Bash<\/strong>.<\/li><\/ul>\n\n\n\nNote<\/strong>: If this is the first time you are starting Cloud Shell<\/strong> and you are presented with the You have no storage mounted<\/strong> message, select the subscription you are using in this lab, and select Create storage<\/strong>.<\/p>\n\n\n\nFrom the Bash session in the Cloud Shell pane, run the following to specify the name of the Azure region that will host the resources you deploy in this lab (replace the <Azure_region> placeholder with the name of the Azure region where you intend to deploy resources. Make sure that the name does not contain any spaces, e.g. westeurope):<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
LOCATION=eastus<\/code><\/pre>\n\n\n\nFrom the Bash session in the Cloud Shell pane, run the following to create resource groups that will host the Azure VMs you deploy in this lab:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
RG1NAME=exceedm14l03rg\naz group create --name $RG1NAME --location $LOCATION\nRG2NAME=exceedm14l03arg\naz group create --name $RG2NAME --location $LOCATION\n<\/code><\/pre>\n\n\n\nRun the following to deploy an Azure VM running Ubuntu into the resource group you created in the previous step:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
VM1NAME=exceedm1403vm1\naz vm create \\\n--resource-group $RG1NAME \\\n--name $VM1NAME \\\n--image UbuntuLTS \\\n--authentication-type password \\\n--admin-username azureuser \\\n--admin-password Pa55w.rd1234\n<\/code><\/pre>\n\n\n\nNote<\/strong>: Wait for the deployment to complete before you proceed to the next step. This might take about 2 minutes.<\/p>\n\n\n\nNote<\/strong>: Once the provisioning completes, in the JSON-based output, identify the value of the \u201cpublicIpAddress\u201d<\/strong> property included in the output.<\/p>\n\n\n\nRun the following to connect to the newly deployed Azure VM by using SSH:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
PIP=$(az vm show --show-details --resource-group $RG1NAME --name $VM1NAME --query publicIps --output tsv)\nssh azureuser@$PIP\n<\/code><\/pre>\n\n\n\nWhen prompted for confirmation to proceed, type yes<\/strong> and press the Enter<\/strong> key and, when prompted to provide the password, type Pa55w.rd1234<\/strong>.<\/p>\n\n\n\n<\/p>\n\n\n\n
Task 2: Install and configure Ansible on an Azure VM<\/strong><\/p>\n\n\n\nIn this task, you will install and configure Ansible on the Azure VM you deployed in the previous task.<\/p>\n\n\n\n
In the Bash session in the Cloud Shell pane, within the SSH session to the newly deployed Azure VM, run the following to update the Advanced Packaging Tool (apt) package list to include the latest version and package details:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
sudo apt-get update<\/code><\/pre>\n\n\n\nRun the following commands to add and install VSCode (whenever you are prompted for confirmation, type y<\/strong> and press the Enter<\/strong> key):<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
sudo apt-get install wget<\/code><\/pre>\n\n\n\nCodeCopy<\/p>\n\n\n\n
wget -qO- https:\/\/packages.microsoft.com\/keys\/microsoft.asc | gpg --dearmor > packages.microsoft.gpg<\/code><\/pre>\n\n\n\nCodeCopy<\/p>\n\n\n\n
sudo install -o root -g root -m 644 packages.microsoft.gpg \/etc\/apt\/trusted.gpg.d\/\nsudo sh -c 'echo \"deb [arch=amd64,arm64,armhf signed-by=\/etc\/apt\/trusted.gpg.d\/packages.microsoft.gpg] https:\/\/packages.microsoft.com\/repos\/code stable main\" > \/etc\/apt\/sources.list.d\/vscode.list'\n<\/code><\/pre>\n\n\n\nCodeCopy<\/p>\n\n\n\n
rm -f packages.microsoft.gpg<\/code><\/pre>\n\n\n\nCodeCopy<\/p>\n\n\n\n
sudo apt update\nsudo apt install apt-transport-https\nsudo apt install code\n<\/code><\/pre>\n\n\n\nRun the following to install Ansible and the required Azure modules (make sure that you run the commands individually, line by line<\/strong>, and, whenever you are prompted for confirmation, type y<\/strong> and press the Enter<\/strong> key):<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
sudo apt install python3-pip\nsudo -H pip3 install --upgrade pip\nsudo -H pip3 install ansible[azure]\nsudo apt-add-repository --yes --update ppa:ansible\/ansible\nsudo apt install ansible\nsudo ansible-galaxy collection install azure.azcollection\ncurl -O https:\/\/raw.githubusercontent.com\/ansible-collections\/azure\/dev\/requirements-azure.txt\nsudo pip3 install -r requirements-azure.txt\nrm requirements-azure.txt\n<\/code><\/pre>\n\n\n\nNote<\/strong>: Disregard any warnings. If you encounter any errors, rerun the commands.<\/p>\n\n\n\nRun the following to install the dnspython package to allow the Ansible playbooks to verify DNS names before deployment:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
sudo -H pip3 install dnspython<\/code><\/pre>\n\n\n\nIn the Bash session in the Cloud Shell pane, within the SSH session to the newly deployed Azure VM, run the following to install the jq<\/strong> JSON parsing tool (when prompted, type y<\/strong> and press the Enter<\/strong> key):<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
