Re: [ansible-project] Re: Ansible and Azure
Hi Lucas, > Yes, they need be in a RG. But in my case the VM will be in one RG and the > vNet already existing in another RG. What I meant is they don't need to be in the same RG, but I see that you find the right approach out. Wawrzek -- Dr Wawrzyniec Niewodniczańskior Wawrzek for short PhD in Quantum Chemistry & MSc in Molecular Engineering WWW: http://wawrzek.name E-MAIL: j...@wawrzek.name Linux User #177124 -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAC7-vpBf0yFi82Nf7HT97FRkQbE%2BEC%2BrpeX2nx97QhDHrMzFaQ%40mail.gmail.com.
[ansible-project] Re: Ansible and Azure
Hi @Wawrzek, Yes, they need be in a RG. But in my case the VM will be in one RG and the vNet already existing in another RG. But I achieve this using this : - name: Create Azure VM hosts: localhost connection: local vars: resource_group_vnet: rgname vnet_name: vnetname subnet_name: subnetname and after the image information, I put this: virtual_network_resource_group: "{{ resource_group_vnet }}" virtual_network_name: "{{ vnet_name }}" subnet_name: "{{ subnet_name }}" After this, the vm was created in your resource and consume the vNet in another RG. Tks. Em terça-feira, 3 de setembro de 2019 11:57:10 UTC-3, Lucas Chies escreveu: > > Hello guys, > I've a doubt ... I've a ansible script that create an windows VM on Azure, > but I already have the vnet created in and hosted in another Resource Group. > I don't know how can I create my script to put this VM in the created vNet. > > I tried to put this: > > virtual_network_name: > resource_group: rg-fgl-network > name: vnet-fgl > location: brazilsouth > > But is not working. > > Someone already tried this? > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/10638ee9-79f5-49e7-8e3c-7d8ef1050864%40googlegroups.com.
Re: [ansible-project] Re: Ansible and Azure
Steve, Gotcha. Ok, here's the deal. I gave up long ago trying to use Ansible with Azure even though I love Ansible and try to automate as much as I can with it. We use terraform now for creating Azure infrastructure, then Ansible for IaaS-based operations and configuration management. It seems like you try to run Ansible for Azure infrastructure and you get an error telling you what module(s) you need to install, then I install them and it either still doesn't work, or still tells me I don't have modules which I know I just installed. So basically I just use my az login, then I have a python script that uses az cli to grab the host names from Azure and puts them into a simple ini-type ansible hosts file in groups like you would expect to see a normal ansible hosts file, eg: [db]dbhost1dbhost2 [app]apphost1apphost2 etc. I've even tried using the Azure Cloud Shell which supposedly has ansible and all the requisite modules installed (since you can't install any yourself anyway) and it still doesn't seem to work. And besides, then you are running all of your Ansible automation in the stupid azure console which is not good for a pipeline or logging or team use or any kind of good devops workflow. On Mon, 2019-08-12 at 01:43 -0700, Steve Townsend wrote: > Thanks for the reply Michael. > > Basically what I am after is to stop using service principles for > Ansible. I've recently learnt that you can use Azure CLi to > authenticate, but our dynamic inventory python script uses service > principles (the azurerm.py script). > > I've also seen that Ansible have released an Azure Resource Manager > inventory plugin. Does that replace the azurerm.py dynamic inventory > script? If so, how do I configure it to apply playbooks to VMs based > on tags? > Thanks! > > On Friday, 9 August 2019 20:53:49 UTC+1, Michael M wrote: > > Hi Steve, > > > > > > > > Not sure if this is what you are asking, but if you just need to > > find > > > > VMs in Azure by tag, you can do so using az cli like: > > > > > > > > $ az resource list --tag KEY=VALUE --query [].name > > > > > > > > I find the API returns resources much faster when using tags. > > > > > > > > On Fri, Aug 9, 2019 at 7:52 AM Steve Townsend > > > > wrote: > > > > > > > > > > Another update from me. I've managed to find out that there is a > > plugin called Azure Resource Manager inventory plugin. > > > > > > > > > > I've created the simple yaml file and now just seeing if I can > > get it to work. If anybody knows how I can use it to grab VMs from > > Azure based on tags, I'd love to hear it. > > > > > > > > > > Steve > > > > > On Friday, 9 August 2019 14:52:36 UTC+1, Steve Townsend wrote: > > > > >> > > > > >> Hi All, > > > > >> > > > > >> Thank you for taking a look at my post. > > > > >> > > > > >> I'm trying to figure out if there is a better way to have > > Ansible authenticate with Azure when running playbooks. Right now, > > I've got a service principle set in my .azure/credentials section > > which works fine, but introduces security concerns. The alternative > > is using Azure AD, but that seems to need your password in clear > > text. > > > > >> > > > > >> The only solution I can think of is to write a bash script which > > will create a short lived RBAC Service Principle and export the > > values to my enviromental variables, run the play-book then get rid > > of it all. > > > > >> > > > > >> Please somebody tell me there is a magicial way which will work > > with my az login? > > > > >> > > > > >> Thanks, > > > > >> Steve > > > > > > > > > > -- > > > > > You received this message because you are subscribed to the > > Google Groups "Ansible Project" group. > > > > > To unsubscribe from this group and stop receiving emails from it, > > send an email to ansible...@googlegroups.com. > > > > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/ansible-project/8de21aa8-a61b-431a-8d24-7afeff7a9e63%40googlegroups.com > > . > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, > send an email to ansible-project+unsubscr...@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/f95ffe33-ae6c-4a64-9a18-230dad6f5550%40googlegroups.com > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/238266e851133d5d9a270b454f7c77482c686142.camel%40gmail.com.
