Run Ansible Playbook From Azure DevOps Release Pipeline

In this article, you will learn how to run Ansible Playbook from the Azure DevOps tool. By incorporating Ansible Playbooks into the Azure release pipeline, organizations can achieve streamlined and automated workflows, reducing manual intervention and minimizing the risk of errors. This enhances the efficiency of the release process, accelerates time-to-market, and ensures a standardized and reliable deployment of applications and infrastructure on the Azure platform.

This tutorial assumes that the Ansible utility is installed and enabled for your Project in Azure DevOps.

You can download and install the utility from this link, and get it enabled from your Azure DevOps Administrator.

Related: Learn how to schedule pipelines in Azure DevOps.

How to Run Ansible Playbook From Azure DevOps

Step 1: Create New Release Pipeline

Create a new release pipeline with an empty job.

Step 2: Add Artifacts in Release Pipeline Job

Next, add Azure DevOps in artifacts, as I am using the Azure repository to store our playbook and inventory file. I have already pushed the inventory file and tutorial.yml playbook in my Azure repo branch, ansible-tutorial.

Select your project, repo, and branch to add artifacts in your release pipeline.

xxxxxxxxxx

#tutorial.yml

- hosts: "{{ host }}"

  tasks:

   - name: create a test file for ansible

     shell: touch /tmp/tutorail.yml

Step 3: Upload and Configure Secure Key in Stage 1 for Ansible-Playbook Authentication

Use the SSH key for authentication on my target machine. To pass the SSH key, I will upload it using the Download Secure file utility available.

Download Secure Utility

This is used for storing secure files in your release pipeline like SSH key, SSL certs, and CA certs. During execution, files are downloaded in a temp folder and their path can be accessed by calling the reference variable (shown below). These files are deleted as the release job is completed.

Enter the reference name as shown below. To access the file, use the variable $(<reference name>.secureFilePath).

• Ex: $(pemKey.SecureFilePath)

Step 4: Change File Permission

We will add a shell command-line utility to change the file permission to 400 before using it in the playbook.

I have used $(pemKey.secureFilePath) to access the SSH key.

Step 5: Add and Configure the Ansible Task

Add the Ansible task and enter the playbook path as shown below. For an inventory, the location selects the file and the file path as shown below.

Use additional parameters to pass a variable to the Ansible playbook.

Use additional parameters to pass variables and other command line parameters to the playbook at run time.

To pass the path of the SSH key, I have used ansible_ssh_private_key_file=$(pemKey.secureFilePath). 

Also, you can use the variable ansible_ssh_common_args='-o StrictHostKeyChecking=no' to disable the host key checking in your Ansible playbook, if it's failing due to a host key verification error.

Step 6: Save the Release Pipeline and Create a Release To Run the Playbook

We can see our release completed successfully.

Summary

Ansible playbook ran successfully from Azure DevOps. If you want to use a username and password instead of an SSH key, you can pass the Linux creds using additional parameters using secrets variables so that the creds will be masked, or you can also use a shell command-line utility to set creds in an environment variable and Ansible will read from there.