问题
几天来,我一直在为 VSTS Release Management 上的部署失败而苦苦挣扎。我制定了一个发布定义,以根据包含 cskpg 和 cscfg 文件的工件部署 Azure 云服务。起初我没有使用托管构建 Controller 获得太多信息。部署日志为空,只有消息“在此环境上的部署已取消”。显示在发布日志中。
为了获得更多有用的调试信息,我下载了 Windows 构建代理并将其作为服务安装在我的本地计算机上。在日志中,我看到一个安全异常:Microsoft.VisualStudio.Services.Common.VssUnauthorizedException。 以下是 Windows Build Agent 日志的摘录:
09:36:41.217088 WorkerRunner.RunJobOnWorker - enter
09:36:41.232710 WorkerRunner.RunJobOnWorker - starting the job
09:36:41.232710 BaseLogger.LogStatus(scope.JobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa, scope.TimelineRecordId = 77c25a08-adf0-44e9-a546-7115ebc413f8, record.Name = Release)
09:36:41.232710 JobManager.LogStatus (scope.JobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa, record.Name = Release)
09:36:41.232710 JobManager.LogStatus - job not found in dictionary (scope.JobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa)
09:36:41.232710 [77c25a08-adf0-44e9-a546-7115ebc413f8][b85840a5-bbf5-4c92-8b46-414ea85e29fa]Record: t=Job, n=Release, s=InProgress, st=12/4/2015 9:36:41 AM, 0%, ft=, r=: Starting
09:36:41.232710 BaseLogger.LogConsoleMessage(scope.JobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa, message = Agent version: 1.91.1)
09:36:41.232710 JobManager.LogConsoleMessage (scope.JobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa, message = Agent version: 1.91.1)
09:36:41.232710 JobManager.LogConsoleMessage - job not found in dictionary (scope.JobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa)
09:36:41.232710 [77c25a08-adf0-44e9-a546-7115ebc413f8][b85840a5-bbf5-4c92-8b46-414ea85e29fa]Agent version: 1.91.1
09:36:41.232710 BaseLogger.LogConsoleMessage(scope.JobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa, message = Starting job)
09:36:41.232710 JobManager.LogConsoleMessage (scope.JobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa, message = Starting job)
09:36:41.232710 JobManager.LogConsoleMessage - job not found in dictionary (scope.JobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa)
09:36:41.232710 [77c25a08-adf0-44e9-a546-7115ebc413f8][b85840a5-bbf5-4c92-8b46-414ea85e29fa]Starting job
09:36:41.232710 JobManager.StartJob(job.JobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa)
09:36:41.232710 JobInfo.ctor
09:36:41.232710 JobInfo.ctor - leave
09:36:41.232710 JobManager.StartJob - calling JobWriter.StartJob
09:36:41.232710 JobWriter.StartJob - enter
09:36:41.232710 JobWriter.StartJob - (SKIPPING)first renew
09:36:41.326473 JobWriter.StartJob - start continual renewing
09:36:41.326473 AuthorizationType : OAuth
09:36:41.748960 ConsoleTimer_Callback - enter (22)
09:36:41.748960 ConsoleTimer_Callback - Inside Lock
09:36:41.748960 ConsoleTimer_Callback - processing job b85840a5-bbf5-4c92-8b46-414ea85e29fa
09:36:41.748960 ConsoleTimer_Callback - leave
09:36:41.986477 StatusTimer_Callback - enter (26)
09:36:41.986477 StatusTimer_Callback - processing job b85840a5-bbf5-4c92-8b46-414ea85e29fa
09:36:41.986477 StatusTimer_Callback - leave
09:36:42.232703 LogFileTimer_Callback - enter (21)
09:36:42.232703 LogFileTimer_Callback - processing job b85840a5-bbf5-4c92-8b46-414ea85e29fa
09:36:42.232703 LogFileTimer_Callback - found 0 records for job b85840a5-bbf5-4c92-8b46-414ea85e29fa
09:36:42.232703 LogFileTimer_Callback - leave
09:36:42.263938 ConsoleTimer_Callback - enter (18)
09:36:42.263938 ConsoleTimer_Callback - Inside Lock
09:36:42.263938 ConsoleTimer_Callback - processing job b85840a5-bbf5-4c92-8b46-414ea85e29fa
09:36:42.263938 ConsoleTimer_Callback - leave
09:36:42.518076 ---------------------------------------------------------------------------
09:36:42.523266 Microsoft.VisualStudio.Services.Common.VssUnauthorizedException: TF400813: The user 'Build\{guid_removed_intentionally}' is not authorized to access this resource.
