Skip to main content

Azure Example

In this example we will use ansible to configure CentOS on Azure.

The project can be found in azure-ansible

  • Hardening using a ready collection
  • Operating system update
  • Resolv.conf
  • MOTD
  • Docker installation
  • NTP

The proposal is not to use scripts, only ansible playbooks. I won't explain ansible playbooks, but how we can use them.

There is the ansible plugin, but in the case of this project we will copy the playbooks inside the source vm and run the playbooks from inside the machine to configure it, that's why we use localhost.

For the playbook to execute, it is necessary to have ansible installed and the necessary collections. That's why a shell provisioner was separated to first prepare everything before just executing the playbook.

Azure Source​

In the case of the source for Azure, it is necessary to pay attention to some details

Since use_azure_cli_auth = true, you need to previously execute the az login command. This will make it easier not to have to pass the following parameters that I left commented if necessary.

  • client_id = var.client_id
  • client_secret = var.client_secret
  • tenant_id = var.tenant_id
  • subscription_id = var.subscription_id

Note that for these parameters I preferred to get them from variables and these use previously exported values. This will already help in the case of pipelines.

Example:

variable "client_secret" {
  description = "AZURE Client Secret"
  type        = string
  default     = env("AZURE_CLIENT_SECRET")
}

In this case it would be necessary to export.

export ARM_CLIENT_ID=xxxxx-xxxx-xxxx-xxx-xxx
export ARM_CLIENT_SECRET=xxxxx-xxxx-xxxx-xxx-xxx
export ARM_SUBSCRIPTION_ID=xxxxx-xxxx-xxxx-xxx-xxx
export ARM_TENANT_ID=xxxxx-xxxx-xxxx-xxx-xxx

Clouds name regions and VMs differently. That's why I created a map for both and we just pass 1 value and it will automatically fetch the correct name. Here's the tip. This is very good for multiple sources at the same time.

Another detail is that I chose an image that is not community, that is, free, so it is necessary to pass the plan as well.

source "azure-arm" "azure" {

  # client_id       = var.client_id
  # client_secret   = var.client_secret
  # tenant_id       = var.tenant_id
  # subscription_id = var.subscription_id

  use_azure_cli_auth = true

  plan_info {
    plan_publisher = var.image_publisher
    plan_product   = var.image_offer
    plan_name      = var.image_sku
  }

  os_type         = "Linux"
  image_publisher = var.image_publisher
  image_offer     = var.image_offer
  image_sku       = var.image_sku

  managed_image_resource_group_name = "packer"
  managed_image_name                = local.full_image_name

  azure_tags = var.vm_tags

# See the maps in locals and conditions in variables.

  location = local.map_regions[var.region]["azure"]
  vm_size  = var.instance_sizes["azure"]
}

Running the project

packer init . --upgrade
packer build "./vars/centos7.pkr.hcl" .