sudo apt install jq<\/code><\/pre>\n\n\n\nRun the following to install Azure CLI:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
curl -sL https:\/\/aka.ms\/InstallAzureCLIDeb | sudo bash<\/code><\/pre>\n\n\n\n<\/p>\n\n\n\n
Task 3: Download Ansible configuration and sample playbook files<\/strong><\/p>\n\n\n\nIn this task, you will download from GitHub the Ansible configuration repository along with the sample lab files.<\/p>\n\n\n\n
In the Bash session in the Cloud Shell pane, within the SSH session to the newly deployed Azure VM, run the following to ensure that git<\/strong> is installed:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
sudo apt install git<\/code><\/pre>\n\n\n\nRun the following to clone the PartsUnlimitedMRP repo from GitHub:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
git clone https:\/\/github.com\/Microsoft\/PartsUnlimitedMRP.git<\/code><\/pre>\n\n\n\nNote<\/strong>: This repository contains playbooks for creating a wide range of resources, some of which we will use in the lab.<\/p>\n\n\n\n<\/p>\n\n\n\n
Task 4: Create and configure Azure Active Directory managed identity<\/strong><\/p>\n\n\n\nIn this task, you will generate an Azure AD managed identity in order to facilitate non-interactive authentication of Ansible, which is necessary to access Azure resources. You will also assign to the managed identity the Contributor role on the resource group you created in the previous task.<\/p>\n\n\n\n
In the Bash session in the Cloud Shell pane, within the SSH session to the newly deployed Azure VM, run the following to sign in to the Azure AD tenant associated with your Azure subscription:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
az login<\/code><\/pre>\n\n\n\nNote<\/strong>: If the command fails, rerun the installation of Azure CLI.<\/p>\n\n\n\nNote the code displayed in the output of the previous command and switch to your lab computer. From your lab computer, open another tab in the browser window displaying the Azure portal, navigate to the Microsoft Device Login page<\/a> and, when prompted, enter the code and select Next<\/strong>.<\/li>When prompted, sign in with credentials you are using in this lab and close the browser tab.<\/li><\/ul>\n\n\n\nSwitch back to the Bash session in the Cloud Shell pane. Within the SSH session to the Azure VM configured as the Ansible control node, run the following to generate a system assigned managed identity:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
RG1NAME=exceedm14l03rg\nVM1NAME=exceedm1403vm1\naz vm identity assign --resource-group $RG1NAME --name $VM1NAME\n<\/code><\/pre>\n\n\n\nRun the following to identify the value of your subscription by running:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
SUBSCRIPTIONID=$(az account show --query id --output tsv)<\/code><\/pre>\n\n\n\nRun the following to retrieve the value of the ID<\/strong> property of the built-in Azure Role Based Access Control Contributor role:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
CONTRIBUTORID=$(az role definition list --name \"Contributor\" --query \"[].id\" --output tsv)<\/code><\/pre>\n\n\n\nRun the following to assign the Contributor role on the resource group you created earlier in this lab:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
MIID=$(az resource list --name $VM1NAME --query [*].identity.principalId --out tsv)\n\nRG2NAME=exceedm14l03arg\naz role assignment create --assignee \"$MIID\" \\\n--role \"$CONTRIBUTORID\" \\\n--scope \/subscriptions\/$SUBSCRIPTIONID\/resourceGroups\/$RG2NAME\n<\/code><\/pre>\n\n\n\n<\/p>\n\n\n\n
Task 5: Configure SSH for use with Ansible<\/strong><\/p>\n\n\n\nIn this task, you will configure SSH for use with Ansible.<\/p>\n\n\n\n
In the Bash session in the Cloud Shell pane, within the SSH session to the newly deployed Azure VM, run the following to generate the key pair (when prompted, press the Enter<\/strong> key three times to accept the default values of the locations of the files and not to set the passphrase):<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
ssh-keygen -t rsa<\/code><\/pre>\n\n\n\nRun the following to grant read, write, and execute permissions on the .ssh<\/strong> folder hosting the private key:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
chmod 755 ~\/.ssh<\/code><\/pre>\n\n\n\nRun the following to create as well as set read and write permissions on the authorized_keys<\/strong> file.<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
touch ~\/.ssh\/authorized_keys\nchmod 644 ~\/.ssh\/authorized_keys\n<\/code><\/pre>\n\n\n\nNote<\/strong>: By providing keys included in this file, you are allowed access without having to provide a password.<\/p>\n\n\n\nRun the following to add the password to the authorized_keys<\/strong> file:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
