Develop Reference

Azure Ansible - Doesn't fetch IPConfiguration Public IP Method

When I try to fetch the IP configuration of the network interface, I see that public_ip_allocation_method is set to NULL even though it is dynamic in Azure portal. I even tested by creating a new IP yet it shows NULL.
As a result I'm unable to modify network interface settings like Security Group, I get the error value of public_ip_allocation_method must be one of: Dynamic, Static, got: None found in ip_configurations
- name: Applying NSG to target NIC
azure_rm_networkinterface:
name: "{{ azure_vm_network_interface }}"
resource_group: "{{ resource_group }}"
subnet_name: "{{ azure_network_interface_info.networkinterfaces[0].subnet }}"
virtual_network: "{{ azure_network_interface_info.networkinterfaces[0].virtual_network.name }}"
ip_configurations: "{{ azure_network_interface_info.networkinterfaces[0].ip_configurations }}"
security_group: "/subscriptions/123456/resourceGroups/test-resource-group/providers/Microsoft.Network/networkSecurityGroups/testing_temp_8"
Output:
"ip_configurations": [
{
"application_gateway_backend_address_pools": null,
"application_security_groups": null,
"load_balancer_backend_address_pools": null,
"name": "Ubuntu915",
"primary": true,
"private_ip_address": "10.0.0.5",
"private_ip_address_version": "IPv4",
"private_ip_allocation_method": "Dynamic",
"public_ip_address": "/subscriptions/123456789/resourceGroups/test-resource-group/providers/Microsoft.Network/publicIPAddresses/Ubuntu-915-test",
"public_ip_address_name": "/subscriptions/123456789/resourceGroups/test-resource-group/providers/Microsoft.Network/publicIPAddresses/Ubuntu-915-test",
"public_ip_allocation_method": null
}
],

Azure SDK for Go - can get a KeyVault but can't get KeyVault.Properties

I am currently working with the Azure SDK for Go. Everything was going fine until I ran into the following issue:
keyVault, err := client.Get(context.Background(), "NAME_OF_RESOURCE_GROUP", "NAME_OF_KEY_VAULT")
When I run this:
log.Print(*keyVault.Name)
It show the name of the Key Vault which is good.
However when I try anything to do with:
*keyVault.Properties.EnableSoftDelete
I get - null
I can see the Vault Properties on the model:
type Vault struct {
autorest.Response `json:"-"`
// Properties - Properties of the vault
Properties *VaultProperties `json:"properties,omitempty"`
// ID - READ-ONLY; The Azure Resource Manager resource ID for the key vault.
ID *string `json:"id,omitempty"`
// Name - READ-ONLY; The name of the key vault.
Name *string `json:"name,omitempty"`
// Type - READ-ONLY; The resource type of the key vault.
Type *string `json:"type,omitempty"`
// Location - The supported Azure location where the key vault should be created.
Location *string `json:"location,omitempty"`
// Tags - The tags that will be assigned to the key vault.
Tags map[string]*string `json:"tags"`
}
But no matter what I try I they are never anything but null
Any help would be great.

Ok so I realised what the issue is.
If EnableSoftDelete is not set or maybe has never been set then instead of this being true:
*keyVault.Properties.EnableSoftDelete = false
This is true:
*keyVault.Properties.EnableSoftDelete = null
So here is an Azure REST API response where soft delete is not enabled and has never been disabled:
{
"id": "/subscriptions/***/resourceGroups/rg-prd-aus-dislqmwkcq/providers/Microsoft.KeyVault/vaults/kv-prd-aus-dislqmwkcq",
"name": "kv-prd-aus-dislqmwkcq",
"type": "Microsoft.KeyVault/vaults",
"location": "australiasoutheast",
"tags": {
"example_key_vault_1": "example-kv"
},
"properties": {
"sku": {
"family": "A",
"name": "premium"
},
"tenantId": "***",
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Deny",
"ipRules": [
{
"value": "0.0.0.0/0"
}
],
"virtualNetworkRules": []
},
"accessPolicies": [],
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": false,
"vaultUri": "https://***.azure.net/",
"provisioningState": "Succeeded"
}
}

Sending .Net Core application settings to kubernetes pods as environment variables

I'm hosting some stuff as an AppService in Azure and use environment variables to differentiate settings for different slots (test, dev etc).
If the AppSettings.json file contains a structure like:
{
"ConnectionString": {
"MyDb": "SomeConnectionString"
}
}
I can set the environment variable "ConnectionString:MyDb" to "SomeConnectionString" and .Net Core will understand that the : means child level.
But in Kubernetes I cannot use : as part of the environment key. Is there another way to handle hierarchy or do I need to switch to flat settings?

I believe you are referring to the env in the container definition for a Pod. From the YAML/JSON perspective, I don't see a problem with specifying a : in a key for an environment variable. You can also put it within quotes and should be valid JSON/YAML:
# convert.yaml
apiVersion: v1
kind: Pod
metadata:
name: envar-demo
labels:
purpose: demonstrate-envars
spec:
containers:
- name: envar-demo-container
image: dotnetapp
env:
- name: ConnectionString:Mydb
value: ConnectionString
Same in JSON:
$ kubectl convert -f convert.yaml -o=json
{
"kind": "Pod",
"apiVersion": "v1",
"metadata": {
"name": "envar-demo",
"creationTimestamp": null,
"labels": {
"purpose": "demonstrate-envars"
}
},
"spec": {
"containers": [
{
"name": "envar-demo-container",
"image": "dotnetapp",
"env": [
{
"name": "ConnectionString:Mydb",
"value": "ConnectionString"
}
],
"resources": {},
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "Always"
}
],
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 30,
"dnsPolicy": "ClusterFirst",
"securityContext": {},
"schedulerName": "default-scheduler"
},
"status": {}
}
However, looks like this was a known issue with Windows/.NET applications. An attempt to fix it has been tried and ditched due to the fact the this is not valid in Bash. But looks like they settled to use the __ instead of : workaround

