Hi all, I was looking for some help debugging an unusual issue I'm seeing with azure.azcollection and the azure-cli in an Ansible execution environment.
TL;DR, if I manually build a container, pip install ansible-core, ansible-galaxy install the azure.azcollection, then pip install its requirements, install azure-cli, setup a dynamic inventory plugin, az login and then run ansible-inventory, everything works. If I use ansible-builder to accomplish the same end result, ansible-inventory fails with the following stack trace: [root@3209917451f4 runner]# ansible-inventory -i inventory/azure_rm.yml --graph [WARNING]: * Failed to parse /runner/inventory/azure_rm.yml with auto plugin: Failed to get credentials. Either pass as parameters, set environment variables, define a profile in ~/.azure/credentials, or install Azure CLI and log in (`az login`). [WARNING]: * Failed to parse /runner/inventory/azure_rm.yml with ini plugin: Invalid host pattern 'plugin:' supplied, ending in ':' is not allowed, this character is reserved to provide a port. [WARNING]: Unable to parse /runner/inventory/azure_rm.yml as an inventory source [WARNING]: No inventory was parsed, only implicit localhost is available @all: |--@ungrouped: [root@3209917451f4 runner]# ansible-inventory -vvv -i inventory/azure_rm.yml --graph ansible-inventory [core 2.15.2] config file = /runner/project/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.11/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-inventory python version = 3.11.4 (main, Jun 7 2023, 00:00:00) [GCC 13.1.1 20230511 (Red Hat 13.1.1-2)] (/usr/bin/python3) jinja version = 3.1.2 libyaml = True Using /runner/project/ansible.cfg as config file Using inventory plugin 'ansible_collections.azure.azcollection.plugins.inventory.azure_rm' to process inventory source '/runner/inventory/azure_rm.yml' [WARNING]: * Failed to parse /runner/inventory/azure_rm.yml with auto plugin: Failed to get credentials. Either pass as parameters, set environment variables, define a profile in ~/.azure/credentials, or install Azure CLI and log in (`az login`). File "/usr/local/lib/python3.11/site-packages/ansible/inventory/manager.py", line 293, in parse_source plugin.parse(self._inventory, self._loader, source, cache=cache) File "/usr/local/lib/python3.11/site-packages/ansible/plugins/inventory/auto.py", line 59, in parse plugin.parse(inventory, loader, path, cache=cache) File "/usr/share/ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 221, in parse self._credential_setup() File "/usr/share/ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 242, in _credential_setup self.azure_auth = AzureRMAuth(**auth_options) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/share/ansible/collections/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", line 1514, in __init__ self.fail("Failed to get credentials. Either pass as parameters, set environment variables, " File "/usr/share/ansible/collections/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", line 1640, in fail self._fail_impl(msg) File "/usr/share/ansible/collections/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", line 1643, in _default_fail_impl raise AzureRMAuthException(msg) [WARNING]: * Failed to parse /runner/inventory/azure_rm.yml with ini plugin: Invalid host pattern 'plugin:' supplied, ending in ':' is not allowed, this character is reserved to provide a port. File "/usr/local/lib/python3.11/site-packages/ansible/inventory/manager.py", line 293, in parse_source plugin.parse(self._inventory, self._loader, source, cache=cache) File "/usr/local/lib/python3.11/site-packages/ansible/plugins/inventory/ini.py", line 137, in parse raise AnsibleParserError(e) [WARNING]: Unable to parse /runner/inventory/azure_rm.yml as an inventory source [WARNING]: No inventory was parsed, only implicit localhost is available @all: |--@ungrouped: This is in a running instance of the ansible-builder built container, az