Closed soheilade closed 4 years ago
Not sure if you posted your command correctly, but the command in the guide is
object_id_principal=`az ad sp show --id $app_id_principal --query objectId --output tsv`
and not
object_id_principal=az ad sp show --id $app_id_principal --query objectId --output tsv``
Thanks Kai for the comment, It is a typo caused by github notation for code, but this is not what causes the error, there is a problem with the service principal... considering these 3 commands:
service_principal=az ad sp create-for-rbac --name http://honoServicePrincipal --skip-assignment --output tsv
app_id_principal=echo $service_principal|cut -f1
password_principal=echo $service_principal|cut -f4
according to [1] there is no output switch for command az ad sp create-for-rbac
in here
service_principal=az ad sp create-for-rbac --name http://honoServicePrincipal --skip-assignment --output tsv
morover, when i echo these variables
service_principal, app_id_principal, password_principal
they all have the same value regardless of the cut command.
Here's the output of
$ az ad sp create-for-rbac --help
Command
az ad sp create-for-rbac : Create a service principal and configure its access to Azure
resources.
Arguments
--name -n : A URI to use as the logic name. It doesn't need to exist. If not present,
CLI will generate one.
--role : Role of the service principal. Default: Contributor.
--scopes : Space-separated list of scopes the service principal's role assignment
applies to. Defaults to the root of the current subscription.
--sdk-auth : Output result in compatible with Azure SDK auth file. Allowed values:
false, true.
--skip-assignment : Skip creating the default assignment, which allows the service principal to
access resources under the current subscription. Allowed values: false,
true.
Credential Arguments
--cert : Certificate to use for credentials.
When used with `--keyvault,` indicates the name of the cert to use or create. Otherwise,
supply a PEM or DER formatted public certificate string. Use `@{path}` to load from a file.
Do not include private key info.
--create-cert : Create a self-signed certificate to use for the credential.
Use with `--keyvault` to create the certificate in Key Vault. Otherwise, a certificate will
be created locally.
--keyvault : Name or ID of a KeyVault to use for creating or retrieving certificates.
--years : Number of years for which the credentials will be valid. Default: 1 year.
Global Arguments
--debug : Increase logging verbosity to show all debug logs.
--help -h : Show this help message and exit.
--output -o : Output format. Allowed values: json, jsonc, none, table, tsv, yaml, yamlc.
Default: json.
--query : JMESPath query string. See http://jmespath.org/ for more information and
examples.
--verbose : Increase logging verbosity. Use --debug for full debug logs.
And here's the version of my az
client:
$ az version
This command is in preview. It may be changed/removed in a future release.
{
"azure-cli": "2.1.0",
"azure-cli-command-modules-nspkg": "2.0.3",
"azure-cli-core": "2.1.0",
"azure-cli-nspkg": "3.0.4",
"azure-cli-telemetry": "1.0.4",
"extensions": {}
}
Do you have the same version installed?
yup, I think the problem is on the cut command. and it does not execute because those 3 variables (service_principal, app_id_principal, password_principal) have all the same value.
What is the value of echo $service_principal
?
all of them has this value > i changed the numbers
16e09af9-4xxx-4e24-bxxx-e35dfxxxxx5b honoServicePrincipal http://honoServicePrincipal ecxxxx901-134e-425x-axx05-5dexxxx3c62 4edhgsrjc11-fab3-44d8-812f-f2bjydxitu68oif6b5
and the error is
az: error: unrecognized arguments: honoServicePrincipal http://honoServicePrincipal 48xfxjhfjb6-ggba-431b-814a-ca14xfjhc6b7c 4exfgh0c11-fab3-44d8-812f-f2bfzdhgzb5 usage: az [-h] [--verbose] [--debug] [--output {json,jsonc,table,tsv,yaml,yamlc,none}] [--query JMESPATH] {ad} ...
can you try to use ... | cut -f 1 -d ' '
, i.e. appending -d ' '
(there is a whitespace between the quotes), when assigning the other variables?
yup, it worked, thanks, now when running this command
acr_id_access_registry='az acr show --resource-group $acr_resourcegroupname --name $acr_registry_name --query "id" --output tsv'
results in an error indicating that acr is not created
The Resource 'Microsoft.ContainerRegistry/registries/honoacrReg' under resource group 'honoTest' was not found
I think a command is missing before this command to create an acr with specified RG, right?
e.g., az acr create --resource-group myResourceGroup --name myContainerRegistry --sku Basic
looks like it. You should be able to create the container registry as described here. Seems like the corresponding command line has been omitted from our setup guide ...
@soheilade can you try if this works for you:
# Resource group where the ACR is deployed.
acr_resourcegroupname={YOUR_ACR_RG}
# Name of your ACR.
acr_registry_name={YOUR_ACR_NAME}
# Full name of the ACR.
acr_login_server=$acr_registry_name.azurecr.io
# Create service principal
service_principal=`az ad sp create-for-rbac --name http://honoServicePrincipal --skip-assignment --output tsv`
app_id_principal=`echo $service_principal | cut -f1 -d ' '`
password_principal=`echo $service_principal | cut -f4 -d ' '`
object_id_principal=`az ad sp show --id $app_id_principal --query objectId --output tsv`
Note: it might take a few seconds until the principal is available for the next steps.
