Develop Reference

Azure - Unable to change network security group using Ansible

When I'm trying to update the Network security group of a interface, I get the following error.
"msg": "value of public_ip_allocation_method must be one of: Dynamic, Static, got: None found in ip_configurations".
I checked the Azure VM Network Config and there is a public IP set. I also tested by creating a new IP and set the assignment to be Dynamic but still I got the same error as above.
Ansible Code:
- name: Applying NSG to target NIC
azure_rm_networkinterface:
name: "{{ azure_vm_network_interface }}"
resource_group: "{{ resource_group }}"
subnet_name: "{{ azure_network_interface_info.networkinterfaces[0].subnet }}"
virtual_network: "{{ azure_network_interface_info.networkinterfaces[0].virtual_network.name }}"
ip_configurations: "{{ azure_network_interface_info.networkinterfaces[0].ip_configurations }}"
security_group: "/subscriptions/123456/resourceGroups/test-resource-group/providers/Microsoft.Network/networkSecurityGroups/testing_temp_8"
Error:
"ip_configurations": [
{
"application_gateway_backend_address_pools": null,
"application_security_groups": null,
"load_balancer_backend_address_pools": null,
"name": "Ubuntu915",
"primary": true,
"private_ip_address": "10.0.0.5",
"private_ip_address_version": "IPv4",
"private_ip_allocation_method": "Dynamic",
"public_ip_address": "/subscriptions/123456789/resourceGroups/test-resource-group/providers/Microsoft.Network/publicIPAddresses/Ubuntu-915-test",
"public_ip_address_name": "/subscriptions/123456789/resourceGroups/test-resource-group/providers/Microsoft.Network/publicIPAddresses/Ubuntu-915-test",
"public_ip_allocation_method": null
}
],
"location": null,
"log_mode": null,
"log_path": null,
"name": "Ubuntu915",
"open_ports": null,
"os_type": "Linux",
"password": null,
"private_ip_address": null,
"private_ip_allocation_method": "Dynamic",
"profile": null,
"public_ip": true,
"public_ip_address_name": null,
"public_ip_allocation_method": "Dynamic",
"resource_group": "test-resource-group",
"secret": null,
"security_group": "/subscriptions/123456789/resourceGroups/test-resource-group/providers/Microsoft.Network/networkSecurityGroups/fortify_testing_temp_8",
"state": "present",
"subnet_name": "default",
"subscription_id": null,
"tags": null,
"tenant": null,
"virtual_network": "testing-vm_group-vnet"
}
},
"msg": "value of public_ip_allocation_method must be one of: Dynamic, Static, got: None found in ip_configurations"
}

I modified the registered json using json_modify.py and manually specified Dynamic for the key.
- json_modify:
data: "{{ azure_network_interface_info }}"
pointer: "/networkinterfaces/0/ip_configurations/0"
action: update
update: { "public_ip_allocation_method": "Dynamic", "public_ip_address": "{{ azure_ip.publicipaddresses[0].ip_address }}", "public_ip_address_name": "{{ public_ip_address }}" }
register: azure_network_interface_info_modified

Azure DevOps Conditional String Variables

I've got a pipeline I've created that deploys some app settings to all our websites (multiple per file), and I'm trying to conditionally set a variable within the JSON structure without any sort of anti-patterns.
For conditional variables, all we have this syntax:
${{ if endsWith('EXISTING_STRING','MATCH_STRING') }}:
${{ else }}:
This syntax assumes that you're going to put the entirety of the string after condition, though. If my JSON structure is 50 lines long, I don't want to do that. Is there a way to do this without that cluttered code, whilst avoiding any sort of anti-patterns as well?
Here's the Azure Piplines Module:
- task: AzureAppServiceSettings#1
displayName: 'Deploy App Settings'
inputs:
azureSubscription: "${{ parameters.resource_group_name }}"
appName: "wz${{ parameters.default_environment }}"
resourceGroupName: "${{ parameters.resource_group_name }}"
appSettings: |
[
{
"name": "LaunchUrl",
"value": "False",
/* ^^^^
Value I want to be conditional based off:
if endsWith( parameters['default_environment'], 'matchString'
The resulting string also contains parameters.default_environment FYI
*/
"slotSetting": true
},
{
"name": "DisableFHIR",
"value": "False",
"slotSetting": true
},
...
Thanks

Putting conditionals inside a string literal is unfortunately not supported. However, one technique my team uses is define our JSON values as a string parameter and populate it with variables that are evaluated at runtime.
parameters:
- name: appSettings
type: string
default: |
'[
{
"name": "appSetting1",
"value": "$(appSetting1)",
"slotSetting": "true"
}
]'
Personally, I like to go one further and define them as a yaml parameter and then use the convertToJson expression. This avoids the potential for malformed JSON and I can also put comments in the YAML.
parameters:
- name: resource_group_name
type: string
- name: appSettings
type: object
default:
- name: 'LaunchUrl'
value: '$(launchUrl)'
slotSetting: true
- name: 'DisableFHIR'
value: 'false'
slotSetting: true
job:
variables:
${{ if endsWith('prd', parameters.resource_group_name) }}:
launchUrl: https://production.dot.com
${{ else }}:
launchUrl: http://somewhere.else.com
steps:
- task: AzureAppServiceSettings#1
inputs:
azureSubscription: "${{ parameters.resource_group_name }}"
appName: "wz${{ parameters.default_environment }}"
resourceGroupName: "${{ parameters.resource_group_name }}"
appSettings: ${{ convertToJson(parameters.appSettings) }}

