Need help creating an Azure service principal for ansible. Redirect URI for ansible ?

[Prasanna Dhandapani]

Hello, I'm new to Ansible and I'm running into an issue with getting the "azure_rm_storageaccount" module in ansible to work. Any help would be greatly appreciated. 

Goal: I would like to manage our Azure resources in our sandbox environment using Ansible playbook. I installed Azure CLI on my Ansible control node (Ubuntu 16.10) and I can execute CLI commands to create/delete resources in Azure. I want to do the same via playbooks. 

This is my playbook yml file. 

- hosts: localhost

  become: yes

  become_method: sudo

  tasks:

    - name: Create storage account

      azure_rm_storageaccount:

        resource_group: test-rg

        subscription_id: <xxxxxxxxxxxxxxx>

        name: test_storage_account

        account_type: Standard_LRS

        ad_user: a...@xxx.com

        password:****

        state: present

When I run the playbook, I get the error below

fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "module_stderr": "", "module_stdout": "Traceback (most recent call last):\r\n  File \"/tmp/ansible_kfOrUg/ansible_module_azure_rm_storageaccount.py\", line 442, in <module>\r\n    main()\r\n  File \"/tmp/ansible_kfOrUg/ansible_module_azure_rm_storageaccount.py\", line 439, in main\r\n    AzureRMStorageAccount()\r\n  File \"/tmp/ansible_kfOrUg/ansible_module_azure_rm_storageaccount.py\", line 200, in __init__\r\n    supports_check_mode=True)\r\n  File \"/tmp/ansible_kfOrUg/ansible_modlib.zip/ansible/module_utils/azure_rm_common.py\", line 183, in __init__\r\n  File \"/usr/local/lib/python2.7/dist-packages/msrestazure/azure_active_directory.py\", line 335, in __init__\r\n    self.set_token()\r\n  File \"/usr/local/lib/python2.7/dist-packages/msrestazure/azure_active_directory.py\", line 370, in set_token\r\n    raise_with_traceback(AuthenticationError, \"\", err)\r\n  File \"/usr/local/lib/python2.7/dist-packages/msrest/exceptions.py\", line 50, in raise_with_traceback\r\n    raise error\r\nmsrest.exceptions.AuthenticationError: , InvalidGrantError: (invalid_grant)

 AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password\r\r\nTrace ID: 7e573a6f-cbaf-4fab-89a9-f6154a509f9b\r\r\nCorrelation ID: a123d9d0-9d96-4aa4-a2aa-5dfaaef245e8\r\r\nTimestamp: 2016-12-20 21:27:53Z\r\n", "msg": "MODULE FAILURE", "parsed": false}

I have the following env variables defined:

AZURE_AD_USER

AZURE_PASSWORD

AZURE_SUBSCRIPTION_ID

Ansible documentation states if I use AAD to authenticate to Azure, MFA should be disabled for the account. In my case, MFA is enabled, that's probably what is causing the above error. 

The recommendation for authentication seems to be to create a Service Principal. Steps are as below:

1: Login to the Azure Portal (Not Classic)

2: Go to Azure Active Directory --> App Registrations

3: Add

4: Entered Name and chose Native for Application Type (Since I'm using Ansible command line (not Tower), I guess I should choose Native? ) 

5: It asks for Redirect URI

I am not sure what the Redirect URI should be ? Where do I find this ? 

Thanks in advance!

==========================================

Execution environment:

lsb_release -a

No LSB modules are available.

Distributor ID: Ubuntu

Description:    Ubuntu 16.10

Release:        16.10

Codename:       yakkety

[juch...@gmail.com]

Hi there,

Did you get any update about the information you are looking for ?

Cheers

Julien