Yes, example
In the Appsettings.json
"ConnectionStrings": {
"Azure": "Server=tcp:uw2qdisa
In the manifest.yml
env:
- name: ConnectionStrings__Azure
valueFrom:
configMapKeyRef:
name: config-disa
key: ConnectionStrings
Explanation on Kubernetes
Some .Net Core applications expect environment variables with a colon (:) in the name. Kubernetes currently does not allow this. Replace colon (:) with double underscore (__) as documented here.

How to get public IP from Ansible azure_rm_publicipaddress_facts module into a variable to use with add_host?

I'm trying to set up a pipeline for Azure automation with Ansible, all working, except when I try to get the public IP address into a variable to use with add_host.
Here is my example task:
---
- name: Get Public IP
azure_rm_publicipaddress_facts:
resource_group: '{{ my_resource_group }}'
name: '{{ my_name }}'
register: azure_ip
- debug: var=azure_ip verbosity=2
- name: Add new instance to host group
add_host:
hostname: '{{ item.ipAddress }}'
groupname: launched
with_items: azure_ip.azure_publicipaddresses
With this giving me the following error:
fatal: [localhost]: FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined.
However the value is there as shown :
TASK [azure : debug] ***********************************************************
task path: mytest/roles/azure/tasks/get_ip.yml:14
ok: [localhost] => {
"azure_ip": {
"ansible_facts": {
"azure_publicipaddresses": [
{
"etag": “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"id": "/subscriptions/0000000000000/resourceGroups/myrgrp/providers/Microsoft.Network/publicIPAddresses/my_ip_001",
"location": “euwest",
"name": “my_ip_001",
"properties": {
"idleTimeoutInMinutes": 4,
"ipAddress": “20.113.125.63",
"ipConfiguration": {
"id": "/subscriptions/000000000000/resourceGroups/mygrprgrp/providers/Microsoft.Network/networkInterfaces/myrgrp-nic001/ipConfigurations/default"
},
"provisioningState": "Succeeded",
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Dynamic",
"resourceGuid": “fffff-4444444-cccccc"
},
"type": "Microsoft.Network/publicIPAddresses"
}
]
},
"changed": false
}
}
So, I guess I'm missing something, could anybody point me to the right direction?

Change:
- name: Add new instance to host group
add_host:
hostname: '{{ item.ipAddress }}'
groupname: launched
with_items: azure_ip.azure_publicipaddresses
To:
- name: Add new instance to host group
add_host:
hostname: "{{ item.properties.ipAddress }}"
groupname: launched
with_items: "{{ azure_ip.ansible_facts.azure_publicipaddresses }}"
with with_items you need to include the variable in "{{ }}" since a few Ansible versions
key names you referenced seem different from the debug output

Ansible: How to use an Azure RM template in `azure_rm_deployment` module?

I have a virtual machine ARM template built in the following way: refernce
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": { },
"variables": { },
"resources": [ ],
"outputs": { }
}
with parameters.json:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUserName": { "value": "mytestacct1" },
"adminPassword": { "value": "mytestpass1" }
}
}
I can successfully deploy the machine using this template in PowerShell:
New-AzureRmResourceGroupDeployment -ResourceGroupName $rgName -TemplateFile VirtualMachineTemplate.json -TemplateParameterFile Parameters.json
However, if I try to use the same template for Ansible azure_rm_deployment module in the following task:
- name: Ensure the VM is deployed to Azure
azure_rm_deployment:
state: present
resource_group_name: "{{ resource_group_name }}"
template: "{{ lookup('file', 'VirtualMachineTemplate.json') }}"
parameters: "{{ lookup('file', 'Parameters.json') }}"
I get an error:
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "failed_deployment_operations": [], "msg": "Deployment failed with status code: 400 and message: The request content was invalid and could not be deserialized: 'Error converting value \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\" to type 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.Data.Definitions.DeploymentParameterDefinition'. Path 'properties.parameters.$schema', line 1, position 142.'."}
The error is caused by parameters.json. If I define the parameters directly in the task:
- name: Ensure the VM is deployed to Azure
azure_rm_deployment:
state: present
resource_group_name: "{{ resource_group_name }}"
template: "{{ lookup('file', 'VirtualMachineTemplate.json') }}"
parameters:
adminUserName:
value: mytestacct1
adminPassword:
value: mytestpass1
It deploys the machine.
I'm at loss here. Is there a modification required to the template for the Ansible module?
Notes:
At the same time I can provision resources and VMs using azure_rm_storageaccount, azure_rm_virtualmachine, etc. modules, so I guess it's not a library problem; at least not the Microsoft Azure SDK for Python, which is 2.0.0rc5 per requirements.
Just to make sure I also tried with template_link and parameters_link and the error message is the same.

I see this is rather old question, but I note that there's own field parameters in the parameters file, so the right call should be:
- name: Ensure the VM is deployed to Azure
azure_rm_deployment:
state: present
resource_group_name: "{{ resource_group_name }}"
template: "{{ lookup('file', 'VirtualMachineTemplate.json') }}"
parameters: "{{ (lookup('file', 'Parameters.json') | from_json).parameters }}"