Connecting Foreman to Azure

Problem:
I am trying to connect Foreman with my Azure account. I have managed this in the past but it does not work anymore. I had tried both from hammer and the GUI, and even though I am using the exact same credentials as before, it fails in my new Foreman install but still works in the old one?
Both instances are Centos-7 VMs on the same host and were built using an Ansible playbook.

Question: Is there any kind of idiots guide on how to configure Azure to connect to Foreman?

Expected outcome:
Clicking the “Load Regions” buttons lists the regions.

Foreman and Proxy versions:
Foreman 2.3.3
Katello 3.18.2

Foreman and Proxy plugin versions:
2.3.3.

Distribution and version:
Centos 7.9

Other relevant data:
The GUI error is:
**Oops, we're sorry but something went wrong** { "message": "Couldn't login to Azure, please verify your tenant id, client id and client secret", "request": null, "response": null }

From Hammer:
# hammer compute-resource create --name Azure --provider azurerm --tenant “9b841-------” --app-ident “e9bc9-------” --secret-key “6IY8----------------” --sub-id “2bf79------------” --region westeurope
Could not create the compute resource:
{
“message”: “Couldn’t login to Azure, please verify your tenant id, client id and client secret”,
“request”: null,
“response”: null
}

Hello,

The 2.3.x and 2.2.x has Azure 2.1.2 which is 10 months old roughly, after this there were no changes in the version. Accordingly I dont think there is some code change which might have caused this issue.

Do you mind creating new credentials for testing and trying it on 2.3.3 or maybe nightly? Recently in nightly we have bumped gem versions and we have tested the usual flows and it worked without any problem, more details are in: Fixes #32123 - Bump Gem versions to latest and update CHANGELOG by chris1984 · Pull Request #110 · theforeman/foreman_azure_rm · GitHub

With this I also like to know on which old version of Azure plugin and Foreman connection is working?

1 Like

First of thanks for taking the time to reply.

What is so strange that my first (working) VM is only a couple of months old and was built using the same code as my replacement and it worked first time, and yet the replacement is identical except for this link and just refuses to connect. I tried EC2 just to be sure I was not doing anything stupid and it also worked first time.

I have already tried making a new Azure secret and that also does not work.

These are the exact versions of the Azure plugin:

  • tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7.noarch
  • tfm-rubygem-azure_mgmt_network-0.19.0-1.el7.noarch
  • tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7.noarch
  • tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7.noarch
  • tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7.noarch
  • tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_2.el7.noarch
  • tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.fm2_2.el7.noarch
  • tfm-rubygem-ms_rest_azure-0.11.1-2.el7.noarch

What would be really useful if there was an idiots guide to what you need to do in Azure in order to create the secret. I used the az shell and these were the commands I used to get all the Azure ID’s except the actual password as I had to go the portal to copy this.

az login
az group create --name "ForemanResourceGroup" --location westeurope
az keyvault create --name "Foreman-Vault" --resource-group "ForemanResourceGroup" --location westeurope
az keyvault secret set --vault-name "Foreman-Vault" --name "ForemanPassword" --value "ForemanSecret"

Hello @techietubby !
Could you try referring to the github documentation under the Configuration section here. This section has a link called “Microsoft Azure subscription” that will point you to step-by-step guide of how to generate your credentials.

Thank you! :slight_smile:

2 Likes

There’s also downstream documentation on Microsoft Azure as a compute resource. Hope this helps.

Hi Max,

I have tried the docs several times and everything seems to work. I then tested a new and existing connection on both my new and existing systems and think this is a problem with the code.

Hi Upadhyeammit,

I am going to try creating a snapshot of my system and then applying the nightly build to see if that helps.

@techietubby

Hi, Let us know the results. I tested connection and a bunch of other things with the latest release and us bumping the gems. It should work fine. Was there a traceback generated when you tried to connect?

1 Like

Hi Cintrix84,

I didn’t forget you and shall report back once I have some clear results. So far I have:

Run yum update using the nightly RPM
Created new Azure credentials
Tried to create a second resource on the original machine.

So far all have failed so I am now trying to rebuild the new Foreman VM using my Ansible playbook but have run into issues so it is going to take until tomorrow I think.

2 Likes

I have now rebuilt my machine and run the following extra steps:

# rpm --import https://packages.microsoft.com/keys/microsoft.asc
# cat > /etc/yum.repos.d/azure-cli.repo << EOF
[azure-cli]
name=Azure CLI
baseurl=https://packages.microsoft.com/yumrepos/azure-cli
enabled=1
gpgcheck=1
gpgkey=https://packages.microsoft.com/keys/microsoft.asc
EOF

# yum install -y azure-cli
#  az login
# yum install https://yum.theforeman.org/releases/latest/el7/x86_64/foreman-release.rpm -y
# yum update -y --nogpg
# foreman-maintain service restart

This also does not work.

Unable to save * { “message”: “Couldn’t login to Azure, please verify your tenant id, client id and client secret”, “request”: null, “response”: null }

I don’t see any errors in my production.log.

I built my machine using Foreman 2.3.3 and Katello 3.18. Do you have any other ideas?

@techietubby,

I can make a patch to add some debug logging if you are willing to apply it to see if we can get more information. I just tried to build a VM on 4.0 and it worked fine as far as connecting. Let me know if you want the patch.

1 Like

Yes please this is a crash and burn VM so I will gladly try/test anything for you.

2 Likes

Awesome, working on getting a patch made, should have it out today at some point.

1 Like

Hi Cintrix84,

I have tried several upgrades to Foreman 2.4 and nightly latest and nothing has helped. Any news on the progress of your patch?

Do you have any update on this?

Are there any updates on this issue as it still seems to be a problem in Katello 4 / Foreman 2.4.

Hey @techietubby super sorry for the delay, will get a patch to you today.

@techietubby

While I am working on a debug log patch, can I have you try to reproduce the error then email me the /var/log/foreman/production.log file at chrobert @ redhat.com

Brillliant, thanks for all your good work!!!

az-production.log (28.1 KB)

Obfuscated log attached.

1 Like

Perfect that helped me narrow down where the issue is and where to apply the debug lines :slight_smile:

 c9daa80f | /opt/theforeman/tfm/root/usr/share/gems/gems/ms_rest_azure-0.11.1/lib/ms_rest_azure/credentials/application_token_provider.rb:108:in `acquire_token'
 c9daa80f | /opt/theforeman/tfm/root/usr/share/gems/gems/ms_rest_azure-0.11.1/lib/ms_rest_azure/credentials/application_token_provider.rb:69:in `get_authentication_header'
 c9daa80f | /opt/theforeman/tfm/root/usr/share/gems/gems/ms_rest-0.7.4/lib/ms_rest/credentials/token_credentials.rb:49:in `sign_request'
 c9daa80f | /opt/theforeman/tfm/root/usr/share/gems/gems/ms_rest-0.7.4/lib/ms_rest/service_client.rb:51:in `block in make_request_async'
 c9daa80f | /opt/theforeman/tfm/root/usr/share/gems/gems/ms_rest-0.7.4/lib/ms_rest/http_operation_request.rb:83:in `block (3 levels) in run_promise'