title | description | keywords | ms.topic | ms.date | ms.custom |
---|---|---|---|---|---|
Tutorial - Configure Azure virtual network peering using Ansible |
Learn how to use Ansible to connect virtual networks with virtual network peering. |
ansible, azure, devops, bash, playbook, networking, peering |
tutorial |
04/30/2019 |
devx-track-ansible |
[!INCLUDE ansible-28-note.md]
Virtual network (VNet) peering allows you to seamlessly connect two Azure virtual networks. Once peered, the two virtual networks appear as one for connectivity purposes.
Traffic is routed between VMs in the same virtual network through private IP addresses. Similarly, traffic between VMs in a peered virtual network is routed through the Microsoft backbone infrastructure. As a result, VMs in different virtual networks can communicate with each other.
In this article, you learn how to:
[!div class="checklist"]
- Create two virtual networks
- Peer the two virtual networks
- Delete the peering between the two networks
[!INCLUDE open-source-devops-prereqs-azure-subscription.md] [!INCLUDE ansible-prereqs-cloudshell-use-or-vm-creation2.md]
A resource group is a logical container in which Azure resources are deployed and managed.
The sample playbook code in this section is used to:
- Create two resource groups
- name: Create a resource group
azure_rm_resourcegroup:
name: "{{ resource_group }}"
location: "{{ location }}"
- name: Create secondary resource group
azure_rm_resourcegroup:
name: "{{ resource_group_secondary }}"
location: "{{ location }}"
The sample playbook code in this section is used to:
- Create a virtual network
- Create a subnet within the virtual network
- name: Create first virtual network
azure_rm_virtualnetwork:
resource_group: "{{ resource_group }}"
name: "{{ vnet_name1 }}"
address_prefixes: "10.0.0.0/16"
- name: Add subnet
azure_rm_subnet:
resource_group: "{{ resource_group }}"
name: "{{ vnet_name1 }}"
address_prefix: "10.0.0.0/24"
virtual_network: "{{ vnet_name1 }}"
The sample playbook code in this section is used to:
- Create a virtual network
- Create a subnet within the virtual network
- name: Create second virtual network
azure_rm_virtualnetwork:
resource_group: "{{ resource_group_secondary }}"
name: "{{ vnet_name2 }}"
address_prefixes: "10.1.0.0/16"
- name: Add subnet
azure_rm_subnet:
resource_group: "{{ resource_group }}"
name: "{{ vnet_name2 }}"
address_prefix: "10.1.0.0/24"
virtual_network: "{{ vnet_name2 }}"
The sample playbook code in this section is used to:
- Initialize virtual-network peering
- Peer two previously created virtual networks
- name: Initial vnet peering
azure_rm_virtualnetworkpeering:
resource_group: "{{ resource_group }}"
name: "{{ peering_name }}"
virtual_network: "{{ vnet_name1 }}"
remote_virtual_network:
resource_group: "{{ resource_group_secondary }}"
name: "{{ vnet_name2 }}"
allow_virtual_network_access: true
allow_forwarded_traffic: true
- name: Connect vnet peering
azure_rm_virtualnetworkpeering:
resource_group: "{{ resource_group_secondary }}"
name: "{{ peering_name }}"
virtual_network: "{{ vnet_name2 }}"
remote_virtual_network:
resource_group: "{{ resource_group }}"
name: "{{ vnet_name1 }}"
allow_virtual_network_access: true
allow_forwarded_traffic: true
The sample playbook code in this section is used to:
- Delete the peering between the two previously created virtual networks
- name: Delete vnet peering
azure_rm_virtualnetworkpeering:
resource_group: "{{ resource_group }}"
name: "{{ peering_name }}"
virtual_network: "{{ vnet_name1 }}"
state: absent
There are two ways to get the complete sample playbook:
- Download the playbook and save it to
vnet_peering.yml
. - Create a new file named
vnet_peering.yml
and copy the following contents into it:
- hosts: localhost
tasks:
- name: Prepare random postfix
set_fact:
rpfx: "{{ 1000 | random }}"
run_once: yes
- name: Connect virtual networks with virtual network peering
hosts: localhost
connection: local
vars:
resource_group: "{{ resource_group_name }}"
resource_group_secondary: "{{ resource_group_name }}2"
vnet_name1: "myVnet{{ rpfx }}"
