Reputation: 11
Running GitActions Pipeline to create resources in Azure with Ansible Could not retrieve credential from local cache for service principal
I'm trying to develop a pipeline on GitActions with Ansible, after some issue with compatibility with playbook and enviroment I was finally able to connect my Ubuntu 20.04 local machine with Azure. My goal is to use a GitActions pipeline to deploy vm on Azure.
I need to connect with azure with a service principal that I've already created and added to git Action secrets with AZURE_CREDENTIAL json file.
on: [push]
name: AzureLoginSample
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@master
with:
path: main
- name: Azure Login
uses: azure/login@v1
with:
enable-AzPSSession: true
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Azure CLI script
uses: azure/CLI@v1
with:
azcliversion: latest
inlineScript: |
set -ex
ls ~/.azure
cat ~/.azure/versionCheck.json
az --version
az account show
az group list
- name: Install Ansible
run: |
sudo apt update
sudo apt install python3-pip
sudo apt install python3.8-venv
python3 -m venv ansible-playbook && . ansible-playbook/bin/activate && pip3 install --upgrade pip && pip3 install wheel
pip3 install ansible==2.10.0
ansible-galaxy collection install azure.azcollection
pip3 install -r ~/.ansible/collections/ansible_collections/azure/azcollection/requirements-azure.txt
- name: Create Azure Resource Group with Ansible Playbook
run: |
./ansible-playbook/bin/ansible-playbook main/ansible/playbook/create_rg_azcollection.yml -vvv
azure/login@v1 and Azure CLI script are working, but at the end my job install ansible is not working due to authentication error.
Could not retrieve credential from local cache for service principal ***. Please run 'az login' for this service principal.\n"
It's clear to me that my ansible steps use differnt python interpreter so the previous login with AZ is not working because I'm running on ansible playbook environment. Do you have any idea how to solve this issue?
Upvotes: 0
Views: 432
Answers (1)
Reputation: 11
I finally realized how to solve, just copy the credentials into GitActions pipeline's user, named runner in $HOME/.azure folder.
The command I use is :
cp <path/from/repos/credential> ~/.azure
inside credentials file you need to store the output from azure service principal creation
'az ad sp create-for-rbac --name GitActionsPipeline --role Contributor --sdk-auth'
{
"clientId": "************************************",
"clientSecret": "*********************************",
"subscriptionId": "*********************************",
"tenantId": "*********************************",
"activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
"resourceManagerEndpointUrl": "https://management.azure.com/",
"activeDirectoryGraphResourceId": "https://graph.windows.net/",
"sqlManagementEndpointUrl":
"https://management.core.windows.net:8443/",
"galleryEndpointUrl": "https://gallery.azure.com/",
"managementEndpointUrl": "https://management.core.windows.net/"
}
Upvotes: 1
Related Questions
- Authenticating with Azure Repos git module sources in an Azure Pipelines build
- ERROR: The requested resource requires user authentication: in AzureCLI task build pipeline
- Set git credentials inside a Azure yaml pipeline
- Azure DevOps error 'Git fetch failed with exit code 1: could not read Username
- unable to generate git credential for Azure Repos git using Azure DevOps
- "Could not retrieve credential from local cache for service principal" when using Azure CLI 2.30.0 credentials in Python SDK on Azure Devops MS agent
- Interactive password support for Ansible clone of Azure Repository
- Azure DevOps ,git fetch failed with exit code 128,fatal:Authentication failed for
- Using Azure DevOps with Ansible
- Passing Git credentials to Ansible throwing an error