Ansible authenticate to Microsoft Azure using credential profiles Part 1
Ansible authenticate to Microsoft Azure using credential profiles Part 2
This is continuation of the authentication to azure with ansible parts. While working on Ansible AWX tower controller, I wanted to create profile, but due to limited access to AWX tower and also I wanted to encrypt credentials (You can store authentication information under awx credentials). There are 4 parameters can be used in yaml files instead profile as highlighted in the yaml script.
subscription_id
tenant
client_id
secret
#Ansible variable yaml file - subnetinfo_var.yml --- rg_name: vcloud-lab.com vnet_name: global_vnet_eastus subnet_name: prod01-10.10.1.x #Ansible variable yaml file - subnetinfo.yaml --- - name: Get Azure subnet information hosts: localhost connection: local gather_facts: false collections: - azure.azcollection tasks: - name: Include variable file ansible.builtin.include_vars: file: subnetinfo_var.yml name: subnetinfo - name: Get information subnet in virtual network azure_rm_subnet_info: resource_group: "{{ subnetinfo.rg_name }}" virtual_network_name: "{{ subnetinfo.vnet_name }}" name: "{{ subnetinfo.subnet_name }}" subscription_id: 9e22xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx tenant: 3b80xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx client_id: 61e4xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx secret: 4bt8xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx register: az_subnet - name: Show/Print subnet information debug: var: az_subnet
Below are the result after running ansible playbook.
Download subnetinfo.zip script her or it is also available on github.com/janviudapi
ubuntu@ansible:~/Documents/Azure_Ansible$ cd subnetinfo ubuntu@ansible:~/Documents/Azure_Ansible/subnetinfo$ ls subnetinfo_var.yml subnet.yaml ubuntu@ansible:~/Documents/Azure_Ansible/subnetinfo$ ansible-playbook subnetinfo.yaml [WARNING]: No inventory was parsed, only implicit localhost is available [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' PLAY [Get Azure subnet information] ************************************************************************************************************************************************ TASK [Include variable file] ******************************************************************************************************************************************************* ok: [localhost] TASK [Get information subnet in virtual network] *********************************************************************************************************************************** ok: [localhost] TASK [Show/Print subnet information] *********************************************************************************************************************************************** ok: [localhost] => { "az_subnet": { "changed": false, "failed": false, "subnets": [ { "address_prefix_cidr": "10.10.1.0/24", "address_prefixes_cidr": null, "delegations": [], "id": "/subscriptions/9e22xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/vcloud-lab.com/providers/Microsoft.Network/virtualNetworks/global_vnet_eastus/subnets/prod01-10.10.1.x", "name": "prod01-10.10.1.x", "private_endpoint_network_policies": "Enabled", "private_link_service_network_policies": "Enabled", "provisioning_state": "Succeeded", "resource_group": "vcloud-lab.com", "route_table": null, "security_group": null, "service_endpoints": [], "virtual_network_name": "global_vnet_eastus" } ] } } PLAY RECAP ************************************************************************************************************************************************************************* localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ubuntu@ansible:~/Documents/Azure_Ansible/subnetinfo$
Check this out: Quickstart How to authenticate Ansible with Microsoft Azure
If you are using Azure AD user credentials instead service principal in environment variable, you can also consider below points.
-
Authentication is also possible using a service principal or Active Directory user.
-
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
-
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Useful Articles
Deploy create Virtual Network vNET in Azure cloud using Ansible
How to install and configure Ansible on Ubuntu
Get Started: Configure Ansible for Azure Cloud Infrastructure
Install the Microsoft Azure CLI on Ubuntu Linux
Deploy create Virtual Network vNET in Azure cloud using Ansible
Quickstart How to authenticate Ansible with Microsoft Azure
Create an Azure App registrations in Azure Active Directory using PowerShell & AzureCLI