'How to set target VM for an Azure loadbalancer inbound NAT rule with Ansible-azure?
I need to create an inbound nat rule on my loadbalancer to redirect a certain port to a virtual machine. I've created my loadbalancer like so. I'm on Ansible 2.9.6.
- name: Create loadbalancers
azure_rm_loadbalancer:
resource_group: "{{ item.lb_resource_group }}"
name: "{{ item.lb_name }}"
frontend_ip_configurations: "{{ item.lb_frontend_ip_configurations }}"
backend_address_pools: "{{ item.lb_backend_address_pools }}"
probes: "{{ item.lb_probes }}"
load_balancing_rules: "{{ item.lb_load_balancing_rules }}"
inbound_nat_rules: "{{ item.lb_inbound_nat_rules }}"
with_items:
- "{{ lbs }}"
tags:
- lb
The inbound nat-rule looks like this.
- name: "nat-rule-in"
backend_port: 821
protocol: Tcp
frontend_port: 380
frontend_ip_configuration: "lb-frontend"
I've looked in this documentation and can not find anything that says something about this. Is it not possible to set a target VM for an inbound nat-rule using Ansible or do I need to do it somewhere else?
I've also searched the VM documentation for Ansible-azure but can't find anything related to NAT rules there either.
Solution 1:[1]
Seems as if this really isn't an option with Ansible-azure itself.
I instead used the Azure-CLI with an SPN and ran the command through Ansible using command.
$ sudo apt-get install azure-cli
Within Ansible I used the code below to set the target VM after creating the inbound nat rule.
- name: Create inbound NAT rules
command: az network nic ip-config inbound-nat-rule add --ip-config-name <name> --resource-group <name> --lb-name <name> --nic-name <name> --inbound-nat-rule <name>
Solution 2:[2]
What you need to find is not the azure_rm_virtualmachine module in Ansible, it should be the azure_rm_networkinterface module. You can configure the ip_configurations property of the azure_rm_networkinterface to set the load_balancer_backend_address_pools, this property can associate the VM to the Load Balancer.
Solution 3:[3]
Same issue with az cli ... It costed me a lot of time, glad I found this page. Indeed the way to (currently still) link the NAT rule to a backend is via the ipconfig object of the nic of the VM. https://docs.microsoft.com/en-us/cli/azure/network/nic/ip-config/inbound-nat-rule?view=azure-cli-latest
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | Charles Xu |
| Solution 3 | Phillip |