Azure Devops Ansible Pipeline
ADO = Azure Devops
This is a brief guide to setting up a simple environment for utilizing ansible in an ADO YAML Pipeline to connect to a Windows VM's utilising winping as a demo to prove this works
This is a lab only !
- Azure Devops Organization and Project for testing
- Devops Connection to Azure with read access to all (In this example i used the service principle in the connection for accessing the keyvault and logging in to azure)
- Agent pool (Name: Ansible) created and PAT token at the ready, information on how below.
- terraform installed locally
- VSCode with TF Extension and Git
- AZ Cli or AZ PS Module
- Azure Subscription
- Azure Service Principle created (keep a hold of the details) guide , alt guide
Import the repo into your test project in ADO Guide
Update the ado.sh file replacing all items within the <> brackets, don't forget to remove the brackets (see here for how to create PAT Tokens and here for Agent pools)
Update the ansible_demo.yml file with
- tennant id
- app id (your service principle id)
CD into the TF folder
Log in to azure AZ CLI or Powershell
Initialize TF Code
terraform init -upgrade
Plan TF Code
terraform plan -out main.tfplan
Apply TF Code
terraform apply main.tfplan
In your web browser and in ADO Project or Org settings check the agent is showing
Ensure your Service Principle has access to the newly created keyvault with permissions to read all secrets
In your keyvault add an additional secret
- password
set the value of your service principle password and click save
Create Library groups
Click "Link Secrets" from... (if your not using a SP create secure variables here)
Fill in the details
Click "add", select the serverPassword and click "ok" repeat for password
Name the variable group as "Ansible" and click Save
Create a Pipeline
Select Azure Repos Git
Click your project name
Click Existing Azure Pipelines yaml file
in main branch select the file "/Pipeline/ansible_demo.yml" Click continue
Click Save and run
That should be it and time to take down the environment
DESTROY!!!!!!!!!!!!!
terraform plan -destroy -out main.destroy.tfplan
terraform apply "main.destroy.tfplan"
For further reading and sources that helped this post please see the below
- Ansible Credssp
- Uploading multiple files to a SA with TF
- Ansible on Ubuntu
- Server did not response with a CredSSP
- Ansible Dynamic Libraries in Azure
- ADO Ansible
- ANSIBLE: BRING POWERSHELL OUTPUT INTO ANSIBLE VARIABLES
- Win_update results
- ansible.windows.win_updates not applying cumulative updates correctly
- Pipeline Variables
- Pipeline Conditions
- Azure Resource Manager inventory plugin
- Ansible Commands Cheat sheet