0

I have recently started using Ansible to automate the deployment of a docker image to an Azure Kubernetes Service.

I have an ansible file called azure_create_aks.yml. I am running the following command on my mac ansible-playbook azure_create_aks.yml but it fails with the following (snippet from the stack trace):

msrest.exceptions.AuthenticationError: , AdalError: Get Token request returned http error: 400 and server response: Bad Request

I've tried uninstalling ansible and azure-cli and reinstalled using the following: - brew update && brew install azure-cli - az aks install-cli - pip3 install ansible[azure]

I also tried uninstalling python 3 so that it would be using python 2 instead. From looking around on Stack Overflow, I think i might be encountering a dependency issue with msrestazure or possible an issue with the version of pip or python I have on my local.

After running ansible-playbook azure_create_aks.yml, I get the following: 

 [WARNING]: No inventory was parsed, only implicit localhost is available

 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [Create Azure Kubernetes Service] *********************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Create resource group] *******************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "/Users/hughej/.ansible/tmp/ansible-tmp-1569328685.354382-6386128387997/AnsiballZ_azure_rm_resourcegroup.py:18: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses\n  import imp\nTraceback (most recent call last):\n  File \"/usr/local/lib/python3.7/site-packages/msrestazure/azure_active_directory.py\", line 366, in set_token\n    self.secret\n  File \"/usr/local/lib/python3.7/site-packages/adal/authentication_context.py\", line 179, in acquire_token_with_client_credentials\n    return self._acquire_token(token_func)\n  File \"/usr/local/lib/python3.7/site-packages/adal/authentication_context.py\", line 128, in _acquire_token\n    return token_func(self)\n  File \"/usr/local/lib/python3.7/site-packages/adal/authentication_context.py\", line 177, in token_func\n    return token_request.get_token_with_client_credentials(client_secret)\n  File \"/usr/local/lib/python3.7/site-packages/adal/token_request.py\", line 310, in get_token_with_client_credentials\n    token = self._oauth_get_token(oauth_parameters)\n  File \"/usr/local/lib/python3.7/site-packages/adal/token_request.py\", line 112, in _oauth_get_token\n    return client.get_token(oauth_parameters)\n  File \"/usr/local/lib/python3.7/site-packages/adal/oauth2_client.py\", line 289, in get_token\n    raise AdalError(return_error_string, error_response)\nadal.adal_error.AdalError: Get Token request returned http error: 400 and server response: Bad Request\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"/Users/hughej/.ansible/tmp/ansible-tmp-1569328685.354382-6386128387997/AnsiballZ_azure_rm_resourcegroup.py\", line 114, in <module>\n    _ansiballz_main()\n  File \"/Users/hughej/.ansible/tmp/ansible-tmp-1569328685.354382-6386128387997/AnsiballZ_azure_rm_resourcegroup.py\", line 106, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/Users/hughej/.ansible/tmp/ansible-tmp-1569328685.354382-6386128387997/AnsiballZ_azure_rm_resourcegroup.py\", line 49, in invoke_module\n    imp.load_module('__main__', mod, module, MOD_DESC)\n  File \"/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/imp.py\", line 234, in load_module\n    return load_source(name, filename, file)\n  File \"/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/imp.py\", line 169, in load_source\n    module = _exec(spec, sys.modules[name])\n  File \"<frozen importlib._bootstrap>\", line 630, in _exec\n  File \"<frozen importlib._bootstrap_external>\", line 728, in exec_module\n  File \"<frozen importlib._bootstrap>\", line 219, in _call_with_frames_removed\n  File \"/var/folders/2t/30gk2pfx5_n08tfd45g3v674b8c1y8/T/ansible_azure_rm_resourcegroup_payload_6hqj1_fs/__main__.py\", line 266, in <module>\n  File \"/var/folders/2t/30gk2pfx5_n08tfd45g3v674b8c1y8/T/ansible_azure_rm_resourcegroup_payload_6hqj1_fs/__main__.py\", line 262, in main\n  File \"/var/folders/2t/30gk2pfx5_n08tfd45g3v674b8c1y8/T/ansible_azure_rm_resourcegroup_payload_6hqj1_fs/__main__.py\", line 144, in __init__\n  File \"/var/folders/2t/30gk2pfx5_n08tfd45g3v674b8c1y8/T/ansible_azure_rm_resourcegroup_payload_6hqj1_fs/ansible_azure_rm_resourcegroup_payload.zip/ansible/module_utils/azure_rm_common.py\", line 318, in __init__\n  File \"/var/folders/2t/30gk2pfx5_n08tfd45g3v674b8c1y8/T/ansible_azure_rm_resourcegroup_payload_6hqj1_fs/ansible_azure_rm_resourcegroup_payload.zip/ansible/module_utils/azure_rm_common.py\", line 1095, in __init__\n  File \"/usr/local/lib/python3.7/site-packages/msrestazure/azure_active_directory.py\", line 354, in __init__\n    self.set_token()\n  File \"/usr/local/lib/python3.7/site-packages/msrestazure/azure_active_directory.py\", line 370, in set_token\n    raise_with_traceback(AuthenticationError, \"\", err)\n  File \"/usr/local/lib/python3.7/site-packages/msrest/exceptions.py\", line 54, in raise_with_traceback\n    raise error.with_traceback(exc_traceback)\n  File \"/usr/local/lib/python3.7/site-packages/msrestazure/azure_active_directory.py\", line 366, in set_token\n    self.secret\n  File \"/usr/local/lib/python3.7/site-packages/adal/authentication_context.py\", line 179, in acquire_token_with_client_credentials\n    return self._acquire_token(token_func)\n  File \"/usr/local/lib/python3.7/site-packages/adal/authentication_context.py\", line 128, in _acquire_token\n    return token_func(self)\n  File \"/usr/local/lib/python3.7/site-packages/adal/authentication_context.py\", line 177, in token_func\n    return token_request.get_token_with_client_credentials(client_secret)\n  File \"/usr/local/lib/python3.7/site-packages/adal/token_request.py\", line 310, in get_token_with_client_credentials\n    token = self._oauth_get_token(oauth_parameters)\n  File \"/usr/local/lib/python3.7/site-packages/adal/token_request.py\", line 112, in _oauth_get_token\n    return client.get_token(oauth_parameters)\n  File \"/usr/local/lib/python3.7/site-packages/adal/oauth2_client.py\", line 289, in get_token\n    raise AdalError(return_error_string, error_response)\nmsrest.exceptions.AuthenticationError: , AdalError: Get Token request returned http error: 400 and server response: Bad Request\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

