.rg_name }}"
      virtual_network_name: "{{ subnetinfo.vnet_name }}"
      name: "{{ subnetinfo.subnet_name }}"
      subscription_id: 9e22xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
      tenant: 3b80xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
      client_id: 61e4xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
      secret: 4bt8xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    register: az_subnet

  - name: Show/Print subnet information
    debug:
      var: az_subnet

Below are the result after running ansible playbook.

Download subnetinfo.zip script her or it is also available on github.com/janviudapi

ubuntu@ansible:~/Documents/Azure_Ansible$ cd subnetinfo
ubuntu@ansible:~/Documents/Azure_Ansible/subnetinfo$ ls
subnetinfo_var.yml  subnet.yaml
ubuntu@ansible:~/Documents/Azure_Ansible/subnetinfo$ ansible-playbook subnetinfo.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [Get Azure subnet information] ************************************************************************************************************************************************

TASK [Include variable file] *******************************************************************************************************************************************************
ok: [localhost]

TASK [Get information subnet in virtual network] ***********************************************************************************************************************************
ok: [localhost]

TASK [Show/Print subnet information] ***********************************************************************************************************************************************
ok: [localhost] => {
    "az_subnet": {
        "changed": false,
        "failed": false,
        "subnets": [
            {
                "address_prefix_cidr": "10.10.1.0/24",
                "address_prefixes_cidr": null,
                "delegations": [],
                "id": "/subscriptions/9e22xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/vcloud-lab.com/providers/Microsoft.Network/virtualNetworks/global_vnet_eastus/subnets/prod01-10.10.1.x",
                "name": "prod01-10.10.1.x",
                "private_endpoint_network_policies": "Enabled",
                "private_link_service_network_policies": "Enabled",
                "provisioning_state": "Succeeded",
                "resource_group": "vcloud-lab.com",
                "route_table": null,
                "security_group": null,
                "service_endpoints": [],
                "virtual_network_name": "global_vnet_eastus"
            }
        ]
    }
}

PLAY RECAP *************************************************************************************************************************************************************************
localhost                  : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

ubuntu@ansible:~/Documents/Azure_Ansible/subnetinfo$ 

Check this out: Quickstart How to authenticate Ansible with Microsoft Azure

Microsoft Azure Ansible redhat yaml yml azure collection subnet info resource group virtual network private endpoint network policy route table service endpoint vnet delegation address prefix cidr.png

If you are using Azure AD user credentials instead service principal in environment variable,  you can also consider below points.

  • Authentication is also possible using a service principal or Active Directory user.

  • To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.

  • To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.

Useful Articles
Deploy create Virtual Network vNET in Azure cloud using Ansible
How to install and configure Ansible on Ubuntu
Get Started: Configure Ansible for Azure Cloud Infrastructure
Install the Microsoft Azure CLI on Ubuntu Linux
Deploy create Virtual Network vNET in Azure cloud using Ansible
Quickstart How to authenticate Ansible with Microsoft Azure
Create an Azure App registrations in Azure Active Directory using PowerShell & AzureCLI 

Go Back

Comment

Blog Search

Page Views

8559372

Follow me on Blogarama