search

ansible-collections / azure

Development area for Azure Collections
https://galaxy.ansible.com/azure/azcollection
GNU General Public License v3.0
246 stars 330 forks source link

Unable to Authenticate to Azure with parameters #826

Closed watsonb closed 2 years ago

watsonb commented 2 years ago
SUMMARY

Starting on Sunday April 17th, 2022 my scheduled tasks that execute the azure.azcollection.azure_rm_virtualmachine module began failing with no code changes.

ISSUE TYPE
COMPONENT NAME

azure.azcollection.azure_rm_virtualmachine

ANSIBLE VERSION
ansible [core 2.11.2] 
  config file = /home/ben/workspace/kiewit/ansible/playbooks/ap_s3d/ansible.cfg
  configured module search path = ['/home/ben/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/ansible
  ansible collection location = /home/ben/workspace/kiewit/ansible/playbooks/ap_s3d/collections:/home/ben/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ben/venv3_ansible-4.2.0/bin/ansible
  python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0]
  jinja version = 3.0.1
  libyaml = True
COLLECTION VERSION
# /home/ben/workspace/kiewit/ansible/playbooks/ap_s3d/collections/ansible_collections
Collection         Version
------------------ -------
azure.azcollection 1.11.0
CONFIGURATION
OS / ENVIRONMENT

Running ansible-playbook from Ubuntu 20.04 and from Ansible AWX 15.0.1 to use azure.azcollection.azure_rm_virtualmachine to power on a deallocated VM.

STEPS TO REPRODUCE
- name: PLAY | Power on VMs
  hosts: "{{ variable_host }}:&s3d"
  gather_facts: false
  connection: local
  tasks:

    - name: AZURE_RM_VIRTUALMACHINE | Ensure the Virtual Machine Exists (Windows) and is Powered On
      delegate_to: localhost
      azure.azcollection.azure_rm_virtualmachine:
        name: "{{ azure_instance_name }}"
        started: true
        resource_group: "{{ azure_instance_resource_group }}"
        ad_user: "{{ azure_instance_ad_user }}"
        password: "{{ azure_instance_ad_password }}"
        subscription_id: "{{ azure_instance_subscription_id }}"
      when: (
          ( azure_instance_os_type | lower == 'windows' )
          and
          ('azure' in group_names or 'azr' == inventory_hostname[:3] )
        )
EXPECTED RESULTS

Expect playbook to execute without error.

ACTUAL RESULTS
TASK [AZURE_RM_VIRTUALMACHINE | Ensure the Virtual Machine Exists (Windows) and is Powered On] *******************************************************************
Monday 18 April 2022  07:42:16 -0500 (0:00:00.042)       0:00:00.191 ********** 
Monday 18 April 2022  07:42:16 -0500 (0:00:00.043)       0:00:00.192 ********** 
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: </BODY></HTML>
fatal: [azrs3dswd002.kiewitplaza.com -> localhost]: FAILED! => changed=false 
  module_stderr: |-
    Traceback (most recent call last):
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/msrestazure/azure_active_directory.py", line 318, in set_token
        token = self._context.acquire_token_with_username_password(
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/authentication_context.py", line 164, in acquire_token_with_username_password
        return self._acquire_token(token_func)
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/authentication_context.py", line 128, in _acquire_token
        return token_func(self)
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/authentication_context.py", line 162, in token_func
        return token_request.get_token_with_username_password(username, password)
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/token_request.py", line 285, in get_token_with_username_password
        token = self._get_token_username_password_federated(username, password)
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/token_request.py", line 256, in _get_token_username_password_federated
        return self._perform_username_password_for_access_token_exchange(wstrust_endpoint, wstrust_version,
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/token_request.py", line 209, in _perform_username_password_for_access_token_exchange
        wstrust_response = self._perform_wstrust_exchange(wstrust_endpoint, wstrust_endpoint_version, cloud_audience_urn,
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/token_request.py", line 197, in _perform_wstrust_exchange
        result = wstrust.acquire_token(username, password)
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/wstrust_request.py", line 167, in acquire_token
        raise AdalError(return_error_string, error_response)
    adal.adal_error.AdalError: WS-Trust RST request returned http error: 503 and server response: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
    <HTML><HEAD><TITLE>Service Unavailable</TITLE>
    <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
    <BODY><h2>Service Unavailable</h2>
    <hr><p>HTTP Error 503. The service is unavailable.</p>
    </BODY></HTML>

