I'm just getting started with Ansible. I've created simple vms with azure module on Ansible.
Now, I'm trying to take a snapshot on azure disk with ansible.
Is that possible?
There is no such a module according to the module list. You can use azure_rm_resource module to perform a custom post request to Azure with Ansible. Here's an API call you should mimic with Ansible
hosts: localhost
connection: local
tasks:
name: Create a snapshot by copying an existing managed disk.
azure_rm_snapshot:
resource_group: ****
name: mySnapshot
location: centralindia
creation_data:
create_option: Copy
source_id: '******'
Related
I'm working with a subscription that has a few different deployed environments (dev, test, staging, etc.). Each environment has its own storage account, containing an associated Terraform state file. These environments get deployed via Azure DevOps Pipelines.
It's easy enough to get at the .tfstate files that have been created this way, through the portal, CLI, etc.
But is it possible to access these state files using the 'terraform state' commands, for example using Azure Cloud Shell? If so, how do you point them at the right location?
I've tried using the terraform state commands in a Cloud Shell, but it's not clear how to point them to the right location or if this is indeed possible.
For these requirement, you need AzurePowerShell task to achieve your requirement.
1, First, if you can achieve your requirement via powershell feature in azure portal, then it is possible using the AzurePowerShell task to achieve the same thing(AzurePowerShell is running on the agent based on the service connection/service principal you provided.).
- task: AzurePowerShell#5
inputs:
azureSubscription: 'testbowman_in_AAD' #This service connection related to service principal on Azure side.
ScriptType: 'InlineScript'
Inline: |
# Put your logic here.
# Put your logic here.
azurePowerShellVersion: 'LatestVersion'
2, Second, you can use AzCopy to download the file and then do operations to it. DevOps microsoft host agent support this tool.
running this command : terraform state pull > state.tfstate (you can give like thils dev.tfstate extension tfstate is important)in the Azure cloud shell.
All you need to move to the terraform file directory
enter image description here
and run this command terraform state pull > dev.tfstate
enter image description here
Is it possible to create an azure storage file share using Ansible ?
There is an Ansible module to create Azure Storage Account, so I am good there.
I dont see anything for File Share.
There is something called azure_rm_resource but I have not been able to get it to work with it.
Any input will be appreciated.
Custom script solution
If you need custom implementation, I would suggest to use Azure CLI for developing a custom script, and then run it in your Ansible playbook.
E.g. reference fileshare.ps1 script with content of az storage share create --account-name MyAccount --name MyFileShare ...etc.
Documentation: https://learn.microsoft.com/en-us/cli/azure/storage/share?view=azure-cli-latest#az_storage_share_create
Simple solution with Ansible module (Edit: not sufficient at the moment)
Edit: this solution only creates the storage account as of now, so it is not sufficient in most scenarios.
There is an Ansible module for this, already implemented, called azure_rm_storageaccount in the azure namespace. See the link in the bottom.
Make sure to use the kind property and specify FileStorage value. Example:
- name: Create an account with kind of FileStorage
azure_rm_storageaccount:
resource_group: souser_resource_group
name: souser_file_storage
type: Premium_LRS
kind: FileStorage
tags:
testing: testing
Documentation:
https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_storageaccount_module.html
Posting my answer as it will help someone in the community:
The latest commit contains this enhancement !
https://github.com/ansible-collections/azure/pull/603/commits/83a6600417faccf56752a8ae5b1e52a0bac37dfb
Copying the example from the link above :
- name: Create storage share
azure_rm_storageshare:
name: testShare
resource_group: myResourceGroup
account_name: testStorageAccount
state: present
access_tier: Cool
quota: 2048
metadata:
key1: value1
key2: value2
How to configure Azure Blob Storage Container on an Yaml
- name: scripts-file-share
azureFile:
secretName: dev-blobstorage-secret
shareName: logs
readOnly: false```
The above is for the logs file share to configure on yaml.
But if I need to mount blob container? How to configure it?
Instead of azureFile do I need to use azureBlob?
And what is the configuration that I need to have below azureBlob? Please help
After the responses I got from the above post and also went through the articles online, I see there is no option for Azure Blob to mount on Azure AKS except to use azcopy or rest api integration for my problem considering the limitations I have on my environment.
So, after little bit research and taking references from below articles I could able to create a Docker image.
1.) Created the docker image with the reference article. But again, I also need support to run a bash script as I am running azcopy command using bash file. So, I tried to copy the azcopy tool to /usr/bin.
2.) Created SAS tokens for Azure File Share & Azure Blob. (Make sure you give required access permissions only)
3.) Created a bash file that runs the below command.
azcopy <FileShareSASTokenConnectionUrl> <BlobSASTokenConnectionUrl> --recursive=true
4.) Created a deployment yaml that runs on AKS. Added the command to run bash file in that.
This gave me the ability to copy the files from Azure File Share Folders to Azure Blob Container
References:
1.) https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10?toc=%2fazure%2fstorage%2fblobs%2ftoc.json#obtain-a-static-download-link
2.) https://github.com/Azure/azure-storage-azcopy/issues/423
I have integrated Azure KeyVault using Terraform. I can ssh into the container and can view the secrets.
My questions is: Is it possible to somehow reference that secret value inside my deployment.yml file that i use for deploying my pods in the kubernetes cluster?
I am using the following deployment file. Normally I access the Kubernetes secrets using the valueFrom and then referencing the secret name and key here. How would that be possible if i want to insert the value of secret using keyvault here.
-spec:
containers:
- name: test-container
image: test.azurecr.io/test-image:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
env:
- name: testSecret
valueFrom:
secretKeyRef:
name: testSecret
key: testSecretPassword
Thanks
You will need a Terraform data source. Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration. Use of data sources allows a Terraform configuration to make use of information defined outside of Terraform, or defined by another separate Terraform configuration.
data "azurerm_key_vault_secret" "test" {
name = "secret-sauce"
key_vault_id = "${data.azurerm_key_vault.existing.id}"
}
output "secret_value" {
value = "${data.azurerm_key_vault_secret.test.value}"
}
You can look at Key Vault FlexVolume to integrate Key Vault into K8s. Secrets, keys, and certificates in a key management system become a volume accessible to pods. Once the volume is mounted, its data is available directly in the container filesystem for your application.
I will be honest, I have not tried this solution and don't know if it will work outside of our AKS offering.
https://www.terraform.io/docs/providers/azurerm/d/key_vault_secret.html
https://blog.azureandbeyond.com/2019/01/29/terraform-azure-keyvault-secrets/
I am new to Ansible Azure modules. What I need is the ability to create VM's(n) and deploy an application on all of them. From what I read online azure_rm_virtual machine can be used to create VM(Assuming vnet, subnet and other networking jazz is in place). I am trying to figure out how do I deploy(copy bits and run my app installer) my application onto the newly created VM's? Can my app deployment be part of the VM creation process? If so what are the options? I looked into other modules but couldn't find any relevant one's. Didn't find any on the azure documentation too. Thanks.
Use azure_rm_deployment module to create VMs.
Because you know what you are deploying, use azure_rm_networkinterface_facts to get the IP address of your VM.
Use add_host to create an ad-hoc inventory. This all with:
---
- name: Create VM
hosts: localhost
gather_facts: true
Once you have your inventory use:
- name: Run updates
hosts: myazureinventory
gather_facts: true
From here, you can install your software. Hope it helps.
The ansible role to deploy a VM is now here: azure-iaas. I couldn't find one called azure_rm_deployment in the ansible repo.