Skip to content

Azure DevOps Integration

Overview

Implement CI/CD pipelines for Ansible using Azure DevOps.

Pipeline Configuration

Basic Pipeline

trigger:
  - main

pool:
  vmImage: 'ubuntu-latest'

variables:
  - group: ansible-secrets

stages:
  - stage: Lint
    jobs:
      - job: RunLint
        steps:
          - task: UsePythonVersion@0
            inputs:
              versionSpec: '3.9'

          - script: |
              pip install ansible-lint
              ansible-lint
            displayName: 'Run Ansible Lint'

  - stage: Test
    jobs:
      - job: MoleculeTest
        steps:
          - task: UsePythonVersion@0
            inputs:
              versionSpec: '3.9'

          - script: |
              pip install molecule[docker]
              molecule test
            displayName: 'Run Molecule Tests'

  - stage: Deploy
    jobs:
      - deployment: DeployToProd
        environment: 'production'
        strategy:
          runOnce:
            deploy:
              steps:
                - checkout: self

                - task: InstallSSHKey@0
                  inputs:
                    knownHostsEntry: '$(KNOWN_HOSTS)'
                    sshPublicKey: '$(SSH_PUBLIC_KEY)'
                    sshKeySecureFile: 'id_rsa'

                - task: Bash@3
                  inputs:
                    targetType: 'inline'
                    script: |
                      echo "$(VAULT_PASSWORD)" > .vault_pass
                      ansible-playbook -i inventory/prod \
                        --vault-password-file .vault_pass \
                        site.yml

Variable Groups

Secret Management

variables:
  - group: production-secrets

  - name: environment
    value: 'production'

  - name: ansible_config
    value: './ansible.cfg'

Service Connections

SSH Configuration

steps:
  - task: InstallSSHKey@0
    inputs:
      knownHostsEntry: $(KNOWN_HOSTS)
      sshPublicKey: $(PUBLIC_KEY)
      sshKeySecureFile: id_rsa

Environment Configuration

Approval Gates

environments:
  - name: Production
    checks:
      - approval:
          approvers:
            - [email protected]
            - [email protected]
          minApprovers: 2
          displayName: 'Production Deployment Gate'

Testing Integration

Multi-Stage Testing

stages:
  - stage: Test
    jobs:
      - job: UnitTest
        steps:
          - script: python -m pytest tests/

      - job: IntegrationTest
        steps:
          - script: molecule test

      - job: SecurityScan
        steps:
          - script: |
              pip install bandit
              bandit -r .

Release Pipeline

Deployment Strategy

strategy:
  rolling:
    maxParallel: 5
    deploy:
      steps:
        - task: AnsiblePlaybook@0
          inputs:
            playbook: 'site.yml'
            inventory: 'inventory/prod'

Best Practices

Pipeline Templates

# template.yml
parameters:
  environment: ''

steps:
  - script: |
      ansible-playbook \
        -i inventory/${{ parameters.environment }} \
        site.yml

Artifact Publishing

- task: PublishBuildArtifacts@1
  inputs:
    pathToPublish: '$(Build.ArtifactStagingDirectory)'
    artifactName: 'ansible-artifacts'