Comment utiliser vagrant sous Azure ...

Table des matières

Deux exemples permettant de monter des environnements Linux et Windows à l’aide de Vagrant sur Azure.

Installer le plugin azure

vagrant plugin install vagrant-azure

Azure CLI

Microsoft Azure est pilotable à l’aide d’une CLI qui va notamment nous permettre de lister les images disponibles.

Installation sour Linux

curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
sudo apt-get update
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg

Enregistrement

az login

You have logged in. Now let us find all the subscriptions to which you have access...
[
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx",
    "id": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx",
    "isDefault": true,
    "managedByTenants": [],
    "name": "Azure subscription 1",
    "state": "Enabled",
    "tenantId": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx",
    "user": {
      "name": "xxx@xxxxxxx.onmicrosoft.com",
      "type": "user"
    }
  }
]

Lister les images

az vm image list

[
  {
    "offer": "WindowsServer",
    "publisher": "MicrosoftWindowsServer",
    "sku": "2012-Datacenter",
    "urn": "MicrosoftWindowsServer:WindowsServer:2012-Datacenter:latest",
    "urnAlias": "Win2012Datacenter",
    "version": "latest"
  },
  ...
  {
    "offer": "WindowsServer",
    "publisher": "MicrosoftWindowsServer",
    "sku": "2008-R2-SP1",
    "urn": "MicrosoftWindowsServer:WindowsServer:2008-R2-SP1:latest",
    "urnAlias": "Win2008R2SP1",
    "version": "latest"
  }
]

Switchs complémentaires :

  • Affichage en mode tableau –output table
  • Affichade de la liste complète –all

Vagrant

Installation du plugin

vagrant plugin install vagrant-azure

Machines virtuelles Linux

Dans l’exemple ci-dessous, le provisionnement est réalisé à travers un script qui est recopié puis exécuté sur la machine.

Vagrant.configure('2') do |config|

  config.vm.box = 'azure'
  config.ssh.private_key_path = '~/.ssh/id_rsa'
  config.vm.synced_folder "resources/", "/resources" 
  config.vm.synced_folder ".", "/vagrant", disabled: true

  config.vm.provider :azure do |azure, override|    
      azure.tenant_id = 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
      azure.client_id = 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
      azure.client_secret = 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
      azure.subscription_id = 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
      azure.location = 'westeurope'             
      azure.vm_image_urn = 'Debian:debian-10:10:latest'  
      azure.resource_group_name = 'maquette.me'
      azure.vm_name = 'myvm'       
      azure.vm_size = 'Standard_B1s'
  end

  config.vm.provision "shell", inline: "/resources/script.sh", privileged: false

 end

Images Linux

Name URN
Standard_B1ls Debian:debian-10:10:latest
Standard_B1ls Canonical:UbuntuServer:16.04-LTS:latest
Standard_B1ls Canonical:UbuntuServer:18.04-LTS:18.04.202006101
Standard_B1ls OpenLogic:CentOS:8.0:latest
Standard_B1ls OpenLogic:CentOS:7.5:latest

Machines virtuelles Windows

Exemple de Vagrantfile :

Vagrant.configure('2') do |config|

    config.vm.box = 'azure'
    config.vm.synced_folder ".", "c:\\vagrant", disabled: true

    config.vm.provider :azure do |azure, override|     
        config.vm.communicator = "winrm" 
        config.winrm.port = 5986
        config.vm.guest = :windows
        config.winrm.retry_delay= 3
        config.winrm.transport= :ssl
        config.winrm.ssl_peer_verification= false
        ## Spécifique à Windows 10      
        azure.winrm_install_self_signed_cert= true
        azure.tenant_id = 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
        azure.client_id = 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
        azure.client_secret = 'xxxx.xxx-xxxxxxxxxxxxxxxxx'
        azure.subscription_id = 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
        azure.vm_image_urn = 'MicrosoftWindowsDesktop:office-365:20h1-evd-o365pp:19041.329.2006042019'
        azure.vm_name = 'win10o365'
        azure.resource_group_name ='maquette.me'
        azure.location = 'westeurope'
        azure.instance_ready_timeout = 600
        azure.admin_password = "MySecretPassword4"
        azure.admin_username = "MyAdminUsername"
    end

  #  config.vm.provision "shell", inline: "mkdir c:\\windows\\temp\\zog.zog", privileged: false

    config.vm.provision "ansible" do |ansible|
        ansible.playbook = "./provisioning/playbook.yml"	
    end

 end

Exemple de playbook

- name: Winlogbeat
  hosts: all
  gather_facts: no
  vars:
     ansible_winrm_server_cert_validation: ignore
     ansible_winrm_transport: ntlm
     ansible_connection: winrm
  roles:
   - role: "myRole"

Images windows

Name URN
Windows 10 pro 20h1 MicrosoftWindowsDesktop:Windows-10:20h1-pro:19041.264.2005110456
Windows 10 19.03 avec O365 MicrosoftWindowsDesktop:office-365:1903-evd-o365pp:18362.900.2006061800
Windows 10 20h1 avec O365 MicrosoftWindowsDesktop:office-365:20h1-evd-o365pp:19041.329.2006042019
Windows Server 2019 Datacenter MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest
WindowsServer 2016 MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest
WindowsServer 2012 MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest
WindowsServer 2012 MicrosoftWindowsServer:WindowsServer:2012-Datacenter:latest
WindowsServer 2008 MicrosoftWindowsServer:WindowsServer:2008-R2-SP1:latest

Quelques astuces

Sans cette ligne “config.vm.guest = :windows”

Vagrant n’obtient pas l’adresse de la VM et reste bloqué dans un statut en attente de Winrm.

