search

Azure / packer-azure

Packer for Azure
MIT License
115 stars 50 forks source link

README for ARM #181

Closed boumenot closed 8 years ago

boumenot commented 8 years ago

Start of documentation for ARM to get you started.

msftclas commented 8 years ago

Hi @boumenot, I'm your friendly neighborhood Microsoft Pull Request Bot (You can call me MSBOT). Thanks for your contribution! You've already signed the contribution license agreement. Thanks!

The agreement was validated by Microsoft and real humans are currently evaluating your PR.

TTYL, MSBOT;

paulmey commented 8 years ago

squash commits please, "blah00" is not an acceptable commit message... :wink:

paulmey commented 8 years ago

LGTM

ndouba commented 8 years ago

This documentation makes no sense. There is nothing related to setting up proper permissions for packer ARM. Please update. My current error is:

==> azure-arm: resources/GroupsClient:CreateOrUpdate 403 Failure responding to request -- Original Error: azure: Service returned an error. Code="AuthorizationFailed" Message="The client '*****' with object id '*****' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/*****/resourcegroups/packer-Resource-Group-y5jj51r988'." Status=403
==> azure-arm: resources/GroupsClient:CreateOrUpdate 403 Failure responding to request -- Original Error: azure: Service returned an error. Code="AuthorizationFailed" Message="The client '*****' with object id '*****' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/*****/resourcegroups/packer-Resource-Group-y5jj51r988'." Status=403

Note that the resource group name does not match that specified in the json in my case. I am using the ubuntu*.json file in the ARM config examples directory.

boumenot commented 8 years ago

What documentation are you referring too? If you can narrow it down to what specifically it will help us to improve it.

The error you mentioned specifically is covered in the README concerning permissions. The instructions current have you assigning the Owner role to the Service Principal you use with ARM.

e.g.

azure role assignment create --objectId <ObjectID>  -o Owner
ndouba commented 8 years ago

What is the object I'm assigning permissions to? I assigned the Owner role to the resource group but I still get the error mentioned above.

boumenot commented 8 years ago

Sorry, this is confusing. I will try to make this clearer in the documentation. You need to assign Owner permission to the Service Principal's Object ID.

If you do not have the Object ID of the Service Principal you can lookup it up using the Azure CLI.

To get a complete list of the App IDs and Service Principals execute the following.

azure ad app list

To get the Object ID of a specific App ID/Service Principal execute the following.

azure ad app show --search <keyword>