Thanks for the reply Michael. Basically what I am after is to stop using service principles for Ansible. I've recently learnt that you can use Azure CLi to authenticate, but our dynamic inventory python script uses service principles (the azurerm.py script).
I've also seen that Ansible have released an Azure Resource Manager inventory plugin. Does that replace the azurerm.py dynamic inventory script? If so, how do I configure it to apply playbooks to VMs based on tags? Thanks! On Friday, 9 August 2019 20:53:49 UTC+1, Michael M wrote: > > Hi Steve, > > Not sure if this is what you are asking, but if you just need to find > VMs in Azure by tag, you can do so using az cli like: > > $ az resource list --tag KEY=VALUE --query [].name > > I find the API returns resources much faster when using tags. > > On Fri, Aug 9, 2019 at 7:52 AM Steve Townsend > <[email protected] <javascript:>> wrote: > > > > Another update from me. I've managed to find out that there is a plugin > called Azure Resource Manager inventory plugin. > > > > I've created the simple yaml file and now just seeing if I can get it to > work. If anybody knows how I can use it to grab VMs from Azure based on > tags, I'd love to hear it. > > > > Steve > > On Friday, 9 August 2019 14:52:36 UTC+1, Steve Townsend wrote: > >> > >> Hi All, > >> > >> Thank you for taking a look at my post. > >> > >> I'm trying to figure out if there is a better way to have Ansible > authenticate with Azure when running playbooks. Right now, I've got a > service principle set in my .azure/credentials section which works fine, > but introduces security concerns. The alternative is using Azure AD, but > that seems to need your password in clear text. > >> > >> The only solution I can think of is to write a bash script which will > create a short lived RBAC Service Principle and export the values to my > enviromental variables, run the play-book then get rid of it all. > >> > >> Please somebody tell me there is a magicial way which will work with my > az login? > >> > >> Thanks, > >> Steve > > > > -- > > You received this message because you are subscribed to the Google > Groups "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/8de21aa8-a61b-431a-8d24-7afeff7a9e63%40googlegroups.com. > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f95ffe33-ae6c-4a64-9a18-230dad6f5550%40googlegroups.com.
