Today is a milestone because I will provide you a “real-life” solution for a “real-life” scenario with Ansible in Azure. Why is it so important? Since I started to learn Ansible I found several examples for different scenarios but as I realized nobody has provided a really good solution for that situation when you would like to deploy a multi NICs environment to Azure with Ansible. Therefore I did it and I would like to share it with you.
Multi NICs environment that architecture where you can manage and use your services on secure way.
Azure architecture for this solution
As you can see there is another ingredient in this architecture. The Virtual Network and the NSGs are in a separated resource group inside your subscription. Why? Because they are “shared” resources and in this way we can use them for different services. Additionally our architecture stays easy to understand and managed.
Virtual Machines in this scenario
According to the draw above we will create a simple architecture with the following VMs and roles:
- Web servers: 2
- DB server: 1
- Web servers have 2 NICs
- DB server has only 1 NIC (in BackEnd subnet)
- DB server does not have Public IP
With this architecture is easily deployed with Ansible. Nevertheless you have to be sure you use the right version of Ansible. although Ansible supports Azure since version 2.4 the most of required functionality is quite new. The main 2 feature are available according to my requests because I was facing some issue during the solution development. You can find these bugs here:
- Issue 40648 – azure_rm_virtualmachine: Azure Error – Multiple NICs: NetworkInterfaceMustHavePrimaryPropertySet, Message: Network interface must have Primary property set.
- Issue 41728 – NIC creation does not work with VNet in different resource group – Ansible 2.5.5
Therefore the required Ansible version for this solution on Today: 2.7dev You can install it on this way:
sudo pip install git+https://github.com/ansible/ansible.git@devel
When you installed the right package to your computer you can pull the required codes from git (201_multi_nic_vm).
# Navigate to git directory cd /data/git # Clone azansible from git git clone https://github.com/the1bit/azansible.git # Go to 201_multi_nic_vm solution directory cd 201_multi_nic_vm
Before you start the deployment you have to prepare it.
- Check every requirements
- Create Service Principal for your Azure subscription
- Create your inventory files
- inventory/hosts: Update the values according to your deployment
- inventory/group_vars/all.yml: Update the current values
--- env_id: "the1bit" location: "westeurope" public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAAB..." vnet_rg: "common" vnet_address_prefix: "22.214.171.124/23" vnet_fe_subnet_address_prefix: "126.96.36.199/24" vnet_be_subnet_address_prefix: "188.8.131.52/24"
- inventory/group_vars/virtualmachines.yml: Modify the ssh key name and path if it is required
Deploy your environment
Finally only one thing left: Start the deployment
# Start Ansible playbooks ansible-playbook -i inventory/ -e mainpath="/data/git/azansible/201_multi_nic_vm" playbooks/main.yml
and check the result…
After the successful deployment you can use your environment. Merely some additional configuration is required:
- NSG FE configuration for WEB requests
- Put services (web to web, database to db) onto servers
- Enjoy your environment