Terraform INIT 失败并出现 azure 在 ACI 上开发自托管代理
[英]Terraform INIT failing with azure Devops self hosted agent on ACI
问题描述
I have 2 terraform pipelines in azure devops:
我在 azure devops 中有 2 个 terraform 管道:
1- provisions vnet and azure container instance and registers it as an agent pool node. 1-提供vnet和azure容器实例并将其注册为代理池节点。 2- uses the self hosted agent pool which uses the aci from the first pipeline to provision other stuff. 2-使用自托管代理池,该池使用来自第一个管道的 aci 来提供其他东西。
The second pipeline fails when it reached init with the following message第二个管道在到达 init 时失败,并显示以下消息
##[error]Terraform command 'init' failed with exit code '1'.: Failed to get existing workspaces: containers.Client#ListBlobs: Failure sending request: StatusCode=0 -- Original Error: Get "https://xxx.blob.core.windows.net/terraform?comp=list&prefix=xxx-infra-dev.tfstateenv%253A&restype=container": dial tcp xx.xxx.xx.x:443: connect: connection timed out
This is how I provision the agent with ACI:这就是我为代理提供 ACI 的方式:
terraform {
required_version = "~> 0.13"
backend "azurerm" {}
}
provider "azurerm" {
version = "~> 2.8.0"
skip_provider_registration = true
features {}
}
module "aci-devops-agent" {
source = "Azure/aci-devops-agent/azurerm"
resource_group_name = var.resource_group_name
location = var.location
enable_vnet_integration = true
create_resource_group = false
vnet_resource_group_name = var.resource_group_name
vnet_name = local.virtual_network_name
subnet_name = data.azurerm_subnet.subnet["mgmt"].name
linux_agents_configuration = {
agent_name_prefix = "aci-${var.environment}-${var.app_name}"
agent_pool_name = var.agent_pool_name
count = 1,
docker_image = "jcorioland/aci-devops-agent"
docker_tag = "0.2-linux"
cpu = 1
memory = 4
}
azure_devops_org_name = "xxx"
azure_devops_personal_access_token = var.pat
}
and the agent is successfully detected并成功检测到代理
where is the problem?问题出在哪里? I have a feeling it's from the ACI and maybe something related to the token but all looks green?我感觉它来自 ACI,可能与令牌有关,但看起来都是绿色的?
appreciate your help !感谢你的帮助 !
2 个解决方案
解决方案1
0 2020-12-11 09:46:20
It looks like an issue with the network settings of the ACI created in your first pipeline.您的第一个管道中创建的 ACI 的网络设置似乎存在问题。
You can check the network settings of the ACI, and make sure you can connect to the internet from the ACI.您可以检查 ACI 的网络设置,并确保您可以从 ACI 连接到 Internet。
Please check the examples in this blog to provision self-hosted agents on ACI.请查看此博客中的示例以在 ACI 上配置自托管代理。
See the this similar issue .看到这个类似的问题。
解决方案2
0 已采纳 2020-12-14 11:33:41
solution: was to re-create the PAT token in ADO.解决方案:是在 ADO 中重新创建 PAT 令牌。
Troubleshooting steps: checked /azp/agent/_diag/Agent_xxx-utc.log and i saw 401 error message:故障排除步骤:检查/azp/agent/_diag/Agent_xxx-utc.log并看到 401 错误消息:
[2020-12-13 07:47:36Z INFO RSAFileKeyManager] Loading RSA key parameters from file /azp/agent/.credentials_rsaparams
[2020-12-13 07:47:36Z INFO VisualStudioServices] AAD Correlation ID for this token request: Unknown
[2020-12-13 08:09:17Z INFO MessageListener] No message retrieved from session 'xxx' within last 30 minutes.
[2020-12-13 08:39:17Z INFO MessageListener] No message retrieved from session 'xxx' within last 30 minutes.
[2020-12-13 08:42:37Z WARN VisualStudioServices] Authentication failed with status code 401.
and then recreated the PAT and it worked fine.然后重新创建了 PAT,它工作正常。
Notes:笔记:
- The terraform error message was misleading since it was dial
tcp xx.xxx.xx.x:443: connect: connection timed outterraform 错误消息具有误导性,因为它是拨打tcp xx.xxx.xx.x:443: connect: connection timed out - the new PAT token was created exactly like the old token, I have no idea why the new one worked and the old one didn't.新 PAT 令牌的创建与旧令牌完全一样,我不知道为什么新令牌有效而旧令牌无效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.