Azure service principle

Sorry if this has already been covered elsewhere. Not sure if the following is possible, but would appreciate any assistance people could provide.

Environment: Azure
Hosts : Linux and Windows.

Can i connect to the OS of the hosts (via SSH or WinRM) using a service principle or Azure managed identity? i plan on giving the service principle or managed identity the “Virtual Machine Administrator Login” role to then allow the relevant playbooks to be run.

I don’t have any experience with Azure, but Microsoft does have documentation for using Ansible with Azure. It looks like the short answer is “yes” you can use service principles for Ansible in Azure.

Things you’ll be interested in:

  1. Get Started - Configure Ansible using Azure Cloud Shell | Microsoft Learn
  2. Get Started - Configure Ansible on an Azure VM | Microsoft Learn
  3. Quickstart - Create an Azure service principal for Ansible | Microsoft Learn
  4. Tutorial - Configure dynamic inventories for Azure Virtual Machines using Ansible | Microsoft Learn
  5. Azure.Azcollection — Ansible Community Documentation

Thanks for the reply.

Looking at the links you provided, they appear to be more related to creating and managing azure resources using ansible with the service principle.

I am hoping it is possible to connect to the vm via ssh or winrm using the service principle using something like the anisble_user and/or ansible_password variables.

This is an older link, and is more about enabling the dynamic inventory with Azure managed identities, but they are pinging hosts as part of the demo after enabling the dynamic inventory.

Configure Ansible to use a Managed Identity with Azure Dynamic Inventory - Microsoft Community Hub

So, they might be using MSI for authenticating to inventory, but then the configuration docs from Microsoft seem to imply that you need to configure SSH keys or password auth for VM’s.