Ansible error

[andrew80k]

I'm getting the following error after forking this repo and opening the fork in VS Code. The container is working fine, the login to the azure platform is fine, but when I try to deploy the platform, following the documentation, I get this error. I have tried restarting the container, rebuilding the container, restarting VS Code, but nothing seems to resolve this. Any ideas?

I'm not sure what versions are relevant to this issue, but am happy to supply any additional information. I've got some experience with ansible, and the file it's referencing in the script seems to be fine.

clean_up backend_files
➜  caf git:(main) ✗ /tf/caf/landingzones/templates/platform/deploy_platform.sh

sub_management: 
usage: ansible-playbook [-h] [--version] [-v] [-k] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER] [-c CONNECTION] [-T TIMEOUT]
                        [--ssh-common-args SSH_COMMON_ARGS] [--sftp-extra-args SFTP_EXTRA_ARGS] [--scp-extra-args SCP_EXTRA_ARGS]
                        [--ssh-extra-args SSH_EXTRA_ARGS] [--force-handlers] [--flush-cache] [-b] [--become-method BECOME_METHOD]
                        [--become-user BECOME_USER] [-K] [-t TAGS] [--skip-tags SKIP_TAGS] [-C] [--syntax-check] [-D] [-i INVENTORY]
                        [--list-hosts] [-l SUBSET] [-e EXTRA_VARS] [--vault-id VAULT_IDS]
                        [--ask-vault-password | --vault-password-file VAULT_PASSWORD_FILES] [-f FORKS] [-M MODULE_PATH] [--list-tasks]
                        [--list-tags] [--step] [--start-at-task START_AT_TASK]
                        playbook [playbook ...]
ansible-playbook: error: argument -e/--extra-vars: expected one argument
 
usage: ansible-playbook [-h] [--version] [-v] [-k] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER] [-c CONNECTION] [-T TIMEOUT]
                        [--ssh-common-args SSH_COMMON_ARGS] [--sftp-extra-args SFTP_EXTRA_ARGS] [--scp-extra-args SCP_EXTRA_ARGS]
                        [--ssh-extra-args SSH_EXTRA_ARGS] [--force-handlers] [--flush-cache] [-b] [--become-method BECOME_METHOD]
                        [--become-user BECOME_USER] [-K] [-t TAGS] [--skip-tags SKIP_TAGS] [-C] [--syntax-check] [-D] [-i INVENTORY]
                        [--list-hosts] [-l SUBSET] [-e EXTRA_VARS] [--vault-id VAULT_IDS]
                        [--ask-vault-password | --vault-password-file VAULT_PASSWORD_FILES] [-f FORKS] [-M MODULE_PATH] [--list-tasks]
                        [--list-tags] [--step] [--start-at-task START_AT_TASK]
                        playbook [playbook ...]

Runs Ansible playbooks, executing the defined tasks on the targeted hosts.

positional arguments:
  playbook              Playbook(s)

options:
  --ask-vault-password, --ask-vault-pass
                        ask for vault password
  --flush-cache         clear the fact cache for every host in inventory
  --force-handlers      run handlers even if a task fails
  --list-hosts          outputs a list of matching hosts; does not execute anything else
  --list-tags           list all available tags
  --list-tasks          list all tasks that would be executed
  --skip-tags SKIP_TAGS
                        only run plays and tasks whose tags do not match these values
  --start-at-task START_AT_TASK
                        start the playbook at the task matching this name
  --step                one-step-at-a-time: confirm each task before running
  --syntax-check        perform a syntax check on the playbook, but do not execute it
  --vault-id VAULT_IDS  the vault identity to use
  --vault-password-file VAULT_PASSWORD_FILES, --vault-pass-file VAULT_PASSWORD_FILES
                        vault password file
  --version             show program's version number, config file location, configured module search path, module location, executable location
                        and exit
  -C, --check           don't make any changes; instead, try to predict some of the changes that may occur
  -D, --diff            when changing (small) files and templates, show the differences in those files; works great with --check
  -M MODULE_PATH, --module-path MODULE_PATH
                        prepend colon-separated path(s) to module library
                        (default=~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules)
  -e EXTRA_VARS, --extra-vars EXTRA_VARS
                        set additional variables as key=value or YAML/JSON, if filename prepend with @
  -f FORKS, --forks FORKS
                        specify number of parallel processes to use (default=5)
  -h, --help            show this help message and exit
  -i INVENTORY, --inventory INVENTORY, --inventory-file INVENTORY
                        specify inventory host path or comma separated host list. --inventory-file is deprecated
  -l SUBSET, --limit SUBSET
                        further limit selected hosts to an additional pattern
  -t TAGS, --tags TAGS  only run plays and tasks tagged with these values
  -v, --verbose         verbose mode (-vvv for more, -vvvv to enable connection debugging)