Get the response payload of uri GET method

I am trying to fetch the response of an HTTP Get command of Azure resource creation check url. The response payload is either
{
"status": "InProgress"
}
OR
{
"status": "Succeeded"
}
What I want to do is to wait for the creation of the resource until we get "status": "Succeeded" reply. My ansible code is below:
- name: fetch the result of the resource creation command
uri:
url: "{{ new_re.azure_asyncoperation }}"
method: GET
status_code: 200
headers:
Authorization: "Bearer {{ token }}"
register: new_re_result
until: new_re_result.json.status == "Succeeded"
delay: "{{ var_delay }}"
retries: "{{ var_retries }}"
I have tried different solutions in the until property but nothing works. From this ansible code, i get the error below:
{
"msg": "The conditional check 'new_re_result.json.status == \"Succeeded\"' failed. The error was: error while evaluating conditional (new_pe_result.json.status == \"Succeeded\"): 'dict object' has no attribute 'status'",
"_ansible_no_log": false
}
Any idea as a solution?

How to get public IP from Ansible azure_rm_publicipaddress_facts module into a variable to use with add_host?

I'm trying to set up a pipeline for Azure automation with Ansible, all working, except when I try to get the public IP address into a variable to use with add_host.
Here is my example task:
---
- name: Get Public IP
azure_rm_publicipaddress_facts:
resource_group: '{{ my_resource_group }}'
name: '{{ my_name }}'
register: azure_ip
- debug: var=azure_ip verbosity=2
- name: Add new instance to host group
add_host:
hostname: '{{ item.ipAddress }}'
groupname: launched
with_items: azure_ip.azure_publicipaddresses
With this giving me the following error:
fatal: [localhost]: FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined.
However the value is there as shown :
TASK [azure : debug] ***********************************************************
task path: mytest/roles/azure/tasks/get_ip.yml:14
ok: [localhost] => {
"azure_ip": {
"ansible_facts": {
"azure_publicipaddresses": [
{
"etag": “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"id": "/subscriptions/0000000000000/resourceGroups/myrgrp/providers/Microsoft.Network/publicIPAddresses/my_ip_001",
"location": “euwest",
"name": “my_ip_001",
"properties": {
"idleTimeoutInMinutes": 4,
"ipAddress": “20.113.125.63",
"ipConfiguration": {
"id": "/subscriptions/000000000000/resourceGroups/mygrprgrp/providers/Microsoft.Network/networkInterfaces/myrgrp-nic001/ipConfigurations/default"
},
"provisioningState": "Succeeded",
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Dynamic",
"resourceGuid": “fffff-4444444-cccccc"
},
"type": "Microsoft.Network/publicIPAddresses"
}
]
},
"changed": false
}
}
So, I guess I'm missing something, could anybody point me to the right direction?

Change:
- name: Add new instance to host group
add_host:
hostname: '{{ item.ipAddress }}'
groupname: launched
with_items: azure_ip.azure_publicipaddresses
To:
- name: Add new instance to host group
add_host:
hostname: "{{ item.properties.ipAddress }}"
groupname: launched
with_items: "{{ azure_ip.ansible_facts.azure_publicipaddresses }}"
with with_items you need to include the variable in "{{ }}" since a few Ansible versions
key names you referenced seem different from the debug output

Ansible: How to use an Azure RM template in `azure_rm_deployment` module?

I have a virtual machine ARM template built in the following way: refernce
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": { },
"variables": { },
"resources": [ ],
"outputs": { }
}
with parameters.json:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUserName": { "value": "mytestacct1" },
"adminPassword": { "value": "mytestpass1" }
}
}
I can successfully deploy the machine using this template in PowerShell:
New-AzureRmResourceGroupDeployment -ResourceGroupName $rgName -TemplateFile VirtualMachineTemplate.json -TemplateParameterFile Parameters.json
However, if I try to use the same template for Ansible azure_rm_deployment module in the following task:
- name: Ensure the VM is deployed to Azure
azure_rm_deployment:
state: present
resource_group_name: "{{ resource_group_name }}"
template: "{{ lookup('file', 'VirtualMachineTemplate.json') }}"
parameters: "{{ lookup('file', 'Parameters.json') }}"
I get an error:
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "failed_deployment_operations": [], "msg": "Deployment failed with status code: 400 and message: The request content was invalid and could not be deserialized: 'Error converting value \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\" to type 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.Data.Definitions.DeploymentParameterDefinition'. Path 'properties.parameters.$schema', line 1, position 142.'."}
The error is caused by parameters.json. If I define the parameters directly in the task:
- name: Ensure the VM is deployed to Azure
azure_rm_deployment:
state: present
resource_group_name: "{{ resource_group_name }}"
template: "{{ lookup('file', 'VirtualMachineTemplate.json') }}"
parameters:
adminUserName:
value: mytestacct1
adminPassword:
value: mytestpass1
It deploys the machine.
I'm at loss here. Is there a modification required to the template for the Ansible module?
Notes:
At the same time I can provision resources and VMs using azure_rm_storageaccount, azure_rm_virtualmachine, etc. modules, so I guess it's not a library problem; at least not the Microsoft Azure SDK for Python, which is 2.0.0rc5 per requirements.
Just to make sure I also tried with template_link and parameters_link and the error message is the same.

I see this is rather old question, but I note that there's own field parameters in the parameters file, so the right call should be:
- name: Ensure the VM is deployed to Azure
azure_rm_deployment:
state: present
resource_group_name: "{{ resource_group_name }}"
template: "{{ lookup('file', 'VirtualMachineTemplate.json') }}"
parameters: "{{ (lookup('file', 'Parameters.json') | from_json).parameters }}"