Using Ansible for Configuring IaaS Infrastructure
In the previous chapter, we talked about the provisioning of an Azure cloud infrastructure with Terraform. If this infrastructure contains virtual machines (VMs), after their provisioning, it is necessary to configure their systems and install all middleware. This configuration will be necessary for the proper functioning of the applications that will be hosted on the VM.
There are several Infrastructure as Code (IaC) tools available for configuring VMs and the best known are Ansible, Puppet, Chef, SaltStack, and PowerShell DSC. Among them, Ansible from Red Hat (https://www.ansible.com/overview/it-automation) stands out for its many assets:
- It is declarative and uses the easy-to-read YAML language.
- Ansible only works with one executable.
- It does not require agents installed on the VMs to be configured.
- A simple SSL/WinRM connection is required for Ansible to connect to remote VMs.
- It has a template engine and a vault to encrypt/decrypt sensitive data.
- It is idempotent.
It should also be noted that Ansible does not only configure VMs, but it can also do infrastructure provisioning and security compliance.
In this chapter, we will see how to install Ansible, and then use it to configure a VM with an inventory and a playbook. We will also see how to protect sensitive data with Ansible Vault and finally, this chapter will discuss the use of a dynamic inventory in Azure.
The following topics are covered in this chapter:
- Installing Ansible
- Creating an Ansible inventory
- Executing the first playbook
- Protecting data with Ansible Vault
- Using a dynamic inventory for an Azure infrastructure