Connection Options:
  control as whom and how to connect to hosts

  --private-key PRIVATE_KEY_FILE, --key-file PRIVATE_KEY_FILE
                        use this file to authenticate the connection
  --scp-extra-args SCP_EXTRA_ARGS
                        specify extra arguments to pass to scp only (e.g. -l)
  --sftp-extra-args SFTP_EXTRA_ARGS
                        specify extra arguments to pass to sftp only (e.g. -f, -l)
  --ssh-common-args SSH_COMMON_ARGS
                        specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand)
  --ssh-extra-args SSH_EXTRA_ARGS
                        specify extra arguments to pass to ssh only (e.g. -R)
  -T TIMEOUT, --timeout TIMEOUT
                        override the connection timeout in seconds (default=10)
  -c CONNECTION, --connection CONNECTION
                        connection type to use (default=smart)
  -k, --ask-pass        ask for connection password
  -u REMOTE_USER, --user REMOTE_USER
                        connect as this user (default=None)

Privilege Escalation Options:
  control how and which user you become as on target hosts

  --become-method BECOME_METHOD
                        privilege escalation method to use (default=sudo), use `ansible-doc -t become -l` to list valid choices.
  --become-user BECOME_USER
                        run operations as this user (default=root)
  -K, --ask-become-pass
                        ask for privilege escalation password
  -b, --become          run operations with become (does not imply password prompting)

[nimitjn]

I am facing the same issue. Does anybody have a solution to this problem?

[derekreball]

EDIT: This only seems to occur in the default branch (currently, int-5.6.0).

Switching to the 2203.1 tag causes this problem to go away.

@andrew80k @nimitjn

[andrew80k]

Thanks @derekreball will give that a try.

[matjahs]

This is still happening. It’s quite demotivated when the first script you gave to run, according to the ‘getting started’ guide, is broken 😞

[tbrigley]

This is still happening. It’s quite demotivated when the first script you gave to run, according to the ‘getting started’ guide, is broken 😞

i agree, entirely demotivating. the first step is broken in 5.6.8, 5.6.9 and 5.6.10.
2203.1 is over a year old.

[matjahs]

Managed to get around it by doing the following:

1. Change the container image in .devcontainer/docker-compose.yml to aztfmod/rover-preview:1.4.2-2303.221435.
2. Checkout the int-5.7.0 branch of this repo. (git checkout int-5.7.0)
3. Instead of running '/tf/caf/landingzones/templates/platform/deploy_platform.sh' directly, running it with rover:

cd /tf/caf && /tf/rover/rover.sh -bootstrap \
  -aad-app-name alz-platform-landing-zones \
  -env prod \
  -gitops-pipelines github \
  -gitops-agent-pool-execution-mode github \
  -gitops-number-runners 5 \
  -bootstrap-script '/tf/caf/landingzones/templates/platform/deploy_platform.sh' \
  -playbook '/tf/caf/landingzones/templates/platform/caf_platform_prod_nonprod.yaml' \
  -subscription-deployment-mode multiple_subscriptions \
  -sub-management 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' \
  -sub-connectivity 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' \
  -sub-identity 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' \
  -sub-security 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'

[jweitz]

Managed to get around it by doing the following:

1. Change the container image in .devcontainer/docker-compose.yml to aztfmod/rover-preview:1.4.2-2303.221435.
2. Checkout the int-5.7.0 branch of this repo. (git checkout int-5.7.0)
3. Instead of running '/tf/caf/landingzones/templates/platform/deploy_platform.sh' directly, running it with rover:

cd /tf/caf && /tf/rover/rover.sh -bootstrap \
  -aad-app-name alz-platform-landing-zones \
  -env prod \
  -gitops-pipelines github \
  -gitops-agent-pool-execution-mode github \
  -gitops-number-runners 5 \
  -bootstrap-script '/tf/caf/landingzones/templates/platform/deploy_platform.sh' \
  -playbook '/tf/caf/landingzones/templates/platform/caf_platform_prod_nonprod.yaml' \
  -subscription-deployment-mode multiple_subscriptions \
  -sub-management 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' \
  -sub-connectivity 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' \
  -sub-identity 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' \
  -sub-security 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'

I tried this but getting an error when it calls verify_github_secret. Anyone else hit this wall?

[n3mawashi]

ror when it calls verify_github_secret. Anyone else hit this wall?

gh auth login

However, I get another error

Line 38 is an export line
export ARM_STORAGE_USE_AZUREAD=${ARM_STORAGE_USE_AZUREAD:="true"}

starter repo - main branch
landingzones repo - int-5.7.0

[ronaldbok]

gh auth login

n3mawashi i get the same error. do you have a solution ?

[javed-asif]

Same issue with "git checkout 5.7.8". Looks like no solution yet.....
Only version works is 2203.1 way too old.

[scdubay]

Sounds like this is a dead project.... They should take it down.

[scdubay]

lot of wasted time..