This source code is use ansible to setup Azure CLI automatically on Ubunt Linux 16.04 LTS
sudo apt-get install python-setuptools python-dev build-essential -y; sudo easy_install pip; pip install ansible[azure] --user
Note: If you face any issue relevant 'module' object has no attribute 'Cryptography_HAS_SSL_ST', run the following commands:
sudo apt-get --auto-remove --yes remove python-openssl; pip install pyOpenSSL
we utilize many module from Ansible Galaxy:
ansible-galaxy install -p roles-galaxy -r requirements.yml --force
Ansible Vault is feature of Ansible, enable you to keep sensitve data (password, token .etc) in encrypted files. In this case, we use Vault to store xxx,xxx of Azure.
export ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass
or include this agrument --vault-password-file ~/.vault_pass Put your password into ~/.vault_pass
▸ group_vars/
▸ inventory/
▸ test/
▸ playbooks/
▸ roles-galaxy/
▸ roles/
▸ ansible.cfg
▸ README.md
▸ requirements.yml
-
group_vars
is a place to store all common/shared vars which are across all environments -
inventory
is designed to isolate the environment vars (dev, test, ...) -
playbooks
is a collection of roles, it's supposed to be simple (just few lines of code) -
roles
androles-galaxy
basically contain scripts to setup a server whileroles-galaxy
is generated byansible-galaxy
Before going with Azure, you must install Azure command line interface by Ansyble galaxy:
ansible-playbook -i inventory/test playbooks/playbooks.yml --tags azure-cli
Then create an Azure service principal with access restrictions. Surfing on this for how to create service principal: https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest
After done, we will have {key:value} pairs of AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET, AZURE_TENANT.
To Setup Azure environment variable, we simplely set them as environment variables by export command. But we should automate this with Ansible.
There are sensitive datas, so we should encryt them by Ansible.
Put your password to encrypt in a text file and place in ~/.vault_pass
Then execute this command to encrypt a specific string: ansible-vault encrypt_string password123 --vault-password-file ~/.vault_pass
with password123 is a string need to be encrypted. Do the similar for AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET, AZURE_TENANT. Refer to ./inventory/test/group_vars/all/main.yml
Using roles/app.update_env to setup them as environment variables.
ansible-playbook -i inventory/test playbooks/playbooks.yml --tags configure_azure_environments --vault-password-file ~/.vault_pass
Note:when using encrypt data, you must declare password file.
Done.
To install java:
ansible-playbook -i inventory/test playbooks/playbooks.yml -e ansible_os_family=Debian --tags java_debian
with ansible_os_family=RedHat,FreeBSD, Debian -e option will be provided one environment variable.
To install pip, run the following command:
ansible-playbook -i inventory/test playbooks/playbooks.yml --tags pip
To install list of packages:
ansible-playbook -i inventory/test -e ansible_os_family=ubuntu --tags install_packages playbooks/playbooks.yml
Using Ansible to provision resources on Azure (create AKS, deploy yml file on AKS) and manage our deployment scripts.
ansible-playbook -i inventory/test -e ansible_os_family=ubuntu --tags azure_nginx playbooks/playbooks.yml