运行 Packer 作为 Azure Pipelines 上构建不可变图像任务的一部分 returns ResourceNotFound 错误
Running Packer as part of the Build Immutable Image task on Azure Pipelines returns ResourceNotFound error
运行 Packer 作为 Azure Pipelines 上构建不可变图像任务的一部分 returns ResourceNotFound 错误。
这是日志:
[command]d:\a\_temp60443280032\packer\packer.exe --version
1.2.4
.. OMISSIS ..
Running packer fix command
[command]d:\a\_temp60443280032\packer\packer.exe fix -validate=false d:\a\_temp60443280032\default.managed.windows.template-builderUpdated.json
{
.. OMISSIS ..
}
Running packer validate command to ensure template is valid
[command]d:\a\_temp60443280032\packer\packer.exe validate -var-file=d:\a\_temprmtqjuiul6pfzkv7busvvaemi.json -var-file=d:\a\_temp\uhd7du4kq3yqnb8ow5d4jwcdi.json d:\a\_temp60443280032\default.managed.windows.template-builderUpdated-fixed.json
Template validated successfully.
Running packer build command. Waiting for it to finish...
[command]d:\a\_temp60443280032\packer\packer.exe build -force -color=false -var-file=d:\a\_tempehhcm7h7b87enzmq6zz7iudi.json -var-file=d:\a\_temp\su5hmxk6n2ly2vs00pundygb9.json d:\a\_temp60443280032\default.managed.windows.template-builderUpdated-fixed.json
==> azure-arm: Running builder ...
azure-arm: Creating Azure Resource Manager (ARM) client ...
==> azure-arm: ERROR: -> ResourceNotFound : The Resource 'Microsoft.Compute/images/COMPUTERNAME' under resource group 'RESOURCEGROUP' was not found.
==> azure-arm:
==> azure-arm: resources.GroupsClient#CheckExistence: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: error response cannot be parsed: "" error: EOF
Build 'azure-arm' errored: resources.GroupsClient#CheckExistence: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: error response cannot be parsed: "" error: EOF
==> Some builds didn't complete successfully and had errors:
--> azure-arm: resources.GroupsClient#CheckExistence: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: error response cannot be parsed: "" error: EOF
==> Builds finished but no artifacts were created.
##[error]Error: d:\a\_temp60443280032\packer\packer.exe failed with return code: 1
执行很早就停止了,实际上只需要 20 秒就出现错误(工作任务大约需要 30 分钟)。
事实证明,在配置构建不可变映像任务时创建的服务主体仅在任务配置期间选择的特定资源组(持有任务使用的存储帐户的资源组)中配置为贡献者。
在订阅级别向服务主体名称授予贡献者角色可解决此问题。
运行 任务,我们可能会发现这是因为在执行过程中,创建了一个新的临时资源组,因此服务主体需要对整个订阅的贡献者权限(或其某些子集) .
这是一个有趣的选择,因为这个资源组在任务结束时被删除了。
运行 Packer 作为 Azure Pipelines 上构建不可变图像任务的一部分 returns ResourceNotFound 错误。
这是日志:
[command]d:\a\_temp60443280032\packer\packer.exe --version
1.2.4
.. OMISSIS ..
Running packer fix command
[command]d:\a\_temp60443280032\packer\packer.exe fix -validate=false d:\a\_temp60443280032\default.managed.windows.template-builderUpdated.json
{
.. OMISSIS ..
}
Running packer validate command to ensure template is valid
[command]d:\a\_temp60443280032\packer\packer.exe validate -var-file=d:\a\_temprmtqjuiul6pfzkv7busvvaemi.json -var-file=d:\a\_temp\uhd7du4kq3yqnb8ow5d4jwcdi.json d:\a\_temp60443280032\default.managed.windows.template-builderUpdated-fixed.json
Template validated successfully.
Running packer build command. Waiting for it to finish...
[command]d:\a\_temp60443280032\packer\packer.exe build -force -color=false -var-file=d:\a\_tempehhcm7h7b87enzmq6zz7iudi.json -var-file=d:\a\_temp\su5hmxk6n2ly2vs00pundygb9.json d:\a\_temp60443280032\default.managed.windows.template-builderUpdated-fixed.json
==> azure-arm: Running builder ...
azure-arm: Creating Azure Resource Manager (ARM) client ...
==> azure-arm: ERROR: -> ResourceNotFound : The Resource 'Microsoft.Compute/images/COMPUTERNAME' under resource group 'RESOURCEGROUP' was not found.
==> azure-arm:
==> azure-arm: resources.GroupsClient#CheckExistence: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: error response cannot be parsed: "" error: EOF
Build 'azure-arm' errored: resources.GroupsClient#CheckExistence: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: error response cannot be parsed: "" error: EOF
==> Some builds didn't complete successfully and had errors:
--> azure-arm: resources.GroupsClient#CheckExistence: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: error response cannot be parsed: "" error: EOF
==> Builds finished but no artifacts were created.
##[error]Error: d:\a\_temp60443280032\packer\packer.exe failed with return code: 1
执行很早就停止了,实际上只需要 20 秒就出现错误(工作任务大约需要 30 分钟)。
事实证明,在配置构建不可变映像任务时创建的服务主体仅在任务配置期间选择的特定资源组(持有任务使用的存储帐户的资源组)中配置为贡献者。
在订阅级别向服务主体名称授予贡献者角色可解决此问题。
运行 任务,我们可能会发现这是因为在执行过程中,创建了一个新的临时资源组,因此服务主体需要对整个订阅的贡献者权限(或其某些子集) .
这是一个有趣的选择,因为这个资源组在任务结束时被删除了。