Unable to run terraform Plan in Rhel 9 for Azure

runity77 · April 21, 2023, 7:31am

Hello Team,

I’m trying to provision Azure virtual machine using Terraform Script on RHEL 9 (RedHat Linux 9) Box. I am getting the below stack authentication error highlighted on the Linux command prompt upon running terraform plan. I am to authenticate to azure cli using az login.

Error: building account: could not acquire access token to parse claims: clientCredentialsToken: received HTTP status 400 with response: {“error”:“invalid_request”,“error_description”:“AADSTS900023: Specified tenant identifier ‘var.tenant_id’ is neither a valid DNS name, nor a valid external domain.\r\nTrace ID: 46ffed66-560b-45fa-8a6d-285496f58a00\r\nCorrelation ID: 0a59adc8-67a1-4d10-8afb-e180656eee10\r\nTimestamp: 2023-04-01 21:39:56Z”,“error_codes”:[900023],“timestamp”:“2023-04-01 21:39:56Z”,“trace_id”:“46ffed66-560b-45fa-8a6d-285496f58a00”,“correlation_id”:“0a59adc8-67a1-4d10-8afb-e180656eee10”,“error_uri”:“https://login.microsoftonline.com/error?code=900023”}
│
│ with provider[“Terraform Registry”],
│ on http://main.tf line 10, in provider “azurerm”:
│ 10: provider “azurerm” {
terraform Init output:

Initializing the backend…

Initializing provider plugins…

Reusing previous version of hashicorp/azurerm from the dependency lock file
Using previously-installed hashicorp/azurerm v3.50.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running “terraform plan” to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

I gave my Azure App Registration “RyanAPP” (“e5b62a78-db10-45f5-b147-805784ba4d62”) secrets as a reference in a terraform.tfvars file.

Also, I have the below API permissions for my app. But still, it gives an error for azure rm block.

I already raise the support case with Azure Support Team. As per their verification, all permission are correct. Could you verify from your side as well?

I attached my Project Github Link. https://github.com/rzayn19/JenkinsCICDAzure

Regards,

Rahul

qwerty1979bg · April 21, 2023, 1:25pm

Hello Rahul,

The first thing that I notice is the provider configuration in your main.tf file:

provider "azurerm" {
  features {}
  subscription_id = "var.subscription_id"
  client_id       = "var.client_id"  
  client_secret   = "var.client_secret"
  tenant_id       = "var.tenant_id"
  redirect_uri    = "var.redirect_uri"
}

By using quotes, you are telling Terraform to use the literal value of (for example) “var.redirect_uri” instead of substituting the value that is inside of the variable named “redirect_uri”.

Please try the following:

provider "azurerm" {
  features {}
  subscription_id = var.subscription_id
  client_id       = var.client_id 
  client_secret   = var.client_secret
  tenant_id       = var.tenant_id
  redirect_uri    = var.redirect_uri
}

Also notice that you seem to have shared your Azure credentials with the entire world inside the terraform.tfvars file. You might want to disable those credentials and check if your account was accessed.

Regards,
Filip

runity77 · April 21, 2023, 2:22pm

Hello Filip,

I did try to add the redirect_uri in main.tf and variable.tf but that doesn’t make any difference. Maybe this is not compatible with terraform syntax.

qwerty1979bg · April 21, 2023, 2:40pm

Rahul,

Did you try to remove the quotations as I showed you in my previous reply ?

How does your provider definition looks like now ?

Regards,
Filip

runity77 · April 21, 2023, 5:35pm

Hello Flip

Apologies. I’m trying this to run locally first on Rhel 9 Box. I haven’t synced my report to Github. I updated main.tf and variabels.tf in my github now.

Note: provider.tf not in the use. I already defined the provider block in the main.tf

Thanks

Rahul

qwerty1979bg · April 25, 2023, 9:11am

Hello Rahul,

As a first step, you need to remove the quotes from the variables in the provider block.

I have sent you a pull request with the changes:

Regards,
Filip

runity77 · April 25, 2023, 12:29pm

Hello @qwerty1979bg Filip

Appreciate your help. Terraform Plan shows me Successful Now. I’m trying to run terraform through Jenkins, it gives an error for az login. I already login using azure cli on rhel 9 box. still, I get the same error on Jenkins build

eSelected Git installation does not exist. Using Default
The recommended git tool is: NONE
using credential 8f7a70d3-db4d-4bed-9de3-51be5db127c7
 > git rev-parse --resolve-git-dir /var/lib/jenkins/workspace/terraform/.git # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/rzayn19/JenkinsCICDAzure.git # timeout=10
Fetching upstream changes from https://github.com/rzayn19/JenkinsCICDAzure.git
 > git --version # timeout=10
 > git --version # 'git version 2.31.1'
using GIT_ASKPASS to set credentials 
 > git fetch --tags --force --progress -- https://github.com/rzayn19/JenkinsCICDAzure.git +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git rev-parse refs/remotes/origin/main^{commit} # timeout=10
Checking out Revision 9759cc7cbfbab1517b0ef6c7b5192d0ec923b4f5 (refs/remotes/origin/main)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 9759cc7cbfbab1517b0ef6c7b5192d0ec923b4f5 # timeout=10
Commit message: "Merge pull request #1 from qwerty1979bg/patch-1"
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Terraform Init)
[Pipeline] sh
+ terraform init

e[0me[1mInitializing the backend...e[0m
e[31me[31m╷e[0me[0m
e[31m│e[0m e[0me[1me[31mError: e[0me[0me[1mError building ARM Config: obtain subscription() from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.e[0m
e[31m│e[0m e[0m
e[31m│e[0m e[0me[0m
e[31m╵e[0me[0m
e[0me[0m
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Terraform Plan)
Stage "Terraform Plan" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Terraform Apply)
Stage "Terraform Apply" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE

Regards,

Rahul

Topic		Replies	Views
Azurerm backend seems not to like tenant_id Azure connect , azure	0	260	March 15, 2023
Tls: failed to verify certificate: x509: certificate signed by unknown authority Azure	0	587	November 6, 2023
ERROR: AADSTS530003: Your device is required to be managed to access this resource Azure azure	0	757	October 9, 2023
Plan complaining about Login Azure azure	3	2075	June 16, 2021
Terraform plan fails on remote backend Azure	1	715	October 14, 2022

Unable to run terraform Plan in Rhel 9 for Azure

Related topics