↑ Credits
↑ Providers
- Introduction
- File Structure
- What is Terraform
- Terraform Deployment
- Deploy Terraform infrastructure commands
- Connecting to Terraform Cloud Remote Backend
- Connecting Terraform to there remote servers at app.terraform.io
- Create a Azure local blob storage account Container for tfstate backend file
- Create a Service Principal with a Client Secret
- Configuring the Service Principal in Terraform
- Create SSH Service Connection in Azure DevOps
- Run the Shell Script
- Ansible Installation on Ubuntu Linux [Without Bash Script]
- Configure Ansible to run as a specific user
- Review Ansible Playbooks for Azure
- Ansible Tower Installation on Ubuntu Linux
- Deployment Notes
- Support
- Bugs & Errors
↑ Introduction
Terraform automation to create a virtual machine with Ubuntu 16.04 and using custom bash scripts to automate the setup for ansible to control and push configurations to remote hosts on Microsoft Azure.
The following Ansible-specific terms that are used throughout this guide include the following:
- Inventory File: a file that contains information about the servers Ansible controls, typically located at /etc/ansible/hosts.
- Playbook: a file containing a series of tasks to be executed on a remote server.
- Remote Host/Node: a server controlled by the Ansible server.
- Ansible Server: a system where Ansible is installed and configured to connect and execute commands on remote hosts/nodes.
-
Please ensure when you deploy your infrastructure to Azure to view your Visual Studio Code Terminal where the password string will display it will look something like this and the count value will be assigned to the count.index to the virtual machines:
random_string.password[1]: Creation complete after 0s [id=r@Tt4AR?!Yv@2?PI] random_string.password[0]: Creation complete after 0s [id=*?wq?*2l2GI4x5Bj]
-
The random_string count [1] will be assigned to the virtual machine count with [1] etc.
-
Prerequisites :
↑ File Structure
- main.tf [infrastructure as code]
- provider.tf [service principle exports]
- variables.tf [infrastructure deployment variables]
- autosetup.sh [automates commands needed to install ansible and generate ssh key]
- README.md [File to help guide people through the installation process and explains the current repository]
- credentials [A file that has the values for your Azure Service Principle for Authentication]
↑ What is Terraform
- What is Terraform? https://www.terraform.io/
- What is Azure? https://azure.microsoft.com/en-us/
- What is Ansible? https://www.ansible.com/
- What is Bash Script? https://ryanstutorials.net/bash-scripting-tutorial/bash-script.php
↑ Terraform Deployment Template Setup for Ansible
- This template has been created for the purpose of deploying a Linux VM to Azure, using Terraform Infrastructure as Code to automatically provision an environment to deploy Ansible or Ansible Tower to a Enterprise environment rapidly and in an automated matter.
↑ Deploy Terraform infrastructure commands
-
Note: You can find the latest Terraform code templates at : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
-
Templates: You can view Terraform code examples at : https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/examples
-
To deploy Terraform you must change some current values in the files but the main commands to Initialize, Plan, Build & Deploy it to Azure are the following :
terraform init terraform fmt terraform plan terraform apply terraform destroy
↑ Connecting to Terraform Cloud Remote Backend
-
Register an account at : https://app.terraform.io/ [Recommend enabling MFA] > Create Organization > [+ New workspace]
-
Ensure, Azure CLI, Powershell & Terraform are installed in Visual Studio Code open Terminal type :
terraform login
-
Follow terminal prompts and creare a API token to authenticate with copy and paste code to your terminal once authenticated.
-
Input backend remote code into your provider.tf file
terraform { backend "remote" { organization = "organization-value-name" workspaces { name = "workstation-value-name-you-set" } } }
-
Preview of using local CLI commands using Terraform Cloud :
↑ Create a Azure local blob storage account Container for tfstate backend file
-
Using Azure Storage Container to store state file instead of remote backend from terraform in code :
terraform { backend "azurerm" { resource_group_name = "Resource-Group-Name-Value" storage_account_name = "Account-Name-Value" container_name = "tfstate" key = "00000000-0000-0000-0000-000000000000" } }
↑ Create a Service Principal with a Client Secret
- Please Review for Hashicorp Guide for Azure Service Principal Authentication https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
↑ Configuring the Service Principal in Terraform
provider "azurerm" {
features {}
subscription_id = "00000000-0000-0000-0000-000000000000"
client_id = "00000000-0000-0000-0000-000000000000"
client_secret = "00000000-0000-0000-0000-000000000000"
tenant_id = "00000000-0000-0000-0000-000000000000"
}
-
Setting these values into your environment variable allows you to remove them from your code as these are SECRET and should not be shared.
-
Once these variables are set restart your terminal and Visual Studio Code to allow it to take effect.
setx ARM_CLIENT_ID "00000000-0000-0000-0000-000000000000" setx ARM_CLIENT_SECRET "00000000-0000-0000-0000-000000000000" setx ARM_SUBSCRIPTION_ID "00000000-0000-0000-0000-000000000000" setx ARM_TENANT_ID "00000000-0000-0000-0000-000000000000"
-
Once the infrastructure has been deployed locate the public ip address and connect to the vm through ssh :
ssh -i ~/.ssh/id_rsa [email protected]
↑ Create SSH Service Connection in Azure DevOps
- Create the Service Connection to allow SSH Connection and push Ansible Playbooks to the Virtual Machine
-
https://dev.azure.com/ > Project > Project Settings > Service Connections > Select : New Service Connection > Select : SSH
-
Add SSH Service Connection > Input Values : Public IP, Username, Password, id_rsa you cat eariler > OK.
