Need to create release pipeline using multi-configuration that needs to run steps on multiple servers using SSH. (Each server should be a value in the multi-configuration).
The SSH service connection parameter of the task uses a variable (which is multi-configured with the names of the service connections)
When running the release jobs, the SSH task fails with "Error: Endpoint auth data not present: 7dfbca54-6025-4265-866c-9abd76b02e81,7b595350-166f-4e45-996c-795793315182"
If my Multi-configuration only have one value, it works.
From the error message, looks like the multi-configuration variable is not splitted. Although, the Service connection ids are detected and replaced in the variable.
Is this a bug or am I doing something wrong?
config of multi-configuration
multi-configuration variable
SSH task using multi-configuration variable
list of SSH service connection
I can reproduce your issue. I set up a variable called ServerName with hughl-api20s,hughl-api21s as value. When I use $(ServerName) in the SSH server connection field of the ssh task, I also get Error: Endpoint auth data not present. I think this could be a bug.
As a workaround you can run two agent jobs and select a specific service connection in each agent job.
You can report a problem to the product team on this issue in the Develop Community Forum.
Related
We are trying to connect to Microsoft SQL Server installed in an Azure VM (IaaS) from Datastage using API.
Currently, we are using JDBC connector to connect to Microsoft SQL Server (IaaS) using a service account and its password. But, on a new server, we have to reset the password every three months in Azure. Also, same service account is being used by other applications.
We have to create the change request to reflect the new password in the datastage PROD environment. Also, we are getting separated service account to use in Datastage.
To avoid the password reset or lock issue, we are planning use API to get the password for connecting to the DB.
API DB connection is working in Alteryx. Can you please let us know is it possible to connect and ways to do so in Datastage 11.7.1.2. Also, please let me know any other feasible solution for this problem, if the API connection is not possible.
I assume you know how to fetch the password via command line interface from your cloud service.
Store the password as datastage environment variable which is then used in the job.
Use a shell script to update the password. In the script, check first if the password has changed. If it did, run the dsadmin -envset command to set the environment variable to a new value. You might need to encrypt the new value using the encrypt command located in .../ASBNode/bin. Call the script every time before running the parallel job.
You should test if the change of an environment variable will be recognized by the job just in time when the script and the job are called by the same sequence. It might not work if the param is passed-through by the sequence.
Please read the IBM docs about the commands I mentioned.
I have created a Docker Compose in my pipeline and Azure created the code. The azureSubscription and the azureContainerRegistry connection are very clear.
I tried to replace them with variable from the Library but when the pipeline starts I immediately get an error.
There was a resource authorization issue: "The pipeline is not valid. Job Build: Step DockerCompose1 input azureSubscriptionEndpoint references service connection $(AzureSubscription) which could not be found. The service connection does not exist or has not been authorized for use. For authorization details, refer to https://aka.ms/yamlauthz. Job Build: Step DockerCompose2 input azureSubscriptionEndpoint references service connection $(AzureSubscription) which could not be found. The service connection does not exist or has not been authorized for use. For authorization details, refer to https://aka.ms/yamlauthz."
Basically, Azure DevOps can't replace the variable with the value for those particular parameters. I don't want to send around those configurations for obviuos reasons.
I saw some old posts where Microsoft said this was an issue in DevOps. Is this issue still there? Is there any way to move those values in the Libray or a variables?
This is still an issue. It have to be an literal or variables defined in YAML. It cannot be variable provied via variable group for instance. Please check these topics:
How to parametrize azureSubscription in azure devops template task
Azure subscription endpoint ID cannot be provided through a variable in build definition YAML file
Azure subscription endpoint ID cannot be provided through a variable in build definition YAML file
We have a release pipeline that is failing with following message:
resource ID for resource type 'Microsoft.Web/Sites' and resource name
'appservicename'. Error: Could not fetch access token for Managed
Service Principal. Please configure Managed Service Identity (MSI) for
virtual machine 'https://aka.ms/azure-msi-docs'. Status code: 400,
status message: Bad Request
We have 2 different service connections:
Azure Resource Manager using service principal authentication
Azure Resource Manager using managed identity authentication
The first one works like a charm. However, because the developer wanted to limit admin access on the Azure AD, he tried creating a managed identity authentication service connection which at first glance, since it allowed us to select the App Service, appeared to indicate it's working, until an actual deployment was triggered and it failed per the error message above.
After numerous searches online, I think this answer may be the clue to why this is failing with the managed identity authentication service connection yet succeeding with the service principal connection just fine.
I just want to confirm, is this truly the case? that a hosted agent doesn't support MSI based authentication, which is what we are using… or has that changed?
We are indeed using Microsoft agent pool.
It doesn't make sense for our app service to use a VM at this time. The use case just isn't applicable for the dashboards we have.
As it is written in the docs:
You are required to use a self-hosted agent on an Azure VM in order to use managed service identity
I assume that it was alway like that. Here we are talking abut MSI assigned to VM which serves as build agent. Not MSI which is identity of App Service. Why? Service Connection is an abstraction which makes easy authentication to your Azure Subscription. So it gives identity to VM and then when your perform some action against your Azure thanks to MSI Azure know that can perform that action. Another aption is authentication via Service Principal, but thi can be done from any VM (inlcuding MS Hosted) because it relies on Client Id and Client secret which is kept in service connections. And MSI have to be assigned to particular VM which cannot be done with MS Hosted agents.
The developer who installed my Azure devops Git environment left a few months ago. My new developer doesn't really understand this environment.
We were using it already for several weeks, but yesterday I received an error message:
If I understood what my ex developer said, is that he placed an Agent in me remote desktop connected to my server which I have to activate (run as administrator) in order to deploy the Azure devOps releases.
But this time there is a "getaddrinfo ENOTFOUND" error which I don't understand an my new developer neither.
To narrow down the issue, please follow the items below:
Set variable system.debug to True in your pipeline, and click the error in your screenshot to check the detailed error log.
Go to the FTP service connection you are using in your pipeline, update the username and password, or create a new service connection to make sure your FTP server is connected.
I have two yaml templates defined one for creating a docker registry service connection and second for deploying some stuff via container job. The second template uses the docker registry connection which is being deployed in first template. When I am running both the templates separately then both the stages are successful but when I run them in one azure-pipelines.yaml, it fails :
There was a resource authorization issue: "The pipeline is not valid. A service connection with name shared-stratus-acr-endpoint could not be found. The service connection does not exist or has not been authorized for use. For authorization details, refer to https://aka.ms/yamlauthz."
Is there any way like dependsOn or condition that we can provide in this situation?
It's likely that you only authorized the service connection for the individual template\pipelines when you created them. The workflow is not super friendly.
What if you try and authorize the pipeline that is failing for that service connection explicitly. See docs here
You could also just authorize the service connection for all pipelines depending on your security needs.