Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to know the best practices for using Ansible for deploying resources in Azure.
Azure Bastion Service is a PaaS Service, that is used to provide SSH or RDP Connectivity to VMs in Azure via Browser
- Let's not confuse this with the VM you have created and named as bastion.
- So, we shall call this VM as "vmNamedBastion"
Now,
- For installing Ansible in an Azure VM , You can refer : Configure Ansible on an Azure VM
- This example uses a Linux distros (CentOS)
- From the official Ansible documentation, I see there are some restrictions with using a Windows server.
-
Point to Note:
- Just because you have installed Ansible on an Azure VM, does not mean you can use Ansible and deploy resources directly in Azure.
- You still have to authenticate your requests like you would do in a regular server.
- Because Azure VM only provides you Data plane connectivity to Azure and not Control Plane connectivity.
- i.e., Just like you should sign in to use Azure Portal even if you are inside an Azure VM.
- To configure authentication, refer Create Azure credentials
- Official documentation on how to get the credentials : https://docs.ansible.com/ansible/latest/scenario_guides/guide_azure.html
- From here, you should be able to Write and run Ansible playbooks
To Summarize:
#1 "confused on where to run ansible and there is no way for me to install ansible on that bastion host"
- You can refer to this for installation guide
#2 "how the connection works"
- The connection is via Public Internet
- The authentication can be done Service Principal or using Azure Active Directory Username/Password
- I would prefer and suggest using Service Principal as AAD auth does not support "Multi-Factor Authentication"
These documents may come in handy:
Thanks,
Kapil.
Please Accept an answer if correct.
Original posters help the community find answers faster by identifying the correct answer.