ssh-copy-id azureuser@127.0.0.1<\/code><\/pre>\n\n\n\nWhen prompted, type yes<\/strong> and enter the password Pa55w.rd1234<\/strong> for the azureuser<\/strong> user account you specified when deploying the third Azure VM earlier in this lab.<\/p>\n\n\n\nRun the following to verify that you are not prompted for password:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
ssh 127.0.0.1<\/code><\/pre>\n\n\n\nType exit<\/strong> and press the Enter<\/strong> key to terminate the loopback connection you just established.<\/li><\/ul>\n\n\n\nNote<\/strong>: Establishing passwordless SSH authentication is a critical step for setting up your Ansible environment.<\/p>\n\n\n\nTask 6: Create a web server Azure VM by using an Ansible playbook<\/strong><\/p>\n\n\n\nIn this task, you will create an Azure VM hosting a web server by using an Ansible playbook.<\/p>\n\n\n\n
Note<\/strong>: Now that we have Ansible up and running in the control Azure VM, we can deploy our first playbook in order to create and configure a managed Azure VM. Before deploying the sample playbook, you need to replace the public SSH key included in its content with the key you generated in the previous task.<\/p>\n\n\n\nIn the Bash session in the Cloud Shell pane, within the SSH session to the Azure VM configured as the Ansible control node, run the following to identify the locally stored public key which you generated in the previous task:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
cat ~\/.ssh\/id_rsa.pub<\/code><\/pre>\n\n\n\nRecord the output, including the username at the end of the output string.<\/p>\n\n\n\nRun the following to open the new_vm_web.yml<\/strong> file in the Code text editor:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
code ~\/PartsUnlimitedMRP\/Labfiles\/AZ-400T05-ImplemntgAppInfra\/Labfiles\/ansible\/new_vm_web.yml<\/code><\/pre>\n\n\n\nIn the Code editor, if needed, change the name of the region in the dnsname: ‘.westeurope.cloudapp.azure.com’ entry to the name of the Azure region you are targeting for deployment.<\/li><\/ul>\n\n\n\nNote<\/strong>: Make sure that this region matches the Azure region where you created the exceedm14l03rg<\/strong> resource group.<\/p>\n\n\n\nIn the Code editor, change the value of vm_size entry from Standard_A0 to Standard_DS1_v2.<\/li> In the Code editor, locate the SSH string towards the end of the file, in the key_data entry, delete the existing key value and replace it with the key value that you recorded earlier in this task.<\/li><\/ul>\n\n\n\nNote<\/strong>: Make sure that the value of admin_username entry that is included in the file matches the user name you used to sign in to the Azure VM hosting the Ansible control system (azureuser<\/strong>). The same user name must be used in the path entry of ssh_public_keys section.<\/p>\n\n\n\nWithin the Code editor interface, click the \u2026<\/strong> on the top right, and select Save<\/strong>.<\/li><\/ul>\n\n\n\nNote<\/strong>: Next, you will deploy an Azure VM into the resource group created at the beginning of the lab. Use the following values for the deployment:<\/p>\n\n\n\nSetting<\/td> Value<\/td><\/tr><\/thead> Resource group<\/td> exceedm14l03arg<\/strong><\/td><\/tr>Virtual network<\/td> exceedm1403aVNET<\/strong><\/td><\/tr>Subnet<\/td> exceedm1403aSubnet<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nNote<\/strong>: The variables can be defined inside of playbooks or can be entered at runtime when invoking the ansible-playbook command by including the –extra-vars option. As the VM name, use only up to 15 lower case letters and numbers (no hyphens, underscore signs or upper case letters) and ensure it is globally unique, since the same name is used to generate the storage account and the DNS name for the public IP address associated with the corresponding Azure VM.<\/p>\n\n\n\nRun the following to create the virtual network and its subnet into which you will deploy an Azure VM by using an ansible playbook:<\/li><\/ul>\n\n\n\nCodeCopy<\/p>\n\n\n\n
![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture1.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture2.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture3.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture4.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture5.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture6.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture7.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture8.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture9.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture10.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture11.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture12.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture13.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture14.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture15.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture16.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture17.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture18.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture20.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/05\/Picture21.png\")
<\/figure>\n\n\n\n