Azure Infra deployment, Ansible, made easy!
Senthilraj Krishnan
AIOps-MLOps-DevOps Practice Manager, Azure DevOps solution Architect/Coach/ Az-305 - DevOps SME, Github,Infra Architecture, Accelerator, Presales, Innovation, Architecture, Automation, High performing team and Execution
Ansible is an IT automation tool. Ansible’s main goals are simplicity and ease-of-use. It also has a strong focus on security and reliability, featuring a minimum of moving parts, usage of OpenSSH for transport (with other transports and pull modes as alternatives), and a language that is designed around auditability by humans–even those not familiar with the program. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
Ansible includes a suite of Ansible modules that can be executed directly on remote hosts or via playbooks. Users can also create their own modules. Modules can be used to control system resources - such as services, packages, or files - or execute system commands.
Ansible is an Open source and managed by Red hat. It is Agent-less, no need of any agent installation or maintenance in deployment node is a great advantage. It can be installed in Linux system or Windows 10 using Windows Subsystem for Linux using python3-pip
Using secure shell with Linux and WinRM with Microsoft Ansible is able to perform the operation(Agentless).
Inventory - Place to store list of target nodes in Ansible host/server, Inventory format is INI or Yaml. Using Groups, about group the list of inventories together.
Modules - Repeatable to other team functionality are made as modules,ex win_ping, comes with many modules, Copies files, Install software, Create file from template, operating system update are few examples of Ansible module functionality. Windows modules start with win_ and linux module with out any prefix starts.
Playbooks Are group of tasks that usually call modules, written in YAML, it may contains variables, lists of hosts, groups and tasks. It is often stored in source control.
Playbook.yml
---
- hosts: linux_servers
vars:
samplevar : "Prod"
tasks:
- name : Copy a file
copy:
src: "/tmp/config.json"
dest:"/etc/config.json"
samplevar - is a variable
"Copy a file" - is a task
Copy - is module
Roles - Keeping all the parts of Ansible components in a manageable collection called Roles.Roles help organize all the files and folders of Ansible code, predefined conventions of folders and files, No special project files, just folder conventions.
Let's get in action, using Ansible apply Infrastructure as Code (IaC) with Azure DevOps pipeline, to achieve this we need to create a ready made Ubundu 18.04 VM with Ansible virtual machine created in the Azure(IaaS), it acts as Ansible server.
In the created Ansible Linux server, setup azure credentials which holds the subscription id, Client id, Secret (Generated from Azure Active directory) and Tenant id in the credentials file. Generate the authorized Linux Ansible server private key to create a Service connection end point from the Azure DevOps CD pipeline.
In the Azure DevOps Project setting using Service end point create SSH connection and configure the Linux ansible server IP address, private key and user id and password details to create the connection between Azure DevOps with Ansible Linux server.
Azure DevOps repo need to setup a Ansible play book which contains modules to create Resource group, Web app plan, Web app, Create SQL Server and setup firewall rules for the SQL Server are configured. As part of the CI build Ansible YAML file is published to the drop location further it taken as Artifact for the Release pipe line.
In the release pipe line, replace token task helps to replace the Ansible playbook YAML resource group name, location, webappname, sql server name , DB name, SQL Admin name and admin secret from Release pipe line variable to the file. Ansible play book run task is available in Azure DevOps, need to add this task and configure the remote machine option and select the previously configured SSH enpoint bind to this task, to get the connectivity from Azure DevOps to the Ansible Linux server, in the inventory section add the Ansible server IP.
After this step, using Azure App service deploy task deploy the build application in the web app location.
Initiate the Azure DevOps (CI) further give the created build version build number as input to the Release pipe (CD) to create a new Resource group, App service, Database server and database configured in the release pipe variable. After infrastructure creation (IaC) using Ansible Playbook code, using Azure App service deploy task, deploy the build code to the web app location.
Happy learning!!