I am trying to deploy Spinnaker to a K8s cluster using Halyard running on an Ubuntu 16.04 VM. The Kubernetes cluster is deployed on Azure Kubernetes Service.
I am following the instructions here to add an Azure account to Halyard: https://www.spinnaker.io/setup/install/providers/azure/
I get the error in the last steps.
hal config provider azure account add my-azure-account --client-id $APP_ID --tenant-id $TENANT_ID --subscription-id $SUBSCRIPTION_ID --default-key-vault $VAULT_NAME --default-resource-group $RESOURCE_GROUP --app-key
The appKey (password) of your service principal.:
Get current deployment
Success
Add the my-azure-account account
Failure Problems in default.provider.azure: ! ERROR Error
instantiating Azure credentials: The subscription ‘XXX-XX-X-XXXXXX’
could not be found. ? Follow instructions here
https://aka.ms/azspinconfig to setup azure credentials.
Failed to add account my-azure-account for provider azure.
Has anyone successfully deployed Spinnaker on Azure using Halyard?
I see the following errors in halyard.log:
Failure Problems in default.provider.azure: ! ERROR Error
instantiating Azure credentials: The subscription ‘XXX-XX-X-XXXXXX’
could not be found.
Kindly verify the subscription ID which you are passing in Azure account.
First, make sure the provider is enabled:
hal config provider azure enable
Next, run the following hal command to add an account named my-azure-account to your list of Azure accounts:
hal config provider azure account add my-azure-account \
--client-id $APP_ID \
--tenant-id $TENANT_ID \
--subscription-id $SUBSCRIPTION_ID \
--default-key-vault $VAULT_NAME \
--default-resource-group $RESOURCE_GROUP \
--app-key
Related
I am deploying a static react web app into azure static website (blob storage) using the command
While doing so I am doing it through Azure CLI (Inline command).
az storage blob upload-batch -s ./ -d '$web' \
--account-name <storage_acct_name> \
--account-key <storage_acct_key>
This command gives me an error
2022-11-17T08:27:29.5243851Z ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly.
2022-11-17T08:27:29.5244667Z Get Token request returned http error: 400, reason: Bad Request
2022-11-17T08:27:29.5274714Z ##[error]Error Code: [1]
2022-11-17T08:27:29.5283948Z ##[error]Error: Azure login failed using Managed Service Identity
2022-11-17T08:27:29.5285668Z ##[error]Script failed with error: ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly.
What could be possible solution to get over this issue.
I tried in my environment and successfully deployed static web app in $Web.
Before running the command make sure you have logged in with current credentials:
az login --tenant xxxx-xxxxxxxxxxxxxx-xxxxx”
Command:
az storage blob upload-batch -d '$web' -s < path > --account-name <account name > --account-key "<account key>
Console:
Portal:
Reference:
azure - Configuration of Managed Service Identity(MSI) - Stack Overflow for pipeline problems.
Getting token from Cloud Shell intermittently fails with 400 Client Error: Bad Request · Issue #11749 · Azure/azure-cli · GitHub
I am following this tutorial, running az cli(v 2.11) on my MacOS locally:
https://learn.microsoft.com/en-us/learn/modules/provision-infrastructure-azure-pipelines/6-run-terraform-remote-storage
after following a few steps including this one:
az storage account create --name tfsa$UNIQUE_ID --resource-group tf-storage-rg --sku Standard_LRS
and have run this command:
az storage container list --query "[].{name:name}" --output tsv
i receive the following:
HTTPSConnectionPool(host='mystorageaccount20822.blob.core.windows.net', port=443): Max retries exceeded with url: /?comp=list&maxresults=5000 (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x10d2566a0>: Failed to establish a new connection: [Errno 8] nodename nor servname provided, or not known'))
The above command works in cloud shell, but fails in my local shell (running v 2.20, up to date)
on cloud shell i do get this warning though:
There are no credentials provided in your command and environment, we
will query for the account key inside your storage account. Please
provide --connection-string, --account-key or --sas-token as
credentials, or use --auth-mode login if you have required RBAC
roles inyour command. For more information about RBAC roles in
storage, visit
https://learn.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli.
