I'm trying to manage my Azure cloud with Ansible module with no luck using the official guide.
I've set Service Principal and got credentials, then put them to file $HOME/.azure/credentials as advised:
[default]
subscription_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
client_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
secret=xxxxxxxxxxxxxxxxx
tenant=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
When start test playbook I've got:
"No subscription_id provided. Please set 'AZURE_SUBSCRIPTION_ID' or use the 'subscription_id' parameter"
Then I've set environment variables:
export AZURE_CLIENT_ID=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
export AZURE_SECRET=xxxxxxxxxxxxxxxxx
export AZURE_SUBSCRIPTION_ID=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
export AZURE_TENANT=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Now I've got the error:
"No management_cert_path provided. Please set 'AZURE_CERT_PATH' or use the 'management_cert_path' parameter"
I can successfully log in into my application with Azure CLI:
azure account show
info: Executing command account show
data: Name : Visual Studio Enterprise: BizSpark
data: ID : xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
data: State : Enabled
data: Tenant ID : xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
data: Is Default : true
data: Environment : AzureCloud
data: Has Certificate : No
data: Has Access Token : Yes
data: User name : xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
data:
info: account show command OK
My test playbook:
---
- hosts: localhost
connection: local
tasks:
- name: Azure VM creation
azure:
name: Test_machine
role_size: Basic_A0
image:
offer: CentOS
publisher: OpenLogic
sku: '7.1'
version: latest
location: 'West Europe'
user: admin
password: Password!
storage_account: my-storage-account
wait: yes
p.s. The receipt listed in this question is not suitable to my case.
The azure module is the legacy Service Management module, and will likely be deprecated in Ansible 2.2. Sounds like you're already using ARM, and the guide you're referring to is about ARM, so you should be using the azure_rm_virtualmachine module instead.
Related
I have a 2.x python app and some 3.x python app which are running on google app engine.
Recently, I had updated the 2.x app without any issue. Now, when I'm trying to deploy an update for a 3.x python app, I'm getting an error "Error Response: [7] Failed to create cloud build: Permission denied on"
Services to deploy:
descriptor: [C:\Users\artha\Documents\gae billApp\CbicNtfnAndAutoMailer\app.yaml]
source: [C:\Users\artha\Documents\gae billApp\CbicNtfnAndAutoMailer]
target project: [cbicntfnandautomailer]
target service: [default]
target version: [1]
target url: [https://cbicntfnandautomailer.appspot.com]
target service account: [App Engine default service account]
Do you want to continue (Y/n)? Y
Beginning deployment of service [default]...
#============================================================#
#= Uploading 0 files to Google Cloud Storage =#
#============================================================#
File upload done.
Updating service [default]...failed.
ERROR: (gcloud.app.deploy) Error Response: [7] Failed to create cloud build: Permission denied on 'locations/asia-south1' (or it may not exist)..
Previously, I did not face any issue.
gcloud app describe shows me
authDomain: gmail.com
codeBucket: staging.cbicntfnandautomailer.appspot.com
databaseType: CLOUD_DATASTORE_COMPATIBILITY
defaultBucket: cbicntfnandautomailer.appspot.com
defaultHostname: cbicntfnandautomailer.appspot.com
featureSettings:
splitHealthChecks: true
useContainerOptimizedOs: true
gcrDomain: asia.gcr.io
id: cbicntfnandautomailer
locationId: asia-south1
name: apps/cbicntfnandautomailer
serviceAccount: cbicntfnandautomailer#appspot.gserviceaccount.com
servingStatus: SERVING
I have also tried disabling and re-enabling cloud build, but to no avail...
Can you please advice how to resolve the issue, thanks!!!
EDIT: As a workaround, created a seperate project and deployed there to resolve the issue, but the root cause still remains unknown!!
Check if you reached the limit of build-triggers allowed per region:
Cloud build limits
I'm attempting to retrieve a secret stored in Azure Key Vault with Ansible. I found and installed the azure.azure_preview_modules using ansible-galaxy. I've also updated the ansible.cfg to point to the lookup_plugins directory from the role. When Running the following playbook I get the error:
- hosts: localhost
connection: local
roles:
- { role: azure.azure_preview_modules }
tasks:
- name: Look up secret when ansible host is general VM
vars:
url: 'https://myVault.vault.azure.net/'
secretname: 'SecretPassword'
client_id: 'ServicePrincipalIDHere'
secret: 'ServicePrinipcalPassHere'
tenant: 'TenantIDHere'
debug: msg="the value of this secret is {{lookup('azure_keyvault_secret',secretname,vault_url=url, cliend_id=client_id, secret=secret, tenant_id=tenant)}}"
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'azure_keyvault_secret'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Invalid credentials provided."}
Using the same information I can connect to Azure using AZ PowerShell and AZCLI and retrieve the Azure Key Vault secrets at the commandline. However, those same credentails do not work within this task for the playbook using the lookup plug-in.
