Azure¶
The Azure provider manages multiple types of resources.
Note
The dependencies is perfectly working for the latest version of Ansible, if you are not using the latest version, may not work.
azure_vm¶
Azure VM Instances can be provisioned using this resource.
Topology Schema¶
Within Linchpin, the azure_vm resource_definition has more options than what are shown in the examples above. For each azure_vm definition, the following options are available.
Parameter |
required |
type |
ansible value |
comments |
---|---|---|---|---|
role |
true |
string |
N/A |
|
vm_name |
true |
string |
name |
It can’t include ‘_’ and other special char |
private_image |
false |
string |
image |
This takes private images |
virtual_network_name |
false |
string |
virtual_network_name |
|
vm_username |
false |
string |
image |
|
vm_password |
false |
string |
image |
|
count |
false |
int |
||
resource_group |
true |
string |
resource_group |
|
vm_size |
false |
string |
vm_size |
|
public_image |
false |
dict |
image |
This para takes public images |
vm_username |
false |
string |
admin_username |
|
vm_password |
false |
string |
admin_password |
|
public_key |
false |
string |
Copy you key here |
|
delete_all_attached |
false |
string |
remove_on_absent |
|
availability_set |
false |
string |
availability_set |
azure_nsg¶
Azure Network Security Group can be provisioned using this resource.
Example <workspaces/azure/Pinfile>`
azure_nsg module <https://docs.ansible.com/ansible/latest/modules/azure_rm_securitygroup_module.html?highlight=azure%20security#examples>`_
Topology Schema¶
Within Linchpin, the azure_vm resource_definition has more options than what are shown in the examples above. For each azure_vm definition, the following options are available.
Parameter |
required |
type |
ansible value |
comments |
---|---|---|---|---|
role |
true |
string |
N/A |
|
name |
true |
string |
name |
|
purge_rules |
false |
string |
purge_rules |
|
rules |
false |
list(dict) | rules |
If you declare both public and private image, only the private will be taken
azure_api¶
Any Azure resources can be provisioned using this role, it supported by the Azure Api
Topology Schema¶
Within Linchpin, the azure_api resource_definition has more options than what is shown in the examples above. For each azure_api definition, the following options are available.
Parameter |
required |
type |
ansible value |
comments |
---|---|---|---|---|
role |
true |
string |
N/A |
|
resource_group |
true |
String |
resource_group |
|
resource_type |
true |
String |
resource_type |
|
resource_name |
true |
string |
resource_name |
|
api_version |
true |
string |
api_version |
|
body_path |
true |
string |
Path to request body |
|
url |
true |
string |
url |
azure_loadbalancer¶
With this role you can provision and configure the Azure Load Balancer
Example <workspaces/azure/Pinfile>`
azure_loadbalancer module <https://docs.ansible.com/ansible/latest/modules/azure_rm_loadbalancer_module.html?highlight=azure%20load%20balance>`_
Topology Schema¶
Within Linchpin, the azure_loadbalancer resource_definition has more options than what is shown in the examples above. For each azure_loadbalancer definition, the following options are available.
Parameter |
required |
type |
ansible value |
comments |
---|---|---|---|---|
role |
true |
string |
N/A |
|
resource_group |
false |
string |
resource_group |
|
name |
true |
string |
name |
|
frontend_ip_configuration |
false |
string |
frontend_ip_configuration |
|
backend_address_pools |
false |
string |
backend_address_pools |
|
probes |
false |
string |
probes |
|
inbound_nat_pools |
false |
string |
inbound_nat_pools |
|
inbound_nat_rules |
false |
string |
inbound_nat_rules |
|
load_balacing_rules |
false |
string |
load_balacing_rules |
azure_publicipaddress¶
With this role, you can provision and manage Azure public ip address
Example <workspaces/azure/Pinfile>`
azure_publicipaddress module <https://docs.ansible.com/ansible/latest/modules/azure_rm_publicipaddress_module.html?highlight=azure%20public%20address>`_
Topology Schema¶
Within Linchpin, the azure_publicipaddress resource_definition has more options than what is shown in the examples above. For each azure_publicipaddress definition, the following options are available.
Parameter |
required |
type |
ansible value |
comments |
---|---|---|---|---|
role |
true |
string |
N/A |
|
resource_group |
false |
string |
resource_group |
|
allocation_method |
true |
string |
allocation_method |
|
domain_name |
false |
string |
domain_name |
|
sku |
false |
string |
sku |
azure_availabilityset¶
Any Azure resources can be provisioned using this role, it supported by the Azure Api
Example <workspaces/azure/Pinfile>`
azure_availabilityset module <https://docs.ansible.com/ansible/latest/modules/azure_rm_availabilityset_module.html?highlight=azure%20avail>`_
Topology Schema¶
Within Linchpin, the azure_availabilityset resource_definition has more options than what is shown in the examples above. For each azure_availabilityset definition, the following options are available.
Parameter |
required |
type |
ansible value |
comments |
---|---|---|---|---|
role |
true |
string |
N/A |
|
resource_group |
false |
string |
resource_group |
|
name |
true |
string |
name |
|
location |
false |
string |
name |
|
platform_update_domain_count |
false |
string |
platform_update_domain_count |
|
platform_fault_domain_count |
false |
string |
platform_fault_domain_count |
|
sku |
false |
string |
sku |
azure_network_interface¶
Azure network interface can be provisioned using this role
Example <workspaces/azure/Pinfile>`
azure_rm_networkinterface module <https://docs.ansible.com/ansible/latest/modules/azure_rm_networkinterface_module.html?highlight=azure%20network%20interface>`_
Topology Schema¶
Within Linchpin, the azure_rm_networkinterface resource_definition has more options than what is shown in the examples above. For each azure_rm_networkinterface definition, the following options are available.
