get-credentials fails due to openssh issue

[ghost]

---

Environment summary

Install Method (e.g. pip, interactive script, apt-get, Docker, MSI, edge build)

pip install azure-cli==2.0.16

CLI version (az --version)

(venv2) ~ az --version
azure-cli (2.0.16)

acr (2.0.13)
acs (2.0.16)
appservice (0.1.18)
batch (3.1.5)
billing (0.1.5)
cdn (0.0.9)
cloud (2.0.8)
cognitiveservices (0.1.8)
command-modules-nspkg (2.0.1)
component (2.0.7)
configure (2.0.11)
consumption (0.1.5)
container (0.1.11)
core (2.0.18)
cosmosdb (0.1.13)
dla (0.0.12)
dls (0.0.15)
eventgrid (0.1.4)
feedback (2.0.6)
find (0.2.7)
interactive (0.3.10)
iot (0.1.12)
keyvault (2.0.12)
lab (0.0.11)
monitor (0.0.10)
network (2.0.16)
nspkg (3.0.1)
profile (2.0.14)
rdbms (0.0.7)
redis (0.2.9)
resource (2.0.16)
role (2.0.13)
servicefabric (0.0.4)
sf (1.0.8)
sql (2.0.13)
storage (2.0.17)
vm (2.0.16)

Python location '/home/rhim/venv2/bin/python'
Extensions directory '/home/rhim/.azure/cliextensions'

Python (Linux) 2.7.12 (default, Nov 19 2016, 06:48:10)
[GCC 5.4.0 20160609]

OS version

Windows 10

Shell Type (e.g. bash, cmd.exe, Bash on Windows)

Bash on Windows

I am trying to set az tools inside a python virtual environment. Here are the steps I took:

~ virtualenv venv2
~ source venv2/bin/activate
(venv2) ~ pip install azure-cli==2.0.16

The installation seems to succeed (I had to install build-essentials and python-dev packages in order for some utils to be compiled).

I can see the clusters.

(venv2) ~ az acs list
[
  {
    "agentPoolProfiles": [
      {
        "count": 3,
        "dnsPrefix": "test-k8sagent",
        "fqdn": "",
        "name": "agentpool0",
        "vmSize": "Standard_D2_v2"
      }
    ],
    "customProfile": null,
    "diagnosticsProfile": {
      "vmDiagnostics": {
        "enabled": false,
        "storageUri": null
      }
    },
    "id": "/subscriptions/418f9673-5bfb-4756-8f0a-6b85756e8d3e/resourceGroups/K8S/providers/Microsoft.ContainerService/containerServices/test-k8s",
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "ssh-rsa ... rhim@RHIM1\n"
          }
        ]
      }
    },
    "location": "southcentralus",
    "masterProfile": {
      "count": 1,
      "dnsPrefix": "test-k8smgmt",
      "fqdn": "test-k8smgmt.southcentralus.cloudapp.azure.com"
    },
    "name": "test-k8s",
    "orchestratorProfile": {
      "orchestratorType": "Kubernetes"
    },
    "provisioningState": "Succeeded",
    "resourceGroup": "K8S",
    "servicePrincipalProfile": {
      "clientId": "d9f0e833-b27f-454f-ad38-f4843f9b8969",
      "secret": null
    },
    "tags": null,
    "type": "Microsoft.ContainerService/ContainerServices",
    "windowsProfile": null
  }
]

However, when I try to run get-credentials in order to use kubectl, it fails as follows:

(venv2) ~ az acs kubernetes get-credentials -n "test-k8s" -g "k8s"

/home/rhim/venv2/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: cannot enable executable stack as shared object requires: Invalid argument
Traceback (most recent call last):
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/main.py", line 36, in main
    cmd_result = APPLICATION.execute(args)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/core/application.py", line 212, in execute
    result = expanded_arg.func(params)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/core/commands/__init__.py", line 377, in __call__
    return self.handler(*args, **kwargs)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/core/commands/__init__.py", line 620, in _execute_command
    reraise(*sys.exc_info())
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/core/commands/__init__.py", line 602, in _execute_command
    result = op(client, **kwargs) if client else op(**kwargs)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/custom.py", line 814, in k8s_get_credentials
    _k8s_get_credentials_internal(name, acs_info, path, ssh_key_file)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/custom.py", line 835, in _k8s_get_credentials_internal
    '.kube/config', path_candidate, key_filename=ssh_key_file)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/acs_client.py", line 57, in secure_copy
    keys = _load_keys(key_filename, allow_agent)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/acs_client.py", line 36, in _load_keys
    key = _load_key(key_filename)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/acs_client.py", line 23, in _load_key
    pkey = paramiko.RSAKey.from_private_key_file(key_filename, None)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/paramiko/pkey.py", line 206, in from_private_key_file
    key = cls(filename=filename, password=password)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/paramiko/rsakey.py", line 48, in __init__
    self._from_private_key_file(filename, password)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/paramiko/rsakey.py", line 170, in _from_private_key_file
    self._decode_key(data)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/paramiko/rsakey.py", line 179, in _decode_key
    data, password=None, backend=default_backend()
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 15, in default_backend
    from cryptography.hazmat.backends.openssl.backend import backend
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
    from cryptography.hazmat.backends.openssl.backend import backend
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 54, in <module>
    from cryptography.hazmat.bindings.openssl import binding
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 13, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /home/rhim/venv2/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: cannot enable executable stack as shared object requires: Invalid argument