↑ Run the Shell Script
-
Git clone my bash script from https://github.com/DFW1N/terraform-ansible-azure
git clone https://github.com/DFW1N/terraform-ansible-azure.git && cd terraform-ansible-azure sudo chmod +x autosetup.sh sudo sh autosetup.sh
↑ Ansible Installation on Ubuntu Linux
- Please follow this section if you prefer to not use the shell script to automate the process for you.
sudo apt-get upgrade -y
sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible -y
sudo apt-get install python -y
ansible --version
mkdir ~/.azure && cd ~/.azure;
sudo curl https://raw.githubusercontent.com/DFW1N/ansible-tower/main/credentials -o credentials;
-
Input Azure Service Principle Values into these below located in the ~/.azure/credentials directory: [Azure only]
[default] subscription_id=<your-Azure-subscription_id> client_id=<azure service-principal-appid> secret=<azure service-principal-password> tenant=<azure serviceprincipal-tenant>
ssh-keygen
cat ~/.ssh/id_rsa.pub
-
Option 1 Quick Version: Issue this command from Ansible Server to remote host:
sudo ssh-copy-id 192.182.16.23
-
Password prompt for remote host will pop up input that value to add the ssh id_rsa.pub to remote host.
-
Option 2 Longer Version:
Copy the text from the key Log into your node server run: sudo -s Open the authorized_keys file: sudo nano ~/.ssh/authorized_keys Paste the id_rsa.pub key to the file from your Ansible server Save and close the file
-
Please ensure you are logged in as root to view authorized_keys as it won't be located anywhere else but under the /root/ home directory.
Please ensure you are logged in on your Ansible server and configure Ansible files for remote hosts:
sudo nano /etc/ansible/hosts
-
Add your remote servers to this file using the following syntax:
-
The following example defines a group named [azureservers] with two different servers in it, each identified by a custom alias: azureserver & azureserver2 remmeber to change the IP address to your remote hosts.
[azureservers] azureserver ansible_host=192.182.16.23 azureserver2 ansible_host=192.173.34.23 [all:vars] ansible_python_interpreter=/usr/bin/python3
-
View your ansible inventory you will see your server infrastructure thats defined in your inventory file on your Ansible server:
ansible-inventory --list -y
-
Output
all: children: azureservers: hosts: azureserver: ansible_host: 192.182.16.23 ansible_python_interpreter: /usr/bin/python3 azureserver2: ansible_host: 192.173.34.23 ansible_python_interpreter: /usr/bin/python3
-
Test remote host by pinging from ansible with the following command :
ansible -m ping all
-
Expected output response:
azureserver | SUCCESS => { "changed": false, "ping": "pong" } azureserver2 | SUCCESS => { "changed": false, "ping": "pong" }
-
Ping remote hosts defined under your configuration such as [databases] :
ansible -m ping databases
-
Check remote system versions :
ansible -u adminuser -i /etc/ansible/hosts -m raw -a 'uname -a' azureservers
-
Check disk usage on all remote servers with:
ansible all -a "df -h" -u adminuser
↑ Configure Ansible to run as a specific user:
-
creating a file that instructs all servers to connect as root user :
sudo mkdir /etc/ansible/group_vars && sudo nano /etc/ansible/group_vars/servers
-
Input the following username used on the remote host:
ansible_ssh_user: adminuser
↑ Review Ansible Playbooks for Azure
- Playbook: A file containing a series of tasks to be executed on a remote server.
- https://docs.microsoft.com/en-us/samples/azure-samples/ansible-playbooks/ansible-playbooks-for-azure/
↑ Ansible Tower Installation on Ubuntu Linux
- Ansible Tower Installation on Ubuntu Linux
- Access the Ansible website and Download the Ansible Tower product
-
Assumation that the ansible-tower-setup-latest.tar.gz package is located inside the /tmp directory please follow commands in order:
cd /tmp tar -zxvf ansible-tower-setup-latest.tar.gz [Ansible Tower Download File] cd /tmp/ansible-tower-setup{version} vi inventory
-
Inventory file contents:
[tower] localhost ansible_connection=local [database] [all:vars] admin_password='' pg_host='' pg_port='' pg_database='awx' pg_username='awx' pg_password='' rabbitmq_username=tower rabbitmq_password='' rabbitmq_cookie=cookiemonster
-
Isolated Tower nodes automatically generate an RSA key for authentication;
-
To disable this behavior, set this value to false
-
isolated_key_generation=true
admin_password=''
pg_password=''
rabbitmq_password=''
-
Once values have been changed start Ansible Tower installation process:
cd /tmp/ansible-tower-setup{version} ./setup.sh
-
On completion of installation open browser and enter IP address of your Ansible tower.
-
To log in use the 'default' username: admin and input the password you set above under the
[admin_password='input value']
↑ Notes
- Ansible Tower only support Ubuntu Linux until version 16.04
- If you deploy my ansible-autosetup.sh bash script it will automatically give ansible-ssh-automation.sh the correct permissions to start the SSH process.
- Ansible Tower does not offer support to Ubuntu version 18 or 19.
- Ansible Tower Default Username : admin
- Use command : terraform fmt | To Fix spacing in your code.
↑ Support
Please Support me if this has helped you with rapid infratructure deployment by following me on Twitter or connecting with me on LinkedIn feel free to visit my LinkedIin at Linkedin. I hope this has helped please do not use this script for any illegal purposes, this script was solely written for educational purposes or to help DevOps produce virtual machines on Azure at a rapid rate
↑ Bugs or Errors:
- Free to pull-request clean up or add new modules or clean up the code in general.