Re: [ansible-project] Re: Ansible and Azure
Thanks for the reply Michael. Basically what I am after is to stop using service principles for Ansible. I've recently learnt that you can use Azure CLi to authenticate, but our dynamic inventory python script uses service principles (the azurerm.py script). I've also seen that Ansible have released an Azure Resource Manager inventory plugin. Does that replace the azurerm.py dynamic inventory script? If so, how do I configure it to apply playbooks to VMs based on tags? Thanks! On Friday, 9 August 2019 20:53:49 UTC+1, Michael M wrote: > > Hi Steve, > > Not sure if this is what you are asking, but if you just need to find > VMs in Azure by tag, you can do so using az cli like: > > $ az resource list --tag KEY=VALUE --query [].name > > I find the API returns resources much faster when using tags. > > On Fri, Aug 9, 2019 at 7:52 AM Steve Townsend > > wrote: > > > > Another update from me. I've managed to find out that there is a plugin > called Azure Resource Manager inventory plugin. > > > > I've created the simple yaml file and now just seeing if I can get it to > work. If anybody knows how I can use it to grab VMs from Azure based on > tags, I'd love to hear it. > > > > Steve > > On Friday, 9 August 2019 14:52:36 UTC+1, Steve Townsend wrote: > >> > >> Hi All, > >> > >> Thank you for taking a look at my post. > >> > >> I'm trying to figure out if there is a better way to have Ansible > authenticate with Azure when running playbooks. Right now, I've got a > service principle set in my .azure/credentials section which works fine, > but introduces security concerns. The alternative is using Azure AD, but > that seems to need your password in clear text. > >> > >> The only solution I can think of is to write a bash script which will > create a short lived RBAC Service Principle and export the values to my > enviromental variables, run the play-book then get rid of it all. > >> > >> Please somebody tell me there is a magicial way which will work with my > az login? > >> > >> Thanks, > >> Steve > > > > -- > > You received this message because you are subscribed to the Google > Groups "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ansible...@googlegroups.com . > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/8de21aa8-a61b-431a-8d24-7afeff7a9e63%40googlegroups.com. > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f95ffe33-ae6c-4a64-9a18-230dad6f5550%40googlegroups.com.
Re: [ansible-project] Re: Ansible and Azure
Hi Steve, Not sure if this is what you are asking, but if you just need to find VMs in Azure by tag, you can do so using az cli like: $ az resource list --tag KEY=VALUE --query [].name I find the API returns resources much faster when using tags. On Fri, Aug 9, 2019 at 7:52 AM Steve Townsend wrote: > > Another update from me. I've managed to find out that there is a plugin > called Azure Resource Manager inventory plugin. > > I've created the simple yaml file and now just seeing if I can get it to > work. If anybody knows how I can use it to grab VMs from Azure based on tags, > I'd love to hear it. > > Steve > On Friday, 9 August 2019 14:52:36 UTC+1, Steve Townsend wrote: >> >> Hi All, >> >> Thank you for taking a look at my post. >> >> I'm trying to figure out if there is a better way to have Ansible >> authenticate with Azure when running playbooks. Right now, I've got a >> service principle set in my .azure/credentials section which works fine, but >> introduces security concerns. The alternative is using Azure AD, but that >> seems to need your password in clear text. >> >> The only solution I can think of is to write a bash script which will create >> a short lived RBAC Service Principle and export the values to my >> enviromental variables, run the play-book then get rid of it all. >> >> Please somebody tell me there is a magicial way which will work with my az >> login? >> >> Thanks, >> Steve > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/8de21aa8-a61b-431a-8d24-7afeff7a9e63%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAH4rTPtKM1MMm9e-bBXp_V6gSDtTcXbZrKQ_BqkFKDNtRaZ6FQ%40mail.gmail.com.
[ansible-project] Re: Ansible and Azure
Another update from me. I've managed to find out that there is a plugin called Azure Resource Manager inventory plugin. I've created the simple yaml file and now just seeing if I can get it to work. If anybody knows how I can use it to grab VMs from Azure based on tags, I'd love to hear it. Steve On Friday, 9 August 2019 14:52:36 UTC+1, Steve Townsend wrote: > > Hi All, > > Thank you for taking a look at my post. > > I'm trying to figure out if there is a better way to have Ansible > authenticate with Azure when running playbooks. Right now, I've got a > service principle set in my .azure/credentials section which works fine, > but introduces security concerns. The alternative is using Azure AD, but > that seems to need your password in clear text. > > The only solution I can think of is to write a bash script which will > create a short lived RBAC Service Principle and export the values to my > enviromental variables, run the play-book then get rid of it all. > > Please somebody tell me there is a magicial way which will work with my az > login? > > Thanks, > Steve > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8de21aa8-a61b-431a-8d24-7afeff7a9e63%40googlegroups.com.
[ansible-project] Re: Ansible and Azure
Hi All, As an update, I've figured out that Ansible does indeed work with just az login, the thing that doesn't is the azure_rm.py script we use for dynamic inventory. Does anybody have a solution for this? Steve On Friday, 9 August 2019 14:52:36 UTC+1, Steve Townsend wrote: > > Hi All, > > Thank you for taking a look at my post. > > I'm trying to figure out if there is a better way to have Ansible > authenticate with Azure when running playbooks. Right now, I've got a > service principle set in my .azure/credentials section which works fine, > but introduces security concerns. The alternative is using Azure AD, but > that seems to need your password in clear text. > > The only solution I can think of is to write a bash script which will > create a short lived RBAC Service Principle and export the values to my > enviromental variables, run the play-book then get rid of it all. > > Please somebody tell me there is a magicial way which will work with my az > login? > > Thanks, > Steve > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c6562bf0-d1e3-43c4-9494-633859a5ad42%40googlegroups.com.