I'm expected the ansible playbook command to run and deploy to Azure. However this authentication error is stopping the process.

By the way, here's my ansible playbook file(sanitised):

- name: Create Azure Kubernetes Service
  hosts: localhost
  connection: local
  vars:
    resource_group: pipeline-in-a-box
    location: uksouth
    aks_name: pipeline-in-a-box-cluster
    username: "devOpsBot"
    ssh_key: "My public SSH key"
    client_id: "service principle id"
    client_secret: "service principle password"
    kubernetes_version: "1.14.6"
  tasks:
  - name: Create resource group
    azure_rm_resourcegroup:
      name: "{{ resource_group }}"
      location: "{{ location }}"
  - name: Create a managed Azure Container Services (AKS) cluster
    azure_rm_aks:
      name: "{{ aks_name }}"
      location: "{{ location }}"
      resource_group: "{{ resource_group }}"
      dns_prefix: "{{ aks_name }}"
      kubernetes_version: "{{ kubernetes_version }}"
      linux_profile:
        admin_username: "{{ username }}"
        ssh_key: "{{ ssh_key }}"
      service_principal:
        client_id: "{{ client_id }}"
        client_secret: "{{ client_secret }}"
      agent_pool_profiles:
        - name: default
          count: 2
          vm_size: Standard_D2_v2
      tags:
        Environment: Test
  - name: Create Azure Storage Account
    azure_rm_storageaccount:
      resource_group: "{{ resource_group }}"
      name: piabstorage
      type: Standard_RAGRS
      tags:
        testing: testing
        delete: on-exit
  - name: Create managed disk
    azure_rm_manageddisk:
      name: piabdisk
      location: uksouth
      resource_group: "{{ resource_group }}"
      disk_size_gb: 1
  - name: Create an azure container registry
    azure_rm_containerregistry:
      name: piabregistry
      location: "{{ location }}"
      resource_group: "{{ resource_group }}"
      admin_user_enabled: True
      sku: Basic
    register: acr_result
  - name: Push docker image to comtainer registry
    docker_image:
      name: atlassian/confluence-server
      repository: piabregistry.azurecr.io
      push: yes
      source: pull
  - name: Create Azure Container Instance
    azure_rm_containerinstance:
      resource_group: "{{ resource_group }}"
      name: piabcontainer
      ip_address: public
      ports:
        - "8090"
        - "8091"
      registry_login_server: piabregistry.azurecr.io
      registry_username: piabregistry
      registry_password: "{{ acr_result.credentials.password }}"
      containers:
      - name: confluence-server
        ports:
          - "8090"
          - "8091"
        image: atlassian/confluence-server
  - name: Get details of the AKS
    azure_rm_aks_facts:
      name: aksfacts
      resource_group: "{{ resource_group }}"
      show_kubeconfig: user
  - name: Show AKS cluster detail
    debug:
      var: output.aks[0]
    ```
James Hughes
  • 21
  • 4
  • Here's my Ansible version: ```ansible 2.8.5 config file = None configured module search path = ['/Users/hughej/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.7/site-packages/ansible executable location = /usr/local/bin/ansible python version = 3.7.4 (default, Sep 7 2019, 18:27:02) [Clang 10.0.1 (clang-1001.0.46.4)]``` – James Hughes Sep 24 '19 at 13:05
  • Here's my Azure CLI version: ```azure-cli 2.0.72 * command-modules-nspkg 2.0.3 core 2.0.72 * nspkg 3.0.4 telemetry 1.0.3 Python location '/usr/local/Cellar/azure-cli/2.0.72_1/libexec/bin/python' Extensions directory '/Users/xxx/.azure/cliextensions' Python (Darwin) 3.7.4 (default, Sep 7 2019, 18:27:02) [Clang 10.0.1 (clang-1001.0.46.4)]``` – James Hughes Sep 24 '19 at 13:07
  • Here's my Python version: `Python 2.7.16` – James Hughes Sep 24 '19 at 13:08
  • 3
    Hi @James Huges and welcome to SO. Please don't add comments to enrich your question, edit your question instead. You did not show your playbook (or the least the task used to create your ressource group) which is probably the most important info. `Error 400: bad request` could mean that your are using POST instead of GET of that your entire http request is malformed. – Zeitounator Sep 24 '19 at 14:17
  • You might be interested in the [following question](https://stackoverflow.com/questions/38648978/azure-ad-oauth2-access-token-request-error-400-bad-request) – Zeitounator Sep 24 '19 at 16:01
  • You are right. The package `msrestazure` is needed. Can you show which document do you follow? And how do you set the credential for ansible? – Charles Xu Sep 25 '19 at 01:34
  • @Zeitounator thanks for the response and advice. I've edited my question with the ansible playbook file i'm using – James Hughes Sep 25 '19 at 09:02

0 Answers0