How to use existing network in a different RG in Azure with ansible

15 views
Skip to first unread message

William Flow

unread,
Jan 27, 2023, 3:46:09 PM1/27/23
to Ansible Project

My goal here is to create a VM in Azure with Ansible 

 - name: Create a VM

      azure.azcollection.azure_rm_virtualmachine:

        resource_group: RG-Bill

        name: testvm002

        vm_size: Standard_DS1_v2

        admin_username: centos

        ssh_public_keys:

          - path: /home/centos/.ssh/authorized_keys

            key_data:  blah blah

        virtual_network_resource_group: RG-Net

        virtual_network_name: VNET1

       subnet_name: SUBNET_VNET1

        public_ip_allocation: Disabled  

        image:

          offer: CentOS

          publisher: OpenLogic

          sku: "7.5"

          version: latest

 

 

 

What happens here is the PB throws the error:

"Error creating default security rule testvm00201 - (AuthorizationFailed) The client 'xxxxxxxxxxx' with object id 'xxxxxxxxxxxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Network/networkSecurityGroups/write' over scope '/subscriptions/xxxxxxxxxxxxxxxxxxx/resourceGroups/RG-Bill/providers/Microsoft.Network/networkSecurityGroups/testvm00201' or the scope is invalid. If access was recently granted, please refresh your credentials.\nCode: AuthorizationFailed\nMessage: The client 'xxxxxxxxxxxxxxxxxxx' with object id 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Network/networkSecurityGroups/write' over scope '/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/RG-Bill/providers/Microsoft.Network/networkSecurityGroups/testvm00201' or the scope is invalid. If access was recently granted, please refresh your credentials.",

 

I think I know what the problem is; to me it looks like it is trying to create a NSG and I do not have privs for that, so the way to resolve this is tell my PB to use a network that is already setup, but the network that is already setup is in a different resource group (RG-Net) and my VM is being build in RG-Bill so my question is how to I tell it to use my existing network (VNET1) and subnet (SUBNET_VNET1) that is in the resource group RG_Net?

 

I looked up and thought I could set it via:

 

        virtual_network_resource_group: RG-Net

        virtual_network_name: VNET1

 

 

But as you can see it threw the error yet again, really am stuck here, what do you think?

 Thanks in Advance


Bill

Reply all
Reply to author
Forward
0 new messages