英文:
Unhandled: Could not fetch access token for Managed Service Principal. in Azure Devops
问题
我已创建了一个 Azure DevOps 流水线,用于从源代码构建镜像并推送到 Docker。我创建了一个服务连接,如下所示:
服务连接类型
Docker 注册表
使用托管标识身份验证
但是,当我运行流水线作业时,它抛出以下错误:
未处理:无法获取托管服务主体的访问令牌。请为虚拟机配置托管服务身份验证 (MSI) 'https://aka.ms/azure-msi-docs'。状态代码:%s,状态消息:%s
Docker 任务如下:
任务:Docker@2
显示名称:构建和推送
输入:
命令:buildAndPush
仓库:$(imageRep)-$(Build.SourceBranchName)
Docker 文件:$(dockerfilePath)
容器注册表:$(dockerRegistryServiceConnection)
标签:|
$(tag)
我拥有贡献者权限,因此可以使用 az cli 进行将 Docker 推送到 ACR,但在 DevOps 中出现此错误。
有人能帮忙吗?谢谢。
英文:
I have created an azure devops pipeline which builds image from source code and pushes to docker . I created a service connection for that as shown below:
Service connection type
Docker Registry
using managed identity authentication
However when i run the pipeline job it is throwing this error
Unhandled: Could not fetch access token for Managed Service Principal. Please configure Managed Service Identity (MSI) for virtual machine 'https://aka.ms/azure-msi-docs'. Status code: %s, status message: %s
The docker task is as follows:
task: Docker@2
displayName: Build and push
inputs:
command: buildAndPush
repository: $(imageRep)-$(Build.SourceBranchName)
dockerfile: $(dockerfilePath)
containerRegistry: $(dockerRegistryServiceConnection)
tags: |
$(tag)
i have contributor rights so from az cli i can do the docker push to the acr but with
devops getting this error.
Can anyone help here? Thanks
答案1
得分: 1
如果您在创建Azure DevOps中的服务连接时选择了托管身份,那么您应该使用已安装Docker的Azure DevOps自托管代理。请按照以下步骤进行配置。
步骤1: 在Azure中创建Windows虚拟机,并使用此链接配置Azure DevOps中的自托管代理 Windows机器上的自托管代理。
步骤2: 在Windows虚拟机上安装Docker桌面版,使用此链接 Docker桌面版。
步骤3: 在虚拟机中启用系统分配的托管身份,并记下以供以后使用的对象ID,并添加Azure角色分配ACRPush和ACRPull。
步骤4: 在Azure DevOps中创建服务连接。
步骤5: 创建并运行以下流水线。
pool: Default2 # 自托管代理池名称
steps:
- task: Docker@2
inputs:
containerRegistry: 'svc2-acr' #Docker服务连接(使用托管身份)
repository: 'testimg'
command: 'buildAndPush'
Dockerfile: 'Dockerfile'
tags: |
$(Build.BuildId)
latest
运行流水线并检查结果。
参考资料:
使用托管身份构建和发布Docker镜像到Azure容器注册表
英文:
If you are choosing managed identity while creating service connection in azure devops, then you should use azure devops self hosted agent with docker installed. Please follow the below steps to setup configuration.
Step 1: Create windows VM in Azure and configure self-hosted agent in Azure devops using the link self-hosted agent on windows machine.
Step 2: Install Docker desktop on windows VM using this link Docker desktop.
Step 3: Enable system assigned managed identity in VM and make note of object id for later use and add azure role assignments ACRPush and ACRPull.
Step 4: Create Service connection in Azure devops.
Step 5: create and run the pipeline as below.
pool: Default2 # self-hosted agents pool name
steps:
- task: Docker@2
inputs:
containerRegistry: 'svc2-acr' #docker service connection (using managed-identity)
repository: 'testimg'
command: 'buildAndPush'
Dockerfile: 'Dockerfile'
tags: |
$(Build.BuildId)
latest
Run the pipeline and check for results.
References:
Build and publish Docker images to Azure Container Registry using Mnagaed Identities
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论