09:36:42.523266 at Microsoft.VisualStudio.Services.Common.VssHttpMessageHandler.<SendAsync>d__17.MoveNext()
09:36:42.523266 --- End of stack trace from previous location where exception was thrown ---
09:36:42.523266 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
09:36:42.523266 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
09:36:42.523266 at Microsoft.VisualStudio.Services.WebApi.VssHttpRetryMessageHandler.<SendAsync>d__3.MoveNext()
09:36:42.523266 --- End of stack trace from previous location where exception was thrown ---
09:36:42.523266 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
09:36:42.523266 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
09:36:42.523266 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__50.MoveNext()
09:36:42.523266 --- End of stack trace from previous location where exception was thrown ---
09:36:42.523266 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
09:36:42.523266 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
09:36:42.523266 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__47`1.MoveNext()
09:36:42.523266 --- End of stack trace from previous location where exception was thrown ---
09:36:42.523266 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
09:36:42.523790 at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
09:36:42.523790 --- End of stack trace from previous location where exception was thrown ---
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
09:36:42.523790 at Microsoft.VisualStudio.Services.Client.VssServerDataProvider.<ConnectAsync>d__39.MoveNext()
09:36:42.523790 --- End of stack trace from previous location where exception was thrown ---
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
09:36:42.523790 at Microsoft.TeamFoundation.DistributedTask.Agent.Common.ConnectionHelper.GetConnection(Uri serverUri, VssCredentials credentials)
09:36:42.523790 at Microsoft.TeamFoundation.DistributedTask.Agent.JobWriter.StartJob()
09:36:42.523790 at Microsoft.VisualStudio.Services.Common.VssHttpMessageHandler.<SendAsync>d__17.MoveNext()
09:36:42.523790 --- End of stack trace from previous location where exception was thrown ---
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
09:36:42.523790 at Microsoft.VisualStudio.Services.WebApi.VssHttpRetryMessageHandler.<SendAsync>d__3.MoveNext()
09:36:42.523790 --- End of stack trace from previous location where exception was thrown ---
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
09:36:42.523790 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__50.MoveNext()
09:36:42.523790 --- End of stack trace from previous location where exception was thrown ---
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
09:36:42.523790 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__47`1.MoveNext()
09:36:42.523790 --- End of stack trace from previous location where exception was thrown ---
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
09:36:42.523790 at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
09:36:42.523790 --- End of stack trace from previous location where exception was thrown ---
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
09:36:42.523790 at Microsoft.VisualStudio.Services.Client.VssServerDataProvider.<ConnectAsync>d__39.MoveNext()
09:36:42.523790 --- End of stack trace from previous location where exception was thrown ---
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
09:36:42.523790 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
09:36:42.523790 at Microsoft.TeamFoundation.DistributedTask.Agent.Common.ConnectionHelper.GetConnection(Uri serverUri, VssCredentials credentials)
09:36:42.523790 at Microsoft.TeamFoundation.DistributedTask.Agent.JobWriter.StartJob()
09:36:42.523790 ---------------------------------------------------------------------------
09:36:42.525271 Process logging event with context handler.
09:36:42.525271 BaseLogger.LogConsoleMessage(scope.JobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa, message = ##[error]The Agent failed to start this job. Error: TF400813: The user 'Build\985376fd-d1bd-45eb-b657-a7fd22d51cb9' is not authorized to access this resource.)
09:36:42.525271 JobManager.LogConsoleMessage (scope.JobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa, message = ##[error]The Agent failed to start this job. Error: TF400813: The user 'Build\985376fd-d1bd-45eb-b657-a7fd22d51cb9' is not authorized to access this resource.)
09:36:42.525271 JobManager.LogConsoleMessage - message enqueued
09:36:42.525271 [77c25a08-adf0-44e9-a546-7115ebc413f8][b85840a5-bbf5-4c92-8b46-414ea85e29fa]##[error]The Agent failed to start this job. Error: TF400813: The user 'Build\985376fd-d1bd-45eb-b657-a7fd22d51cb9' is not authorized to access this resource.
09:36:42.525271 JobManager.FinishJob(jobId = b85840a5-bbf5-4c92-8b46-414ea85e29fa, result = Failed)
09:36:42.748347 StatusTimer_Callback - enter (22)
09:36:42.748347 StatusTimer_Callback - processing job b85840a5-bbf5-4c92-8b46-414ea85e29fa
09:36:42.748347 StatusTimer_Callback - leave
...
09:36:53.551559 JobInfo.Dispose - leave
09:36:53.551559 JobManager.FinishJob - Removing JobId b85840a5-bbf5-4c92-8b46-414ea85e29fa from Jobs
09:36:53.551559 Failed to start the job, could not create the http client with the given credentials.
