azure.azcollection.azure_rm_webapp module – Manage Web App instances
Note
This module is part of the azure.azcollection collection (version 3.0.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install azure.azcollection.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: azure.azcollection.azure_rm_webapp.
New in azure.azcollection 0.1.2
Synopsis
Create, update and delete instance of Web App.
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.7
The host that executes this module must have the azure.azcollection collection installed via galaxy
All python packages listed in collection’s requirements.txt must be installed via pip on the host that executes modules from azure.azcollection
Full installation instructions may be found https://galaxy.ansible.com/azure/azcollection
Parameters
Parameter |
Comments |
|---|---|
Active Directory username. Use when authenticating with an Active Directory user rather than service principal. |
|
Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. |
|
Keeps the app loaded even when there’s no traffic. Choices:
|
|
Selects an API profile to use when communicating with Azure services. Default value of Default: |
|
Configure web app application settings. Suboptions are in key value pair format. |
|
Start/Stop/Restart the web app. Choices:
|
|
Use to control if tags field is canonical or just appends to existing tags. When canonical, any tags not found in the tags parameter will be removed from the object’s metadata. Choices:
|
|
Controls the source of the credentials to use for authentication. Can also be set via the When set to When set to When set to When set to When set to The Choices:
|
|
Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing Choices:
|
|
Whether or not to send session affinity cookies, which route client requests in the same session to the same instance. Choices:
|
|
Azure client ID. Use when authenticating with a Service Principal or Managed Identity (msi). Can also be set via the |
|
For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, Default: |
|
Web app container settings. |
|
Name of the container, for example To create a multi-container app, the name should be ‘COMPOSE|’ or ‘KUBE|’ followed by base64 encoded configuration. |
|
The container registry server password. |
|
Container registry server URL, for example |
|
The container registry server user name. |
|
Deployment source for git. |
|
The branch name of the repository. |
|
Repository url of deployment source. |
|
Determines whether or not instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By setting this to **True**, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy. Set via credential file profile or the Choices:
|
|
Set of run time framework settings. Each setting is a dictionary. See https://docs.microsoft.com/en-us/azure/app-service/app-service-web-overview for more info. |
|
Name of the framework. Supported framework list for Windows web app and Linux web app is different. Windows web apps support Windows web apps support multiple framework at the same time. Linux web apps support Linux web apps support only one framework. Java framework is mutually exclusive with others. Choices:
|
|
List of settings of the framework. |
|
Name of Java container. Supported only when frameworks=java. Sample values |
|
Version of Java container. Supported only when frameworks=java. Sample values for |
|
Version of the framework. For Linux web app supported value, see https://aka.ms/linux-stacks for more info.
|
|
The state of the FTP/FTPS service. Choices:
|
|
Configures a web site to allow clients to connect over HTTP 2.0. Choices:
|
|
Configures web site to accept only https requests. Choices:
|
|
Identity for the Object |
|
Type of the managed identity Choices:
|
|
User Assigned Managed Identities and its options Default: |
|
If the list of identities has to be appended to current identities (true) or if it has to replace current identities (false) Choices:
|
|
List of the user assigned identities IDs associated to the Object Default: |
|
Resource location. If not set, location from the resource group will be used as default. |
|
Parent argument. |
|
Parent argument. |
|
The minimum TLS encryption version required for the app. Choices:
|
|
Unique name of the app to create or update. To create or update a deployment slot, use the {slot} parameter. |
|
Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. |
|
App service plan. Required for creation. Can be name of existing app service plan in same resource group as web app. Can be the resource ID of an existing app service plan. For example /subscriptions/<subs_id>/resourceGroups/<resource_group>/providers/Microsoft.Web/serverFarms/<plan_name>. Can be a dict containing five parameters, defined below.
|
|
Security profile found in ~/.azure/credentials file. |
|
Purge any existing application settings. Replace web app application settings with app_settings. Choices:
|
|
Name of the resource group to which the resource belongs. |
|
Repository type of deployment source, for example List of supported values maintained at https://docs.microsoft.com/en-us/rest/api/appservice/webapps/createorupdate#scmtype. |
|
Azure client secret. Use when authenticating with a Service Principal. |
|
Configuration settings for the Azure App Service Authentication / Authorization feature. |
|
Gets a JSON string containing the Azure AD Acl settings. |
|
Login parameters to send to the OpenID Connect authorization endpoint when a user logs in. Each parameter must be in the form “key=value”. |
|
Allowed audience values to consider when validating JWTs issued by Azure Active Directory. |
|
External URLs that can be redirected to as part of logging in or logging out of the app. Note that the query string part of the URL is ignored. |
|
The path of the config file containing auth settings. If the path is relative, base will the site’s root directory. |
|
The Client ID of this relying party application, known as the client_id. |
|
The Client Secret of this relying party application (in Azure Active Directory, this is also referred to as the Key). |
|
An alternative to the client secret, that is the thumbprint of a certificate used for signing purposes. This property acts as a replacement for the Client Secret. It is also optional. |
|
The app setting name that contains the client secret of the relying party application. |
|
The ConfigVersion of the Authentication / Authorization feature in use for the current app. The setting in this value can control the behavior of the control plane for Authentication / Authorization. |
|
The default authentication provider to use when multiple providers are configured. Choices:
|
|
