20. 12. 2022 Lorenzo Candeago Development, DevOps

A Simple and Portable Dockerfile for Working with Azure and Ansible

For our use case, we need to be able to deploy Azure machines using Ansible from developer’s laptops and from our own CI/CD infrastructure both on Jenkins and OpenShift.

The easiest way to ship a working and easy-to-use environment for our use case is to create a Docker instance: we based our Docker on rockylinux 9, since our product, NetEye 4, is based on RedHat.

In the following Dockerfile, we installed the ansible-core package and added the Microsoft repositories for the azure-cli package.

We then install the azure.azcollection collection from ansible-galaxy, to use Azure with Ansible, using pip to also install the needed dependencies.

Note that currently the azure-cli package is ~700MB alone, so it won’t be a super tiny Docker image.

FROM rockylinux:9

RUN yum check-update; \
    yum install -y python3 python3-pip sshpass openssh-clients ansible-core; \
    yes | rpm --import https://packages.microsoft.com/keys/microsoft.asc; \
    yum install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm; \
    yum install -y azure-cli; \
    ansible-galaxy collection install azure.azcollection; \
    yum clean all -y;

RUN pip3 install -r ~/.ansible/collections/ansible_collections/azure/azcollection/requirements-azure.txt

After creating the container, we need to set up authentication for the Microsoft account. This can be done in two ways: for developers who are running the Docker instance on their own machine, the easiest way is to log in to the host system using az login and then mount the folder ~/.ansible in /root/.ansible inside the docker.

docker run -v ~/.azure:/root/.azure -it azure-provisioner bash

and then the playbook that runs inside the docker should already have the Azure credentials of the host machine.

We can check that the login actually worked from inside the container:

[root@475fa243ab45 /]# az account show
{
  "environmentName": "AzureCloud",
  "homeTenantId": "***",
  "id": "**",
[...]
}

For the ci/cd case it’s a bit more complicated, and it involves Azure service principal. I’ll describe this in a future blog post.

These Solutions are Engineered by Humans

Did you find this article interesting? Are you an “under the hood” kind of person? We’re really big on automation and we’re always looking for people in a similar vein to fill roles just like this and other roles here at Würth Phoenix.