堆栈内存溢出
  简体   繁体   English

自托管 Azure DevOps 管道代理失败并出现错误令牌受众无效

[英]Self Hosted Azure DevOps Pipeline Agent fails with error Token Audience is not valid

 原文  2020-06-28 20:45:06       azure/ azure-devops/ azure-aks

问题描述

I have created a new token with Agent Pool read and manage permissions.我创建了一个具有代理池读取和管理权限的新令牌。 I have created a new agent pool lnx_agent wherein I have administrator role to manage it.我创建了一个新的代理池lnx_agent ,在其中我具有管理员角色来管理它。 When I download tar file of agent linux x64 from this link https://vstsagentpackage-azureedge-net.o365.example-domain.defendernet.com/agent/2.171.1/vsts-agent-linux-x64-2.171.1.tar.gz , copy it to bastion host, unpack it and execute ./config.sh with URL, PAT token, agent pool as lnx_agent and default agent name as bastion_agent ;当我从此链接https://vstsagentpackage-azureedge-net.o365.example-domain.defendernet.com/agent/2.171.1/vsts-agent-linux-x64-2下载代理 linux x64 的 tar 文件时tar.gz ,将其复制到堡垒主机,解压并使用 URL 执行./config.sh,PAT令牌,代理池为lnx_agent ,默认代理名称为bastion_agent I have below error message.我有以下错误消息。

[2020-06-28 20:24:35Z ERR  VisualStudioServices] POST request to https://vssps-dev-azure-com.o365.example-domain.defendernet.com/Example-Client/_apis/oauth2/token failed. HTTP Status: BadRequest, AFD Ref: Ref A: C7A934103EDF47B2B3E6F148516B35B5 Ref B: DB3EDGE1015 Ref C: 2020-06-28T20:24:35Z
[2020-06-28 20:24:35Z INFO VisualStudioServices] AAD Correlation ID for this token request: Unknown
[2020-06-28 20:24:35Z INFO VisualStudioServices] Finished operation Location.GetConnectionData
[2020-06-28 20:24:35Z INFO VisualStudioServices] Finished operation Location.GetConnectionData
[2020-06-28 20:24:35Z INFO VisualStudioServices] Finished operation Location.GetConnectionData
[2020-06-28 20:24:35Z ERR  Agent] Microsoft.VisualStudio.Services.OAuth.VssOAuthTokenRequestException: The token audience is not valid https://vssps-dev-azure-com.o365.example-domain.defendernet.com/Example-Client/_apis/oauth2/token. Comparing to https://vssps-dev-azure-com.o365.example-domain.defendernet.com/Example-Client/_apis/oauth2/token; https://app-vssps-visualstudio-com.o365.example-domain.defendernet.com/Example-Client/_apis/oauth2/token.

Example-Client is my project and example-domain is my company name. Example-Client 是我的项目,example-domain 是我的公司名称。 What does this mean AAD Correlation ID for this token request: Unknown ?这意味着此令牌请求的 AAD 相关 ID:未知

Since my AKS cluster is private, all three options to connect to it from Azure release pipeline like kubeconfig, service account and subscription fail.由于我的 AKS 集群是私有的,因此从 Azure 发布管道(如 kubeconfig、服务帐户和订阅)连接到它的所有三个选项都失败。 So, if I could configure self hosted agent in bastion host whose virtual network is peered with virtual network of private AKS cluster then I can successfully automate CD pipeline by running agent in this bastion host.因此,如果我可以在其虚拟网络与私有 AKS 集群的虚拟网络对等的堡垒主机中配置自托管代理,那么我可以通过在此堡垒主机中运行代理来成功地自动化 CD 管道。

 az devops login --organization https://dev-azure-com.o365.example-domain.defendernet.com/Example-Client
Token:
Failed to store PAT using keyring; falling back to file storage.
You can clear the stored credential by running az devops logout.
Refer https://aka.ms/azure-devops-cli-auth to know more on sign in with PAT.

2 个解决方案

解决方案1
 2 已采纳  2020-06-29 04:25:51

Firstly, please make sure you can access the Azure DevOps organization ( https://dev.azure.com/{organization} ) from the bastion host.首先,请确保您可以访问 Azure DevOps 组织( https://dev.azure.com/{organization} )主机。 Otherwise we cannot connect to the Azure DevOps services.否则我们无法连接到 Azure DevOps 服务。

Secondly, please check if you are running a firewall or a proxy on the bastion host.其次,请检查您是否在堡垒主机上运行防火墙或代理。 If you're running an agent in a secure network behind a firewall, make sure the agent can initiate communication with the URLs and IP addresses mentioned in below documents.如果您在防火墙后面的安全网络中运行代理,请确保代理可以启动与以下文档中提到的 URL 和 IP 地址的通信。

解决方案2
 0  2020-07-01 15:43:12

URL update from https://dev-azure-com.o365.example-domain.defendernet.com/Example-Client to https://dev.azure.com/Example-Client resolves this issue URL update from https://dev-azure-com.o365.example-domain.defendernet.com/Example-Client to https://dev.azure.com/Example-Client resolves this issue

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 自托管 MacOS 代理上的 DevOps 管道在 NuGet package 恢复但适用于 Azure 管道上失败 - DevOps pipeline on self-hosted MacOS agent fails on NuGet package restore but works on Azure Pipeline 如何在自托管的 Windows 代理中安装 Liquibase? (Azure Devops 管道) - How to install Liquibase in a self hosted Windows agent ? (Azure Devops Pipeline) Azure 用于 Java 项目的 DevOps 管道,带有自托管代理 - Azure DevOps Pipeline for Java Project with self hosted agent 使用自托管代理的 DevOps 中的 Bud Pipeline 问题 - Issue with Buld Pipeline in DevOps with Self Hosted Agent Azure DevOps 自托管代理错误连接问题 - Azure DevOps Self hosted agent error connectivity issues Azure Devops 管道,知道管道何时完成的方法,使用自托管代理 - Azure Devops pipeline , way to know when pipeline is done , using self hosted agent 托管代理失败的 Azure DevOps 构建管道 - Azure DevOps build pipeline with hosted agent failing 如何在自托管 Windows 代理上从 Azure DevOps 管道运行 Azure CLI 任务? - How to run Azure CLI tasks from an Azure DevOps Pipeline on a Self-Hosted Windows Agent? 如何删除管道对自托管代理的访问(没有原始 PAT 或对 azure devops 的访问)? - How to remove pipeline's access to self hosted agent (without the original PAT or access to the azure devops)? Azure Devops 代理管道安装 pip 失败 - Azure Devops Agent Pipeline install pip fails
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM