尝试为 Azure 使用 Ansible 动态清单插件时出错
Posted
技术标签:
【中文标题】尝试为 Azure 使用 Ansible 动态清单插件时出错【英文标题】:Error trying to use the Ansible dynamic inventory plugin for Azure 【发布时间】:2021-03-20 03:57:47 【问题描述】:我正在尝试使用 Ansible 的 azure_rm 插件为 Azure 中的 VM 生成动态清单,但是当我尝试运行 sanity-check 命令时收到“批处理请求”错误 403:
$ ansible all -m ping
[WARNING]: * Failed to parse /project/ansible/inventory.azure_rm.yml with
ansible_collections.azure.azcollection.plugins.inventory.azure_rm plugin: a batched request failed with status code 403, url
/subscriptions/<redacted>/resourceGroups/<redacted>/providers/Microsoft.Compute/virtualMachines
...
以下是我的 macOS 设置的详细信息:
$ ansible --version
ansible 2.10.3
config file = /project/ansible/ansible.cfg
configured module search path = ['/Users/me/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/2.10.3_1/libexec/lib/python3.9/site-packages/ansible
executable location = /usr/local/Cellar/ansible/2.10.3_1/libexec/bin/ansible
python version = 3.9.0 (default, Dec 6 2020, 18:02:34) [Clang 12.0.0 (clang-1200.0.32.27)]
这是 inventory.azure_rm.yml 文件:
plugin: azure_rm
include_vm_resource_groups:
- <redacted>
auth_source: auto
keyed_groups:
- prefix: tag
key: tags
我还把这个添加到本地 ansible.cfg 文件中:
inventory = ./inventory.azure_rm.yml
我还将 Azure 身份验证的细节定义为环境变量:
$ env | grep AZURE
AZURE_TENANT=<redacted>
AZURE_CLIENT_ID=<redacted>
AZURE_USE_PRIVATE_IP=yes
AZURE_SECRET=<redacted>
AZURE_SUBSCRIPTION_ID=<redacted>
这些是我使用 Terraform 来创建我现在尝试动态清点的 VM 的相同“凭据”,所以它们应该是好的。所以对于 403 错误背后的原因有点茫然。
然后我在命令中添加了一个 -vvvv 选项并获得了一些额外的信息:
$ ansible all -m ping -vvvv
ansible 2.10.3
config file = /Users/me/project/ansible/ansible.cfg
configured module search path = ['/Users/me/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/2.10.3_1/libexec/lib/python3.9/site-packages/ansible
executable location = /usr/local/Cellar/ansible/2.10.3_1/libexec/bin/ansible
python version = 3.9.0 (default, Dec 6 2020, 18:02:34) [Clang 12.0.0 (clang-1200.0.32.27)]
Using /Users/me/project/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /Users/me/project/ansible/inventory.azure_rm.yml as it did not pass its verify_file() method
script declined parsing /Users/me/project/ansible/inventory.azure_rm.yml as it did not pass its verify_file() method
redirecting (type: inventory) ansible.builtin.azure_rm to azure.azcollection.azure_rm
Loading collection azure.azcollection from /Users/me/.ansible/collections/ansible_collections/azure/azcollection
toml declined parsing /Users/me/project/ansible/inventory.azure_rm.yml as it did not pass its verify_file() method
[WARNING]: * Failed to parse /Users/me/project/ansible/inventory.azure_rm.yml with
ansible_collections.azure.azcollection.plugins.inventory.azure_rm plugin: a batched request failed with status code 403, url
/subscriptions/<redacted>/resourceGroups/<redacted>/providers/Microsoft.Compute/virtualMachines
File "/usr/local/Cellar/ansible/2.10.3_1/libexec/lib/python3.9/site-packages/ansible/inventory/manager.py", line 289, in parse_source
plugin.parse(self._inventory, self._loader, source, cache=cache)
File "/usr/local/Cellar/ansible/2.10.3_1/libexec/lib/python3.9/site-packages/ansible/plugins/inventory/auto.py", line 59, in parse
plugin.parse(inventory, loader, path, cache=cache)
File "/Users/me/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 206, in parse
self._get_hosts()
File "/Users/me/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 263, in _get_hosts
self._process_queue_batch()
File "/Users/me/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 405, in _process_queue_batch
raise AnsibleError("a batched request failed with status code 0, url 1".format(status_code, result.url))
以前有没有人遇到过这个问题并找到解决办法?我假设我正在使用的服务主体缺少某些角色或权限,但我不知道它是什么赋予了相同的 SP 用于首先配置 VM。
【问题讨论】:
你找到原因了吗? 【参考方案1】:添加集合以获取最新版本,然后尝试以下操作:
插件:azure.azcollection.azure_rm
这将确保您使用的是最新版本,而不是不包含错误修复并支持较新 api 版本的内置版本。
【讨论】:
至少简单解释一下。它是什么?以及如何使用它?使用它的好处等等......以上是关于尝试为 Azure 使用 Ansible 动态清单插件时出错的主要内容,如果未能解决你的问题,请参考以下文章
为啥 Ansible 无法解析我的 azure 动态库存配置文件?