[英]Self Hosted Azure DevOps Pipeline Agent fails with error Token Audience is not valid
I have created a new token with Agent Pool read and manage permissions.我创建了一个具有代理池读取和管理权限的新令牌。 I have created a new agent pool lnx_agent wherein I have administrator role to manage it.我创建了一个新的代理池lnx_agent ,在其中我具有管理员角色来管理它。 When I download tar file of agent linux x64 from this link https://vstsagentpackage-azureedge-net.o365.example-domain.defendernet.com/agent/2.171.1/vsts-agent-linux-x64-2.171.1.tar.gz , copy it to bastion host, unpack it and execute ./config.sh with URL, PAT token, agent pool as lnx_agent and default agent name as bastion_agent ;当我从此链接https://vstsagentpackage-azureedge-net.o365.example-domain.defendernet.com/agent/2.171.1/vsts-agent-linux-x64-2下载代理 linux x64 的 tar 文件时tar.gz ,将其复制到堡垒主机,解压并使用 URL 执行./config.sh,PAT令牌,代理池为lnx_agent ,默认代理名称为bastion_agent ; I have below error message.我有以下错误消息。
[2020-06-28 20:24:35Z ERR VisualStudioServices] POST request to https://vssps-dev-azure-com.o365.example-domain.defendernet.com/Example-Client/_apis/oauth2/token failed. HTTP Status: BadRequest, AFD Ref: Ref A: C7A934103EDF47B2B3E6F148516B35B5 Ref B: DB3EDGE1015 Ref C: 2020-06-28T20:24:35Z
[2020-06-28 20:24:35Z INFO VisualStudioServices] AAD Correlation ID for this token request: Unknown
[2020-06-28 20:24:35Z INFO VisualStudioServices] Finished operation Location.GetConnectionData
[2020-06-28 20:24:35Z INFO VisualStudioServices] Finished operation Location.GetConnectionData
[2020-06-28 20:24:35Z INFO VisualStudioServices] Finished operation Location.GetConnectionData
[2020-06-28 20:24:35Z ERR Agent] Microsoft.VisualStudio.Services.OAuth.VssOAuthTokenRequestException: The token audience is not valid https://vssps-dev-azure-com.o365.example-domain.defendernet.com/Example-Client/_apis/oauth2/token. Comparing to https://vssps-dev-azure-com.o365.example-domain.defendernet.com/Example-Client/_apis/oauth2/token; https://app-vssps-visualstudio-com.o365.example-domain.defendernet.com/Example-Client/_apis/oauth2/token.
Example-Client is my project and example-domain is my company name. Example-Client 是我的项目,example-domain 是我的公司名称。 What does this mean AAD Correlation ID for this token request: Unknown ?这意味着此令牌请求的 AAD 相关 ID:未知?
Since my AKS cluster is private, all three options to connect to it from Azure release pipeline like kubeconfig, service account and subscription fail.由于我的 AKS 集群是私有的,因此从 Azure 发布管道(如 kubeconfig、服务帐户和订阅)连接到它的所有三个选项都失败。 So, if I could configure self hosted agent in bastion host whose virtual network is peered with virtual network of private AKS cluster then I can successfully automate CD pipeline by running agent in this bastion host.因此,如果我可以在其虚拟网络与私有 AKS 集群的虚拟网络对等的堡垒主机中配置自托管代理,那么我可以通过在此堡垒主机中运行代理来成功地自动化 CD 管道。
az devops login --organization https://dev-azure-com.o365.example-domain.defendernet.com/Example-Client
Token:
Failed to store PAT using keyring; falling back to file storage.
You can clear the stored credential by running az devops logout.
Refer https://aka.ms/azure-devops-cli-auth to know more on sign in with PAT.
Firstly, please make sure you can access the Azure DevOps organization ( https://dev.azure.com/{organization}
) from the bastion host.首先,请确保您可以访问 Azure DevOps 组织( https://dev.azure.com/{organization}
)主机。 Otherwise we cannot connect to the Azure DevOps services.否则我们无法连接到 Azure DevOps 服务。
Secondly, please check if you are running a firewall or a proxy on the bastion host.其次,请检查您是否在堡垒主机上运行防火墙或代理。 If you're running an agent in a secure network behind a firewall, make sure the agent can initiate communication with the URLs and IP addresses mentioned in below documents.如果您在防火墙后面的安全网络中运行代理,请确保代理可以启动与以下文档中提到的 URL 和 IP 地址的通信。
URL update from https://dev-azure-com.o365.example-domain.defendernet.com/Example-Client to https://dev.azure.com/Example-Client resolves this issue URL update from https://dev-azure-com.o365.example-domain.defendernet.com/Example-Client to https://dev.azure.com/Example-Client resolves this issue
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.