Whether enable or disable the Authentication / Authorization feature for the current app. Choices:
|
|
The App ID of the Facebook app used for login. |
|
The App Secret of the Facebook app used for Facebook Login. |
|
The app setting name that contains the app secret used for Facebook Login. |
|
The OAuth 2.0 scopes that will be requested as part of Facebook for Facebook Login. |
|
The Client Id of the GitHub app used for login. |
|
The Client Secret of the GitHub app used for Github Login. |
|
The app setting name that contains the client secret of the Github app used for GitHub Login. |
|
The OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. This setting is optional. |
|
The OpenID Connect Client ID for the Google web application. |
|
The client secret associated with the Google web application. |
|
The app setting name that contains the client secret associated with the Google web application. |
|
The OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. This setting is optional. If not specified, “openid”, “profile”, and “email” are used as default scopes. |
|
If is_auth_from_file=true, the auth config settings should be read from a file. Choices:
|
|
The OpenID Connect Issuer URI that represents the entity which issues access tokens for this application. |
|
Kind of resource. |
|
The OAuth 2.0 client ID that was created for the app used for authentication. This setting is required for enabling Microsoft Account authentication. |
|
The OAuth 2.0 client secret that was created for the app used for authentication. |
|
The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. |
|
The OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. |
|
The RuntimeVersion of the Authentication / Authorization feature in use for the current app. |
|
The number of hours after session token expiration that a session token can be used to call the token refresh API. |
|
Whether to use App Service Token Store. Choices:
|
|
The OAuth 1.0a consumer key of the Twitter application used for sign-in. |
|
The OAuth 1.0a consumer secret of the Twitter application used for sign-in. This setting is required for enabling Twitter Sign-In. |
|
The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. |
|
The action to take when an unauthenticated client attempts to access the app. Choices:
|
|
The web’s startup file. Used only for Linux web apps. |
|
State of the Web App. Use Choices:
|
|
Your Azure subscription Id. |
|
Dictionary of string:string pairs to assign as metadata to the object. Metadata tags on the object will be updated with any provided values. To remove tags set append_tags option to false. Currently, Azure DNS zones and Traffic Manager services also don’t allow the use of spaces in the tag. Azure Front Door doesn’t support the use of Azure Automation and Azure CDN only support 15 tags on resources. |
|
Azure tenant ID. Use when authenticating with a Service Principal. |
|
The thumbprint of the private key specified in x509_certificate_path. Use when authenticating with a Service Principal. Required if x509_certificate_path is defined. |
|
Path to the X509 certificate used to create the service principal in PEM format. The certificate must be appended to the private key. Use when authenticating with a Service Principal. |
Notes
Note
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
az login.Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
See Also
See also
- Sign in with Azure CLI
How to authenticate using the
az logincommand.
Examples
- name: Create a windows web app with non-exist app service plan
azure_rm_webapp:
resource_group: myResourceGroup
name: myWinWebapp
plan:
resource_group: myAppServicePlan_rg
name: myAppServicePlan
is_linux: false
sku: S1
- name: Create a docker web app with some app settings, with docker image
azure_rm_webapp:
resource_group: myResourceGroup
name: myDockerWebapp
plan:
resource_group: myAppServicePlan_rg
name: myAppServicePlan
is_linux: true
sku: S1
number_of_workers: 2
app_settings:
testkey: testvalue
testkey2: testvalue2
container_settings:
name: ansible/ansible:ubuntu1404
- name: Create a docker web app with private acr registry
azure_rm_webapp:
resource_group: myResourceGroup
name: myDockerWebapp
plan: myAppServicePlan
app_settings:
testkey: testvalue
container_settings:
name: ansible/ubuntu1404
registry_server_url: myregistry.io
registry_server_user: user
registry_server_password: "{{ password }}"
- name: Create a multi-container web app
azure_rm_webapp:
resource_group: myResourceGroup
name: myMultiContainerWebapp
plan: myAppServicePlan
app_settings:
testkey: testvalue
container_settings:
name: "COMPOSE|{{ lookup('file', 'docker-compose.yml') | b64encode }}"
- name: Create a linux web app with Node 6.6 framework
azure_rm_webapp:
resource_group: myResourceGroup
name: myLinuxWebapp
plan:
resource_group: myAppServicePlan_rg
name: myAppServicePlan
app_settings:
testkey: testvalue
frameworks:
- name: "node"
version: "18"
- name: Create a windows web app with node, php
azure_rm_webapp:
resource_group: myResourceGroup
name: myWinWebapp
plan:
resource_group: myAppServicePlan_rg
name: myAppServicePlan
app_settings:
testkey: testvalue
frameworks:
- name: "node"
version: 18
- name: "php"
version: 8.2
- name: Create a stage deployment slot for an existing web app
azure_rm_webapp:
resource_group: myResourceGroup
name: myWebapp/slots/stage
plan:
resource_group: myAppServicePlan_rg
name: myAppServicePlan
app_settings:
testkey:testvalue
- name: Create a linux web app with java framework
azure_rm_webapp:
resource_group: myResourceGroup
name: myLinuxWebapp
plan:
resource_group: myAppServicePlan_rg
name: myAppServicePlan
app_settings:
testkey: testvalue
frameworks:
- name: "java"
version: "8"
settings:
java_container: "Tomcat"
java_container_version: "8.5"
- name: Create a windows web app with site_auth_settings
azure_rm_webapp:
resource_group: myResourceGroup
name: myWindowWebapp
site_auth_settings:
client_id: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
default_provider: 'MicrosoftAccount'
runtime_version: '-2'
token_refresh_extension_hours: 120
unauthenticated_client_action: 'RedirectToLoginPage'
client_secret: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
token_store_enabled: false
enabled: true
is_auth_from_file: false
plan:
resource_group: myResourceGroup
name: myLinuxwebapp
is_linux: false
sku: S1
- name: Create a linux web app with python framework
azure_rm_webapp:
resource_group: myResourceGroup
name: myLinuxWebapp
plan:
resource_group: myAppServicePlan_rg
name: myAppServicePlan
app_settings:
testkey: testvalue
frameworks:
- name: "python"
version: "3.10"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
ID of current web app. Returned: always Sample: |