Skip to content

Latest commit

 

History

History
462 lines (363 loc) · 26.6 KB

azure.rst

File metadata and controls

462 lines (363 loc) · 26.6 KB
Raw

Azure

The Azure provider manages multiple types of resources.

Note

The dependencies is perfectly working for the latest version of Ansible, if you are not using the latest version, may not work.

azure_vm

Azure VM Instances can be provisioned using this resource.

Topology Schema

Within Linchpin, the azure_vm resource_definition has more options than what are shown in the examples above. For each azure_vm definition, the following options are available.

Parameter required type ansible value comments
role true string N/A
vm_name true string name It can't include '_' and other special char
private_image false string image This takes private images
virtual_network_name false string virtual_network_name
vm_username false string image
vm_password false string image
count false int
resource_group true string resource_group
vm_size false string vm_size
public_image false dict image This para takes public images
vm_username false string admin_username
vm_password false string admin_password
public_key false string Copy you key here
delete_all_attached false string remove_on_absent
availability_set false string availability_set

azure_nsg -------

Azure Network Security Group can be provisioned using this resource.

Topology Schema

Within Linchpin, the azure_vm resource_definition has more options than what are shown in the examples above. For each azure_vm definition, the following options are available.

Parameter required type ansible value comments
role true string N/A
name true string name
purge_rules false string purge_rules
rules false list(dict) | rules
  • If you declare both public and private image, only the private will be taken

azure_api

Any Azure resources can be provisioned using this role, it supported by the Azure Api

Topology Schema

Within Linchpin, the azure_api resource_definition has more options than what is shown in the examples above. For each azure_api definition, the following options are available.

Parameter required type ansible value comments

role

 true string N/A

resource_group

 true String resource_group

resource_type

 true String resource_type

resource_name

 true string resource_name

api_version

 true string api_version

body_path

 true string Path to request body

url

 true string url

azure_loadbalancer -------

With this role you can provision and configure the Azure Load Balancer

Topology Schema

Within Linchpin, the azure_loadbalancer resource_definition has more options than what is shown in the examples above. For each azure_loadbalancer definition, the following options are available.

Parameter required type ansible value comments

role

 true string N/A

resource_group

 false string resource_group

name

 true string

name

frontend_ip_configuration

 false string

frontend_ip_configuration

backend_address_pools

 false string

backend_address_pools

probes

 false string

probes

inbound_nat_pools

 false string inbound_nat_pools

inbound_nat_rules

 false string inbound_nat_rules

load_balacing_rules

 false string load_balacing_rules

azure_publicipaddress -------

With this role, you can provision and manage Azure public ip address

Topology Schema

Within Linchpin, the azure_publicipaddress resource_definition has more options than what is shown in the examples above. For each azure_publicipaddress definition, the following options are available.

Parameter required type ansible value comments

role

 true string N/A

resource_group

 false string resource_group

allocation_method

 true string allocation_method

domain_name

 false string domain_name

sku

 false string sku

azure_availabilityset -------

Any Azure resources can be provisioned using this role, it supported by the Azure Api

Topology Schema

Within Linchpin, the azure_availabilityset resource_definition has more options than what is shown in the examples above. For each azure_availabilityset definition, the following options are available.

Parameter required type ansible value comments

role

 true string N/A

resource_group

 false string resource_group

name

 true string

name

location

 false string

name
platform_update_domain_count false string platform_update_domain_count
platform_fault_domain_count false string platform_fault_domain_count

sku

 false string sku

azure_network_interface -------

Azure network interface can be provisioned using this role

Topology Schema

Within Linchpin, the azure_rm_networkinterface resource_definition has more options than what is shown in the examples above. For each azure_rm_networkinterface definition, the following options are available.

