More about Infrastructure as Code Azure
- Ansible & Azure: Automating Azure’s Basic Building Blocks
- Azure Resource Manager Templates: A Guide to Efficient Automation
- Terraform on Azure: Platform-Agnostic Automation in the Cloud
- Azure Resource Manager (ARM) Benefits and Best Practices
- Azure Quickstart Templates How-To
- Infrastructure as Code: Azure Tips to Save You Time and Headaches
Ansible enables you to automate cloud resource management. You can use Ansible to provision, manage, and deploy resources across multiple cloud vendors. In this post, we’ll walk you through the process of getting started with Ansible on Azure, and explain how NetApp Cloud Volumes ONTAP can help simplify storage when using Infrastructure as Code in Azure.
In this article, you will learn:
- Ansible on Azure overview
- Getting started with Ansible on Azure
- Configuring basic Azure building blocks with Ansible
- Ansible Azure with Cloud Volumes ONTAP
Ansible on Azure Overview
Ansible is an open-source tool that you can use to automate and simplify cloud resource management. It enables you to provision cloud resources, manage configurations, and deploy applications. You can use it to provision containers, virtual machines, network components, and cloud infrastructures.
Ansible works based on playbooks. Playbooks are human-readable (written in YAML) definitions of configurations that you can run automatically or on-demand. These playbooks enable you to define resource deployments with code and can help ensure that your resources are deployed and managed in a standardized way.
When using Ansible, you can extend its functionality and integrate it with other services using modules. Modules are units of code that you run directly on hosts or via playbooks. You can use modules to execute system commands or to control system resources.
When you use Ansible in combination with Azure services, there are a variety of modules you can use. These modules enable you to create and orchestrate Azure infrastructure while retaining access to built-in Azure features and capabilities.
Getting Started with Ansible on Azure
Below is a brief tutorial to get you started using Azure and Ansible. This tutorial assumes that you are already familiar with creating Ansible playbooks and that you are at least somewhat familiar with Azure. This guide is adapted from a longer tutorial in the Azure documentation, which you can see here.
Configure Your Environment
To begin, you need to configure your Azure environment. This requires setting up an Azure subscription if you don’t already have one. If you just want to do a trial run, the free tier should be enough to get you started.
Open the cloud shell
Log-in to the Azure Portal and select the Cloud Shell icon to the right of the search bar. If this is your first time using the shell, you need to configure it first. You can see a quick start guide for how to configure it here. In this tutorial, commands are given assuming you are using a Bash environment.
Automatic credential configuration
Once the shell is open, Ansible automatically authenticates with Azure. This authentication is based on the Azure subscription you are using.
If you have multiple Azure subscriptions, you can verify which you are using and specify the correct one with the AZURE_SUBSCRIPTION_ID environment variable.
To check which subscriptions are available, you can use the following command:
az account list
Then, with the correct subscription ID from your list, you can set that as your subscription with the following:
Verify your configuration
After your subscription is set, you should verify that your configuration completed successfully. One way to do this is to create an Azure resource group using Ansible. The steps below show you how to do this.
- Create a file named rg.yml using the Cloud Shell command code rg.yml.
- In your code editor, paste the following. This will create a resource group in the East US region.
- hosts: localhost
- name: Create resource group
- Save your file and close the editor.
- Run your new playbook with the following command:
Once you run it, you should see an output showing a PLAY statement, indicating that the playbook is running, and TASK statements showing what the playbook is executing.
At the end, look for the PLAY RECAP section. You should see non-zero values for ok and changed. If you see non-zeros for unreachable or failed, you need to review your configurations and try again.
PLAY RECAP ***********************************************************
localhost : ok=3 changed=1 unreachable=0 failed=0
Configuring the Basic Azure Building Blocks with Ansible
Once you have Ansible connected, you can begin configuring your environments. Below are the steps needed from start to finish to create an environment and a host in an Ansible playbook.
Create a resource group
When using Ansible you need to define a resource group for your deployed resources. Creating a resource group in your playbook works the same as in the Cloud Shell above. To define your group, insert the following into your playbook:
Note that tags is a dictionary of string:string pairs you can use to assign metadata to an object. Ansible updates metadata tags on the object with your provided values. To remove tags, set the append_tags option to false.
- name: Create resource group
Create a virtual network
Next, you need to either create or define the virtual network you wish to use. Every virtual machine (VM) you create in Azure requires a virtual network connection with definitions for how that VM is accessed. To define your network, insert the following into your playbook.
- name: Create virtual network
When defining your network, you also need to define your subnet.
- name: Add subnet
Create a public IP address
Once your network and subnet are defined, you can define your public IP addresses. These addresses enable communications between Azure resources, Internet resources, and Azure services. When a resource is created, you can statically define an IP or allow Azure to dynamically assign one from those available.
To define your IP address, insert the following into your playbook:
- name: Create public IP address
Create a network security group
Next, you can define your network security groups. These groups filter traffic resources in your network. The Security Rules that you define for these groups govern traffic between resources.
To define your network security groups, insert the following into your playbook:
- name: Create Network Security Group that allows SSH
- name: SSH
Create a virtual network interface card
Virtual network interface cards connect your VMs to the network, IP, and network security groups you have defined.
To define your network interface card, insert the following into your playbook:
- name: Create virtual network interface card
Create a virtual machine
Finally, you can create your VM. This requires all of the previous information and steps and needs to come last in your playbook. The final step is to create a virtual machine that uses all the resources you've created in the previous sections of this article.
To define your VM, insert the following into your playbook:
- name: Create VM
- path: /home/azureuser/.ssh/authorized_keys
Ansible Azure with Cloud Volumes ONTAP
NetApp Cloud Volumes ONTAP, the leading enterprise-grade storage management solution, delivers secure, proven storage management services on AWS, Azure and Google Cloud. Cloud Volumes ONTAP supports up to a capacity of 368TB, and supports various use cases such as file services, databases, DevOps or any other enterprise workload, with a strong set of features including high availability, data protection, storage efficiencies, Kubernetes integration, and more.
In particular, Cloud Volumes ONTAP provides Cloud Manager, a UI and APIs for management, automation and orchestration, supporting hybrid & multi-cloud architectures, and letting you treat pools of storage as one more element in your Infrastructure as Code setup.
Cloud Manager is completely API driven and is highly geared towards automating cloud operations. Cloud Volumes ONTAP and Cloud Manager deployment through infrastructure- as- code automation helps to address the DevOps challenges faced by organizations when it comes to configuring enterprise cloud storage solutions. When implementing infrastructure as code, Cloud Volumes ONTAP and Cloud Manager go hand in hand with Terraform to achieve the level of efficiency expected in large scale cloud storage deployment in Azure.