I had previously created a mystorageaccount20822 a couple weeks ago but deleted it... my AZ CLI is still bound to this previous account? Is there a way to tell my az cli (on mac) to sync up with the current resources i have running. In Azure Portal mystorageaccount20822 does NOT exist.
Does Azure CLI cache some values or something? is there some hidden config file that has the old 'mystorageaccount20822' set and the CLI is trying to reference that each time instead of the new account named tfsa$UNIQUE_ID ?
After running the command with debug:
az storage container list --debug --account-name tfsa$UNIQUE_ID --query [].name --output tsv
I was able to see that it was setting it.
It turns out it had set the environment variable 'AZURE_STORAGE_CONNECTION_STRING' from a tutorial a few days ago, which was overriding a property when the command was sent, to use an old examples value. After unsetting that environment variable, the command worked.
When I try to deploy an Azure Function to the cloud using... func azure functionapp publish appName --build remote --publish-local-settings
...I receive the following error
Getting site publishing info...
Remote build is a new feature added to function apps.
Your function app appName does not support remote build as it was created before August 1st, 2019.
Please use '--build local' or '--build-native-deps'.
For more information, please visit https://aka.ms/remotebuild
EVEN THOUGH THE APP WAS LITERALLY JUST CREATED IN AZURE PORTAL.
System:
- Running VS Code on Ubuntu 18.04
Steps to reproduce:
Create a new Function App (and support resources) using az cli
Python runtime
Consumption plan
StandardV2 Storage plan
AppInsights
Create new Function (scaffolding) using VS Code Azure Functions extension
Create __init__.py and configure local.settings.json
Open a terminal; cd to Function folder
Run func azure functionapp publish appName --build remote --publish-local-settings
Fails everytime with the message above
Tried so far:
- Substituting --build local.
- Looks like it wants to work, but fails with error
There was an error restoring dependencies. ERROR: cannot install cryptography-2.9.2 dependency: binary dependencies without wheels are not supported when building locally. Use the "--build remote" option to build dependencies on the Azure Functions build server, or "--build-native-deps" option to automatically build and configure the dependencies using a Docker container. More information at https://aka.ms/func-python-publish
Not going to try:
- --build-local-deps because I don't want a docker instance for my Function App
Please advise. This is painful at this point.
In my case, I was provisioning an azurerm_linux_function_app with terraform and got this error. The error turned out to be caused by me forgetting to specify the storage_account_access_key setting. The docs even mention
One of storage_account_access_key or storage_uses_managed_identity must be specified when using storage_account_name.
But terraform does not actually check that when applying your configuration, resulting in a cryptic error message much later in the process.
Here is what was found today:
I initially created the Function App Storage Account with...
# Create a Function App Storage Account
az storage account create \
--name $fa_storage_name \
--resource-group $rg_name \
--access-tier Cool \
--default-action Deny \
--kind StorageV2 \
--subscription $az_sub
--location $az_loc \
--sku Standard_LRS
Changed this to...
# Create a Function App Storage Account
az storage account create \
--name $fa_storage_name \
--resource-group $rg_name \
--location $az_loc \
--sku Standard_LRS
...and was able to get past that error. The way I stumbled onto this was using the --buld local flag. It gave me a MUCH MORE ACCURATE error. Something along the lines of Check your storage account dude.
(thank you Marcelo!)
I'm trying to create an Azure DevOps service endpoint to connect to Azure Resource Manager and to deploy my app into a App Service.
When I go to Azure DevOps > Project Properties and create a Service Endpoint using the UI (Automated dialog) it works fine and my app can be deployed to App Service from a yaml pipeline, BUT, when I try to replicate it thru the Azure CLI it doesn't work (the build fails to deploy complaining about the Service Principal).
