Azure

The Azure provider manages multiple types of resources.

Note

The dependencies is perfectly working for the latest version of Ansible, if you are not using the latest version, may not work.

azure_vm

Azure VM Instances can be provisioned using this resource.

Topology Schema

Within Linchpin, the azure_vm resource_definition has more options than what are shown in the examples above. For each azure_vm definition, the following options are available.

Parameter

required

type

ansible value

comments

role

true

string

N/A

vm_name

true

string

name

It can’t include ‘_’ and other special char

private_image

false

string

image

This takes private images

virtual_network_name

false

string

virtual_network_name

vm_username

false

string

image

vm_password

false

string

image

count

false

int

resource_group

true

string

resource_group

vm_size

false

string

vm_size

public_image

false

dict

image

This para takes public images

vm_username

false

string

admin_username

vm_password

false

string

admin_password

public_key

false

string

Copy you key here

delete_all_attached

false

string

remove_on_absent

availability_set

false

string

availability_set

azure_nsg

Azure Network Security Group can be provisioned using this resource.

Topology Schema

Within Linchpin, the azure_vm resource_definition has more options than what are shown in the examples above. For each azure_vm definition, the following options are available.

Parameter

required

type

ansible value

comments

role

true

string

N/A

name

true

string

name

purge_rules

false

string

purge_rules

rules

false

list(dict) | rules

  • If you declare both public and private image, only the private will be taken

azure_api

Any Azure resources can be provisioned using this role, it supported by the Azure Api

Topology Schema

Within Linchpin, the azure_api resource_definition has more options than what is shown in the examples above. For each azure_api definition, the following options are available.

Parameter

required

type

ansible value

comments

role

true

string

N/A

resource_group

true

String

resource_group

resource_type

true

String

resource_type

resource_name

true

string

resource_name

api_version

true

string

api_version

body_path

true

string

Path to request body

url

true

string

url

azure_loadbalancer

With this role you can provision and configure the Azure Load Balancer

Topology Schema

Within Linchpin, the azure_loadbalancer resource_definition has more options than what is shown in the examples above. For each azure_loadbalancer definition, the following options are available.

Parameter

required

type

ansible value

comments

role

true

string

N/A

resource_group

false

string

resource_group

name

true

string

name

frontend_ip_configuration

false

string

frontend_ip_configuration

backend_address_pools

false

string

backend_address_pools

probes

false

string

probes

inbound_nat_pools

false

string

inbound_nat_pools

inbound_nat_rules

false

string

inbound_nat_rules

load_balacing_rules

false

string

load_balacing_rules

azure_publicipaddress

With this role, you can provision and manage Azure public ip address

Topology Schema

Within Linchpin, the azure_publicipaddress resource_definition has more options than what is shown in the examples above. For each azure_publicipaddress definition, the following options are available.

Parameter

required

type

ansible value

comments

role

true

string

N/A

resource_group

false

string

resource_group

allocation_method

true

string

allocation_method

domain_name

false

string

domain_name

sku

false

string

sku

azure_availabilityset

Any Azure resources can be provisioned using this role, it supported by the Azure Api

Topology Schema

Within Linchpin, the azure_availabilityset resource_definition has more options than what is shown in the examples above. For each azure_availabilityset definition, the following options are available.

Parameter

required

type

ansible value

comments

role

true

string

N/A

resource_group

false

string

resource_group

name

true

string

name

location

false

string

name

platform_update_domain_count

false

string

platform_update_domain_count

platform_fault_domain_count

false

string

platform_fault_domain_count

sku

false

string

sku

azure_network_interface

Azure network interface can be provisioned using this role

Topology Schema

Within Linchpin, the azure_rm_networkinterface resource_definition has more options than what is shown in the examples above. For each azure_rm_networkinterface definition, the following options are available.

