we are using the VSTS task "Publish Artifact". Recently it started to randomly give an error:
Publishing build artifacts failed with an error: Unable to create directory. EEXIST: file already exists.
This happens when the task is about to create the directory where to publish.
Here are some of the logs
To troubleshooting the issue, you can check with below aspects:
Check if the share path is accessible
You can manually access to \\appbld\C$\WDX\PublishArtifacts\Build Trunk to check if you can access.
Check if the write permission is allow
Check the Write permission for the share path is allowed or not.
Check if the private agent run as the account when login the agent machine (if the agent run as service)
Services App -> select the vsts agent service for the private agent -> properties -> Log On Tab -> check if the account same as you login the agent machine.
Related
I have a Windows 10 Enterprise VM running an Azure Devops Agent in Interactive mode. The agent runs using the only user the machine has, and it is an Administrator with UAC disabled. However, when executing tasks that require an elevated command prompt, as registering dlls, the command fails with the following error message:
##[error]Cmd.exe exited with code '5'.
And this message is when I'm trying to COPY files into Windows\SysWow64
##[error]Error: Failed cp: cp: copyFileSync: could not write to dest file (code=EPERM):C:\windows\SysWow64\test.txt
My testes also fail with the following error message:
Test method TestesRegressaoPGB.Autenticacao.AutenticarNoPGBL02 threw exception:
System.AggregateException: One or more errors occurred. (The requested operation requires elevation.) ---> System.ComponentModel.Win32Exception: The requested operation requires elevation.
TestCleanup method TestesRegressaoPGB.Autenticacao.Cleanup threw exception. System.NullReferenceException: System.NullReferenceException: Object reference not set to an instance of an object..
How do I run all commands while elevated?
In the Azure DevOps, If you want to access local file in the azure devops pipeline via self-hosted agent, It accesses the file via service account instead of Personal account.
Workaround
We could open check the file permission and configure the service account permission. service account format User/Administrator/Administrators({Agent.ComputerName}\User/Administrator/Administrators)
Also, we could change the agent service account to your owner account.
Steps: Open service on the agent machine and search the agent service account, check the pic below, just change the account name and password to yours, then It will use this account to perform the operation.
I just added permissions on each and every folder the pipeline agent needed to open. As I said to Vito, the agent was not running using a service account.
I would like to use a .MDF SQL Server database file on which my unit tests are performed during a Visual Studio Test when deploying via a DevOps pipeline.
I added the .MDF and .LDF files to the unit test project and I am able to execute locally. I have confirmed that the files are properly deployed to the pipeline using a PowerShell script that lists the folder contents. I have also confirmed case-sensitivity by ensuring everything is upper-case.
When adding a Visual Studio Test step to an existing working pipeline, I initially received this error when attempting to save to the database during test initialization:
Microsoft.Data.SqlClient.SqlException: Failed to update database "D:\A\1\S\APPCORETESTS\BIN\RELEASE\NETCOREAPP3.1\MYTESTDATABASE.MDF" because the database is read-only
I added the following call during test initialize:
ALTER DATABASE [MYTESTDATABASE.MDF] SET READ_WRITE
and am now getting the following error:
Unable to open the physical file "D:\a\1\s\AppCoreTests\bin\Release\netcoreapp3.1\MYTESTDATABASE.mdf". Operating system error 5: "5(Access is denied.)"
Unable to open the physical file "D:\a\1\s\AppCoreTests\bin\Release\netcoreapp3.1\myTestDatabase_log.ldf". Operating system error 5: "5(Access is denied.)".
I am able to open a connection to the .MDF file using the following connection string (from a config, hence the two backslash "\"):
"Server=(LocalDB)\\MSSQLLocalDB;AttachDbFileName='|DataDirectory|\\MYTESTDATABASE.MDF'"
and I am able to run a query that returns several databases including mine (as well as tempdb, master, etc):
select name from sys.databases
If this error was occurring locally, I would set the folder permissions for the folder in which the .MDF / .LDF reside, but do not know if that is possible in a DevOps pipeline or if it is the correct approach to solving this problem.
Which agent are you using, hosted agent or self hosted agent?
Azure DevOps Pipeline accesses file via service account, we should check the service account permission and ensure it has enough permission.
If you are using hosted agent, it access the file via this account test Build Service(Org name), we need open project settings->Repositories->select the repo and check the service account test Build Service ({Org name}) permission, and also check the Pipeline->Settings
If you are using self-hosted agent and access local file, you should check the file permission. Steps: Select the local->Properties->Security, the service account name should be Administrators(Agent service name\Administrators) or Users(Agent service name\Users).
By the way, we can change the agent service account to your owner account.
Steps: Open service on the agent machine and search the agent service account, check the pic below, just change the account name and password to yours, then It will use this account to perform the operation.
I have a python script that execute an automation script on remote SUT. and given that the script is working when execute locally with user tester and password xxx.
when I build the DevOps Azure pipeline I have checkout from GIT the project into the agent and then try to execute the code from the command line .
cd .\MatrixPro\TestFramework
python .\main.py -t profaund_tests.matrix_pro_rf_energy_across_impedances
this code gave me an error
E PermissionError: [WinError 5] Access is denied:
'//192.168.1.100\c$\'
seems that this script try to create report file on the SUT and doesn't have permission.
more over that the azure user agent have admin permission but I suspect that I need to change into the local user before execute the command.
note: I'm working on windows 10 .
what is the right method to solve this issue ? how can I figure out way this error occur ?
is their a simple way to change the pipeline permmision to work on local agent with local user and password?
