What is this ?

This source code is use ansible to setup Azure CLI automatically on Ubunt Linux 16.04 LTS

1. Install ansible

sudo apt-get install python-setuptools python-dev build-essential -y; sudo easy_install pip; pip install ansible[azure] --user

Note: If you face any issue relevant 'module' object has no attribute 'Cryptography_HAS_SSL_ST', run the following commands:

sudo apt-get --auto-remove --yes remove python-openssl; pip install pyOpenSSL

we utilize many module from Ansible Galaxy:

ansible-galaxy install -p roles-galaxy -r requirements.yml --force

2. Setup ansible vault:

Ansible Vault is feature of Ansible, enable you to keep sensitve data (password, token .etc) in encrypted files. In this case, we use Vault to store xxx,xxx of Azure.

export ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass

or include this agrument --vault-password-file ~/.vault_pass Put your password into ~/.vault_pass

3. Now, go ahead

Project structure

▸ group_vars/

▸ inventory/

▸ test/

▸ playbooks/

▸ roles-galaxy/

▸ roles/

▸ ansible.cfg

▸ README.md

▸ requirements.yml

• group_vars is a place to store all common/shared vars which are across all environments

• inventory is designed to isolate the environment vars (dev, test, ...)

• playbooks is a collection of roles, it's supposed to be simple (just few lines of code)

• roles and roles-galaxy basically contain scripts to setup a server while roles-galaxy is generated by ansible-galaxy

Before going with Azure, you must install Azure command line interface by Ansyble galaxy: ansible-playbook -i inventory/test playbooks/playbooks.yml --tags azure-cli

Then create an Azure service principal with access restrictions. Surfing on this for how to create service principal: https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest

After done, we will have {key:value} pairs of AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET, AZURE_TENANT.

To Setup Azure environment variable, we simplely set them as environment variables by export command. But we should automate this with Ansible.

There are sensitive datas, so we should encryt them by Ansible.

Put your password to encrypt in a text file and place in ~/.vault_pass

Then execute this command to encrypt a specific string: ansible-vault encrypt_string password123 --vault-password-file ~/.vault_pass with password123 is a string need to be encrypted. Do the similar for AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET, AZURE_TENANT. Refer to ./inventory/test/group_vars/all/main.yml

Using roles/app.update_env to setup them as environment variables. ansible-playbook -i inventory/test playbooks/playbooks.yml --tags configure_azure_environments --vault-password-file ~/.vault_pass Note:when using encrypt data, you must declare password file.

Done.

Using Ansible galaxy to install basic tools like java, pip, helm, kubectl ... with specific tag

To install java: ansible-playbook -i inventory/test playbooks/playbooks.yml -e ansible_os_family=Debian --tags java_debian

with ansible_os_family=RedHat,FreeBSD, Debian -e option will be provided one environment variable.

To install pip, run the following command: ansible-playbook -i inventory/test playbooks/playbooks.yml --tags pip

To install list of packages: ansible-playbook -i inventory/test -e ansible_os_family=ubuntu --tags install_packages playbooks/playbooks.yml

Using Ansible to provision resources on Azure (create AKS, deploy yml file on AKS) and manage our deployment scripts.

ansible-playbook -i inventory/test -e ansible_os_family=ubuntu --tags azure_nginx playbooks/playbooks.yml