Azure Devops Ansible Pipeline

ADO = Azure Devops

This is a brief guide to setting up a simple environment for utilizing ansible in an ADO YAML Pipeline to connect to a Windows VM's utilising winping as a demo to prove this works

This is a lab only !

• Azure Devops Organization and Project for testing
• Devops Connection to Azure with read access to all (In this example i used the service principle in the connection for accessing the keyvault and logging in to azure)
• Agent pool (Name: Ansible) created and PAT token at the ready, information on how below.
• terraform installed locally
• VSCode with TF Extension and Git
• AZ Cli or AZ PS Module
• Azure Subscription
• Azure Service Principle created (keep a hold of the details) guide , alt guide

Import the repo into your test project in ADO Guide

Update the ado.sh file replacing all items within the <> brackets, don't forget to remove the brackets (see here for how to create PAT Tokens and here for Agent pools)

Update the ansible_demo.yml file with

• tennant id
• app id (your service principle id)

CD into the TF folder

Log in to azure AZ CLI or Powershell

Initialize TF Code

terraform init -upgrade

Plan TF Code

terraform plan -out main.tfplan

Apply TF Code

terraform apply main.tfplan

In your web browser and in ADO Project or Org settings check the agent is showing

Ensure your Service Principle has access to the newly created keyvault with permissions to read all secrets

In your keyvault add an additional secret

• password

set the value of your service principle password and click save

Create Library groups

Click "Link Secrets" from... (if your not using a SP create secure variables here)

Fill in the details

Click "add", select the serverPassword and click "ok" repeat for password

Name the variable group as "Ansible" and click Save

Create a Pipeline

Select Azure Repos Git

Click your project name

Click Existing Azure Pipelines yaml file

in main branch select the file "/Pipeline/ansible_demo.yml" Click continue

Click Save and run

That should be it and time to take down the environment

DESTROY!!!!!!!!!!!!!

terraform plan -destroy -out main.destroy.tfplan
terraform apply "main.destroy.tfplan"

For further reading and sources that helped this post please see the below

• Ansible Credssp
• Uploading multiple files to a SA with TF
• Ansible on Ubuntu
• Server did not response with a CredSSP
• Ansible Dynamic Libraries in Azure
• ADO Ansible
• ANSIBLE: BRING POWERSHELL OUTPUT INTO ANSIBLE VARIABLES
• Win_update results
• ansible.windows.win_updates not applying cumulative updates correctly
• Pipeline Variables
• Pipeline Conditions
• Azure Resource Manager inventory plugin
• Ansible Commands Cheat sheet