I am trying to implement CICD for MDS via Azure Devops.
Below are the steps which I have followed :
Created a self hosted agent which has SSDT installed
Tried executing the MDS Cmd queries from the VM which I created as a self hosted agent and it was a success :
In Azure Devops, used the self hosted agent and CMD task:
And added the inline query :
cd C:\Program Files\Microsoft SQL Server\110\Master Data Services\Configuration
MDSModelDeploy createpackage -service MDS1 -model SalesBI -package "C:\MDS\CICD\SalesBI_CICD.pkg"
And after execution of the pipeline, I am getting the error :
The web configuration file for the Master Data Services instance
cannot be loaded. An error occurred loading a configuration file:
Access to the path 'C:\Program Files\Microsoft SQL Server\110\Master
Data Services\WebApplication\web.config' is denied. (C:\Program
Files\Microsoft SQL Server\110\Master Data
Services\WebApplication\web.config)
So is there anything which I am missing out while setting up the self hosted agent in Devops because executing the same commands by manually logging into the same VM is getting executed successfully.
In the Azure DevOps, If you want to access local file in the azure devops pipeline via self-hosted agent, It accesses the file via service account instead of Personal account, so you can run the cmd locally from your computer, and get error in the azure devops pipeline.
Workaround
We could open check the file permission and configure the service account permission. service account format User/Administrator/Administrators({Agent.ComputerName}\User/Administrator/Administrators)
Also, we could change the agent service account to your owner account.
Steps: Open service on the agent machine and search the agent service account, check the pic below, just change the account name and password to yours, then It will use this account to perform the operation.
Related
I have a Windows 10 Enterprise VM running an Azure Devops Agent in Interactive mode. The agent runs using the only user the machine has, and it is an Administrator with UAC disabled. However, when executing tasks that require an elevated command prompt, as registering dlls, the command fails with the following error message:
##[error]Cmd.exe exited with code '5'.
And this message is when I'm trying to COPY files into Windows\SysWow64
##[error]Error: Failed cp: cp: copyFileSync: could not write to dest file (code=EPERM):C:\windows\SysWow64\test.txt
My testes also fail with the following error message:
Test method TestesRegressaoPGB.Autenticacao.AutenticarNoPGBL02 threw exception:
System.AggregateException: One or more errors occurred. (The requested operation requires elevation.) ---> System.ComponentModel.Win32Exception: The requested operation requires elevation.
TestCleanup method TestesRegressaoPGB.Autenticacao.Cleanup threw exception. System.NullReferenceException: System.NullReferenceException: Object reference not set to an instance of an object..
How do I run all commands while elevated?
In the Azure DevOps, If you want to access local file in the azure devops pipeline via self-hosted agent, It accesses the file via service account instead of Personal account.
Workaround
We could open check the file permission and configure the service account permission. service account format User/Administrator/Administrators({Agent.ComputerName}\User/Administrator/Administrators)
Also, we could change the agent service account to your owner account.
Steps: Open service on the agent machine and search the agent service account, check the pic below, just change the account name and password to yours, then It will use this account to perform the operation.
I just added permissions on each and every folder the pipeline agent needed to open. As I said to Vito, the agent was not running using a service account.
I am trying to create RamDisk in DevOps agent servers using PowerShell task from Pipeline. The script can create the Ramdisk rive but unable to format and mount it. Its giving error that it needs elevated prompt.
How I can run PowerShell task with admin privileges in Azure DevOps pipeline
Since you add azure-devops-self-hosted-agent tag, I assume you are using a self-hosted build agent for build. Then you can try to update the build agent to run with an administrator account.
If you configured the agent to run as a service, it starts
automatically. You can view and control the agent running status from
the services snap-in. Run services.msc and look for the agent. If
you need to change the agent's logon account, don't do it from the
Services snap-in. Instead, try to re-configure the agent and run it
with an administrator account.
Im new to devops , and im trying to deploy windows service to on premises vm,
I have added Copy file from task and setup all the user name/ password/ source/ destination and all the required settings.
but error
[error]Failed to Create PSDrive with Destination:
'\my_server\D$\TestCI', ErrorMessage: 'The network path was not
found'
fails the release.
can you help on this?
Since you work on the Azure Devops Server,you should be using self-hosted agents.
ErrorMessage: 'The network path was not found'
The casue of this issue could be that the Self-hosted agent and the Target windows machine are not in the same Windows Domain.
To solve this issue, you could try to create a new self-hosted agent under the same windows domain (the machine which in the same local network), then grant the permissions for the build agent service account to access another local PC.
Here is the ticket with the similar issue, you could refer to it.
I have a python script that execute an automation script on remote SUT. and given that the script is working when execute locally with user tester and password xxx.
when I build the DevOps Azure pipeline I have checkout from GIT the project into the agent and then try to execute the code from the command line .
cd .\MatrixPro\TestFramework
python .\main.py -t profaund_tests.matrix_pro_rf_energy_across_impedances
this code gave me an error
E PermissionError: [WinError 5] Access is denied:
'//192.168.1.100\c$\'
seems that this script try to create report file on the SUT and doesn't have permission.
more over that the azure user agent have admin permission but I suspect that I need to change into the local user before execute the command.
note: I'm working on windows 10 .
what is the right method to solve this issue ? how can I figure out way this error occur ?
is their a simple way to change the pipeline permmision to work on local agent with local user and password?
When you run the build pipeline on Azure DevOps.
It's actually the build service account which is running the script. You should make sure the build service account have sufficient permission to Access: '//192.168.1.100\c$\'
To change the identity of the build agent, just go into Windows Services and change the identity of related Build service (service name is " Azure Pipelines Agent").
In the Services pane, right-click Azure Pipelines Agent.
Under Service Status, click Stop.
Click the Log On tab.
Specify the account you want to use for the service in the This
account text box.
Type the new password in the Password text box, and then type the
new password again in the Confirm password text box.
Under Service Status, click Start.
You should use a user to remote to that the server hold build agent and manually run the script to perform the deploy process. If that user is able to deploy succeed without any permission issue. Simply use this user as your build service account of Azure DevOps agent.
Hope this helps.
I am using VSTS (Visual Studio Team Services, formerly known as Visual Studio Onine) for continuous deployment to an Azure VM using an Azure File Copy task in my build definition.
The problem I am having is that I have an ACL setup on the Azure VM that is only allowing connections from my office for Remote Powershell.
With the ACL in place, the Azure File Copy task fails with an error like "WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that the firewall exception for the WinRM service is enabled and allows access from this computer." With the ACL removed, everything works.
To be clear, this is not a problem with WinRM configuration or firewalls or anything like that. It is specifically the ACL on the VM that is blocking the activity.
So the question is, how can I get this to work without completely removing the ACL from my VM? I don't want to open up the VM Powershell endpoint to the world, but I need to be able to have the Azure File Copy task of my build succeed.
You can have an on-premises build agent that lives within your office's network and configure things so that the build only uses that agent.
https://msdn.microsoft.com/library/vs/alm/release/getting-started/configure-agents#installing
Azure File Copy Task need to use WinRM Https Protocol, so when you enable the ACL, the Hosted Build Agent won't be able access to the WinRM on Azure VM and that will cause Azure File Copy Task fail.
When copying the files from the blob container to the Azure VMs,
Windows Remote Management (WinRM) HTTPS protocol is used. This
requires that the WinRM HTTPS service is properly setup on the VMs and
a certificate is also installed on the VMs.
There isn't any easy workaround for this as I know. I would recommend you to setup your own build agent in your network that can access to Azure VM WinRM.