infrastructure as python code · - azure_rm_securitygroup - manage azure network security groups....
TRANSCRIPT
![Page 1: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/1.jpg)
Infrastructure as Python Code
Peter HoffmannSenior So(ware Engineer
Blue Yonder
@peterhoffmann
github/blue-yonder/documents/
![Page 2: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/2.jpg)
Azure Migra+on - Shi1 & Li1
![Page 3: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/3.jpg)
Infrastructure as a service
![Page 4: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/4.jpg)
ARM - Azure Resource Managemt Mode
![Page 5: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/5.jpg)
Azure Resource Manager API
different deployment op.ons
impara&ve vs declara&ve deployment
REST API with Swagger Definitons
JSON Schema for payload
![Page 6: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/6.jpg)
Resource Group
container for mul.ple resources
resources exist in one and only one resource group
resource groups can span regions
resource groups can span services
deployment tracks template execu2on
![Page 7: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/7.jpg)
Role-based Aaccess Control (RBAC)
![Page 8: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/8.jpg)
![Page 9: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/9.jpg)
ARM Template
![Page 10: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/10.jpg)
ARM Template
Azure Resource Manager templates are a declara've JSON based descrip:on of the desired deployment state. The Azure Resource Manager takes care of parallel provisioning with simple rollback.
az group deployment create \ --resource-group $RESOURCE_GROUP \ --mode Complete \ --template-file $TEMPLATE
![Page 11: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/11.jpg)
ARM Template - Minimal{ "$schema": ".../2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { }, "variables": { }, "resources": [ ], "outputs": { }}
![Page 12: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/12.jpg)
ARM Template - Example Storage Account{ "resources":[ { "apiVersion": "2016-01-01", "type": "Microsoft.Storage/storageAccounts", "name": "mystorageaccount", "location": "westeurope", "sku":{ "name": "Standard_LRS" }, "properties":{
} } ]}
![Page 13: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/13.jpg)
ARM Template - Tagging{ "resources":[ { "apiVersion": "2016-01-01", "type": "Microsoft.Storage/storageAccounts", "name": "mystorageaccount", "location": "westeurope", "sku":{ "name": "Standard_LRS" }, "tags": { "costCenter": "finance", "role": "backup" } } ]}
![Page 14: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/14.jpg)
ARM Template Func0ons{ "resources": [{ "type": "Microsoft.Storage/storageAccounts", "kind": "Storage", "name": "[uniqueString(resourceGroup().id)]", "apiVersion": "2016-01-01", "location": "[resourceGroup().location]"}]}
array first index length
numeric add mul div
string substring base64 replace uniquestring
![Page 15: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/15.jpg)
ARM Template Variables{ "variables": { "storageAccountName": "[uniqueString(resourceGroup().id)]" }, "resources": [{ "type": "Microsoft.Storage/storageAccounts", "kind": "Storage", "name": "[variables('storageAccountName')]", "apiVersion": "2016-01-01", "location": "[resourceGroup().location]"}]}
![Page 16: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/16.jpg)
ARM Template Outputs{ "variables": { "storageAccountName": "[uniqueString(resourceGroup().id, 'teststorage')]" }, "resources": [{ "type": "Microsoft.Storage/storageAccounts", "kind": "Storage", "name": "[variables('storageAccountName')]", "apiVersion": "2016-01-01", "location": "[resourceGroup().location]"}], "outputs": { "storageAccountName1": { "type": "string", "value": "[variables('storageAccountName')]" } }}
$ az group deployment create -g $RESOURCE_GROUP --mode Complete --template-file $TEMPLATE{ "name": "teststorage", "properties": { "mode": "Complete", "outputs": { "storageAccountName": { "type": "String", "value": "rzhqnqqrv34ek" } } }}
![Page 17: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/17.jpg)
Template Parameters I{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "addresSpace": { "type": "string" }, "subnetL1Prefix": { "type": "string" } }, "resources": [ { "apiVersion": "2016-03-30", "type": "Microsoft.Network/virtualNetworks", "name": "vnet1", "location": "[resourceGroup().location]", "properties": { "addressSpace": { "addressPrefixes": [ "[parameters('addressSpace')]" ] }, "subnets": [ { "name": "subnetL1", "properties": { "addressPrefix": "[parameters('subnetL1Prefix')]" } }
![Page 18: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/18.jpg)
Template Parameters II{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { "addresSpace": { "value": "10.3.0.0/16" }, "subnetL1Prefix": { "value": "10.3.0.0/24" }, "subnetL2Prefix": { "value": "10.3.1.0/24" } }}
$ az group deployment create -g $RESOURCE_GROUP \ --mode Complete --template-file $TEMPLATE \ --parameters @$PARAMETERS
![Page 19: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/19.jpg)
Protect your Sensi.ve Data
• do NOT put sensi/ve Data in your templates or parameter files
• use secureString and secureObject Types
• run/me retrieval with template func/ons (listKey, list*)
• reference azure Key Vault secrets
• turn of debug, logging in produc/on
![Page 20: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/20.jpg)
Azure Templates are much more complex then simple JSON Files.
