SQL 服务器不允许更新防火墙 - 创建防火墙规则实例时出错
SQL Server does not allow for firewall update - Error creating the Firewall Rule instance
大家好,我是 运行 以下 ansible playbook 到 azure cli。
我也从 Ubuntu 18.04.4 LTS 得到了类似的结果。
我还提出了一个 github 问题:https://github.com/Azure/Ansible/issues/21
使用 Azure CLI 是什么意思?
转到Azure:
-> Create a new Cloud Shell
-> Ansible is already installed
-> create a new yml file. Copy the below script.
-> Run the below playbook. With this command ansible-playbook nameofyourfile.yml
-> The below script fails
- hosts: localhost
connection: local
vars:
resource_group: ansibleResourceGroupName
webapp_name: ansibleWebAppName
plan_name: ansibleWebPlanName
location: westeurope
server_name: AnisbleDemoSqlServer
database_name: AnsibleDemoSqlDatabase
tasks:
- name: Create a resource group
azure_rm_resourcegroup:
name: "{{ resource_group }}"
location: "{{ location }}"
- name: Create App Service on Linux with dotnetcore
azure_rm_webapp:
resource_group: "{{ resource_group }}"
name: "{{ webapp_name }}"
plan:
resource_group: "{{ resource_group }}"
name: "{{ plan_name }}"
is_linux: true
sku: S1
number_of_workers: 1
frameworks:
- name: "dotnetcore"
version: "3.1"
- name: Create (or update) SQL Server
azure_rm_sqlserver:
resource_group: "{{ resource_group }}"
name: "{{ server_name }}"
location: "{{ location }}"
admin_username: panoskarajohn
admin_password: Testpasswordxyz12!
- name: Create (or update) SQL Database
azure_rm_sqldatabase:
resource_group: "{{ resource_group }}"
server_name: "{{ server_name }}"
name: "{{ database_name }}"
location: "{{ location }}"
- name: Create (or update) Firewall Rule
azure_rm_sqlfirewallrule:
resource_group: "{{ resource_group }}"
server_name: "{{ server_name }}"
name: firewallruleAllowAll
start_ip_address: 0.0.0.0.
end_ip_address: 255.255.255.255
我的sql服务器已创建。
但是防火墙规则失败,出现 unauthorised error.
At the end i have provided the errors
Also when i try to do it manually to add a firewall rule through the azure portal.
Everything is deactivated. Also the add client ip seems to be inactive.
Also even with the choices i am allowed to change, the save button is unresponsive.
The whole firewalls page seems unresponsive.
See image for more info.
当我通过 Azure 门户创建一个新的 sql 服务器时,一切似乎都在运行。
感谢任何帮助。
我得到的错误:
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error creating the Firewall Rule instance: 400 Client Error: Bad Request for url: -> 一些 url.
当我点击 url 我得到这个 json -> {"error":{"code":"AuthenticationFailed","message":"Authentication failed. The 'Authorization' header is missing."}}
我的 Ubuntu 机器的 Ansible 版本
ansible 2.9.6
config file = None
configured module search path = [u'/home/pkaragiannis/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible
executable location = /usr/local/bin/ansible
python version = 2.7.17 (default, Nov 7 2019, 10:07:09) [GCC 7.4.0]
Ansible Output from Ubuntu VM
PLAY [localhost] ***************************************************************************************
TASK [Gathering Facts] *********************************************************************************
ok: [localhost]
TASK [Create a resource group] *************************************************************************
changed: [localhost]
TASK [Create App Service on Linux with dotnetcore] *****************************************************
changed: [localhost]
TASK [Create (or update) SQL Server] *******************************************************************
[WARNING]: Azure API profile latest does not define an entry for SqlManagementClient
changed: [localhost]
TASK [Create (or update) SQL Database] *****************************************************************
changed: [localhost]
TASK [Create (or update) Firewall Rule] ****************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error creating the Firewall Rule instance: 400 Client Error: Bad Request for url: https://management.azure.com/subscriptions/******-*****-*******/resourceGroups/ansibleResourceGroupName/providers/Microsoft.Sql/servers/AnisbleDemoSqlServer/firewallRules/firewallruleAllowAll?api-version=2014-04-01"}
PLAY RECAP *********************************************************************************************
localhost : ok=5 changed=4 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
当你想为它创建 SQL 服务器和防火墙规则时,我看到你使用服务主体进行身份验证。因此,首先,服务主体应该具有您将使用的订阅或资源组的贡献者角色。
使用服务主体登录,然后使用 Azure CLI 命令创建 SQL 服务器和防火墙规则:
az sql server create -l westus -g mygroup -n myserver -u myadminuser -p myadminpassword
az sql server firewall-rule create -g mygroup -s myserver -n myrule --start-ip-address 1.2.3.4 --end-ip-address 5.6.7.8
有了 Ansible,它应该也能工作,我没有在代码中看到任何问题。只需使用服务主体正确设置凭据即可。
更新:
这里是ansible的截图:
更新 1:
这是上面截图的 YAML 文件:
- hosts: localhost
connection: local
tasks:
- name: Create (or update) SQL Server
azure_rm_sqlserver:
resource_group: mygroup
name: mysqlname
location: eastus
admin_username: username
admin_password: password
- name: Create (or update) Firewall Rule
azure_rm_sqlfirewallrule:
resource_group: mygroup
server_name: mysqlname
name: FirewallRule1
start_ip_address: 10.0.17.62
end_ip_address: 10.0.17.62
大家好,我是 运行 以下 ansible playbook 到 azure cli。
我也从 Ubuntu 18.04.4 LTS 得到了类似的结果。
我还提出了一个 github 问题:https://github.com/Azure/Ansible/issues/21
使用 Azure CLI 是什么意思?
