The Azure provider manages multiple types of resources.
Note
The dependencies is perfectly working for the latest version of Ansible, if you are not using the latest version, may not work.
Azure VM Instances can be provisioned using this resource.
Within Linchpin, the azure_vm
resource_definition
has more options than what are shown in the examples above. For each azure_vm
definition, the following options are available.
Parameter | required | type | ansible value | comments |
---|---|---|---|---|
role | true | string | N/A | |
vm_name | true | string | name | It can't include '_' and other special char |
private_image | false | string | image | This takes private images |
virtual_network_name | false | string | virtual_network_name | |
vm_username | false | string | image | |
vm_password | false | string | image | |
count | false | int | ||
resource_group | true | string | resource_group | |
vm_size | false | string | vm_size | |
public_image | false | dict | image | This para takes public images |
vm_username | false | string | admin_username | |
vm_password | false | string | admin_password | |
public_key | false | string | Copy you key here | |
delete_all_attached | false | string | remove_on_absent | |
availability_set | false | string | availability_set |
azure_nsg -------
Azure Network Security Group can be provisioned using this resource.
- Example <workspaces/azure/Pinfile>`
- azure_nsg module <https://docs.ansible.com/ansible/latest/modules/azure_rm_securitygroup_module.html?highlight=azure%20security#examples>`_
Within Linchpin, the azure_vm
resource_definition
has more options than what are shown in the examples above. For each azure_vm
definition, the following options are available.
Parameter | required | type | ansible value | comments |
---|---|---|---|---|
role | true | string | N/A | |
name | true | string | name | |
purge_rules | false | string | purge_rules | |
rules | false | list(dict) | | rules |
- If you declare both public and private image, only the private will be taken
Any Azure resources can be provisioned using this role, it supported by the Azure Api
Within Linchpin, the azure_api
resource_definition
has more options than what is shown in the examples above. For each azure_api
definition, the following options are available.
Parameter | required | type | ansible value | comments |
---|---|---|---|---|
|
true | string | N/A | |
|
true | String | resource_group | |
|
true | String | resource_type | |
|
true | string | resource_name | |
|
true | string | api_version | |
|
true | string | Path to request body | |
|
true | string | url |
azure_loadbalancer -------
With this role you can provision and configure the Azure Load Balancer
- Example <workspaces/azure/Pinfile>`
- azure_loadbalancer module <https://docs.ansible.com/ansible/latest/modules/azure_rm_loadbalancer_module.html?highlight=azure%20load%20balance>`_
Within Linchpin, the azure_loadbalancer
resource_definition
has more options than what is shown in the examples above. For each azure_loadbalancer
definition, the following options are available.
Parameter | required | type | ansible value | comments |
---|---|---|---|---|
|
true | string | N/A | |
|
false | string | resource_group | |
|
true | string |
|
|
|
false | string |
|
|
|
false | string |
|
|
|
false | string |
|
|
|
false | string | inbound_nat_pools | |
|
false | string | inbound_nat_rules | |
|
false | string | load_balacing_rules |
azure_publicipaddress -------
With this role, you can provision and manage Azure public ip address
- Example <workspaces/azure/Pinfile>`
- azure_publicipaddress module <https://docs.ansible.com/ansible/latest/modules/azure_rm_publicipaddress_module.html?highlight=azure%20public%20address>`_
Within Linchpin, the azure_publicipaddress
resource_definition
has more options than what is shown in the examples above. For each azure_publicipaddress
definition, the following options are available.
Parameter | required | type | ansible value | comments |
---|---|---|---|---|
|
true | string | N/A | |
|
false | string | resource_group | |
|
true | string | allocation_method | |
|
false | string | domain_name | |
|
false | string | sku |
azure_availabilityset -------
Any Azure resources can be provisioned using this role, it supported by the Azure Api
- Example <workspaces/azure/Pinfile>`
- azure_availabilityset module <https://docs.ansible.com/ansible/latest/modules/azure_rm_availabilityset_module.html?highlight=azure%20avail>`_
Within Linchpin, the azure_availabilityset
resource_definition
has more options than what is shown in the examples above. For each azure_availabilityset
definition, the following options are available.
Parameter | required | type | ansible value | comments |
---|---|---|---|---|
|
true | string | N/A | |
|
false | string | resource_group | |
|
true | string |
|
|
|
false | string |
|
|
platform_update_domain_count | false | string | platform_update_domain_count | |
platform_fault_domain_count | false | string | platform_fault_domain_count | |
|
false | string | sku |
azure_network_interface -------
Azure network interface can be provisioned using this role
- Example <workspaces/azure/Pinfile>`
- azure_rm_networkinterface module <https://docs.ansible.com/ansible/latest/modules/azure_rm_networkinterface_module.html?highlight=azure%20network%20interface>`_
Within Linchpin, the azure_rm_networkinterface
resource_definition
has more options than what is shown in the examples above. For each azure_rm_networkinterface
definition, the following options are available.