# Create container registry
az acr create --resource-group $acr_resourcegroupname --name $acr_registry_name --sku Basic
# and allow cluster to read from registry
acr_id_access_registry=`az acr show --resource-group $acr_resourcegroupname --name $acr_registry_name --query "id" --output tsv`
az role assignment create --assignee $app_id_principal --scope $acr_id_access_registry --role Reader
Thanks Kai, it worked out, however, when I ran the deployment command below
az group deployment create --name HonoBasicInfrastructure --resource-group $resourcegroup_name --template-file arm/honoInfrastructureDeployment.json --parameters uniqueSolutionPrefix=$unique_solution_prefix servicePrincipalObjectId=$object_id_principal servicePrincipalClientId=$app_id_principal servicePrincipalClientSecret=$password_principal
I get this error
Deployment failed. Correlation ID: 5ac40d23-6e88-494d-849e-9147d230dc4f. {
"error": {
"code": "DeploymentNotFound",
"message": "Deployment 'honoServiceBusDeployment' could not be found."
}
}
any comment on this? (what is the difference between az group deployment create
and kubectl apply
btw, are they same concepts?)
These deployment ARM files have been contributed by Microsoft. I am far from an expert on the subject matter and do not know what the error means. @kaizimmerm can you help us out here?
is there any config file for setting up basic hono infrastructure like the one in minikube? (to just play around with hono instances)
The az group deployment create
command is for setting up the Kubernetes cluster on Azure. Deployment of Hono itself then is done using Hono's helm chart ...
thanks Kai, I tried to build various branches of git repo but all of them fails, can you please specify which branch should i checkout for this command to succeed?
mvn install -Pbuild-docker-image -Ddocker.registry=$acr_login_server
Not sure what you are trying to do. Is this still about setting up the AKS cluster on Azure? Or is this about deploying to an existing AKS cluster via an Azure Container Registry?
If you are not able to set up the infrastructure on Azure (kubernetes cluster and container registry), then what are you trying to deploy to?
well, i just wanted to see if i can build hono :D (I managed to build hono on my personal PC though, now I need to push it to my Azure acr).
However, I have an acr running, but the infrastructure command below fails;
az group deployment create --name HonoBasicInfrastructure --resource-group $resourcegroup_name --template-file arm/honoInfrastructureDeployment.json --parameters uniqueSolutionPrefix=$unique_solution_prefix servicePrincipalObjectId=$object_id_principal servicePrincipalClientId=$app_id_principal servicePrincipalClientSecret=$password_principal
This command is to create a k8s cluster using arm/honoInfrastructureDeployment.json
, is there another alternative example infrastructure that I can use ? can I build a simple k8s cluster with az aks create --resource-group myResourceGroup --name myAKSCluster --node-count 1 --enable-addons monitoring --generate-ssh-keys
and use this one instead?
As I said, I am no expert in Azure AKS. But why don't you simply give it a shot and try?
Hi @soheilade!
Which Hono AMQP 1.0 Messaging Network do you intend to use? A self hosted Artemis or Azure's Service Bus?
See:
add the following parameter in case you want to opt for the Azure Service Bus as broker in the Hono AMQP 1.0 Messaging Network instead of deploying a (self-hosted) ActiveMQ Artemis into AKS: serviceBus=true
(source: https://www.eclipse.org/hono/docs/deployment/create-kubernetes-cluster/#setup)
Hi @fkaltner , Thanks for the comment, I also set service parameter to true and I got this error. can it be that I am not using the right branch?
According to the template the parameter mentioned in the error message should be set to the value of uniqueSolutionPrefix:
"dnsPrefix": { "value": "[parameters('uniqueSolutionPrefix')]" },
Are you sure that the environment variable unique_solution_prefix
is set on your machine?
I also think that you may not be using the "az" CLI correctly. As far as I understand from the docs (https://docs.microsoft.com/en-us/cli/azure/group/deployment?view=azure-cli-latest#az-group-deployment-create) you need a --parameters
option for each parameter.
So I needs to be like --parameters uniqueSolutionPrefix=<your-prefix> --parameters serviceBus=true
etc.
Thanks Florian, I modified the command, It seems I have some problem with my quota limit but still there are some other label errors. any thought on this?
@soheilade the RE seems to indicate that you can only use lower case letters for the domain name which is derived from your uniqueSolutionPrefix (soheilaHono
).
thanks Kai, ok, it works now.
helm init creates an error as follows
which version of helm are you using?
@soheilade there is no need to initialize tiller if you are using Helm >= 3 (which is recommended). I have tried to fix the problems discovered during this discussion. Would you mind giving it another shot based on the AKS setup guide using branch master?
@soheilade there is no need to initialize tiller if you are using Helm >= 3 (which is recommended). I have tried to fix the problems discovered during this discussion. Would you mind giving it another shot based on the AKS setup guide using branch master?
apparently--parameters
must be before every parameter we pass to this command
az group deployment create --name HonoBasicInfrastructure --resource-group $resourcegroup_name --template-file arm/honoInfrastructureDeployment.json --parameters uniqueSolutionPrefix=$unique_solution_prefix --parameters servicePrincipalObjectId=$object_id_principal --parameters servicePrincipalClientId=$app_id_principal --parameters servicePrincipalClientSecret=$password_principal
the rest are 👍
@soheilade thanks for checking :+1: Are you sure about the --parameters
flag being required for each parameter? The examples I have seen in Microsoft's online docs seem to suggest that you can specify multiple parameter assignments after a single --parameters
(which would also be consistent with the plural form being used)
I tried without parameters, it works as well :)
@soheilade can this be closed?
Dear All, I am following instructions here to setup service principal for my hono instance in azure. After running the command
object_id_principal=
az ad sp show --id $app_id_principal --query objectId --output tsv``I get this error
any thought how to resolve it? P.S. I faked the number, just in case.
following the guids in [1] and [2] it is also not clear where exactly the Azure container registry is created. could please elaborate on that?
Best regards Soheila