login has successfully run, I can az account show/az vm list and see the subscription, tennant ID, resources etc. I've done all the usual Googling and as much RTFMing as I can but haven't found anything that would explain the difference in behaviour. More debug info below from the non-working ansible-builder container in case it helps. The behaviour persists whether podman or docker is used for the build. The only thing that seems obviously different between the two scenarios is that ansible-builder is building the EE with dumb-init? Any suggestions are greatly appreciated. Cheers, Will. -- [root@3209917451f4 runner]# cat inventory/azure_rm.yml plugin: azure.azcollection.azure_rm auth_source: auto [root@3209917451f4 runner]# cat project/ansible.cfg [inventory] enable_plugins = auto, ini [root@3209917451f4 runner]# ansible-galaxy collection list # /usr/share/ansible/collections/ansible_collections Collection Version ------------------ ------- azure.azcollection 1.16.0 [root@3209917451f4 runner]# python3 -m pip freeze | grep ansible ansible-core==2.15.2 ansible-runner==2.3.3 [root@3209917451f4 runner]# python3 -m pip freeze adal==1.2.7 ansible-core==2.15.2 ansible-runner==2.3.3 antlr4-python3-runtime==4.10.1 applicationinsights==0.11.9 argcomplete==1.12.3 azure-appconfiguration==1.1.1 azure-batch==13.0.0 azure-cli==2.49.0 azure-cli-core==2.34.0 azure-cli-telemetry==1.0.6 azure-common==1.1.11 azure-containerregistry==1.1.0 azure-core==1.25.1 azure-cosmos==3.2.0 azure-data-tables==12.4.0 azure-datalake-store==0.0.49 azure-graphrbac==0.61.1 azure-identity==1.7.0 azure-keyvault==1.1.0 azure-keyvault-administration==4.3.0 azure-keyvault-certificates==4.7.0 azure-keyvault-keys==4.8.0b2 azure-keyvault-secrets==4.7.0 azure-loganalytics==0.1.0 azure-mgmt-advisor==9.0.0 azure-mgmt-apimanagement==3.0.0 azure-mgmt-appconfiguration==3.0.0 azure-mgmt-appcontainers==2.0.0 azure-mgmt-applicationinsights==1.0.0 azure-mgmt-authorization==2.0.0 azure-mgmt-automation==1.0.0 azure-mgmt-batch==5.0.1 azure-mgmt-batchai==7.0.0b1 azure-mgmt-billing==6.0.0 azure-mgmt-botservice==2.0.0b3 azure-mgmt-cdn==11.0.0 azure-mgmt-cognitiveservices==13.3.0 azure-mgmt-compute==26.1.0 azure-mgmt-consumption==2.0.0 azure-mgmt-containerinstance==9.0.0 azure-mgmt-containerregistry==9.1.0 azure-mgmt-containerservice==20.0.0 azure-mgmt-core==1.3.0 azure-mgmt-cosmosdb==6.4.0 azure-mgmt-databoxedge==1.0.0 azure-mgmt-datafactory==2.0.0 azure-mgmt-datalake-analytics==0.2.1 azure-mgmt-datalake-store==1.0.0 azure-mgmt-datamigration==10.0.0 azure-mgmt-devtestlabs==9.0.0 azure-mgmt-dns==8.0.0 azure-mgmt-eventgrid==10.2.0b2 azure-mgmt-eventhub==10.1.0 azure-mgmt-extendedlocation==1.0.0b2 azure-mgmt-hdinsight==9.0.0 azure-mgmt-imagebuilder==1.2.0 azure-mgmt-iotcentral==10.0.0b1 azure-mgmt-iothub==2.2.0 azure-mgmt-iothubprovisioningservices==1.1.0 azure-mgmt-keyvault==10.0.0 azure-mgmt-kusto==0.3.0 azure-mgmt-loganalytics==12.0.0 azure-mgmt-managedservices==6.0.0 azure-mgmt-managementgroups==1.0.0 azure-mgmt-maps==2.0.0 azure-mgmt-marketplaceordering==1.1.0 azure-mgmt-media==9.0.0 azure-mgmt-monitor==3.0.0 azure-mgmt-msi==7.0.0 azure-mgmt-netapp==10.0.0 azure-mgmt-network==19.1.0 azure-mgmt-notificationhubs==7.0.0 azure-mgmt-nspkg==2.0.0 azure-mgmt-policyinsights==1.1.0b2 azure-mgmt-privatedns==1.0.0 azure-mgmt-rdbms==10.0.0 azure-mgmt-recoveryservices==2.0.0 azure-mgmt-recoveryservicesbackup==3.0.0 azure-mgmt-redhatopenshift==1.2.0 azure-mgmt-redis==13.0.0 azure-mgmt-relay==0.1.0 azure-mgmt-resource==21.1.0 azure-mgmt-search==8.0.0 azure-mgmt-security==3.0.0 azure-mgmt-servicebus==7.1.0 azure-mgmt-servicefabric==1.0.0 azure-mgmt-servicefabricmanagedclusters==1.0.0 azure-mgmt-servicelinker==1.2.0b1 azure-mgmt-signalr==1.1.0 azure-mgmt-sql==3.0.1 azure-mgmt-sqlvirtualmachine==1.0.0b5 azure-mgmt-storage==19.0.0 azure-mgmt-synapse==2.1.0b5 azure-mgmt-trafficmanager==1.0.0b1 azure-mgmt-web==6.1.0 azure-multiapi-storage==1.1.0 