This is my code:
az_account=$(az account show)
az_subscription_id=$(echo $az_account |jq -r '.id')
az_subscription_name=$(echo $az_account |jq -r '.name')
az_tenant_id=$(echo $az_account |jq -r '.tenantId')
az_service_principal=$(az ad sp create-for-rbac -n "my-app-service-principal")
az_service_principal_password=$(echo $az_service_principal|jq -r '.password')
az_service_principal_id=$(az ad sp list --all | jq -c '.[] | select( .appDisplayName | contains("my-app-service-principal"))'| jq -r '.objectId')
export AZURE_DEVOPS_EXT_AZURE_RM_SERVICE_PRINCIPAL_KEY=$az_service_principal_password
az devops service-endpoint azurerm create --azure-rm-service-principal-id $az_service_principal_id --azure-rm-subscription-id $az_subscription_id --azure-rm-subscription-name $az_subscription_name --azure-rm-tenant-id $az_tenant_id --name my-app-service-endpoint
How should I create this Service Enpoint programatically with the Azure CLI?
Updated with the Azure DevOps error:
Your script simply creates the Service Principal but it is not giving any permission to the SP.
I would add some lines like these to create a Resource Group and scope permission to it
az_service_principal_appid = $(echo $az_service_principal|jq -r '.appId')
az group create --name myrg --location westeurope
az role assignment create --role Contributor --assignee $az_service_principal_appid --resource-group myrg
Clearly you need to think how to arrange your resources and SPs: you may need many of both depending on your architecture.
I´m using az functionapp create for creating function ap in Azure, where apparts of creating the function app it also hooks it to a bitbucket repo. I´m using parametere --deployment-source-url -u but it seems is not working this way and is giving me an error. This is done by a jenkin file pipeline
node {
stage('Azure Login') {
withCredentials([azureServicePrincipal('6-8afd-ae40e9cf1e74')]) {
sh 'az login --service-principal -u $AZURE_CLIENT_ID -p $AZURE_CLIENT_SECRET -t $AZURE_TENANT_ID'
sh 'az account set -s $AZURE_SUBSCRIPTION_ID'
}
}
stage('Build Azure FuntionApp') {
sh 'az functionapp create -g $RG_NAME -p $SP_NAME -n grey-$JOB_NAME-$BUILD_NUMBER -s $SA_NAME --deployment-source-url https:// bitbucket.org/xxxx/functions/s***strong text***rc/develop --debug'
}
If I put --deployment-source-url -u https://user#bitbucket.org I get:
ERROR: az functionapp create: error: argument
--deployment-source-url/-u: expected one argument
I tried without the -u just : --deployment-source-url https://#bitbucket.org
and the job gets done, but the link with bitbucket repos is not made. Getting this:
So how is it that this work? how come if I put user it says invalid argument and if I don´t it pases but It can find user. Does anyone ever used this command to create a function app? thanks!
If you want to create azure function via azure-cli, you could change the deployment resource url after --deployment-source-url. You could refer to my command to create a function with a blob trigger, replace the url of yours. It works fine on my side.
Note: The Access level should be public, you could check it in Settings like the screenshot below.
az functionapp create --deployment-source-url https://bitbucket.org/xxx/azure-function --resource-group resourcegroupname --consumption-plan-location westeurope --name joyfun22 --storage-account <storage_name>
Besides, you also can use a github repository to create a function.
For example, to use the command below to create a function with a blob trigger.
az functionapp create --deployment-source-url https://github.com/Joyw1/Azure-Function-Trigger --resource-group myResourceGroup --consumption-plan-location westeurope --name <app_name> --storage-account <storage_name>
Update:
If your Access level is private. You need a access token to access your bitbucket repository. Please follow the steps bellow.
1.Go to the Bitbucket Labs -> Access Management -> OAuth -> Add consumer
More details, refer to this link.
2.Enable authenticated git deployment with Azure CLI
#!/bin/bash
gitrepo=<Replace with your GitHub repo URL e.g. https://github.com/Azure-Samples/functions-quickstart.git>
token=<Replace with a GitHub access token>
# Enable authenticated git deployment
az functionapp deployment source update-token \
--git-token $token
For complete command, refer to this link.