附加信息
我应该提一下,我在从 Azure 云服务部署任务的下拉框中访问存储帐户和云服务时也遇到了问题。
Azure 云服务部署
我不知道这两个问题是否相互关联,但它可能是有用的信息。我已经在 VSTS 服务配置选项卡中创建了必要的服务端点。为了测试,我制作了每个版本之一:凭据、基于证书和服务主体身份验证。不幸的是,他们似乎都无法列出存储帐户和服务名称。 (只有凭据和基于证书的端点显示在 Azure 订阅下拉列表中的 Azure 云服务部署任务中)。当我在此下拉列表中切换帐户时,我在网络日志中看到 HTTP 错误,一个用于存储帐户下拉列表,一个用于云服务下拉列表,这让我相信它无法对 Azure 帐户进行身份验证。基于服务主体的服务连接不会显示在 Azure 订阅下拉列表中。 Azure 资源是使用 Azure 资源管理器创建的。
对于基于证书的服务端点,我得到以下响应:
HTTP/1.1 500 Internal Server Error
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
X-TFS-ProcessId: {guid}
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://<accountName>.visualstudio.com
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: OPTIONS,GET,POST,PATCH,PUT,DELETE
Access-Control-Expose-Headers: ActivityId,X-TFS-Session,X-MS-ContinuationToken
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization
Set-Cookie: Tfs-SessionId={guid}; path=/; secure
Set-Cookie: Tfs-SessionActive=2015-12-04T10:14:11; path=/; secure
X-VSS-UserData: {guid}:{userName}
ActivityId: {guid}
X-TFS-Session: {guid}
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
X-Content-Type-Options: nosniff
Date: Fri, 04 Dec 2015 10:14:11 GMT
Content-Length: 262
{"$id":"1","innerException":null,"message":"The remote server returned an error: (403) Forbidden.","typeName":"System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","typeKey":"WebException","errorCode":0,"eventId":0}
控制台日志:
POST https://{accountName}.visualstudio.com/DefaultCollection/_apis/distributedtask/endpoint 500 (Internal Server Error)
TFS.WebApi.Exception: The remote server returned an error: (403) Forbidden.
at k (https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/corejs?v=orNy3-42L65GzhafvD4v3Rya12botjCuxnjQZ8VrhzI1:40:375)
at https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/corejs?v=orNy3-42L65GzhafvD4v3Rya12botjCuxnjQZ8VrhzI1:40:2955
at d (https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/corejs?v=orNy3-42L65GzhafvD4v3Rya12botjCuxnjQZ8VrhzI1:40:635)
at https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/corejs?v=orNy3-42L65GzhafvD4v3Rya12botjCuxnjQZ8VrhzI1:40:2888
at l (https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/q.js:27:8122)
at https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/q.js:27:8348
at t.when (https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/q.js:27:3780)
at t.u.promiseDispatch (https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/q.js:27:2824)
at https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/q.js:27:1649
at MessagePort.t (https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/q.js:27:5773)
对于基于凭据的服务端点,我得到以下响应:
HTTP/1.1 500 Internal Server Error
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
X-TFS-ProcessId: {guid}
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://{accountName}.visualstudio.com
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: OPTIONS,GET,POST,PATCH,PUT,DELETE
Access-Control-Expose-Headers: ActivityId,X-TFS-Session,X-MS-ContinuationToken
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization
Set-Cookie: Tfs-SessionId={guid}; path=/; secure
Set-Cookie: Tfs-SessionActive=2015-12-04T10:21:01; path=/; secure
X-VSS-UserData: {guid}:{userName}
ActivityId: {guid}
X-TFS-Session: {guid}
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
X-Content-Type-Options: nosniff
Date: Fri, 04 Dec 2015 10:21:02 GMT
Content-Length: 327
{"$id":"1","innerException":null,"message":"TF400898: An Internal Error Occurred. Activity Id: {guid}.","typeName":"System.Net.Http.HttpRequestException, System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","typeKey":"HttpRequestException","errorCode":0,"eventId":0}
控制台日志:
POST https://{accountName}.visualstudio.com/DefaultCollection/_apis/distributedtask/endpoint 500 (Internal Server Error)
TFS.WebApi.Exception: TF400898: An Internal Error Occurred. Activity Id: {guid}.
at k (https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/corejs?v=orNy3-42L65GzhafvD4v3Rya12botjCuxnjQZ8VrhzI1:40:375)
at https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/corejs?v=orNy3-42L65GzhafvD4v3Rya12botjCuxnjQZ8VrhzI1:40:2955
at d (https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/corejs?v=orNy3-42L65GzhafvD4v3Rya12botjCuxnjQZ8VrhzI1:40:635)
at https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/corejs?v=orNy3-42L65GzhafvD4v3Rya12botjCuxnjQZ8VrhzI1:40:2888
at l (https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/q.js:27:8122)
at https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/q.js:27:8348
at t.when (https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/q.js:27:3780)
at t.u.promiseDispatch (https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/q.js:27:2824)
at https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/q.js:27:1649
at MessagePort.t (https://{accountName}.visualstudio.com/_static/tfs/20151124T220927/_scripts/TFS/min/q.js:27:5773)
非常感谢任何指导或帮助!
最佳答案
Azure 云服务任务仅适用于基于证书或凭据的 Azure 服务端点。这就是任务仅显示这两种类型的原因。
您可以在 Azure 中创建两种类型的存储帐户 - ARM 和经典。您可能创建了一个 ARM 存储帐户。您可以尝试创建一个经典的并在任务输入中提供吗?
任务中的下拉菜单存在问题。我们将在接下来的几周内解决这些问题。理想情况下,该任务应仅在下拉列表中显示经典存储帐户。
关于tfsbuild - VSTS Release Management 部署因安全问题而失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34086852/