Parameter |
required |
type |
ansible value |
comments |
---|---|---|---|---|
role |
true |
string |
N/A |
|
resource_group |
false |
string |
resource_group |
|
name |
true |
string |
name |
|
virtual_network_name |
false |
string |
virtual_network |
|
subnet_name |
false |
string |
platform_update_domain_count |
azure_resource_group¶
Azure network interface can be provisioned using this role
Example <workspaces/azure/Pinfile>`
azure_rm_resourcegroup module <https://docs.ansible.com/ansible/latest/modules/azure_rm_resourcegroup_module.html?highlight=azure%20resource%20group>`_
Topology Schema¶
Within Linchpin, the azure_rm_networkinterface resource_definition has more options than what is shown in the examples above. For each azure_rm_networkinterface definition, the following options are available.
Parameter |
required |
type |
ansible value |
comments |
---|---|---|---|---|
role |
true |
string |
N/A |
|
resource_group |
false |
string |
resource_group |
|
name |
true |
string |
name |
|
location |
false |
string |
location |
azure_virtual_network¶
Azure virtual network can be provisioned using this role
Example <workspaces/azure/Pinfile>`
azure_rm_virtualnetwork module <https://docs.ansible.com/ansible/latest/modules/azure_rm_virtualnetwork_module.html?highlight=azure%20virtual%20network>`_
Topology Schema¶
Within Linchpin, the azure_rm_virtualnetwork resource_definition has more options than what is shown in the examples above. For each azure_rm_virtualnetwork definition, the following options are available.
Parameter |
required |
type |
ansible value |
comments |
---|---|---|---|---|
role |
true |
string |
N/A |
|
resource_group |
false |
string |
resource_group |
|
name |
true |
string |
name |
|
address_prefixes |
false |
string |
address_prefixes |
azure_virtual_subnet¶
Azure network interface can be provisioned using this role
Example <workspaces/azure/Pinfile>`
azure_rm_subnet module <https://docs.ansible.com/ansible/latest/modules/azure_rm_subnet_module.html?highlight=azure%20subnet>`_
Topology Schema¶
Within Linchpin, the azure_rm_subnet resource_definition has more options than what is shown in the examples above. For each azure_rm_subnet definition, the following options are available.
Parameter |
required |
type |
ansible value |
comments |
---|---|---|---|---|
role |
true |
string |
N/A |
|
resource_group |
false |
string |
resource_group |
|
name |
true |
string |
name |
|
virtual_network_name |
false |
string |
virtual_network_name |
|
address_prefix |
false |
string |
address_prefix |
Credentials Management¶
Linchpin supports Ansible authentication options:
Active Directory
Service Principal
Active Directory¶
Active Directory authentication works only with organization users (not guests). You can create a new user in the organization but do not invite users. The following keys are required in the credentials file for AD authentication:
- user
The user name, you can verify it manually in Azure portal.
- password
The password, you can verify it manually in Azure portal and change it.
- subscription_id
The subscription id to use, you can check what subscriptions available and what permission you have in Azure portal.
- tenant
Is the Active Directory ID, and it is required if the user is member of multiple directories. You can find tenant ID in Azure portal at Azure Active Directory
Example of credentials file with Azure Active directory:
[default]
user: linchpin@redhat.com
password: MySecretPassword
subscription_id: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
tenant: 3rfawca-awd3daw-d3cc33-ASCEA-CAEESA-caceace
Service Principal¶
The following keys are required in the credentials file for SP authentication:
- client_id
The client ID is the application ID.
- secret
The application secret token, can be generated in Azure portal
- subscription_id
The subscription id to use, you can check what subscriptions available and what permission you have in Azure portal.
- tenant
Is the Active Directory ID, and it is required if the user is member of multiple directories. You can find tenant ID in Azure portal at Azure Active Directory
Example of credentials file with Azure Service Principal:
[default]
client_id: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
secret: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
subscription_id: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
tenant: 3rfawca-awd3daw-d3cc33-ASCEA-CAEESA-caceace
How to create new Service Principal in Azure portal¶
Go to Azure Active Directory in Azure portal
Go to App registration on the left bar
Create a new app
The Application ID is client_id
The Directory ID is tenant
Go to Certificates and secrets on left bar
Upload or create a new key, that is the secret
Go to the Access Control of you resource group or subscription
Click on Add button to add new role assignment
Assign the role of Contributor to the application you just created
Go to Subscription to find out its ID for subscription id
How to create new Service Principal using Azure command line client¶
accountname@Azure:~$ az ad sp create-for-rbac --name ServicePrincipalName
Changing "ServicePrincipalName" to a valid URI of "http://ServicePrincipalName", which is the required format used for service principal names
Creating a role assignment under the scope of "/subscriptions/dcc74c29-4db6-4c49-9a0f-ac0ee03fa17e"
Retrying role assignment creation: 1/36
Retrying role assignment creation: 2/36
Retrying role assignment creation: 3/36
Retrying role assignment creation: 4/36
{
"appId": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
"displayName": "ServicePrincipalName",
"name": "http://ServicePrincipalName",
"password": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"tenant": "xxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxx"
}