真正在 Azure 中运行的 Ubuntu VM 中使用 Azure 动态清单,非常感谢任何提供的帮助。 看起来凭证尚未应用,为 ansible azure secrets 和相关 ID 创建了环境变量,但看起来不像在应用,或者我可能错误地阅读了日志
**Config Steps**
I created an Ubuntu VM, installed pre-requisites and Ansible
I created an Azure Service Principal and assigned rbac roles, exported the usual values to env variables
**Created the below files**
*azure credentials*
cat /home/azureuser/.azure/credentials
[default]
subscription_id=0000000000000000000000000000
client_id=0000000000000000000000000000000000
secret=0000000000000000000000000000000000000
tenant=0000000000000000000000000000000000000
*ansible.cfg*
cat /etc/ansible/ansible.cfg
[defaults]
inventory=/home/azureuser/.ansible/inventory_azure_rm.yml
[inventory]
enable_plugins = host_list, script, auto, yaml, ini, toml
*inventory_azure_rm.yml*
cat /home/azureuser/.ansible/inventory_azure_rm.yml
plugin: azure.azcollection.azure_rm
auth_source: credential_file
include_vm_resource_groups:
- devops
*azure_rm.ini*
cat /home/azureuser/.ansible/azure_rm.ini
[azure]
include_powerstate=yes
group_by_resource_group=yes
group_by_location=yes
group_by_security_group=yes
group_by_tag=yes
**From the VM launched**
ansible-inventory -vvvv -i /home/azureuser/.ansible/inventory_azure_rm.yml --list
***Reply and Error***
ansible-inventory [core 2.14.4]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/azureuser/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
ansible collection location = /home/azureuser/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible-inventory
python version = 3.10.6 (main, Mar 10 2023, 10:55:28) [GCC 11.3.0] (/usr/bin/python3)
jinja version = 3.0.3
libyaml = True
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/azureuser/.ansible/inventory_azure_rm.yml as it did not pass its verify_file() method
script declined parsing /home/azureuser/.ansible/inventory_azure_rm.yml as it did not pass its verify_file() method
Loading collection azure.azcollection from /home/azureuser/.ansible/collections/ansible_collections/azure/azcollection
Using inventory plugin 'ansible_collections.azure.azcollection.plugins.inventory.azure_rm' to process inventory source '/home/azureuser/.ansible/inventory_azure_rm.yml'
toml declined parsing /home/azureuser/.ansible/inventory_azure_rm.yml as it did not pass its verify_file() method
[WARNING]: * Failed to parse /home/azureuser/.ansible/inventory_azure_rm.yml with auto plugin: name 'azure_cloud' is not defined
File "/usr/lib/python3/dist-packages/ansible/inventory/manager.py", line 293, in parse_source
plugin.parse(self._inventory, self._loader, source, cache=cache)
File "/usr/lib/python3/dist-packages/ansible/plugins/inventory/auto.py", line 59, in parse
plugin.parse(inventory, loader, path, cache=cache)
File "/home/azureuser/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 221, in parse
self._credential_setup()
File "/home/azureuser/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 242, in _credential_setup
self.azure_auth = AzureRMAuth(**auth_options)
File "/home/azureuser/.ansible/collections/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", line 1529, in init
self._cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD # SDK default
[WARNING]: * Failed to parse /home/azureuser/.ansible/inventory_azure_rm.yml with yaml plugin: Plugin configuration YAML file, not YAML inventory
File "/usr/lib/python3/dist-packages/ansible/inventory/manager.py", line 293, in parse_source
plugin.parse(self._inventory, self._loader, source, cache=cache)
File "/usr/lib/python3/dist-packages/ansible/plugins/inventory/yaml.py", line 114, in parse
raise AnsibleParserError('Plugin configuration YAML file, not YAML inventory')
[WARNING]: * Failed to parse /home/azureuser/.ansible/inventory_azure_rm.yml with ini plugin: Invalid host pattern 'plugin:' supplied, ending in ':' is not allowed, this character is reserved to provide a
port.
File "/usr/lib/python3/dist-packages/ansible/inventory/manager.py", line 293, in parse_source
plugin.parse(self._inventory, self._loader, source, cache=cache)
File "/usr/lib/python3/dist-packages/ansible/plugins/inventory/ini.py", line 137, in parse
raise AnsibleParserError(e)
[WARNING]: Unable to parse /home/azureuser/.ansible/inventory_azure_rm.yml as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
{
"_meta": {
"hostvars": {}
},
"all": {
"children": [
"ungrouped"
]
}
我创建了一个如下所示的 Azure Linux VM 并安装了 Ansible 以使用 Ansible 动态清单:-
创建 Linux VM 并使用以下命令安装 Ansible:-
我在这里引用了 MS 文档中的以下命令:- Get 开始 - 在 Azure VM 上配置 Ansible |微软 学习
命令:-
带有 azure_rm 模块的 Ansible 2.9:-
#!/bin/bash # Update all packages that have available updates. sudo yum update -y # Install Python 3 and pip. sudo yum install -y python3-pip # Upgrade pip3. sudo pip3 install --upgrade pip # Install Ansible. pip3 install "ansible==2.9.17" # Install Ansible azure_rm module for interacting with Azure. pip3 install ansible[azure] ``` Ansible 2.10 with azure.azcollection ```sh #!/bin/bash # Update all packages that have available updates. sudo yum update -y # Install Python 3 and pip. sudo yum install -y python3-pip # Upgrade pip3. sudo pip3 install --upgrade pip # Install Ansible az collection for interacting with Azure. ansible-galaxy collection install azure.azcollection # Install Ansible modules for Azure sudo pip3 install -r ~/.ansible/collections/ansible_collections/azure/azcollection/requirements-azure.txt
通过在我的 Ansible linux VM 中运行以下命令创建凭据文件以使用 Azure 服务主体进行身份验证:-
mkdir ~/.azure
vi ~/.azure/credentials
在凭证文件中添加服务主体值,如下所示:-
[default]
subscription_id=<subscription_id>
client_id=<service_principal_app_id>
secret=<service_principal_password>
tenant=<service_principal_tenant_id>
通过在您的中运行此命令来导出服务主体值 Linux VM 并通过创建 在您的虚拟机中使用 ansible 的资源组如下所示:-
AZURE_CLIENT_ID=<service_principal_app_id> export AZURE_SECRET=<service_principal_password> export AZURE_TENANT=<service_principal_tenant_id> ``` Run the below command to create resource group and test the credentials:- **Command:-** ```sh #Ansible 2.9 with azure_rm module ansible localhost -m azure_rm_resourcegroup -a "name=ansible-test123 location=eastus" #Ansible 2.10 with azure.azcollection ansible localhost -m azure.azcollection.azure_rm_resourcegroup -a "name=siliconansible54 location=eastus" ```
输出:-
现在,我创建了一个 yaml 文件来使用 ansible inventory 插件,它成功执行如下:-
我在这里引用了 MS 文档中的以下命令:- 教程 - 为 Azure 虚拟机配置动态清单 使用 Ansible |微软 学习 使用动态库存 ansible 插件
使用文件名myazure_rm.yml创建动态清单:-
- ansible-inventory-test-rg auth_source: auto
运行以下命令以使用动态库存插件:-
命令:-
ansible-inventory -i myazure_rm.yml --graph
输出:-
使用动态清单查找 VM 的主机变量:-
命令:-
ansible-inventory -i myazure_rm.yml --list
输出:-
确保您的服务主体在订阅级别分配了贡献者或所有者角色以执行 Azure 任务。