azure-nspkg==2.0.0 azure-storage-blob==12.11.0 azure-storage-common==1.4.2 azure-synapse-accesscontrol==0.5.0 azure-synapse-artifacts==0.15.0 azure-synapse-managedprivateendpoints==0.4.0 azure-synapse-spark==0.2.0 bcrypt==3.2.2 certifi==2022.9.24 cffi==1.15.1 chardet==5.1.0 charset-normalizer==3.1.0 colorama==0.4.6 cryptography==40.0.2 Deprecated==1.2.14 distro==1.8.0 docutils==0.20.1 dumb-init==1.2.5 fabric==3.0.0 fluidity-sm==0.2.0 gpg==1.17.1 humanfriendly==10.0 idna==3.4 invoke==2.0.0 isodate==0.6.1 javaproperties==0.8.1 Jinja2==3.1.2 jmespath==1.0.1 jsondiff==2.0.0 knack==0.9.0 lexicon==2.0.1 libcomps==0.1.18 lockfile==0.12.2 MarkupSafe==2.1.3 msal==1.20.0 msal-extensions==0.3.1 msrest==0.7.1 msrestazure==0.6.4 oauthlib==3.2.1 packaging==21.3 paramiko==2.12.0 pexpect==4.8.0 pkginfo==1.9.6 ply==3.11 portalocker==1.7.1 psutil==5.9.2 ptyprocess==0.7.0 pyasn1==0.4.8 pycparser==2.21 PyGithub==1.58.2 Pygments==2.14.0 PyJWT==2.6.0 PyNaCl==1.5.0 pyOpenSSL==21.0.0 pyparsing==3.1.0 PySocks==1.7.1 python-daemon==3.0.1 python-dateutil==2.8.2 PyYAML==6.0.1 requests==2.28.2 requests-oauthlib==1.3.1 resolvelib==1.0.1 rpm==4.18.1 scp==0.14.5 semver==2.13.0 six==1.16.0 sshtunnel==0.4.0 tabulate==0.9.0 typing_extensions==4.5.0 urllib3==1.26.16 wcwidth==0.2.5 websocket-client==1.3.3 wrapt==1.14.1 xmltodict==0.12.0 [root@3209917451f4 runner]# az --version azure-cli 2.49.0 * core 2.49.0 * telemetry 1.0.8 Dependencies: msal 1.20.0 azure-mgmt-resource 22.0.0 Python location '/usr/bin/python3' Extensions directory '/root/.azure/cliextensions' Python (Linux) 3.11.4 (main, Jun 7 2023, 00:00:00) [GCC 13.1.1 20230511 (Red Hat 13.1.1-2)] Legal docs and information: aka.ms/AzureCliLegal You have 2 update(s) available. Consider updating your CLI installation with 'az upgrade I'm building an initial EE in case we want to maintain separate EEs for different purposes, then layering in the Azure CLI and azure.azcollection dependencies into a subsequent EE build: - name: Install ansible-builder python requirements run: | mkdir -p ~/venv/ee python3 -m venv ~/venv/ee/ . ~/venv/ee/bin/activate python3 -m pip install --upgrade pip pip install ansible-builder - name: Prepare baseline execution environment config run: | cat > ~/baseline-execution-environment.yml <<EOF version: 3 images: base_image: name: registry.fedoraproject.org/fedora:38 build_arg_defaults: ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: '-vvv' dependencies: ansible_core: package_pip: ansible-core ansible_runner: package_pip: ansible-runner EOF - name: Build baseline execution environment image run: | . ~/venv/ee/bin/activate ansible-builder build -f ~/baseline-execution-environment.yml -t ee-baseline:latest -v3 --container-runtime docker - name: Push baseline execution environment image run: | docker tag ee-baseline:latest ${{ env.CONTAINER_REGISTRY_URL }}/ansible/ee-baseline:latest docker push ${{ env.CONTAINER_REGISTRY_URL }}/ansible/ee-baseline:latest - name: Prepare Azure execution environment config run: | cat > ~/azure-execution-environment.yml <<EOF version: 3 images: base_image: name: ${{ env.CONTAINER_REGISTRY_URL }}/ansible/ee-baseline:latest build_arg_defaults: ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: '-vvv' dependencies: ansible_core: package_pip: ansible-core ansible_runner: package_pip: ansible-runner galaxy: collections: - azure.azcollection additional_build_steps: prepend_final: | RUN rpm --import https://packages.microsoft.com/keys/microsoft.asc RUN dnf install -y https://packages.microsoft.com/config/fedora/38/packages-microsoft-prod.rpm RUN dnf -y install azure-cli EOF - name: Build azure execution environment image run: | . ~/venv/ee/bin/activate ansible-builder build -f ~/azure-execution-environment.yml -t ee-azure:latest -v3 --container-runtime docker -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKtKohS_vHJfcH%3De%3D05LTy8mWs%2B-p_HXc6%3DxFAeFTuVZ1TVH%2BA%40mail.gmail.com.