Hi all,
I was looking for some help debugging an unusual issue I'm seeing
with azure.azcollection and the azure-cli in an Ansible execution
environment.
TL;DR, if I manually build a container, pip install ansible-core,
ansible-galaxy install the azure.azcollection, then pip install its
requirements, install azure-cli, setup a dynamic inventory plugin, az login
and then run ansible-inventory, everything works.
If I use ansible-builder to accomplish the same end result,
ansible-inventory fails with the following stack trace:
[root@3209917451f4 runner]# ansible-inventory -i inventory/azure_rm.yml
--graph
[WARNING]: * Failed to parse /runner/inventory/azure_rm.yml with auto
plugin: Failed to get credentials. Either pass as parameters, set
environment variables, define a profile in ~/.azure/credentials, or install
Azure CLI and log in (`az login`).
[WARNING]: * Failed to parse /runner/inventory/azure_rm.yml with ini
plugin: Invalid host pattern 'plugin:' supplied, ending in ':' is not
allowed, this character is reserved to provide a port.
[WARNING]: Unable to parse /runner/inventory/azure_rm.yml as an inventory
source
[WARNING]: No inventory was parsed, only implicit localhost is available
@all:
|--@ungrouped:
[root@3209917451f4 runner]# ansible-inventory -vvv -i
inventory/azure_rm.yml --graph
ansible-inventory [core 2.15.2]
config file = /runner/project/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules',
'/usr/share/ansible/plugins/modules']
ansible python module location =
/usr/local/lib/python3.11/site-packages/ansible
ansible collection location =
/root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible-inventory
python version = 3.11.4 (main, Jun 7 2023, 00:00:00) [GCC 13.1.1
20230511 (Red Hat 13.1.1-2)] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = True
Using /runner/project/ansible.cfg as config file
Using inventory plugin
'ansible_collections.azure.azcollection.plugins.inventory.azure_rm' to
process inventory source '/runner/inventory/azure_rm.yml'
[WARNING]: * Failed to parse /runner/inventory/azure_rm.yml with auto
plugin: Failed to get credentials. Either pass as parameters, set
environment variables, define a profile in ~/.azure/credentials, or install
Azure CLI and log in (`az login`).
File
"/usr/local/lib/python3.11/site-packages/ansible/inventory/manager.py",
line 293, in parse_source
plugin.parse(self._inventory, self._loader, source, cache=cache)
File
"/usr/local/lib/python3.11/site-packages/ansible/plugins/inventory/auto.py",
line 59, in parse
plugin.parse(inventory, loader, path, cache=cache)
File
"/usr/share/ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py",
line 221, in parse
self._credential_setup()
File
"/usr/share/ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py",
line 242, in _credential_setup
self.azure_auth = AzureRMAuth(**auth_options)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File
"/usr/share/ansible/collections/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py",
line 1514, in __init__
self.fail("Failed to get credentials. Either pass as parameters, set
environment variables, "
File
"/usr/share/ansible/collections/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py",
line 1640, in fail
self._fail_impl(msg)
File
"/usr/share/ansible/collections/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py",
line 1643, in _default_fail_impl
raise AzureRMAuthException(msg)
[WARNING]: * Failed to parse /runner/inventory/azure_rm.yml with ini
plugin: Invalid host pattern 'plugin:' supplied, ending in ':' is not
allowed, this character is reserved to provide a port.
File
"/usr/local/lib/python3.11/site-packages/ansible/inventory/manager.py",
line 293, in parse_source
plugin.parse(self._inventory, self._loader, source, cache=cache)
File
"/usr/local/lib/python3.11/site-packages/ansible/plugins/inventory/ini.py",
line 137, in parse
raise AnsibleParserError(e)
[WARNING]: Unable to parse /runner/inventory/azure_rm.yml as an inventory
source
[WARNING]: No inventory was parsed, only implicit localhost is available
@all:
|--@ungrouped:
This is in a running instance of the ansible-builder built container, az
login has successfully run, I can az account show/az vm list and see the
subscription, tennant ID, resources etc.
I've done all the usual Googling and as much RTFMing as I can but haven't
found anything that would explain the difference in behaviour. More debug
info below from the non-working ansible-builder container in case it helps.
The behaviour persists whether podman or docker is used for the build. The
only thing that seems obviously different between the two scenarios is that
ansible-builder is building the EE with dumb-init?
Any suggestions are greatly appreciated.
Cheers,
Will.