• JSON Schema for content
• Content versioning of different resources/resource providers
• parameters and variables
• inline template expression language
• outputs
• template linking
![Page 21: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/21.jpg)
Azure CLI V2
![Page 22: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/22.jpg)
Azure CLI V2
• Build in python
• Autocomple2on
• Different output formats
• Support for jmespath.org
• Generated from swagger defin2ons
• github.com/Azure/azure-cli
![Page 23: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/23.jpg)
$ az storage account list -g $RESOURCE_GROUP [ { "creationTime": "2017-05-27T12:21:46.958192+00:00", "location": "westeurope", "name": "rzhqnqqrv34ek", "primaryEndpoints": { "blob": "https://rzhqnqqrv34ek.blob.core.windows.net/", "file": "https://rzhqnqqrv34ek.file.core.windows.net/", "queue": "https://rzhqnqqrv34ek.queue.core.windows.net/", "table": "https://rzhqnqqrv34ek.table.core.windows.net/" }, "primaryLocation": "westeurope", "provisioningState": "Succeeded", "resourceGroup": "phoffmann", "sku": { "name": "Standard_RAGRS", "tier": "Standard" }, "tags": {}, "type": "Microsoft.Storage/storageAccounts" }]
![Page 24: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/24.jpg)
Table output with tabulate$ az storage account list -g $RESOURCE_GROUP --output table
Location Name ProvisioningState ResourceGroup ----------- ------------- ------------------- ----------------westeurope rzhqnqqrv34ek Succeeded phoffmann
TSV output$ az storage account list -g $RESOURCE_GROUP --output tsv
westeurope rzhqnqqrv34ek Succeeded phoffmann
![Page 25: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/25.jpg)
Jmespath query language support$ az storage account list -g $RESOURCE_GROUP \ --query '[?sku.name == "Standard_RAGS"].{name: name, blob: primaryEndpoints.blob}'
[ { "blob": "https://rzhqnqqrv34ek.blob.core.windows.net/", "name": "rzhqnqqrv34ek" }]
![Page 26: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/26.jpg)
Azure & Ansible
![Page 27: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/27.jpg)
Azure Deployment with Ansible
• Deploy ARM Templates with Ansible
• azure_rm_* modules to deploy resources directly via the REST API
• A dynamic inventory script as a bridge to your server/service ansible deployment
![Page 28: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/28.jpg)
Ansible template deployment- hosts: localhost connection: local tasks:
- azure_rm_deployment: deployment_mode: complete|incremental state: present|absent location: westeurope resource_group: test parameters: newStorageAccountName: value: teststorage template: "{{ lookup('file', 'resource-template.json') }}"
![Page 29: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/29.jpg)
Ansible inline templates- azure_rm_deployment: location: westeurope resource_group_name: test parameters: newStorageAccountName: value: teststorage template: $schema: "https://schema.management.azure.com/schemas/2015-01-01/" contentVersion: "1.0.0.0" resources: - type: "Microsoft.Storage/storageAccounts" name: "[parameters('newStorageAccountName')]" apiVersion: "2016-01-01" location: "westeurope" sku: name: "Standard_RAGRS"
![Page 30: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/30.jpg)
Ansible modules azure_rm_*Deployment- azure - create or terminate a virtual machine in azure- azure_rm_deployment - Create or destroy Azure Resource Manager template deployments- azure_rm_resourcegroup - Manage Azure resource groups.
Networking- azure_rm_virtualnetwork - Manage Azure virtual networks.- azure_rm_subnet - Manage Azure subnets.- azure_rm_securitygroup - Manage Azure network security groups.
Virtual Machines- azure_rm_virtualmachine - Manage Azure virtual machines.- azure_rm_publicipaddress - Manage Azure Public IP Addresses.- azure_rm_networkinterface - Manage Azure network interfaces.
Storage- azure_rm_storageaccount - Manage Azure storage accounts.- azure_rm_storageblob - Manage blob containers and blob objects.
![Page 31: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/31.jpg)
Ansible Basic VM Deployment- name: Create a VM with exiting storage account and NIC azure_rm_virtualmachine: resource_group: Testing name: testvm002 vm_size: Standard_D4 storage_account: testaccount001 admin_username: adminUser ssh_public_keys: - path: /home/adminUser/.ssh/authorized_keys key_data: {{ssh_key}} network_interfaces: testvm001 image: offer: Debian sku: '8' version: latest
![Page 32: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/32.jpg)
Dynamic inventories
ansible-playbook -i ./azure_rm.py azure_deploy.yml
{ "azure": ["frontend", "backend", "jumphost"], "westeurope": ["frontend", "backend", "jumphost"], "testgroup": ["jumphost"], "role": ["jumphost"], "role_dmz": ["jumphost"],}
![Page 33: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/33.jpg)
Ansible Azure Deployment
• only support for limited set of resources
• does not work with latest azure client libraries
• ok for simple tasks, for more complex tasks switch to azure resource manager templates
• dynamic inventory helpful
• using the template deployment and instrumen<ng it with parameters from ansible
![Page 34: Infrastructure as Python Code · - azure_rm_securitygroup - Manage Azure network security groups. Virtual Machines - azure_rm_virtualmachine - Manage Azure virtual machines. - azure_rm_publicipaddress](https://reader033.vdocuments.mx/reader033/viewer/2022050422/5f910cbf45b56d780e2a8aa0/html5/thumbnails/34.jpg)
Infrastructure as Python Code
Peter HoffmannSenior So(ware Engineer
Blue Yonder
@peterhoffmann
github/blue-yonder/documents/