转到Azure:
-> Create a new Cloud Shell
-> Ansible is already installed
-> create a new yml file. Copy the below script.
-> Run the below playbook. With this command
ansible-playbook nameofyourfile.yml-> The below script fails
- hosts: localhost
connection: local
vars:
resource_group: ansibleResourceGroupName
webapp_name: ansibleWebAppName
plan_name: ansibleWebPlanName
location: westeurope
server_name: AnisbleDemoSqlServer
database_name: AnsibleDemoSqlDatabase
tasks:
- name: Create a resource group
azure_rm_resourcegroup:
name: "{{ resource_group }}"
location: "{{ location }}"
- name: Create App Service on Linux with dotnetcore
azure_rm_webapp:
resource_group: "{{ resource_group }}"
name: "{{ webapp_name }}"
plan:
resource_group: "{{ resource_group }}"
name: "{{ plan_name }}"
is_linux: true
sku: S1
number_of_workers: 1
frameworks:
- name: "dotnetcore"
version: "3.1"
- name: Create (or update) SQL Server
azure_rm_sqlserver:
resource_group: "{{ resource_group }}"
name: "{{ server_name }}"
location: "{{ location }}"
admin_username: panoskarajohn
admin_password: Testpasswordxyz12!
- name: Create (or update) SQL Database
azure_rm_sqldatabase:
resource_group: "{{ resource_group }}"
server_name: "{{ server_name }}"
name: "{{ database_name }}"
location: "{{ location }}"
- name: Create (or update) Firewall Rule
azure_rm_sqlfirewallrule:
resource_group: "{{ resource_group }}"
server_name: "{{ server_name }}"
name: firewallruleAllowAll
start_ip_address: 0.0.0.0.
end_ip_address: 255.255.255.255
我的sql服务器已创建。
但是防火墙规则失败,出现 unauthorised error.
At the end i have provided the errors
Also when i try to do it manually to add a firewall rule through the azure portal. Everything is deactivated. Also the add client ip seems to be inactive.
Also even with the choices i am allowed to change, the save button is unresponsive. The whole firewalls page seems unresponsive.
See image for more info.
当我通过 Azure 门户创建一个新的 sql 服务器时,一切似乎都在运行。
感谢任何帮助。
我得到的错误:
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error creating the Firewall Rule instance: 400 Client Error: Bad Request for url: -> 一些 url.
当我点击 url 我得到这个 json -> {"error":{"code":"AuthenticationFailed","message":"Authentication failed. The 'Authorization' header is missing."}}
我的 Ubuntu 机器的 Ansible 版本
ansible 2.9.6 config file = None configured module search path = [u'/home/pkaragiannis/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible executable location = /usr/local/bin/ansible python version = 2.7.17 (default, Nov 7 2019, 10:07:09) [GCC 7.4.0]
Ansible Output from Ubuntu VM
PLAY [localhost] ***************************************************************************************
TASK [Gathering Facts] ********************************************************************************* ok: [localhost]
TASK [Create a resource group] ************************************************************************* changed: [localhost]
TASK [Create App Service on Linux with dotnetcore] ***************************************************** changed: [localhost]
TASK [Create (or update) SQL Server] ******************************************************************* [WARNING]: Azure API profile latest does not define an entry for SqlManagementClient changed: [localhost]
TASK [Create (or update) SQL Database] ***************************************************************** changed: [localhost]
TASK [Create (or update) Firewall Rule] **************************************************************** fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error creating the Firewall Rule instance: 400 Client Error: Bad Request for url: https://management.azure.com/subscriptions/******-*****-*******/resourceGroups/ansibleResourceGroupName/providers/Microsoft.Sql/servers/AnisbleDemoSqlServer/firewallRules/firewallruleAllowAll?api-version=2014-04-01"}
PLAY RECAP ********************************************************************************************* localhost : ok=5 changed=4 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
当你想为它创建 SQL 服务器和防火墙规则时,我看到你使用服务主体进行身份验证。因此,首先,服务主体应该具有您将使用的订阅或资源组的贡献者角色。
使用服务主体登录,然后使用 Azure CLI 命令创建 SQL 服务器和防火墙规则:
az sql server create -l westus -g mygroup -n myserver -u myadminuser -p myadminpassword
az sql server firewall-rule create -g mygroup -s myserver -n myrule --start-ip-address 1.2.3.4 --end-ip-address 5.6.7.8
有了 Ansible,它应该也能工作,我没有在代码中看到任何问题。只需使用服务主体正确设置凭据即可。
更新:
这里是ansible的截图:
更新 1:
这是上面截图的 YAML 文件:
- hosts: localhost
connection: local
tasks:
- name: Create (or update) SQL Server
azure_rm_sqlserver:
resource_group: mygroup
name: mysqlname
location: eastus
admin_username: username
admin_password: password
- name: Create (or update) Firewall Rule
azure_rm_sqlfirewallrule:
resource_group: mygroup
server_name: mysqlname
name: FirewallRule1
start_ip_address: 10.0.17.62
end_ip_address: 10.0.17.62