Unable to run terraform Plan in Rhel 9 for Azure

Terraform Providers Azure
1

Hello Team,

I’m trying to provision Azure virtual machine using Terraform Script on RHEL 9 (RedHat Linux 9) Box. I am getting the below stack authentication error highlighted on the Linux command prompt upon running terraform plan. I am to authenticate to azure cli using az login.

Error: building account: could not acquire access token to parse claims: clientCredentialsToken: received HTTP status 400 with response: {“error”:“invalid_request”,“error_description”:“AADSTS900023: Specified tenant identifier ‘var.tenant_id’ is neither a valid DNS name, nor a valid external domain.\r\nTrace ID: 46ffed66-560b-45fa-8a6d-285496f58a00\r\nCorrelation ID: 0a59adc8-67a1-4d10-8afb-e180656eee10\r\nTimestamp: 2023-04-01 21:39:56Z”,“error_codes”:[900023],“timestamp”:“2023-04-01 21:39:56Z”,“trace_id”:“46ffed66-560b-45fa-8a6d-285496f58a00”,“correlation_id”:“0a59adc8-67a1-4d10-8afb-e180656eee10”,“error_uri”:“https://login.microsoftonline.com/error?code=900023”}

│ with provider[“Terraform Registry”],
│ on http://main.tf line 10, in provider “azurerm”:
│ 10: provider “azurerm” {
terraform Init output:

Initializing the backend…

Initializing provider plugins…

  • Reusing previous version of hashicorp/azurerm from the dependency lock file
  • Using previously-installed hashicorp/azurerm v3.50.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running “terraform plan” to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

I gave my Azure App Registration “RyanAPP” (“e5b62a78-db10-45f5-b147-805784ba4d62”) secrets as a reference in a terraform.tfvars file.

Also, I have the below API permissions for my app. But still, it gives an error for azure rm block.

I already raise the support case with Azure Support Team. As per their verification, all permission are correct. Could you verify from your side as well?

I attached my Project Github Link. https://github.com/rzayn19/JenkinsCICDAzure

Regards,

Rahul

1
11025×447 15.8 KB

2
2874×541 19.3 KB

3
31097×263 11.9 KB

2

Hello Rahul,

The first thing that I notice is the provider configuration in your main.tf file:

provider "azurerm" {
  features {}
  subscription_id = "var.subscription_id"
  client_id       = "var.client_id"  
  client_secret   = "var.client_secret"
  tenant_id       = "var.tenant_id"
  redirect_uri    = "var.redirect_uri"
}

By using quotes, you are telling Terraform to use the literal value of (for example) “var.redirect_uri” instead of substituting the value that is inside of the variable named “redirect_uri”.

Please try the following:

provider "azurerm" {
  features {}
  subscription_id = var.subscription_id
  client_id       = var.client_id 
  client_secret   = var.client_secret
  tenant_id       = var.tenant_id
  redirect_uri    = var.redirect_uri
}

Also notice that you seem to have shared your Azure credentials with the entire world inside the terraform.tfvars file. You might want to disable those credentials and check if your account was accessed.

Regards,
Filip

3

Hello Filip,

I did try to add the redirect_uri in main.tf and variable.tf but that doesn’t make any difference. Maybe this is not compatible with terraform syntax.

4

Rahul,

Did you try to remove the quotations as I showed you in my previous reply ?

How does your provider definition looks like now ?

Regards,
Filip

5

Hello Flip

Apologies. I’m trying this to run locally first on Rhel 9 Box. I haven’t synced my report to Github. I updated main.tf and variabels.tf in my github now.

Note: provider.tf not in the use. I already defined the provider block in the main.tf

Thanks

Rahul

6

Hello Rahul,

As a first step, you need to remove the quotes from the variables in the provider block.

I have sent you a pull request with the changes:

Regards,
Filip

7

Hello @qwerty1979bg Filip

Appreciate your help. Terraform Plan shows me Successful Now. I’m trying to run terraform through Jenkins, it gives an error for az login. I already login using azure cli on rhel 9 box. still, I get the same error on Jenkins build

eSelected Git installation does not exist. Using Default
The recommended git tool is: NONE
using credential 8f7a70d3-db4d-4bed-9de3-51be5db127c7
 > git rev-parse --resolve-git-dir /var/lib/jenkins/workspace/terraform/.git # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/rzayn19/JenkinsCICDAzure.git # timeout=10
Fetching upstream changes from https://github.com/rzayn19/JenkinsCICDAzure.git
 > git --version # timeout=10
 > git --version # 'git version 2.31.1'
using GIT_ASKPASS to set credentials 
 > git fetch --tags --force --progress -- https://github.com/rzayn19/JenkinsCICDAzure.git +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git rev-parse refs/remotes/origin/main^{commit} # timeout=10
Checking out Revision 9759cc7cbfbab1517b0ef6c7b5192d0ec923b4f5 (refs/remotes/origin/main)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 9759cc7cbfbab1517b0ef6c7b5192d0ec923b4f5 # timeout=10
Commit message: "Merge pull request #1 from qwerty1979bg/patch-1"
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Terraform Init)
[Pipeline] sh
+ terraform init

e[0me[1mInitializing the backend...e[0m
e[31me[31m╷e[0me[0m
e[31m│e[0m e[0me[1me[31mError: e[0me[0me[1mError building ARM Config: obtain subscription() from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.e[0m
e[31m│e[0m e[0m
e[31m│e[0m e[0me[0m
e[31m╵e[0me[0m
e[0me[0m
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Terraform Plan)
Stage "Terraform Plan" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Terraform Apply)
Stage "Terraform Apply" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE

Regards,

Rahul