search

Azure / vagrant-azure

Enable Vagrant to manage virtual machines in Microsoft Azure
MIT License
315 stars 113 forks source link

Azure rejecting certificate #85

Closed gothma closed 9 years ago

gothma commented 9 years ago

I have been trying for some time to provision a dummy vm on azure, however it keeps failing at vagrant up:

ForbiddenError : The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

I have tried both downloading and uploading the certificates:

Both seem to be correctly integrated: screen shot 2015-05-13 at 13 34 13

❯ openssl x509 -noout -in Free\ Trial-5-11-2015-credentials.pem -fingerprint -sha1
SHA1 Fingerprint=B2:BF:C2:52:22:29:EF:87:7B:77:AA:D3:89:D9:16:63:22:C1:7A:44
❯ openssl x509 -noout -in Azure-Dummy.pem -fingerprint -sha1
SHA1 Fingerprint=C1:F1:21:C0:A8:92:45:EC:1A:40:D4:B1:E0:3C:08:35:B0:C8:7A:67

However both do not work with the following settings in the vagrant file and the above mentioned error:

  config.vm.box = "dummy"

  config.vm.provider :azure do |azure|
    azure.mgmt_certificate = 'Azure-Dummy.pem'
    azure.mgmt_endpoint = 'https://management.core.windows.net'
    azure.subscription_id = 'XXXXXXXXXXX'
    azure.storage_acct_name = 'portalvhdsXXXXXXXXXX'

    azure.vm_image = 'b39f27a8b8c64d52b05eac6a62ebad85__Ubuntu-14_04_2_LTS-amd64-server-20150309-en-us-30GB'
    azure.vm_user = 'vagrant' # defaults to 'vagrant' if not provided
    azure.vm_password = 'XXXXXXXXX' 

    azure.vm_name = 'XXXXXXXXXXX' 
    azure.vm_location = 'West Europe' 

    azure.ssh_port = 22
  end

  config.ssh.username = 'vagrant' # the one used to create the VM
  config.ssh.password = 'XXXXXXXXX' # the one used to create the VM

I have used vagrant 1.7.2 on Mac and Ubuntu and tried a One-Year-plan as well as a Free Trial as subscription type.

Any suggestions for possible errors?

gothma commented 9 years ago

I have some extended logging by activating the debug output in azure-0.6.4/lib/azure/base_management/management_http_request.rb:54