vnet_name2: "myVnet{{ rpfx }}2"
peering_name: peer1
location: eastus2
tasks:
- name: Create a resource group
azure_rm_resourcegroup:
name: "{{ resource_group }}"
location: "{{ location }}"
- name: Create secondary resource group
azure_rm_resourcegroup:
name: "{{ resource_group_secondary }}"
location: "{{ location }}"
- name: Create first virtual network
azure_rm_virtualnetwork:
resource_group: "{{ resource_group }}"
name: "{{ vnet_name1 }}"
address_prefixes: "10.0.0.0/16"
- name: Add subnet
azure_rm_subnet:
resource_group: "{{ resource_group }}"
name: "{{ vnet_name1 }}"
address_prefix: "10.0.0.0/24"
virtual_network: "{{ vnet_name1 }}"
- name: Create second virtual network
azure_rm_virtualnetwork:
resource_group: "{{ resource_group_secondary }}"
name: "{{ vnet_name2 }}"
address_prefixes: "10.1.0.0/16"
- name: Add subnet
azure_rm_subnet:
resource_group: "{{ resource_group }}"
name: "{{ vnet_name2 }}"
address_prefix: "10.1.0.0/24"
virtual_network: "{{ vnet_name2 }}"
- name: Initial vnet peering
azure_rm_virtualnetworkpeering:
resource_group: "{{ resource_group }}"
name: "{{ peering_name }}"
virtual_network: "{{ vnet_name1 }}"
remote_virtual_network:
resource_group: "{{ resource_group_secondary }}"
name: "{{ vnet_name2 }}"
allow_virtual_network_access: true
allow_forwarded_traffic: true
- name: Connect vnet peering
azure_rm_virtualnetworkpeering:
resource_group: "{{ resource_group_secondary }}"
name: "{{ peering_name }}"
virtual_network: "{{ vnet_name2 }}"
remote_virtual_network:
resource_group: "{{ resource_group }}"
name: "{{ vnet_name1 }}"
allow_virtual_network_access: true
allow_forwarded_traffic: true
- name: Delete vnet peering
azure_rm_virtualnetworkpeering:
resource_group: "{{ resource_group }}"
name: "{{ peering_name }}"
virtual_network: "{{ vnet_name1 }}"
state: absent
The sample playbook code in this section is used to test various features shown throughout this tutorial.
Here are some key notes to consider when working with the sample playbook:
- In the
vars
section, replace the{{ resource_group_name }}
placeholder with the name of your resource group.
Run the playbook using the ansible-playbook command:
ansible-playbook vnet_peering.yml
After running the playbook, you see output similar to the following results:
PLAY [localhost]
TASK [Gathering Facts]
ok: [localhost]
TASK [Prepare random postfix]
ok: [localhost]
PLAY [Connect virtual networks with virtual network peering]
TASK [Gathering Facts]
ok: [localhost]
TASK [Create a resource group]
changed: [localhost]
TASK [Create secondary resource group]
changed: [localhost]
TASK [Create first virtual network]
changed: [localhost]
TASK [Add subnet]
changed: [localhost]
TASK [Create second virtual network]
changed: [localhost]
TASK [Add subnet]
changed: [localhost]
TASK [Initial vnet peering]
changed: [localhost]
TASK [Connect vnet peering]
changed: [localhost]
TASK [Delete vnet peering]
changed: [localhost]
PLAY RECAP
localhost : ok=12 changed=9 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
When no longer needed, delete the resources created in this article.
The sample playbook code in this section is used to:
- Delete the two resources groups created earlier
Save the following playbook as cleanup.yml
:
- hosts: localhost
vars:
resource_group: "{{ resource_group_name-1 }}"
resource_group_secondary: "{{ resource_group_name-2 }}"
tasks:
- name: Delete a resource group
azure_rm_resourcegroup:
name: "{{ resource_group }}"
force_delete_nonempty: yes
state: absent
- name: Delete a resource group
azure_rm_resourcegroup:
name: "{{ resource_group_secondary }}"
force_delete_nonempty: yes
state: absent
Here are some key notes to consider when working with the sample playbook:
- Replace the
{{ resource_group_name-1 }}
placeholder with the name of the first resource group created. - Replace the
{{ resource_group_name-2 }}
placeholder with the name of the second resource group created. - All resources within the two specified resource groups will be deleted.
Run the playbook using the ansible-playbook command:
ansible-playbook cleanup.yml
[!div class="nextstepaction"] Ansible on Azure