尝试使用Azure的Ansible dynamic inventory插件时出错

Question

我正在尝试使用Ansible的azure_rm插件来为Azure中的虚拟机生成动态清单，但是当我尝试运行sanity-check命令时，我收到了一个"batched request“错误403：

$ ansible all -m ping 
[WARNING]:  * Failed to parse /project/ansible/inventory.azure_rm.yml with
ansible_collections.azure.azcollection.plugins.inventory.azure_rm plugin: a batched request failed with status code 403, url
/subscriptions/<redacted>/resourceGroups/<redacted>/providers/Microsoft.Compute/virtualMachines
...

下面是我的macOS设置的细节：

$ ansible --version
ansible 2.10.3
  config file = /project/ansible/ansible.cfg
  configured module search path = ['/Users/me/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/2.10.3_1/libexec/lib/python3.9/site-packages/ansible
  executable location = /usr/local/Cellar/ansible/2.10.3_1/libexec/bin/ansible
  python version = 3.9.0 (default, Dec  6 2020, 18:02:34) [Clang 12.0.0 (clang-1200.0.32.27)]

这是inventory.azure_rm.yml文件：

plugin: azure_rm
include_vm_resource_groups:
- <redacted>
auth_source: auto

keyed_groups:
- prefix: tag
  key: tags

我还将此代码添加到本地ansible.cfg文件中：

inventory      = ./inventory.azure_rm.yml

我还将验证Azure的细节定义为环境变量：

$ env | grep AZURE
AZURE_TENANT=<redacted>
AZURE_CLIENT_ID=<redacted>
AZURE_USE_PRIVATE_IP=yes
AZURE_SECRET=<redacted>
AZURE_SUBSCRIPTION_ID=<redacted>

这些“凭证”与我使用Terraform创建VM时使用的“凭证”相同，我现在正尝试动态清点这些VM，所以它们应该是好的。因此，对于403错误背后的原因，可能会有一些损失。

然后，我在命令中添加了一个-vvvv选项，并获得了一些附加信息：

$ ansible all -m ping -vvvv
ansible 2.10.3
  config file = /Users/me/project/ansible/ansible.cfg
  configured module search path = ['/Users/me/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/2.10.3_1/libexec/lib/python3.9/site-packages/ansible
  executable location = /usr/local/Cellar/ansible/2.10.3_1/libexec/bin/ansible
  python version = 3.9.0 (default, Dec  6 2020, 18:02:34) [Clang 12.0.0 (clang-1200.0.32.27)]
Using /Users/me/project/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /Users/me/project/ansible/inventory.azure_rm.yml as it did not pass its verify_file() method
script declined parsing /Users/me/project/ansible/inventory.azure_rm.yml as it did not pass its verify_file() method
redirecting (type: inventory) ansible.builtin.azure_rm to azure.azcollection.azure_rm
Loading collection azure.azcollection from /Users/me/.ansible/collections/ansible_collections/azure/azcollection
toml declined parsing /Users/me/project/ansible/inventory.azure_rm.yml as it did not pass its verify_file() method
[WARNING]:  * Failed to parse /Users/me/project/ansible/inventory.azure_rm.yml with
ansible_collections.azure.azcollection.plugins.inventory.azure_rm  plugin: a batched request failed with status code 403, url
/subscriptions/<redacted>/resourceGroups/<redacted>/providers/Microsoft.Compute/virtualMachines
  File "/usr/local/Cellar/ansible/2.10.3_1/libexec/lib/python3.9/site-packages/ansible/inventory/manager.py", line 289, in parse_source
    plugin.parse(self._inventory, self._loader, source, cache=cache)
  File "/usr/local/Cellar/ansible/2.10.3_1/libexec/lib/python3.9/site-packages/ansible/plugins/inventory/auto.py", line 59, in parse
    plugin.parse(inventory, loader, path, cache=cache)
  File "/Users/me/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 206, in parse
    self._get_hosts()
  File "/Users/me/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 263, in _get_hosts
    self._process_queue_batch()
  File "/Users/me/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 405, in _process_queue_batch
    raise AnsibleError("a batched request failed with status code {0}, url {1}".format(status_code, result.url))

以前有没有人遇到过这种情况，并想出了解决办法？我假设我正在使用的服务主体缺少某些角色或权限，但我不知道它被赋予了什么，相同的SP最初用于配置VM。

Answer 1

添加集合以获取最新版本，然后尝试执行以下操作：

插件: azure.azcollection.azure_rm

这将确保您使用的是最新版本，而不是不包含错误修复并支持更新的api版本的内置版本。