Parameter

required

type

ansible value

comments

role

true

string

N/A

resource_group

false

string

resource_group

name

true

string

name

virtual_network_name

false

string

virtual_network

subnet_name

false

string

platform_update_domain_count

azure_resource_group

Azure network interface can be provisioned using this role

Topology Schema

Within Linchpin, the azure_rm_networkinterface resource_definition has more options than what is shown in the examples above. For each azure_rm_networkinterface definition, the following options are available.

Parameter

required

type

ansible value

comments

role

true

string

N/A

resource_group

false

string

resource_group

name

true

string

name

location

false

string

location

azure_virtual_network

Azure virtual network can be provisioned using this role

Topology Schema

Within Linchpin, the azure_rm_virtualnetwork resource_definition has more options than what is shown in the examples above. For each azure_rm_virtualnetwork definition, the following options are available.

Parameter

required

type

ansible value

comments

role

true

string

N/A

resource_group

false

string

resource_group

name

true

string

name

address_prefixes

false

string

address_prefixes

azure_virtual_subnet

Azure network interface can be provisioned using this role

Topology Schema

Within Linchpin, the azure_rm_subnet resource_definition has more options than what is shown in the examples above. For each azure_rm_subnet definition, the following options are available.

Parameter

required

type

ansible value

comments

role

true

string

N/A

resource_group

false

string

resource_group

name

true

string

name

virtual_network_name

false

string

virtual_network_name

address_prefix

false

string

address_prefix

Credentials Management

Linchpin supports Ansible authentication options:

  • Active Directory

  • Service Principal

Active Directory

Active Directory authentication works only with organization users (not guests). You can create a new user in the organization but do not invite users. The following keys are required in the credentials file for AD authentication:

user

The user name, you can verify it manually in Azure portal.

password

The password, you can verify it manually in Azure portal and change it.

subscription_id

The subscription id to use, you can check what subscriptions available and what permission you have in Azure portal.

tenant

Is the Active Directory ID, and it is required if the user is member of multiple directories. You can find tenant ID in Azure portal at Azure Active Directory

Example of credentials file with Azure Active directory:

[default]
user: linchpin@redhat.com
password: MySecretPassword
subscription_id: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
tenant: 3rfawca-awd3daw-d3cc33-ASCEA-CAEESA-caceace

Service Principal

The following keys are required in the credentials file for SP authentication:

client_id

The client ID is the application ID.

secret

The application secret token, can be generated in Azure portal

subscription_id

The subscription id to use, you can check what subscriptions available and what permission you have in Azure portal.

tenant

Is the Active Directory ID, and it is required if the user is member of multiple directories. You can find tenant ID in Azure portal at Azure Active Directory

Example of credentials file with Azure Service Principal:

[default]
client_id: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
secret: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
subscription_id: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
tenant: 3rfawca-awd3daw-d3cc33-ASCEA-CAEESA-caceace

How to create new Service Principal in Azure portal

  1. Go to Azure Active Directory in Azure portal

  2. Go to App registration on the left bar

  3. Create a new app

  4. The Application ID is client_id

  5. The Directory ID is tenant

  6. Go to Certificates and secrets on left bar

  7. Upload or create a new key, that is the secret

  8. Go to the Access Control of you resource group or subscription

  9. Click on Add button to add new role assignment

  10. Assign the role of Contributor to the application you just created

  11. Go to Subscription to find out its ID for subscription id

How to create new Service Principal using Azure command line client

accountname@Azure:~$ az ad sp create-for-rbac --name ServicePrincipalName
Changing "ServicePrincipalName" to a valid URI of "http://ServicePrincipalName", which is the required format used for service principal names
Creating a role assignment under the scope of "/subscriptions/dcc74c29-4db6-4c49-9a0f-ac0ee03fa17e"
  Retrying role assignment creation: 1/36
  Retrying role assignment creation: 2/36
  Retrying role assignment creation: 3/36
  Retrying role assignment creation: 4/36
{
  "appId": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
  "displayName": "ServicePrincipalName",
  "name": "http://ServicePrincipalName",
  "password": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
  "tenant": "xxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxx"
}