--
[root@3209917451f4 runner]# cat inventory/azure_rm.yml
plugin: azure.azcollection.azure_rm
auth_source: auto
[root@3209917451f4 runner]# cat project/ansible.cfg
[inventory]
enable_plugins = auto, ini
[root@3209917451f4 runner]# ansible-galaxy collection list
# /usr/share/ansible/collections/ansible_collections
Collection Version
------------------ -------
azure.azcollection 1.16.0
[root@3209917451f4 runner]# python3 -m pip freeze | grep ansible
ansible-core==2.15.2
ansible-runner==2.3.3
[root@3209917451f4 runner]# python3 -m pip freeze
adal==1.2.7
ansible-core==2.15.2
ansible-runner==2.3.3
antlr4-python3-runtime==4.10.1
applicationinsights==0.11.9
argcomplete==1.12.3
azure-appconfiguration==1.1.1
azure-batch==13.0.0
azure-cli==2.49.0
azure-cli-core==2.34.0
azure-cli-telemetry==1.0.6
azure-common==1.1.11
azure-containerregistry==1.1.0
azure-core==1.25.1
azure-cosmos==3.2.0
azure-data-tables==12.4.0
azure-datalake-store==0.0.49
azure-graphrbac==0.61.1
azure-identity==1.7.0
azure-keyvault==1.1.0
azure-keyvault-administration==4.3.0
azure-keyvault-certificates==4.7.0
azure-keyvault-keys==4.8.0b2
azure-keyvault-secrets==4.7.0
azure-loganalytics==0.1.0
azure-mgmt-advisor==9.0.0
azure-mgmt-apimanagement==3.0.0
azure-mgmt-appconfiguration==3.0.0
azure-mgmt-appcontainers==2.0.0
azure-mgmt-applicationinsights==1.0.0
azure-mgmt-authorization==2.0.0
azure-mgmt-automation==1.0.0
azure-mgmt-batch==5.0.1
azure-mgmt-batchai==7.0.0b1
azure-mgmt-billing==6.0.0
azure-mgmt-botservice==2.0.0b3
azure-mgmt-cdn==11.0.0
azure-mgmt-cognitiveservices==13.3.0
azure-mgmt-compute==26.1.0
azure-mgmt-consumption==2.0.0
azure-mgmt-containerinstance==9.0.0
azure-mgmt-containerregistry==9.1.0
azure-mgmt-containerservice==20.0.0
azure-mgmt-core==1.3.0
azure-mgmt-cosmosdb==6.4.0
azure-mgmt-databoxedge==1.0.0
azure-mgmt-datafactory==2.0.0
azure-mgmt-datalake-analytics==0.2.1
azure-mgmt-datalake-store==1.0.0
azure-mgmt-datamigration==10.0.0
azure-mgmt-devtestlabs==9.0.0
azure-mgmt-dns==8.0.0
azure-mgmt-eventgrid==10.2.0b2
azure-mgmt-eventhub==10.1.0
azure-mgmt-extendedlocation==1.0.0b2
azure-mgmt-hdinsight==9.0.0
azure-mgmt-imagebuilder==1.2.0
azure-mgmt-iotcentral==10.0.0b1
azure-mgmt-iothub==2.2.0
azure-mgmt-iothubprovisioningservices==1.1.0
azure-mgmt-keyvault==10.0.0
azure-mgmt-kusto==0.3.0
azure-mgmt-loganalytics==12.0.0
azure-mgmt-managedservices==6.0.0
azure-mgmt-managementgroups==1.0.0
azure-mgmt-maps==2.0.0
azure-mgmt-marketplaceordering==1.1.0
azure-mgmt-media==9.0.0
azure-mgmt-monitor==3.0.0
azure-mgmt-msi==7.0.0
azure-mgmt-netapp==10.0.0
azure-mgmt-network==19.1.0
azure-mgmt-notificationhubs==7.0.0
azure-mgmt-nspkg==2.0.0
azure-mgmt-policyinsights==1.1.0b2
azure-mgmt-privatedns==1.0.0
azure-mgmt-rdbms==10.0.0
azure-mgmt-recoveryservices==2.0.0
azure-mgmt-recoveryservicesbackup==3.0.0
azure-mgmt-redhatopenshift==1.2.0
azure-mgmt-redis==13.0.0
azure-mgmt-relay==0.1.0
azure-mgmt-resource==21.1.0
azure-mgmt-search==8.0.0
azure-mgmt-security==3.0.0
azure-mgmt-servicebus==7.1.0
azure-mgmt-servicefabric==1.0.0
azure-mgmt-servicefabricmanagedclusters==1.0.0
azure-mgmt-servicelinker==1.2.0b1
azure-mgmt-signalr==1.1.0
azure-mgmt-sql==3.0.1
azure-mgmt-sqlvirtualmachine==1.0.0b5
azure-mgmt-storage==19.0.0
azure-mgmt-synapse==2.1.0b5
azure-mgmt-trafficmanager==1.0.0b1
azure-mgmt-web==6.1.0
azure-multiapi-storage==1.1.0
azure-nspkg==2.0.0
azure-storage-blob==12.11.0
azure-storage-common==1.4.2
azure-synapse-accesscontrol==0.5.0
azure-synapse-artifacts==0.15.0
azure-synapse-managedprivateendpoints==0.4.0
azure-synapse-spark==0.2.0
bcrypt==3.2.2
certifi==2022.9.24
cffi==1.15.1
chardet==5.1.0
charset-normalizer==3.1.0
