Azure CLI Deployment of Ansible Automation Platform on Microsoft Azure
Table of Contents
Red Hat Ansible Automation Platform on Microsoft Azure can be deployed directly through the Azure Marketplace GUI as well as other Azure Marketplace deployment models. If you have a need to automate deployment, or configure deployment options programmatically such as deploying to a different Azure region, then you may use this deployment model.
The outcome of this process is a single az
CLI command to deploy a managed application.
Prerequisites
Item | Description |
---|---|
Bash or Azure Cloud Shell (Bash) | The examples in this article focus on a Bash-based deployment. |
Permissions to Deploy Managed Application and Resources | This article assumes that your Azure account or Service Principal has permissions to install the managed application. |
Azure CLI | This article assumes that you are using the Azure CLI and that the CLI is configured with the proper subscription and is properly authenticated prior to running these operations. |
It is important to understand the networking settings used in this process as well. There is a separate KB article that covers all of the information needed to plan the CIDR blocks and IP addresses used in the configuration parameters of this article.
Script Variables
Collecting Unpublished Variables
Some variables that are required for the CLI deployment are not retrievable from the CLI at this time. You must collect these variables from the Azure Portal prior to running the CLI command. This process is only required once, but the AZURE_PLAN_VERSION
variable changes over time, so you will want to account for that when more than a few days passes between your CLI deployments.
Note: The following process follows the same steps as preparing a Azure Marketplace UI deployment, but stops short of actually deploying via the Azure Marketplace.
- Navigate to the Azure Marketplace and select Red Hat Ansible Automation Platform. Be sure to select the proper offer based on your buying location; the publisher for EMEA countries is different than others.
- Select the plan that you ultimately wish to deploy.
- Press the "Create" button.
- Fill out the form fields on the "Basics" tab. These can be arbitrary since you won't actually be deploying through the UI.
- Click "Next: Networking".
- Click "Next: Review + create". Again, no need to set these values since you aren't actually deploying.
- Click the "Download a template for automation" link.
You may download this file for reference, but the important key pairs are in the "plan" section of the file.
"plan": {
"name": "rh-aap-azure400pub-b2",
"product": "rhaapomsa",
"publisher": "redhat",
"version": "1.5.1"
}
Note: The version of the managed application is incremented regularly. It is important to check for the latest version of the managed application to ensure that the deployment succeeds. Using any version other than the latest is unsupported.
These values will map to environment variables in later steps.
JSON Key | Variable Name |
---|---|
name | AZURE_PLAN |
product | AZURE_OFFER |
publisher | AZURE_PUBLISHER |
version | AZURE_PLAN_VERSION |
Setting Script Environment Variables
The script in this example uses environment variables to set items within the final az
command. These environment variables are, effectively, the same input options that are exposed via the Azure Marketplace UI in the Azure portal. Using the CLI allows you to set some options, such as the Azure deployment region, more granularly than the Azure Marketplace UI does.
Variable Name | Description |
---|---|
ANSIBLE_ACCESS_MODE | Ansible on Azure public or private access mode. |
AZURE_DEPLOYMENT_SUBSCRIPTION | The Azure subscription to deploy the managed application into. |
AZURE_APP_DEPLOYMENT_RESOURCE_GROUP | The resource group to deploy the managed application record. This must exist already. |
AZURE_APP_NAME | The name of the managed application record that will appear in the previously defined resource group. This should be unique per-deployment. |
AZURE_MANAGED_APP_RESOURCES_GROUP | The name of the managed application resource group that will contain the resources for the managed application. |
AZURE_REGION | The Azure region that the managed application will be deployed into. |
AZURE_PUBLISHER | The publisher of the managed application; redhat (non-EMEA billing accounts) or redhat-limited (EMEA billing accounts) |
AZURE_OFFER | The name of the marketplace "offer" (sometimes referred to as "product"). |
AZURE_PLAN | The name of the Red Hat Ansible Automation Platform plan. |
AZURE_PLAN_VERSION | The version of the previously defined plan. |
ANSIBLE_ADMIN_PASSWORD | The password for the Ansible Automation Platform admin user that is used to login to Ansible Automation Platform initially. This must have at least twelve characters and be alphanumeric. |
VNET_CIDR | The CIDR block of the VNET used by the managed application. |
CLUSTER_CIDR | The CIDR block for the AKS subnet. |
APP_GW_CIDR | The CIDR block for Application Gateways (required but unused in private access mode). |
PRIVATE_LINK_CIDR | The CIDR block for private links to Azure services. |
DATABASE_CIDR | The CIDR block for the PostgresSQL Flex DB server(s). |
SERVICE_CIDR | The CIDR block to assign service cluster IPs. It must not overlap with any Subnet IP ranges for the AKS service. |
DNS_SERVICE_IP | An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. |
POD_CIDR | The CIDR block to assign pod IPs when kubenet is used. |
DISASTER_RECOVERY | 0ptional feature to allow an organization to restore application functionality in the event of a significant incident to your deployed Azure region. |
Deployment
Accepting the Offer Terms
Just like deploying the managed application through the Azure Portal, you must accept the terms of service before you can install the managed application. This process must be performed once per offer/plan that you intend to install. Otherwise, you will receive and error like the following:
(ResourcePurchaseValidationFailed) User failed validation to purchase resources. Error message: 'You have not accepted the legal terms on this subscription: '\
' for this plan. Before the subscription can be used, you need to accept the legal terms of the image. To read and accept legal terms, use the Azure CLI commands described at https://go.microsoft.com/fwlink/?linkid=2110637 or the PowerShell commands available at https://go.microsoft.com/fwlink/?linkid=862451.
