尝试为 Azure 使用 Ansible 动态清单插件时出错

Posted 2023-02-19

【中文标题】尝试为 Azure 使用 Ansible 动态清单插件时出错

【英文标题】：Error trying to use the Ansible dynamic inventory plugin for Azure

【发布时间】：2021-03-20 03:57:47

【问题描述】：

我正在尝试使用 Ansible 的 azure_rm 插件为 Azure 中的 VM 生成动态清单，但是当我尝试运行 sanity-check 命令时收到“批处理请求”错误 403：

$ ansible all -m ping 
[WARNING]:  * Failed to parse /project/ansible/inventory.azure_rm.yml with
ansible_collections.azure.azcollection.plugins.inventory.azure_rm plugin: a batched request failed with status code 403, url
/subscriptions/<redacted>/resourceGroups/<redacted>/providers/Microsoft.Compute/virtualMachines
...

以下是我的 macOS 设置的详细信息：

$ ansible --version
ansible 2.10.3
  config file = /project/ansible/ansible.cfg
  configured module search path = ['/Users/me/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/2.10.3_1/libexec/lib/python3.9/site-packages/ansible
  executable location = /usr/local/Cellar/ansible/2.10.3_1/libexec/bin/ansible
  python version = 3.9.0 (default, Dec  6 2020, 18:02:34) [Clang 12.0.0 (clang-1200.0.32.27)]

这是 inventory.azure_rm.yml 文件：

plugin: azure_rm
include_vm_resource_groups:
- <redacted>
auth_source: auto

keyed_groups:
- prefix: tag
  key: tags

我还把这个添加到本地 ansible.cfg 文件中：

inventory      = ./inventory.azure_rm.yml

我还将 Azure 身份验证的细节定义为环境变量：

$ env | grep AZURE
AZURE_TENANT=<redacted>
AZURE_CLIENT_ID=<redacted>
AZURE_USE_PRIVATE_IP=yes
AZURE_SECRET=<redacted>
AZURE_SUBSCRIPTION_ID=<redacted>

这些是我使用 Terraform 来创建我现在尝试动态清点的 VM 的相同“凭据”，所以它们应该是好的。所以对于 403 错误背后的原因有点茫然。

然后我在命令中添加了一个 -vvvv 选项并获得了一些额外的信息：

$ ansible all -m ping -vvvv
ansible 2.10.3
  config file = /Users/me/project/ansible/ansible.cfg
  configured module search path = ['/Users/me/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/2.10.3_1/libexec/lib/python3.9/site-packages/ansible
  executable location = /usr/local/Cellar/ansible/2.10.3_1/libexec/bin/ansible
  python version = 3.9.0 (default, Dec  6 2020, 18:02:34) [Clang 12.0.0 (clang-1200.0.32.27)]
Using /Users/me/project/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /Users/me/project/ansible/inventory.azure_rm.yml as it did not pass its verify_file() method
script declined parsing /Users/me/project/ansible/inventory.azure_rm.yml as it did not pass its verify_file() method
redirecting (type: inventory) ansible.builtin.azure_rm to azure.azcollection.azure_rm
Loading collection azure.azcollection from /Users/me/.ansible/collections/ansible_collections/azure/azcollection
toml declined parsing /Users/me/project/ansible/inventory.azure_rm.yml as it did not pass its verify_file() method
[WARNING]:  * Failed to parse /Users/me/project/ansible/inventory.azure_rm.yml with
ansible_collections.azure.azcollection.plugins.inventory.azure_rm  plugin: a batched request failed with status code 403, url
/subscriptions/<redacted>/resourceGroups/<redacted>/providers/Microsoft.Compute/virtualMachines
  File "/usr/local/Cellar/ansible/2.10.3_1/libexec/lib/python3.9/site-packages/ansible/inventory/manager.py", line 289, in parse_source
    plugin.parse(self._inventory, self._loader, source, cache=cache)
  File "/usr/local/Cellar/ansible/2.10.3_1/libexec/lib/python3.9/site-packages/ansible/plugins/inventory/auto.py", line 59, in parse
    plugin.parse(inventory, loader, path, cache=cache)
  File "/Users/me/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 206, in parse
    self._get_hosts()
  File "/Users/me/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 263, in _get_hosts
    self._process_queue_batch()
  File "/Users/me/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 405, in _process_queue_batch
    raise AnsibleError("a batched request failed with status code 0, url 1".format(status_code, result.url))

以前有没有人遇到过这个问题并找到解决办法？我假设我正在使用的服务主体缺少某些角色或权限，但我不知道它是什么赋予了相同的 SP 用于首先配置 VM。

【问题讨论】：

你找到原因了吗？

【参考方案1】：

添加集合以获取最新版本，然后尝试以下操作：

插件：azure.azcollection.azure_rm

这将确保您使用的是最新版本，而不是不包含错误修复并支持较新 api 版本的内置版本。

【讨论】：

至少简单解释一下。它是什么？以及如何使用它？使用它的好处等等......