❯ vagrant up
==> default: Attempting to read state for test-vagrant in dummy-vm
opening connection to management.core.windows.net:443...
opened
starting SSL for management.core.windows.net:443...
SSL established
<- "GET /XXXXXXXX@XXXXXXXXX.XX/services/hostedservices/dummy-vm/deploymentslots/production HTTP/1.1\r\nX-Ms-Version: 2014-04-01\r\nContent-Type: application/xml\r\nContent-Length: 0\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nAccept: */*\r\nUser-Agent: Ruby\r\nConnection: close\r\nHost: management.core.windows.net\r\n\r\n"
-> "HTTP/1.1 403 Forbidden\r\n"
-> "Content-Length: 288\r\n"
-> "Content-Type: application/xml; charset=utf-8\r\n"
-> "Server: Microsoft-HTTPAPI/2.0\r\n"
-> "Date: Fri, 15 May 2015 08:30:10 GMT\r\n"
-> "Connection: close\r\n"
-> "\r\n"
reading 288 bytes...
-> "<Error xmlns=\"http://schemas.microsoft.com/windowsazure\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\"><Code>ForbiddenError</Code><Message>The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.</Message></Error>"
read 288 bytes
Conn close
Bringing machine 'default' up with 'azure' provider...
==> default: Attempting to read state for test-vagrant in dummy-vm
opening connection to management.core.windows.net:443...
opened
starting SSL for management.core.windows.net:443...
SSL established
<- "GET /XXXXXXXXXXX@XXXXXX.XX/services/hostedservices/dummy-vm/deploymentslots/production HTTP/1.1\r\nX-Ms-Version: 2014-04-01\r\nContent-Type: application/xml\r\nContent-Length: 0\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nAccept: */*\r\nUser-Agent: Ruby\r\nConnection: close\r\nHost: management.core.windows.net\r\n\r\n"
-> "HTTP/1.1 403 Forbidden\r\n"
-> "Content-Length: 288\r\n"
-> "Content-Type: application/xml; charset=utf-8\r\n"
-> "Server: Microsoft-HTTPAPI/2.0\r\n"
-> "Date: Fri, 15 May 2015 08:30:12 GMT\r\n"
-> "Connection: close\r\n"
-> "\r\n"
reading 288 bytes...
-> "<Error xmlns=\"http://schemas.microsoft.com/windowsazure\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\"><Code>ForbiddenError</Code><Message>The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.</Message></Error>"
read 288 bytes
Conn close
==> default: Determining OS Type By Image
opening connection to management.core.windows.net:443...
opened
starting SSL for management.core.windows.net:443...
SSL established
<- "GET /XXXXXXXXXXX@XXXXXXXX.XX/services/images HTTP/1.1\r\nX-Ms-Version: 2014-04-01\r\nContent-Type: application/xml\r\nContent-Length: 0\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nAccept: */*\r\nUser-Agent: Ruby\r\nConnection: close\r\nHost: management.core.windows.net\r\n\r\n"
-> "HTTP/1.1 403 Forbidden\r\n"
-> "Content-Length: 288\r\n"
-> "Content-Type: application/xml; charset=utf-8\r\n"
-> "Server: Microsoft-HTTPAPI/2.0\r\n"
-> "Date: Fri, 15 May 2015 08:30:11 GMT\r\n"
-> "Connection: close\r\n"
-> "\r\n"
reading 288 bytes...
-> "<Error xmlns=\"http://schemas.microsoft.com/windowsazure\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\"><Code>ForbiddenError</Code><Message>The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.</Message></Error>"
read 288 bytes
Conn close
ForbiddenError : The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
/Users/XXX/.vagrant.d/gems/gems/azure-0.6.4/lib/azure/core/utility.rb:93:in `error_with_exit': ForbiddenError : The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription. (RuntimeError)
    from /Users/XXX/.vagrant.d/gems/gems/azure-0.6.4/lib/azure/base_management/management_http_request.rb:81:in `wait_for_completion'
    from /Users/XXX/.vagrant.d/gems/gems/azure-0.6.4/lib/azure/base_management/management_http_request.rb:55:in `call'
    from /Users/XXX/.vagrant.d/gems/gems/azure-0.6.4/lib/azure/virtual_machine_image_management/virtual_machine_image_management_service.rb:30:in `list_virtual_machine_images'
    from /Users/XXX/.vagrant.d/gems/gems/azure-0.6.4/lib/azure/virtual_machine_management/virtual_machine_management_service.rb:467:in `get_os_type'
    from /Users/XXX/.vagrant.d/gems/gems/vagrant-azure-1.1.1/lib/vagrant-azure/action/vagrant_azure_service.rb:38:in `method_missing'
    from /Users/XXX/.vagrant.d/gems/gems/vagrant-azure-1.1.1/lib/vagrant-azure/action/os_type.rb:21:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/action/warden.rb:34:in `call'
    from /Users/XXX/.vagrant.d/gems/gems/vagrant-azure-1.1.1/lib/vagrant-azure/action/connect_azure.rb:44:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/action/warden.rb:34:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/action/builtin/config_validate.rb:25:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/action/warden.rb:34:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/action/builtin/handle_box.rb:56:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/action/warden.rb:34:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/action/builder.rb:116:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/action/runner.rb:66:in `block in run'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/util/busy.rb:19:in `busy'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/action/runner.rb:66:in `run'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/machine.rb:214:in `action_raw'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/machine.rb:191:in `block in action'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/environment.rb:516:in `lock'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/machine.rb:178:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/machine.rb:178:in `action'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.7.2/lib/vagrant/batch_action.rb:82:in `block (2 levels) in run'
    from /opt/vagrant/embedded/gems/gems/logging-1.8.2/lib/logging/diagnostic_context.rb:323:in `call'
    from /opt/vagrant/embedded/gems/gems/logging-1.8.2/lib/logging/diagnostic_context.rb:323:in `block in create_with_logging_context'
gothma commented 9 years ago

Oops, I confused the subscription ID with the login-mail-address