Parameter required type ansible value comments

role

 true string N/A

resource_group

 false string resource_group

name

 true string

name

virtual_network_name

 false string

virtual_network
subnet_name false string platform_update_domain_count

azure_resource_group -------

Azure network interface can be provisioned using this role

Topology Schema

Within Linchpin, the azure_rm_networkinterface resource_definition has more options than what is shown in the examples above. For each azure_rm_networkinterface definition, the following options are available.

Parameter required type ansible value comments

role

 true string N/A

resource_group

 false string resource_group

name

 true string

name

location

 false string

location

azure_virtual_network -------

Azure virtual network can be provisioned using this role

Topology Schema

Within Linchpin, the azure_rm_virtualnetwork resource_definition has more options than what is shown in the examples above. For each azure_rm_virtualnetwork definition, the following options are available.

Parameter required type ansible value comments

role

 true string N/A

resource_group

 false string resource_group

name

 true string

name

address_prefixes

 false string

address_prefixes

azure_virtual_subnet -------

Azure network interface can be provisioned using this role

Topology Schema

Within Linchpin, the azure_rm_subnet resource_definition has more options than what is shown in the examples above. For each azure_rm_subnet definition, the following options are available.

Parameter required type ansible value comments

role

 true string N/A

resource_group

 false string resource_group

name

 true string

name

virtual_network_name

 false string

virtual_network_name

address_prefix

 false string

address_prefix

Credentials Management

Linchpin supports Ansible authentication options:

  • Active Directory
  • Service Principal

Active Directory

Active Directory authentication works only with organization users (not guests). You can create a new user in the organization but do not invite users. The following keys are required in the credentials file for AD authentication:

user

The user name, you can verify it manually in Azure portal.

password

The password, you can verify it manually in Azure portal and change it.

subscription_id

The subscription id to use, you can check what subscriptions available and what permission you have in Azure portal.

tenant

Is the Active Directory ID, and it is required if the user is member of multiple directories. You can find tenant ID in Azure portal at Azure Active Directory

Example of credentials file with Azure Active directory:

[default]
user: linchpin@redhat.com
password: MySecretPassword
subscription_id: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
tenant: 3rfawca-awd3daw-d3cc33-ASCEA-CAEESA-caceace

Service Principal

The following keys are required in the credentials file for SP authentication:

client_id

The client ID is the application ID.

secret

The application secret token, can be generated in Azure portal

subscription_id

The subscription id to use, you can check what subscriptions available and what permission you have in Azure portal.

tenant

Is the Active Directory ID, and it is required if the user is member of multiple directories. You can find tenant ID in Azure portal at Azure Active Directory

Example of credentials file with Azure Service Principal:

[default]
client_id: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
secret: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
subscription_id: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
tenant: 3rfawca-awd3daw-d3cc33-ASCEA-CAEESA-caceace

How to create new Service Principal in Azure portal

  1. Go to Azure Active Directory in Azure portal
  2. Go to App registration on the left bar
  3. Create a new app
  4. The Application ID is client_id
  5. The Directory ID is tenant
  6. Go to Certificates and secrets on left bar
  7. Upload or create a new key, that is the secret
  8. Go to the Access Control of you resource group or subscription
  9. Click on Add button to add new role assignment
  10. Assign the role of Contributor to the application you just created
  11. Go to Subscription to find out its ID for subscription id

How to create new Service Principal using Azure command line client

accountname@Azure:~$ az ad sp create-for-rbac --name ServicePrincipalName
Changing "ServicePrincipalName" to a valid URI of "http://ServicePrincipalName", which is the required format used for service principal names
Creating a role assignment under the scope of "/subscriptions/dcc74c29-4db6-4c49-9a0f-ac0ee03fa17e"
  Retrying role assignment creation: 1/36
  Retrying role assignment creation: 2/36
  Retrying role assignment creation: 3/36
  Retrying role assignment creation: 4/36
{
  "appId": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
  "displayName": "ServicePrincipalName",
  "name": "http://ServicePrincipalName",
  "password": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
  "tenant": "xxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxx"
}