Tuesday, April 23, 2024

Automate Azure App Service setup using Ansible and Azure DevOps pipeline | How to integrate Ansible with Azure DevOps | How to Create WebApp in Azure Cloud using Ansible

Ansible is an open-source, configuration management tool that automates cloud provisioning, configuration management, and application deployments. 
Ansible Playbooks
Ansible playbooks allow you to direct Ansible to configure your environment. Playbooks are coded using YAML so as to be human-readable. 
Watch steps in YouTube channel:

Automate Azure Web App setup using Ansible and Azure pipeline




Integrate Ansible with Azure Cloud
Integrating Ansible with Microsoft Azure allows you to automate and manage your Azure infrastructure using Ansible playbooks and modules. Ansible provides a collection of Azure-specific modules that enable you to provision and configure resources in Azure.


To configure Azure credentials, you need the following information:

  • Your Azure subscription ID and tenant ID
  • The service principal application ID and secret

Pre-requisites:

Login to Azure

az login

Enter Microsoft credentials

Create Azure Service Principal

Run the following commands to create an Azure Service Principal:

az ad sp create-for-rbac --name ansible-azure-sp --role Contributor --scopes /subscriptions/<subscription_id>
Save the above output in a file as you will not be able retrieve later.
Create an Ansible playbook - create-linux-app-svc.yml

Create a simple playbook to create resource group in Azure and also a Azure App Service. Make sure you modify the name of the resource group, Azure WebApp and location below.


- hosts: localhost
connection: local
vars:
resource_group: myResourceGroup
webapp_name: myfirstAwesomeWebApp
plan_name: myAppServicePlan
location: eastus
tasks:
- name: Ensure resource group exists
azure_rm_resourcegroup:
name: myResourceGroup
location: East US
register: rg_result
- debug:
var: rg_result
- name: Create App Service on Linux with Java Runtime
azure_rm_webapp:
resource_group: "{{ resource_group }}"
name: "{{ webapp_name }}"
plan:
resource_group: "{{ resource_group }}"
name: "{{ plan_name }}"
is_linux: true
sku: S1
number_of_workers: 1
frameworks:
- name: "java"
version: "8"
settings:
java_container: tomcat
java_container_version: 9.0

Create Azure YAML build pipeline:

Login to Azure Devops --> https://dev.azure.com

Select project dashboard.

Go to Pipelines -> New pipeline --> Click on Azure Repos Git or any SCM where you have playbooks stored. Select repo, click on Starter pipeline.

Add below four pipeline variables with value received from service principal creation.

AZURE_SUBSCRIPTION_ID
AZURE_CLIENT_ID
AZURE_SECRET
AZURE_TENANT
Add below tasks:
  • Install Ansible on build agent
  • Install Ansible rm module on build agent
  • Execute Ansible playbook for creating resource group in Azure cloud.
trigger:
- main
pr: none # Disable PR triggers, can be adjusted as needed
pool:
vmImage: 'ubuntu-latest'
steps:
- script: |
# Install Ansible
pip3 install "ansible==2.9.17"
displayName: 'Install Ansible'
- script: |
# Install Ansible rm module
pip3 install ansible[azure]
displayName: 'Install Ansible rm module'
- script: |
# Run Ansible playbook to create Azure App Service
ansible-playbook create-linux-app-svc.yml
displayName: 'Run Ansible Playbook'
env:
AZURE_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
AZURE_SECRET: $(AZURE_SECRET)
AZURE_TENANT: $(AZURE_TENANT)

Save the pipeline and run it.


Now Login to Azure cloud to see if the App Service have been created.

Clean up service principal & Resource Group

az ad sp list --display-name ansible-azure-sp --output table

az ad sp delete --id <pass_the_id>

az group delete --name myResourceGroup --yes --no-wait

Delete Resource group and App Service using Ansible playbook: delete-linux-app-svc.yml
- name: Delete Azure App Service
  hosts: localhost
  connection: local
  vars:
    resource_group: myResourceGroup
    webapp_namemyfirstAwesomeWebApp
  tasks:
  - name:
    azure_rm_webapp:
      name: "{{ webapp_name }}"
      resource_group: "{{ resource_group }}"
      state: absent

1 comment:

How to Configure GitHub Advanced Security for Azure DevOps | How to Perform Security scan for Azure Repos using GitHub Advanced Security

GitHub Advanced Security for Azure DevOps brings the  secret scanning, dependency scanning  and  CodeQL code scanning  solutions already ava...