I had a similar error when using python sdk (which ansible is built on top of). try changing url to this:
url: 'https://myVault.vault.azure.net' # so remove the trailing slash
the error text is 101% misleading
After much toil I figured out the issue! The argument client_id is misspelled in the example and I didn't catch it which resulted in the error. cliend_id=client_id,
https://github.com/Azure/azure_preview_modules/blob/master/lookup_plugins/azure_keyvault_secret.py#L49
Corrected example below.
- name: Look up secret when ansible host is general VM
vars:
url: 'https://valueName.vault.azure.net'
secretname: 'secretName/version'
client_id: 'ServicePrincipalID'
secret: 'P#ssw0rd'
tenant: 'tenantID'
debug: msg="the value of this secret is {{lookup('azure_keyvault_secret',secretname,vault_url=url, client_id=client_id, secret=secret, tenant_id=tenant)}}"
I am trying to create a resource group in Azure using Ansible. However i am getting following error:
ERROR! no action detected in task
The error appears to have been in '/home/alam/azure/rg.yml': line 6, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
tasks:
- azure_rm_resourcegroup:
^ here
Here is my yml playbook:
- name: Test the inventory script
hosts: azure
connection: local
gather_facts: no
tasks:
- name: "Create a resource group"
azure_rm_resourcegroup:
location: westus
name: Testing
state: present
tags:
delete: never
testing: testing
Command:
ansible-playbook -i ./ansible/contrib/inventory/azure_rm.py rg.yml
Upgrade Ansible to at least version 2.1 (better yet to the latest one). The docs are clear on that requirement:
azure_rm_resourcegroup - Manage Azure resource groups.
New in version 2.1.
If you use an older version, the module name will not be recognised and Ansible will throw an error: "no action detected in task."
Upgrading to 2.2 has resolved the issue. However to create the resources "hosts" should not be "Azure". Change it to "localhost"
We are trying to create and install packages on Azure using Ansible. We are able to create the instance using Ansible Azure module but we are stuck at installing the packages once the VM is created because we don't know what the IP address of the newly created VM is.
We want to complete this in single run. Is this possible?
I've not used the Azure module so could be wrong but you should be able to use register to store some data about the instances you've just created.
You can then pass this data into a dynamically defined host group in a task by iterating through the output of the first task by using the add_host module.
So your playbook may look something like:
- hosts: local
connection: local
tasks:
- name : Create Windows instance
azure :
name: "ben-Winows-23"
hostname: "win123"
os_type: windows
enable_winrm: yes
subscription_id: "{{ azure_sub_id }}"
management_cert_path: "{{ azure_cert_path }}"
role_size: Small
image: 'bd507d3a70934695bc2128e3e5a255ba__RightImage-Windows-2012-x64-v13.5'
location: 'East Asia'
password: "xxx"
storage_account: benooytes
user: admin
wait: yes
virtual_network_name: "{{ vnet_name }}"
register : azure
- name : Debug Azure output
debug :
var : azure
### Assumes that the output from the previous task has an instances key which in turn has a public_ip key. This may need updating to give the proper path to a resolvable hostname or connectable IP. Use the output of the debug task to help with this. ###
- name : Add new instance to host group
add_host :
hostname : {{ item.public_ip }}
groupname : launched
with_items : azure.instances
### Only target newly launched instances from previous play ###
- hosts: launched
tasks:
- name : Start foo service and make it auto start
win_service :
name : foo
start_mode : auto
state : started
- name : Do some thing else
...
i am using azure=0.11.1 and also tried in 1.0.1 version and execute it but i getting same error which mention below, playbook is mention below:
azurevm_yml
---
- local_action:
module: "azure"
name: 'vm_ubuntu1'
role_size: Small
image: '5112500ae3b842c8b9c604889f8753c3__OpenLogic-CentOS-67-20150815'
password: "admin12345#"
location: 'East US 2'
user: admin
wait: yes
subscription_id: 'xxxxxxxxxxxxxx'
management_cert_path: '/ansible-pbook/xxxx.pem'
storage_account: 'storageacc01'
endpoints: '22,8080,80'
register: azure_vm
Error:
root#xxxxx:/ansible-pbook# ansible-playbook azure_vm.yml
ERROR: password is not a legal parameter of an Ansible Play
Please suggest me...
The correct format for a task is something like this:
- local_action: azure
name='vm_ubuntu1'
role_size=Small
image='5112500ae3b842c8b9c604889f8753c3__OpenLogic-CentOS-67-20150815'
password="admin12345#"
location='East US 2'
user=admin
wait=yes
subscription_id='xxxxxxxxxxxxxx'
management_cert_path='/ansible-pbook/xxxx.pem'
storage_account='storageacc01'
endpoints='22,8080,80'
register: azure_vm
All the parameters passed to the module should be in the format of key=value, while attributes to the task/action itself (like register, tags, ignore_errors, etc.) are in the format of attribute: value