azure_rm_virtualmachine

Shmulik_Alfandari · December 14, 2016, 2:05pm

Hello,

I am trying to create VM machine in Azure using azure_rm_virtualmachine module. It failed with the following error:
“msg”: “One-time registration of Microsoft.Compute failed - Azure Error: AuthorizationFailed\nMessage: The client ‘XXXXXXX-XXXXXXX’ with object id ‘XXXXXXXX-XXXXXX’ does not have authorization to perform action ‘Microsoft.Compute/register/action’ over scope ‘/subscriptions/********’.”

Ansible version 2.2.0.0

azure (2.0.0rc6)
azure-batch (1.0.0)
azure-common (1.1.4)
azure-mgmt (0.30.0rc6)
azure-mgmt-batch (1.0.0)
azure-mgmt-compute (0.30.0rc6)
azure-mgmt-keyvault (0.30.0rc6)
azure-mgmt-logic (1.0.0)
azure-mgmt-network (0.30.0rc6)
azure-mgmt-nspkg (1.0.0)
azure-mgmt-redis (1.0.0)
azure-mgmt-resource (0.30.0rc6)
azure-mgmt-scheduler (1.0.0)
azure-mgmt-storage (0.30.0rc6)
azure-nspkg (1.0.0)
azure-servicebus (0.20.3)
azure-servicemanagement-legacy (0.20.4)
azure-storage (0.33.0)
msrestazure (0.4.6)

How can I fix this issue?

Thanks,
Shmulik.

Trond_Hindenes · December 14, 2016, 7:04pm

The error is pretty clear, your account is lacking permissions.

If you have fine-grained permissions in place note that the first time you create a VM in a subscription, the VM provider is registered. This is a per-subscription-level one-time operation. So, if this subscription has never had a vm running you either need to register the provider (can be done by creating a vm and then deleting it again using an admin account) or provide your service account with more permissions.

In any case, not an Ansible issue.

Shmulik_Alfandari · December 15, 2016, 9:53am

Thank you so much for the response.
There is no problem to login using this subscription to Azure portal and to create VMs. It is not new subscription and I already deploy via Azure portal many VMs.
Do I need special permissions to deploy VMs in Azure using Ansible?

Thanks,
Shmulik.

בתאריך יום רביעי, 14 בדצמבר 2016 בשעה 21:04:58 UTC+2, מאת Trond Hindenes:

Trond_Hindenes · December 15, 2016, 10:30am

The account Ansible uses, needs access to create VMs. There’s many different ways to give an account access to provision VMs, and this is not related to Ansible specifically. The easiest is to give your the account “owner” permissions in the entire subscription (not saying that’s the best way tho). In any case, I’d encourage you to reach out to more azure-specific forums to get help with your problem, since it’s not ansible-related.

Shmulik_Alfandari · December 15, 2016, 11:24am

I checked the subscription in Azure portal and I can see that Microsoft.Compute is registered, so why Ansible is trying to do another registration?
Below from my subscription

Microsoft.Compute

|

Registered

|

| - |

בתאריך יום חמישי, 15 בדצמבר 2016 בשעה 12:30:03 UTC+2, מאת Trond Hindenes:

Trond_Hindenes · December 15, 2016, 11:31am

Again, it’s not ansible, it is only executing whatever you tell it to. You need to solve this outside the realm of Ansible (using a PowerShell script with the same credentials as you’re using in Ansible for instance) first.

Topic		Replies	Views
Permissions to Create Azure Blob and Container Ansible Project azure	1	0	July 23, 2016
How to use existing network in a different RG in Azure with ansible Ansible Project azure	0	2	January 27, 2023
azure_rm_virtualmachine: error to import AzureRMModuleBase Ansible Project azure	4	0	May 17, 2018
azure_rm_virtualmachine module causing error to start or stop VM Ansible Project azure	2	0	June 5, 2019
azure_rm_virtualmachine and ssh_public_key dict Ansible Project	4	0	July 21, 2016

azure_rm_virtualmachine

Related topics