Lors du provisionnement erreur sur les identifiants :

fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "basic: the specified credentials were rejected by the server", "unreachable": true}

Solution : modifier le transport ansible_winrm_transport: ntlm

Connexion WinRM impossible sous Windows 10

Le plugin Vagrant ne fonctionne pas correctement sur une machine cible “desktop”.

Par défaut, le service WinRM n’est pas démarré en environnement non serveur, le provisionnement ne peut donc pas être réalisé.

Avec l’option azure.winrm_install_self_signed_cert=true on demande au plugin d’exécuter un script de configuration qui génère un certificat autosigné et configure un nouveau listener pour WinRM.

Le problème est que ce script d’installation considère que le service WinRM est déjà démarré.

Il est nécéssaire de modifier le template utilisé par le plugin Vagrant pour démarrer le service WinRM.

~/.vagrant.d/gems/2.6.6/gems/vagrant-azure-2.0.0/templates/arm/setup-winrm.ps1.erb

Restart-Service WinRM -force
Set-Service -name WinRM -StartupType Automatic
$hostname = '<%= dns_label_prefix %>.<%= location %>.cloudapp.azure.com'
$Cert = (New-SelfSignedCertificate -CertstoreLocation Cert:/LocalMachine/My -DnsName $hostname).Thumbprint
$transport = New-Item -Path WSMan:/LocalHost/Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert -Force
cd $transport.PSPath
set-item  ./HostName -value $hostname -force
set-item  ./Port -value <%= winrm_port %> -force
netsh advfirewall firewall add rule name=WinRM_HTTPS dir=in action=allow protocol=TCP localport=<%= winrm_port %>

Commandes utiles

Diagnostiquer une connexion WinRM

$options=New-PSSessionOption -SkipCACheck -SkipCNCheck
Enter-PSSession -ComputerName myHost.westus.cloudapp.azure.com -Credential myUserName -UseSSL -SessionOption $options

Consulter les ressources

https://portal.azure.com/

Lister les tailles disponibles

Valeurs possibles pour az.vm_size

Get-AzureRmVMSize -Location westeurope
Name NumberOfCores MemoryInMB MaxDataDiskCount OSDiskSizeInMB ResourceDiskSizeInMB
Standard_B1ls 1 512 2 1047552 4096
Standard_B1ms 1 2048 2 1047552 4096
Standard_B1s 1 1024 2 1047552 4096
Standard_B2ms 2 8192 4 1047552 16384
Standard_B2s 2 4096 4 1047552 8192
Standard_B4ms 4 16384 8 1047552 32768
Standard_B8ms 8 32768 16 1047552 65536
Standard_B12ms 12 49152 16 1047552 98304
Standard_B16ms 16 65536 32 1047552 131072
Standard_B20ms 20 81920 32 1047552 163840
Standard_D1_v2 1 3584 4 1047552 51200
Standard_D2_v2 2 7168 8 1047552 102400
Standard_D3_v2 4 14336 16 1047552 204800
Standard_D4_v2 8 28672 32 1047552 409600
Standard_D5_v2 16 57344 64 1047552 819200
Standard_D11_v2 2 14336 8 1047552 102400
Standard_D12_v2 4 28672 16 1047552 204800
Standard_D13_v2 8 57344 32 1047552 409600
Standard_D14_v2 16 114688 64 1047552 819200
Standard_D2_v2_Promo 2 7168 8 1047552 102400
Standard_D3_v2_Promo 4 14336 16 1047552 204800
Standard_D4_v2_Promo 8 28672 32 1047552 409600
Standard_D5_v2_Promo 16 57344 64 1047552 819200
Standard_D11_v2_Promo 2 14336 8 1047552 102400
Standard_D12_v2_Promo 4 28672 16 1047552 204800
Standard_D13_v2_Promo 8 57344 32 1047552 409600
Standard_D14_v2_Promo 16 114688 64 1047552 819200
Standard_F1 1 2048 4 1047552 16384
Standard_F2 2 4096 8 1047552 32768
Standard_F4 4 8192 16 1047552 65536
Standard_F8 8 16384 32 1047552 131072
Standard_F16 16 32768 64 1047552 262144
Standard_DS1_v2 1 3584 4 1047552 7168
Standard_DS2_v2 2 7168 8 1047552 14336
Standard_DS3_v2 4 14336 16 1047552 28672
Standard_DS4_v2 8 28672 32 1047552 57344
Standard_DS5_v2 16 57344 64 1047552 114688
Standard_DS11-1_v2 2 14336 8 1047552 28672
Standard_DS11_v2 2 14336 8 1047552 28672
Standard_DS12-1_v2 4 28672 16 1047552 57344
Standard_DS12-2_v2 4 28672 16 1047552 57344
Standard_DS12_v2 4 28672 16 1047552 57344
Standard_DS13-2_v2 8 57344 32 1047552 114688
Standard_DS13-4_v2 8 57344 32 1047552 114688
Standard_DS13_v2 8 57344 32 1047552 114688
Standard_DS14-4_v2 16 114688 64 1047552 229376
Standard_DS14-8_v2 16 114688 64 1047552 229376
Standard_DS14_v2 16 114688 64 1047552 229376
Standard_DS2_v2_Promo 2 7168 8 1047552 14336
Standard_DS3_v2_Promo 4 14336 16 1047552 28672
Standard_DS4_v2_Promo 8 28672 32 1047552 57344
Standard_DS5_v2_Promo 16 57344 64 1047552 114688
Standard_DS11_v2_Promo 2 14336 8 1047552 28672
Standard_DS12_v2_Promo 4 28672 16 1047552 57344
Standard_DS13_v2_Promo 8 57344 32 1047552 114688
Standard_DS14_v2_Promo 16 114688 64 1047552 229376

Related