colorama==0.4.6
cryptography==40.0.2
Deprecated==1.2.14
distro==1.8.0
docutils==0.20.1
dumb-init==1.2.5
fabric==3.0.0
fluidity-sm==0.2.0
gpg==1.17.1
humanfriendly==10.0
idna==3.4
invoke==2.0.0
isodate==0.6.1
javaproperties==0.8.1
Jinja2==3.1.2
jmespath==1.0.1
jsondiff==2.0.0
knack==0.9.0
lexicon==2.0.1
libcomps==0.1.18
lockfile==0.12.2
MarkupSafe==2.1.3
msal==1.20.0
msal-extensions==0.3.1
msrest==0.7.1
msrestazure==0.6.4
oauthlib==3.2.1
packaging==21.3
paramiko==2.12.0
pexpect==4.8.0
pkginfo==1.9.6
ply==3.11
portalocker==1.7.1
psutil==5.9.2
ptyprocess==0.7.0
pyasn1==0.4.8
pycparser==2.21
PyGithub==1.58.2
Pygments==2.14.0
PyJWT==2.6.0
PyNaCl==1.5.0
pyOpenSSL==21.0.0
pyparsing==3.1.0
PySocks==1.7.1
python-daemon==3.0.1
python-dateutil==2.8.2
PyYAML==6.0.1
requests==2.28.2
requests-oauthlib==1.3.1
resolvelib==1.0.1
rpm==4.18.1
scp==0.14.5
semver==2.13.0
six==1.16.0
sshtunnel==0.4.0
tabulate==0.9.0
typing_extensions==4.5.0
urllib3==1.26.16
wcwidth==0.2.5
websocket-client==1.3.3
wrapt==1.14.1
xmltodict==0.12.0
[root@3209917451f4 runner]# az --version
azure-cli 2.49.0 *
core 2.49.0 *
telemetry 1.0.8
Dependencies:
msal 1.20.0
azure-mgmt-resource 22.0.0
Python location '/usr/bin/python3'
Extensions directory '/root/.azure/cliextensions'
Python (Linux) 3.11.4 (main, Jun 7 2023, 00:00:00) [GCC 13.1.1 20230511
(Red Hat 13.1.1-2)]
Legal docs and information: aka.ms/AzureCliLegal
You have 2 update(s) available. Consider updating your CLI installation
with 'az upgrade
I'm building an initial EE in case we want to maintain separate EEs for
different purposes, then layering in the Azure CLI and azure.azcollection
dependencies into a subsequent EE build:
- name: Install ansible-builder python requirements
run: |
mkdir -p ~/venv/ee
python3 -m venv ~/venv/ee/
. ~/venv/ee/bin/activate
python3 -m pip install --upgrade pip
pip install ansible-builder
- name: Prepare baseline execution environment config
run: |
cat > ~/baseline-execution-environment.yml <<EOF
version: 3
images:
base_image:
name: registry.fedoraproject.org/fedora:38
build_arg_defaults:
ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: '-vvv'
dependencies:
ansible_core:
package_pip: ansible-core
ansible_runner:
package_pip: ansible-runner
EOF
- name: Build baseline execution environment image
run: |
. ~/venv/ee/bin/activate
ansible-builder build -f ~/baseline-execution-environment.yml -t
ee-baseline:latest -v3 --container-runtime docker
- name: Push baseline execution environment image
run: |
docker tag ee-baseline:latest ${{ env.CONTAINER_REGISTRY_URL
}}/ansible/ee-baseline:latest
docker push ${{ env.CONTAINER_REGISTRY_URL
}}/ansible/ee-baseline:latest
- name: Prepare Azure execution environment config
run: |
cat > ~/azure-execution-environment.yml <<EOF
version: 3
images:
base_image:
name: ${{ env.CONTAINER_REGISTRY_URL
}}/ansible/ee-baseline:latest
build_arg_defaults:
ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: '-vvv'
dependencies:
ansible_core:
package_pip: ansible-core
ansible_runner:
package_pip: ansible-runner
galaxy:
collections:
- azure.azcollection
additional_build_steps:
prepend_final: |
RUN rpm --import
https://packages.microsoft.com/keys/microsoft.asc
RUN dnf install -y
https://packages.microsoft.com/config/fedora/38/packages-microsoft-prod.rpm
RUN dnf -y install azure-cli
EOF
- name: Build azure execution environment image
run: |
. ~/venv/ee/bin/activate
ansible-builder build -f ~/azure-execution-environment.yml -t
ee-azure:latest -v3 --container-runtime docker
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAKtKohS_vHJfcH%3De%3D05LTy8mWs%2B-p_HXc6%3DxFAeFTuVZ1TVH%2BA%40mail.gmail.com.