To accept the offer terms from the CLI, you can run the following:
export AZURE_PUBLISHER="redhat";
export AZURE_OFFER="rhaapomsa";
export AZURE_PLAN="rh-aap-azure400pub-b2";
az vm image terms accept \
--offer $AZURE_OFFER \
--plan $AZURE_PLAN \
--publisher $AZURE_PUBLISHER
Deploying the Managed Application
Once you have planned collected and planned the deployment variables, you may run the az
CLI command with the variables to deploy the managed application. The initial command will take about 10 minutes to run and then it will output information about the deployment. To monitor the deployment beyond this state, copy the deploymentEngineUrl
value into your web browser and login with the administrator password that you setup for the deployment. The deployment engine will provide details regarding the state of the deployment.
The following is a full example of setting the environment variables and running the Azure CLI commands.
export ANSIBLE_ACCESS_MODE="private"
export AZURE_DEPLOYMENT_SUBSCRIPTION=""
export AZURE_APP_DEPLOYMENT_RESOURCE_GROUP=""
export AZURE_APP_NAME="ansible-$ANSIBLE_ACCESS_MODE-deployment"
export AZURE_MANAGED_APP_RESOURCES_GROUP="mrg-$AZURE_APP_NAME"
export AZURE_REGION="eastus"
export AZURE_PUBLISHER="redhat"
export AZURE_OFFER="rhaapomsa"
export AZURE_PLAN="rh-aap-azure400pub-b2"
export AZURE_PLAN_VERSION="1.5.1"
export ANSIBLE_ADMIN_PASSWORD=""
export VNET_CIDR="10.100.1.0/24"
export CLUSTER_CIDR="10.100.1.0/26"
export APP_GW_CIDR="10.100.1.64/28"
export PRIVATE_LINK_CIDR="10.100.1.96/28"
export DATABASE_CIDR="10.100.1.80/28"
export SERVICE_CIDR="10.101.0.0/26"
export DNS_SERVICE_IP="10.101.0.3"
export POD_CIDR="10.254.0.0/20"
export DISASTER_RECOVERY=true
az managedapp create \
-g $AZURE_APP_DEPLOYMENT_RESOURCE_GROUP \
-n $AZURE_APP_NAME \
-l $AZURE_REGION \
--kind MarketPlace \
-m "/subscriptions/$AZURE_DEPLOYMENT_SUBSCRIPTION/resourceGroups/$AZURE_MANAGED_APP_RESOURCES_GROUP" \
--plan-name $AZURE_PLAN \
--plan-version $AZURE_PLAN_VERSION \
--plan-product $AZURE_OFFER \
--plan-publisher $AZURE_PUBLISHER \
--parameters "{\"adminPassword\":{\"value\":\"$ANSIBLE_ADMIN_PASSWORD\"},\"crossTenantRoleAssignment\":{\"value\":true},\"disasterRecovery\":{\"value\":$DISASTER_RECOVERY},\"location\":{\"value\":\"$AZURE_REGION\"},\"access\":{\"value\":\"$ANSIBLE_ACCESS_MODE\"},\"vnetConfig\":{\"value\":{\"name\":\"vnet01\",\"resourceGroup\":\"$AZURE_MANAGED_APP_RESOURCES_GROUP\",\"addressPrefixes\":[\"$VNET_CIDR\"],\"addressPrefix\":\"$VNET_CIDR\",\"newOrExisting\":\"new\",\"subnets\":{\"aks\":{\"name\":\"cluster\",\"addressPrefix\":\"$CLUSTER_CIDR\"},\"appgw\":{\"name\":\"appgw\",\"addressPrefix\":\"$APP_GW_CIDR\"},\"plink\":{\"name\":\"private_link\",\"addressPrefix\":\"$PRIVATE_LINK_CIDR\"},\"postgres\":{\"name\":\"database\",\"addressPrefix\":\"$DATABASE_CIDR\"}}}},\"dnsServiceIP\":{\"value\":\"$DNS_SERVICE_IP\"},\"podCidr\":{\"value\":\"$POD_CIDR\"},\"serviceCidr\":{\"value\":\"$SERVICE_CIDR\"},\"tagsByResource\":{\"value\":{\"Microsoft.Network/applicationGateways\":{\"deployment\":\"cli\"},\"Microsoft.DBforPostgreSQL/flexibleServers\":{\"deployment\":\"cli\"},\"Microsoft.Resources/deploymentScripts\":{\"deployment\":\"cli\"},\"Microsoft.Network/dnsZones\":{\"deployment\":\"cli\"},\"Microsoft.KeyVault/vaults\":{\"deployment\":\"cli\"},\"Microsoft.ContainerService/managedClusters\":{\"deployment\":\"cli\"},\"Microsoft.OperationalInsights/workspaces\":{\"deployment\":\"cli\"},\"Microsoft.Solutions/applications\":{\"deployment\":\"cli\"},\"Microsoft.ManagedIdentity/userAssignedIdentities\":{\"deployment\":\"cli\"},\"Microsoft.Network/privateDnsZones/virtualNetworkLinks\":{\"deployment\":\"cli\"},\"Microsoft.Resources/resourceGroups\":{\"deployment\":\"cli\"},\"Microsoft.Network/privateDnsZones\":{\"deployment\":\"cli\"},\"Microsoft.Network/privateEndpoints\":{\"deployment\":\"cli\"},\"Microsoft.OperationsManagement/solutions\":{\"deployment\":\"cli\"},\"Microsoft.Storage/storageAccounts\":{\"deployment\":\"cli\"},\"Microsoft.Network/virtualNetworks\":{\"deployment\":\"cli\"}}}}"
Comments