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/home/ben/.ansible/tmp/ansible-tmp-1650285736.3666356-2259159-257379492805927/AnsiballZ_azure_rm_virtualmachine.py", line 100, in <module>
        _ansiballz_main()
      File "/home/ben/.ansible/tmp/ansible-tmp-1650285736.3666356-2259159-257379492805927/AnsiballZ_azure_rm_virtualmachine.py", line 92, in _ansiballz_main
        invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
      File "/home/ben/.ansible/tmp/ansible-tmp-1650285736.3666356-2259159-257379492805927/AnsiballZ_azure_rm_virtualmachine.py", line 40, in invoke_module
        runpy.run_module(mod_name='ansible_collections.azure.azcollection.plugins.modules.azure_rm_virtualmachine', init_globals=dict(_module_fqn='ansible_collections.azure.azcollection.plugins.modules.azure_rm_virtualmachine', _modlib_path=modlib_path),
      File "/usr/lib/python3.8/runpy.py", line 207, in run_module
        return _run_module_code(code, init_globals, run_name, mod_spec)
      File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code
        _run_code(code, mod_globals, init_globals,
      File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
        exec(code, run_globals)
      File "/tmp/ansible_azure.azcollection.azure_rm_virtualmachine_payload_c4ktx_v3/ansible_azure.azcollection.azure_rm_virtualmachine_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_virtualmachine.py", line 2327, in <module>
      File "/tmp/ansible_azure.azcollection.azure_rm_virtualmachine_payload_c4ktx_v3/ansible_azure.azcollection.azure_rm_virtualmachine_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_virtualmachine.py", line 2323, in main
      File "/tmp/ansible_azure.azcollection.azure_rm_virtualmachine_payload_c4ktx_v3/ansible_azure.azcollection.azure_rm_virtualmachine_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_virtualmachine.py", line 958, in __init__
      File "/tmp/ansible_azure.azcollection.azure_rm_virtualmachine_payload_c4ktx_v3/ansible_azure.azcollection.azure_rm_virtualmachine_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", line 464, in __init__
      File "/tmp/ansible_azure.azcollection.azure_rm_virtualmachine_payload_c4ktx_v3/ansible_azure.azcollection.azure_rm_virtualmachine_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", line 1531, in __init__
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/msrestazure/azure_active_directory.py", line 308, in __init__
        self.set_token()
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/msrestazure/azure_active_directory.py", line 326, in set_token
        raise_with_traceback(AuthenticationError, "", err)
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/msrest/exceptions.py", line 51, in raise_with_traceback
        raise error.with_traceback(exc_traceback)
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/msrestazure/azure_active_directory.py", line 318, in set_token
        token = self._context.acquire_token_with_username_password(
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/authentication_context.py", line 164, in acquire_token_with_username_password
        return self._acquire_token(token_func)
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/authentication_context.py", line 128, in _acquire_token
        return token_func(self)
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/authentication_context.py", line 162, in token_func
        return token_request.get_token_with_username_password(username, password)
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/token_request.py", line 285, in get_token_with_username_password
        token = self._get_token_username_password_federated(username, password)
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/token_request.py", line 256, in _get_token_username_password_federated
        return self._perform_username_password_for_access_token_exchange(wstrust_endpoint, wstrust_version,
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/token_request.py", line 209, in _perform_username_password_for_access_token_exchange
        wstrust_response = self._perform_wstrust_exchange(wstrust_endpoint, wstrust_endpoint_version, cloud_audience_urn,
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/token_request.py", line 197, in _perform_wstrust_exchange
        result = wstrust.acquire_token(username, password)
      File "/home/ben/venv3_ansible-4.2.0/lib/python3.8/site-packages/adal/wstrust_request.py", line 167, in acquire_token
        raise AdalError(return_error_string, error_response)
    msrest.exceptions.AuthenticationError: , AdalError: WS-Trust RST request returned http error: 503 and server response: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
    <HTML><HEAD><TITLE>Service Unavailable</TITLE>
    <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
    <BODY><h2>Service Unavailable</h2>
    <hr><p>HTTP Error 503. The service is unavailable.</p>
    </BODY></HTML>
  module_stdout: ''
  msg: |-
    MODULE FAILURE
    See stdout/stderr for the exact error
  rc: 1
        to retry, use: --limit @/home/ben/workspace/kiewit/ansible/playbooks/ap_s3d/power_on.retry

PLAY RECAP *******************************************************************************************************************************************************
azrs3dswd002.kiewitplaza.com : ok=0    changed=0    unreachable=0    failed=1    skipped=1    rescued=0    ignored=0   

Monday 18 April 2022  07:42:17 -0500 (0:00:01.424)       0:00:01.615 ********** 
=============================================================================== 
azure.azcollection.azure_rm_virtualmachine ------------------------------ 1.42s
watsonb commented 2 years ago

This appears to be a larger Azure issue, as I cannot connect via PowerShell either:

Connect-AzAccount: UsernamePasswordCredential authentication failed: Service is unavailable to process the request

Other colleagues are also unable to connect to hosted Azure SQL databases via SQL Server Management Studio with a similar 503 error code.

Closing this issue as it doesn't appear to be Ansible content related.