ansible - NSG Configuration Management

Question

I am looking for a tool or some way to manage the Azure NSG configuration. NSG rules are changed manually on ad-hoc basis at the moment. I am looking to implement this NSG config change in more scripted fashion so that I can track the changes history as well.

I am looking at Git based repository of NSG where all ARM templates for NSG with different parameter files and run via those via Azure powershell or running as part of Azure Devops CI/CD pipeline.

I am not sure if Ansible can help with this management of NSGs or Terraform can help.

I love to think about Ansible for this. Anyone knows about this requirement how NSG can be managed.

Thank you

question from:https://stackoverflow.com/questions/65912291/nsg-configuration-management

Answer 1

You can manage Azure NSG configuration via ARM template, Teffaform and Ansible.

• ARM template

1,You can check out below examples to create ARM Template to manage Azure NSG.

Create a Network Security Group.

How to create NSGs using a template

Please check the official document for more examples.

2, After the ARM template is created and pushed to your git repo. You can create azure pipeline to automate the deployment. See tutorial here.

3, Then you need to create an azure Resource Manager service connection to connect your Azure subscription to Azure devops. See this thread for an example.

4, In your azure devops pipeline. You can use ARM template deployment task to deploy the ARM template.

steps:
- task: AzureResourceManagerTemplateDeployment@3
  displayName: 'ARM Template deployment: Resource Group scope'
  inputs:
    azureResourceManagerConnection: 'azure Resource Manager service connection'
    subscriptionId: '...'
    resourceGroupName: '...'
    location: 'East US'
    csmFile: azuredeploy.json
    csmParametersFile: azuredeploy.parameters.json 

• Teffaform

1, Create Teffaform configuration file. See example here.

Check out terraform-azurerm-network-security-group module for more information.

2, Upload Teffaform configuration file to git repo. Create Azure devops pipeline

3, Create azure Resource Manager service connection like above using ARM template.

4, Use Terraform task in the azure devops pipeline.

steps:
- task: ms-devlabs.custom-terraform-tasks.custom-terraform-installer-task.TerraformInstaller@0
  displayName: 'Install Terraform 0.12.3'

- task: ms-devlabs.custom-terraform-tasks.custom-terraform-release-task.TerraformTaskV1@0
  displayName: 'Terraform : azurerm'
  inputs:
    command: apply
    environmentServiceNameAzureRM: 'azure Resource Manager service connection'

• Ansible

1, Create Ansible playbook with plugin azure.azcollection.azure_rm_securitygroup

Please check out the example here.

2,Upload ansible playbook to git repo. Create Azure devops pipeline. Use Ansible task in your pipeline.

Please check out this detailed tutorial for more information about how to run ansible playbook in azure devops pipeline.

• Azure powershell/Azure CLI commands

You can using azure powershell or azure cli commands to manage azure nsg. And run the commands in Azure powershell task or azure cli task in azure devops pipeline.

Please check out this document for more information.