I need to use the azure cli from within a linux virtual machine. There are two contraints:
cannot use/store the credentials used for creating the VM on the VM.
the login/authentication need to be automated (non-interactive)
On AWS, I can use instance profiles for such scenario, but I am unable to find any feasible approach for Azure. Any help is greatly appreciated.
If you are using Azure CLI 2.0, you can use az login with the --msi parameter to log in using the Virtual Machine's identity. See the az login documentation for more information.
az login —msi has been deprecated (See here) as of v2.0.22.
The new method is to use the —identity option. ie. az login —identity. See az login docs for more information.
This is how it was resolved for me ,
you need to be logged in to azure portal in your browser
type az login --use-device-code in your ssh terminal
It gives you a URL and a code , enter the URL in the same browser that you were logged in to azure portal and enter the code in the pop up window
choose your email user for the azure portal in the next window and
you will be logged in to azure cli in your ssh terminal
Related
For a long time was using Terraform with Azure and it worked fine. Now for any reason the az cli command it doens't work.
I'm getting follow error:
AADSTS500200: User account 'xxxx ' is a personal Microsoft account. Personal Microsoft accounts are not supported for this application unless explicitly invited to an organization. Try signing out and signing back in with an organizational account.
I've already upgrade az cli versin to 2.42 but problem perists. Even using incognito mode couldn't login to Azure.
Instead of using az login, via browser I'm able to login to azure cloud without issues.
The problem was related with Az cloud list. The active azure cloud was "AzureUSGovernment" instead of "AzureCloud". Once enabled "AzureCloud" issue got fixed.
az cloud set --name AzureCloud
Try the below commands to clear the cache.
az account clear
az login
or
az login --tenant [tenant id]
I'm currently trying to enable VM Login on a Windows 2019 Server with Azure AD Credentials. For this I have followed the Microsoft Documentation: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows
I have tried by creating a new user as type "member" in my Azure AD. Then I have created a Windows Server 2019 VM with "Login with Azure AD" enabled as shown in the documentation. Afterwards I have given the "Virtual Machine Administrator Login" Role to the new User. Then I have tried to login to the VM using the new user credentials. Unfortunately it didn't work. I encounter the "Your Credentials did not work" error message.
With the local user I can login to the VM. I have tried to de- and reinstall the "Microsoft.Azure.ActiveDirectory.AADLoginForWindows" Extension. I have checked the VM with the command: "dsregcmd/status", whether th VM is really Azure AD joined.
Has someone done it before and know why it doesn't work? What have I done wrong?
Best regards!
I tried to reproduce the same in my environment and added successfully
I have added user and created VM with Windows Server 2019 enabled Login with Azure AD. While creating azure vm make sure to give username and password same as azure ad user Credentials.
Verify whether you have added AADLoginForWindows Extension in Azure as below:
Downloaded RDP file and tried to login it shows me an error. To resolve this issue, use different account use "\" try to login as below.
<VMname>\Username or localhost\username and password
Make sure you are using the correct credentials When RDP VM using Azure AD credentials, in order to log in, you can also reset your password try logging in if still error appears.
Once RDP has opened try to Join a Windows 10 Device to Azure AD and on your Windows 10 Azure VM -> system properties -> remote setting -> uncheck Allow connections only from computers as below:
To add azure ad user to RDP user group Run the command prompt as administrator like blow:
net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
Account should be AzureAD\USERNAME#DOMAIN.onmicrosoft.com type.
To confirm the Azure AD user has been added run this Get-LocalGroupMember -Name "Remote Desktop users" in powershell .
And then, I modify the azure vm RDP file. If you modify this file in before u will get an error, Click Download RDP File -> right click open with notepad file and try to add like below and save
address:s:IPADDRESS:3389
prompt for credentials:i:0
authentication level:i:2
enablecredsspsupport:i:0
username:s:USERNAME#DOMAIN.onmicrosoft.com
domain:s:AzureAD
And try to connect with this RDP file. make sure you need to use AzureAD\username#domain.onmicrosoft.com. if you are enter only the Azure AD user account without the domain it may cause an error.
Reference: Assign Azure roles using the Azure portal - Azure RBAC | Microsoft Learn
I'm having problems finding a SQL server in Azure portal. The SQL server is apparently running as I can connect to it with both AzureAD credentials and SQL credentials via SSMS. The apps using databases from the SQL server is also working.
But I can't find it in Azure? I've tried checking portal.azure.com with all our logins, but no luck.
Anyone has any tips?
Double check if you have chosen the same directory and subscription under you account if you have more than one. And If you remember your resource group name, just to rule out any transient issue in web portal, you can try the below:
Install Azure CLI from here or use cloud CLI and run below commands in order
Login to your account, result lists all the subscription in your account.
az login
Verify your preferred subscription is set
az account show
See your SqlDB details:
az sql db show --name YourSqlDbName --server YourSqlServerName --resource-group YourResourceGroupName
You'll see all he details, if it exists.
Turns out I had to log in with my admin account and go to portal.azure.com/customer.domain
I have created a docker container and generated final artifact of my azure function app code. Azure Cli is already installed in the container. Is it possible to deploy to Azure using Azure Cli and pass the credentials along?
I tried the following command (example credentials):
az functionapp deployment user set --user-name "MY_USER" --password "MY_PASS" --subscription "MY_SUBSCRIPTION"
But it results in the following error:
Subscription 'MY_SUBSCRIPTION' not recognized. ValidationError: Please run 'az login' to setup account.
If I login (which requires entering a pass code to a browser), then the command above seems to be working.
This is going to be part of CI/CD and manual login is not a solution. Any ideas?
You would need to use a service principle to authenticate. But since you mentioned you are using Jenkins, fortunately there are rich set of plugins available for different Azure resources which can handle the authentication for you if you setup in your Jenkins dashboard. For example, in this case you are using az cli for which you can install https://plugins.jenkins.io/azure-cli/
Yes, you need to be authenticated. Here you have several authentication options: Sign in with Azure CLI
Authenticating with a service principal is the best way to write secure scripts or programs
Sign in with a service principal
I want to create a VM instance on azure through ansible/shell script from my machine.
ways i have found
Installing az cli on my machine, az login and create instance.
Problem with az cli :In this way i can create instance but i need a session login for infinite time unless i logout. If i logout or system logs me out then i have to login manually with portal to cli which i don't want.If there is any automate process to login with keys or passwords.
can anyone suggesst me how can i acheive ?
For your requirement, you can use the service principal to login both for the Azure CLI and ansible. In this way, it works as the username and password so that you need not log in with portal.
You can follow steps via the Azure CLI command to create the service principal and use it to log in. And the ansible steps here.