Parameter | required | type | ansible value | comments |
---|---|---|---|---|
|
true | string | N/A | |
|
false | string | resource_group | |
|
true | string |
|
|
|
false | string |
|
|
subnet_name | false | string | platform_update_domain_count |
azure_resource_group -------
Azure network interface can be provisioned using this role
- Example <workspaces/azure/Pinfile>`
- azure_rm_resourcegroup module <https://docs.ansible.com/ansible/latest/modules/azure_rm_resourcegroup_module.html?highlight=azure%20resource%20group>`_
Within Linchpin, the azure_rm_networkinterface
resource_definition
has more options than what is shown in the examples above. For each azure_rm_networkinterface
definition, the following options are available.
Parameter | required | type | ansible value | comments |
---|---|---|---|---|
|
true | string | N/A | |
|
false | string | resource_group | |
|
true | string |
|
|
|
false | string |
|
azure_virtual_network -------
Azure virtual network can be provisioned using this role
- Example <workspaces/azure/Pinfile>`
- azure_rm_virtualnetwork module <https://docs.ansible.com/ansible/latest/modules/azure_rm_virtualnetwork_module.html?highlight=azure%20virtual%20network>`_
Within Linchpin, the azure_rm_virtualnetwork
resource_definition
has more options than what is shown in the examples above. For each azure_rm_virtualnetwork
definition, the following options are available.
Parameter | required | type | ansible value | comments |
---|---|---|---|---|
|
true | string | N/A | |
|
false | string | resource_group | |
|
true | string |
|
|
|
false | string |
|
azure_virtual_subnet -------
Azure network interface can be provisioned using this role
- Example <workspaces/azure/Pinfile>`
- azure_rm_subnet module <https://docs.ansible.com/ansible/latest/modules/azure_rm_subnet_module.html?highlight=azure%20subnet>`_
Within Linchpin, the azure_rm_subnet
resource_definition
has more options than what is shown in the examples above. For each azure_rm_subnet
definition, the following options are available.
Parameter | required | type | ansible value | comments |
---|---|---|---|---|
|
true | string | N/A | |
|
false | string | resource_group | |
|
true | string |
|
|
|
false | string |
|
|
|
false | string |
|
Linchpin supports Ansible authentication options:
- Active Directory
- Service Principal
Active Directory authentication works only with organization users (not guests). You can create a new user in the organization but do not invite users. The following keys are required in the credentials file for AD authentication:
- user
The user name, you can verify it manually in Azure portal.
- password
The password, you can verify it manually in Azure portal and change it.
- subscription_id
The subscription id to use, you can check what subscriptions available and what permission you have in Azure portal.
- tenant
Is the Active Directory ID, and it is required if the user is member of multiple directories. You can find tenant ID in Azure portal at Azure Active Directory
Example of credentials file with Azure Active directory:
[default]
user: linchpin@redhat.com
password: MySecretPassword
subscription_id: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
tenant: 3rfawca-awd3daw-d3cc33-ASCEA-CAEESA-caceace
The following keys are required in the credentials file for SP authentication:
- client_id
The client ID is the application ID.
- secret
The application secret token, can be generated in Azure portal
- subscription_id
The subscription id to use, you can check what subscriptions available and what permission you have in Azure portal.
- tenant
Is the Active Directory ID, and it is required if the user is member of multiple directories. You can find tenant ID in Azure portal at Azure Active Directory
Example of credentials file with Azure Service Principal:
[default]
client_id: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
secret: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
subscription_id: 2q3d2d-ad3adw-adwa3d-dwade-awedawee
tenant: 3rfawca-awd3daw-d3cc33-ASCEA-CAEESA-caceace
- Go to Azure Active Directory in Azure portal
- Go to App registration on the left bar
- Create a new app
- The Application ID is
client_id
- The Directory ID is
tenant
- Go to Certificates and secrets on left bar
- Upload or create a new key, that is the
secret
- Go to the Access Control of you resource group or subscription
- Click on Add button to add new role assignment
- Assign the role of Contributor to the application you just created
- Go to Subscription to find out its ID for
subscription id
accountname@Azure:~$ az ad sp create-for-rbac --name ServicePrincipalName
Changing "ServicePrincipalName" to a valid URI of "http://ServicePrincipalName", which is the required format used for service principal names
Creating a role assignment under the scope of "/subscriptions/dcc74c29-4db6-4c49-9a0f-ac0ee03fa17e"
Retrying role assignment creation: 1/36
Retrying role assignment creation: 2/36
Retrying role assignment creation: 3/36
Retrying role assignment creation: 4/36
{
"appId": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
"displayName": "ServicePrincipalName",
"name": "http://ServicePrincipalName",
"password": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"tenant": "xxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxx"
}