Azure/Ansible "Invalid client secret is provided"
Azure/Ansible "Invalid client secret is provided"
我开始使用 Ansible,尝试在 Azure 中制作虚拟机等。
我对身份验证有点困惑。这是我用来创建我认为我需要的东西的命令:
az ad sp create-for-rbac --name AzureTools --password "A Password I Made Up"
然后我制作了 ~/.ansible/credentials 文件,内容如下:
[default]
subscription_id=my-sub-id
client_id=the appId from when I ran the previous command
secret='A Password I Made Up'
tenant=the tenantid from the above command
当我尝试 运行 ansible 剧本时,我得到了这个(提供了无效的客户端密码)请参阅下面的完整错误:
fatal: [localhost]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_QL57O_/ansible_module_azure_rm_virtualmachine.py\", line 1553, in <module>\n main()\n File \"/tmp/ansible_QL57O_/ansible_module_azure_rm_virtualmachine.py\", line 1550, in main\n AzureRMVirtualMachine()\n File \"/tmp/ansible_QL57O_/ansible_module_azure_rm_virtualmachine.py\", line 651, in __init__\n supports_check_mode=True)\n File \"/tmp/ansible_QL57O_/ansible_modlib.zip/ansible/module_utils/azure_rm_common.py\", line 265, in __init__\n File \"/usr/local/lib/python2.7/dist-packages/msrestazure/azure_active_directory.py\", line 440, in __init__\n self.set_token()\n File \"/usr/local/lib/python2.7/dist-packages/msrestazure/azure_active_directory.py\", line 473, in set_token\n raise_with_traceback(AuthenticationError, \"\", err)\n File \"/usr/local/lib/python2.7/dist-packages/msrest/exceptions.py\", line 48, in raise_with_traceback\n raise error\nmsrest.exceptions.AuthenticationError: , InvalidClientError: (invalid_client) AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID: 34de605e-5d21-4be2-84c1-27759ffe0000\r\nCorrelation ID: e62ed2ee-46b8-4847-9c1d-0c1e24ab711a\r\nTimestamp: 2018-03-08 21:00:55Z\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 0
那么,我错过了什么?秘密不应该是那个密码吗?如果不是,那应该是什么?所有的文档都只是说 "just put your secret here" 但他们没有解释它是什么或它来自哪里。
环境:Ubuntu16.04 运行在 Azure 的虚拟机中。
ansible 2.4.3.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/path/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0 20160609]
如果我遗漏了任何信息,请告诉我。
提前致谢!
在 secret 行中,您应该删除单引号。我在我的实验室测试,如果我使用单引号,我会得到和你一样的错误日志。
第二个问题是您应该在 ~/.azure/credentials 而不是 ~/.ansible 中创建 credentials。有关此的更多信息,请参阅此 link.
我开始使用 Ansible,尝试在 Azure 中制作虚拟机等。
我对身份验证有点困惑。这是我用来创建我认为我需要的东西的命令:
az ad sp create-for-rbac --name AzureTools --password "A Password I Made Up"
然后我制作了 ~/.ansible/credentials 文件,内容如下:
[default]
subscription_id=my-sub-id
client_id=the appId from when I ran the previous command
secret='A Password I Made Up'
tenant=the tenantid from the above command
当我尝试 运行 ansible 剧本时,我得到了这个(提供了无效的客户端密码)请参阅下面的完整错误:
fatal: [localhost]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_QL57O_/ansible_module_azure_rm_virtualmachine.py\", line 1553, in <module>\n main()\n File \"/tmp/ansible_QL57O_/ansible_module_azure_rm_virtualmachine.py\", line 1550, in main\n AzureRMVirtualMachine()\n File \"/tmp/ansible_QL57O_/ansible_module_azure_rm_virtualmachine.py\", line 651, in __init__\n supports_check_mode=True)\n File \"/tmp/ansible_QL57O_/ansible_modlib.zip/ansible/module_utils/azure_rm_common.py\", line 265, in __init__\n File \"/usr/local/lib/python2.7/dist-packages/msrestazure/azure_active_directory.py\", line 440, in __init__\n self.set_token()\n File \"/usr/local/lib/python2.7/dist-packages/msrestazure/azure_active_directory.py\", line 473, in set_token\n raise_with_traceback(AuthenticationError, \"\", err)\n File \"/usr/local/lib/python2.7/dist-packages/msrest/exceptions.py\", line 48, in raise_with_traceback\n raise error\nmsrest.exceptions.AuthenticationError: , InvalidClientError: (invalid_client) AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID: 34de605e-5d21-4be2-84c1-27759ffe0000\r\nCorrelation ID: e62ed2ee-46b8-4847-9c1d-0c1e24ab711a\r\nTimestamp: 2018-03-08 21:00:55Z\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 0
那么,我错过了什么?秘密不应该是那个密码吗?如果不是,那应该是什么?所有的文档都只是说 "just put your secret here" 但他们没有解释它是什么或它来自哪里。
环境:Ubuntu16.04 运行在 Azure 的虚拟机中。
ansible 2.4.3.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/path/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0 20160609]
如果我遗漏了任何信息,请告诉我。
提前致谢!
在 secret 行中,您应该删除单引号。我在我的实验室测试,如果我使用单引号,我会得到和你一样的错误日志。
第二个问题是您应该在 ~/.azure/credentials 而不是 ~/.ansible 中创建 credentials。有关此的更多信息,请参阅此 link.