When you run the build pipeline on Azure DevOps.
It's actually the build service account which is running the script. You should make sure the build service account have sufficient permission to Access: '//192.168.1.100\c$\'
To change the identity of the build agent, just go into Windows Services and change the identity of related Build service (service name is " Azure Pipelines Agent").
In the Services pane, right-click Azure Pipelines Agent.
Under Service Status, click Stop.
Click the Log On tab.
Specify the account you want to use for the service in the This
account text box.
Type the new password in the Password text box, and then type the
new password again in the Confirm password text box.
Under Service Status, click Start.
You should use a user to remote to that the server hold build agent and manually run the script to perform the deploy process. If that user is able to deploy succeed without any permission issue. Simply use this user as your build service account of Azure DevOps agent.
Hope this helps.
Can Azure Artifacts packages be made available publicly? If so, I'd like publish NuGet packages from a PR to my GitHub project. I currently get the following permissions error from PR builds:
[warning]Warning_SessionCreationFailed {"statusCode":500,"result":{"$id":"1","innerException":null,"message":"User
'89e4e6df-0ac0-471f-ba63-0270050c3b79' lacks permission to complete
this action. You need to have
'ReadPackages'.","typeName":"Microsoft.VisualStudio.Services.Feed.WebApi.FeedNeedsPermissionsException,
Microsoft.VisualStudio.Services.Feed.WebApi","typeKey":"FeedNeedsPermissionsException","errorCode":0,"eventId":3000}}
[error]Error: The process '/usr/bin/dotnet' failed with exit code 1
[error]Packages failed to publish
I'm using an azure-pipelines.yml file. Here is a link to my Azure Pipelines build.
Update 1
These are the users/groups I have already added to my feed:
These are the users/groups I can add to my feed, that I haven't already done:
Update 2
This is the yaml for the Azure Pipelines task I am using to publish the NuGet package:
- task: DotNetCoreCLI#2
displayName: 'Dotnet NuGet Push'
inputs:
command: push
nuGetFeedType: internal
packagesToPush: '/home/vsts/work/1/Windows/*.nupkg'
publishVstsFeed: schema-net
According to the error message, your account does not have permissions on that feed which you want to operate.
You need verify whether your account has Contributor or higher permissions on the feed which you are trying push to.
In another, the group Project Collection Build Service is a default Contributor. But also, as default setting, it does not include the account Project Collection Build Service(xxxx) as a member. So, if you are the owner, you may need to add the Project Collection Build Service(xxxx) account into Project Collection Build Service group.
Edit:
As I check your org info from our back end, I found the user(89e4e6df-0ac0-xxxxxx-0270050c3b79), which displayed in your error message, is a Service identity account. And it's domain is build. It's a special account, not the normal user who may create or trigger the pr. So, if you do not grant permission to this service identity account, it will not have permission to access the feed you want to push to.
And also, the direct parents groups of this security account in your Org is [org name]\Security Service Group. You can check it under your org setting. You can also check its permission under your feed.
So, for solved, you need to add this service identity account in to your feed setting, and grant it contributor or higher role.
2nd Update:
For clearly understand, let me clear up some details.
At first,according to the error message which displayed in log said lack ReadPackage permission, I considered this firstly with the permission of the feed which you wanted push to in task.
In addition, the user number which also displayed in the log, 89e4e6df-0ac0-xxxxxx-0270050c3b79. As I checked from backend, it is a VSID that represent a build service account: Schema.NET Build Service (schema-net). So, firstly, it’s easy to think that this account does not has relevant permission so that it could not push package.
But, after you update the feed setting, I check user VSID from backend again and review the error log. I figure it out. According to the logs of #20190625.1, you can see that the error begin occurred on getting source package:
##[warning]Can\'t find loc string for key:
Warning_SessionCreationFailed
Because of this error, it’s failed to create the correct package source package path so that the service account does not have permission to access it because it’s a wrong path:
In fact, the correct source package url should look like this( you can refer this from #2029062502)
https://pkgs.dev.azure.com/schema-net/_packaging/f43386ca-{package id}-d2f8da200fb3/nuget/v3/index.json
Now, I think this is a issue which about the configuration of your nuget.config file.
When building an artifact using Azure DevOps, "Publish artifact" task failed with error
Publishing build artifacts failed with an error: EPERM: operation not permitted
When you are using A file server option as an Artifact publish location for Publish task, make sure the Agent/Service has access to the server.
In my case, I added the agent in Administrator group to be able to do WRITE operation.
If you use self-hosted agent, by default it runs as local NETWORK SERVICE account that doesn't have access to remote shares. So you should either:
Change agent's logon account. For some reason Microsoft doesn't recommend to change it from Services snap-in, but rather reconfigure it from their scripts.
Grant to local NETWORK SERVICE account access to remote share. To do it, you need to add computer account with your agent (i.e. "DOMAIN\ServerA$") to Share and NTFS permissions on the shared folder. See for example here.