I was running into a different kind issue (#4679) when I was trying to install directly using apt-get.

[ghost]

Looks like this is a BashOnWindows issue, and nothing to do with azure cli. For more see here:
microsoft/WSL#286

So for now, I will just close this issue and try moving to python 3 to see if that fixes the problem.

[derekbekoe]

@rajhimanshu See my related issue here. microsoft/WSL#2431

Your issue may be resolved by installing pip install cryptography==2.0

[ghost]

W00t! That did it. Thanks @derekbekoe .

[lvnilesh]

pip install cryptography==2.0
Collecting cryptography==2.0
  Using cached cryptography-2.0-cp27-cp27m-macosx_10_6_intel.whl
Collecting idna>=2.1 (from cryptography==2.0)
  Using cached idna-2.6-py2.py3-none-any.whl
Collecting enum34 (from cryptography==2.0)
  Using cached enum34-1.1.6-py2-none-any.whl
Collecting cffi>=1.7 (from cryptography==2.0)
  Downloading cffi-1.11.2-cp27-cp27m-macosx_10_6_intel.whl (238kB)
    100% |████████████████████████████████| 245kB 4.5MB/s 
Collecting asn1crypto>=0.21.0 (from cryptography==2.0)
  Using cached asn1crypto-0.23.0-py2.py3-none-any.whl
Collecting ipaddress (from cryptography==2.0)
  Using cached ipaddress-1.0.18-py2-none-any.whl
Collecting six>=1.4.1 (from cryptography==2.0)
  Using cached six-1.11.0-py2.py3-none-any.whl
Collecting pycparser (from cffi>=1.7->cryptography==2.0)
Installing collected packages: idna, enum34, pycparser, cffi, asn1crypto, ipaddress, six, cryptography
Successfully installed asn1crypto-0.23.0 cffi-1.11.2 cryptography-2.0 enum34-1.1.6 idna-2.6 ipaddress-1.0.18 pycparser-2.18 six-1.11.0

(az) ~/.kube ❯❯❯ az acs kubernetes get-credentials --resource-group=k8s --name=cluster
'proxycommand'
Traceback (most recent call last):
  File "/usr/local/Cellar/azure-cli/2.0.19/libexec/lib/python3.6/site-packages/azure/cli/main.py", line 36, in main
    cmd_result = APPLICATION.execute(args)
  File "/usr/local/Cellar/azure-cli/2.0.19/libexec/lib/python3.6/site-packages/azure/cli/core/application.py", line 212, in execute
    result = expanded_arg.func(params)
  File "/usr/local/Cellar/azure-cli/2.0.19/libexec/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 377, in __call__
    return self.handler(*args, **kwargs)
  File "/usr/local/Cellar/azure-cli/2.0.19/libexec/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 620, in _execute_command
    reraise(*sys.exc_info())
  File "/usr/local/Cellar/azure-cli/2.0.19/libexec/lib/python3.6/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/local/Cellar/azure-cli/2.0.19/libexec/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 602, in _execute_command
    result = op(client, **kwargs) if client else op(**kwargs)
  File "/usr/local/Cellar/azure-cli/2.0.19/libexec/lib/python3.6/site-packages/azure/cli/command_modules/acs/custom.py", line 814, in k8s_get_credentials
    _k8s_get_credentials_internal(name, acs_info, path, ssh_key_file)
  File "/usr/local/Cellar/azure-cli/2.0.19/libexec/lib/python3.6/site-packages/azure/cli/command_modules/acs/custom.py", line 835, in _k8s_get_credentials_internal
    '.kube/config', path_candidate, key_filename=ssh_key_file)
  File "/usr/local/Cellar/azure-cli/2.0.19/libexec/lib/python3.6/site-packages/azure/cli/command_modules/acs/acs_client.py", line 65, in secure_copy
    proxy = paramiko.ProxyCommand(host_config['proxycommand'])
KeyError: 'proxycommand'

[derekbekoe]

@lvnilesh This looks like #4679