Hello, I’m new to Ansible and I’m running into an issue with getting the “azure_rm_storageaccount” module in ansible to work. Any help would be greatly appreciated.
Goal: I would like to manage our Azure resources in our sandbox environment using Ansible playbook. I installed Azure CLI on my Ansible control node (Ubuntu 16.10) and I can execute CLI commands to create/delete resources in Azure. I want to do the same via playbooks.
This is my playbook yml file.
- hosts: localhost
become: yes
become_method: sudo
tasks: - name: Create storage account
azure_rm_storageaccount:
resource_group: test-rg
subscription_id:
name: test_storage_account
account_type: Standard_LRS
ad_user: abc@xxx.com
password:****
state: present
When I run the playbook, I get the error below
fatal: [localhost]: FAILED! => {“changed”: false, “failed”: true, “module_stderr”: “”, “module_stdout”: "Traceback (most recent call last):\r\n File "/tmp/ansible_kfOrUg/ansible_module_azure_rm_storageaccount.py", line 442, in \r\n main()\r\n File "/tmp/ansible_kfOrUg/ansible_module_azure_rm_storageaccount.py", line 439, in main\r\n AzureRMStorageAccount()\r\n File "/tmp/ansible_kfOrUg/ansible_module_azure_rm_storageaccount.py", line 200, in init\r\n supports_check_mode=True)\r\n File "/tmp/ansible_kfOrUg/ansible_modlib.zip/ansible/module_utils/azure_rm_common.py", line 183, in init\r\n File "/usr/local/lib/python2.7/dist-packages/msrestazure/azure_active_directory.py", line 335, in init\r\n self.set_token()\r\n File "/usr/local/lib/python2.7/dist-packages/msrestazure/azure_active_directory.py", line 370, in set_token\r\n raise_with_traceback(AuthenticationError, "", err)\r\n File "/usr/local/lib/python2.7/dist-packages/msrest/exceptions.py", line 50, in raise_with_traceback\r\n raise error\r\nmsrest.exceptions.AuthenticationError: , InvalidGrantError: (invalid_grant)
AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password\r\r\nTrace ID: 7e573a6f-cbaf-4fab-89a9-f6154a509f9b\r\r\nCorrelation ID: a123d9d0-9d96-4aa4-a2aa-5dfaaef245e8\r\r\nTimestamp: 2016-12-20 21:27:53Z\r\n", “msg”: “MODULE FAILURE”, “parsed”: false}
I have the following env variables defined:
AZURE_AD_USER
AZURE_PASSWORD
AZURE_SUBSCRIPTION_ID
Ansible documentation states if I use AAD to authenticate to Azure, MFA should be disabled for the account. In my case, MFA is enabled, that’s probably what is causing the above error.
The recommendation for authentication seems to be to create a Service Principal. Steps are as below:
1: Login to the Azure Portal (Not Classic)
2: Go to Azure Active Directory → App Registrations
3: Add
4: Entered Name and chose Native for Application Type (Since I’m using Ansible command line (not Tower), I guess I should choose Native? )
5: It asks for Redirect URI
I am not sure what the Redirect URI should be ? Where do I find this ?
Thanks in advance!