Linux 和 Mac 上的 Azure CLI:证书问题
Azure CLI on Linux and Mac: certificate trouble
我正在尝试学习 this Kubernetes 与 Azure 的官方教程。我在 Mac 和 Linux.
上都试过了
我可以使用我的公司帐户从 CLI 成功登录,但是当我 运行 ./create-kubernetes-cluster.js 在输出的末尾我看到
info: Executing command network vnet create
info: Using default address space cidr: 12
info: Using default subnet start IP: 172.16.0.0
info: Using default subnet cidr: 15
+ Looking up network configuration
error: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
info: Error information has been recorded to /home/dds/.azure/azure.err
error: network vnet create command failed
这是什么证书?它来自哪里?
这里是azure.err:
[Error: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.]
stack: [Getter/Setter],
code: 'ForbiddenError',
statusCode: 403,
__frame:
{ name: 'get__3',
line: 47,
file: '/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/lib/commands/asm/network/networkConfig.js',
prev:
{ name: 'create__1',
line: 34,
file: '/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/lib/commands/asm/network/virtualNetwork.js',
prev: [Object],
calls: 1,
active: false,
offset: 4,
col: 43 },
calls: 0,
active: false,
offset: 4,
col: 59 },
rawStack: [Getter] }
Error: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
<<< async stack >>>
at get__3 (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/lib/commands/asm/network/networkConfig.js:51:60)
at create__1 (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/lib/commands/asm/network/virtualNetwork.js:38:44)
at __6 (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/lib/commands/asm/network/network.js:125:22)
<<< raw stack >>>
at Function.ServiceClient._normalizeError (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/node_modules/azure-common/lib/services/serviceclient.js:815:23)
at /home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/node_modules/azure-common/lib/services/filters/errorhandlingfilter.js:44:29
at Request._callback (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/node_modules/azure-common/lib/http/request-pipeline.js:109:14)
at Request.self.callback (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/node_modules/azure-common/node_modules/request/request.js:199:22)
at emitTwo (events.js:87:13)
at Request.emit (events.js:172:7)
at Request.<anonymous> (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/node_modules/azure-common/node_modules/request/request.js:1160:14)
at emitOne (events.js:82:20)
at Request.emit (events.js:169:7)
at IncomingMessage.<anonymous> (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/node_modules/azure-common/node_modules/request/request.js:1111:12)
你能告诉我如何解决这个问题吗?
更新
我创建了一张 Azure 支持票,他们告诉我:
I see most of the Resource Providers are not registered for your
subscription. Deployments (first time) done via portal register
resource providers automatically, however if its via PowerShell or CLI
we have these have to be registered (one time activity)
https://azure.microsoft.com/en-in/documentation/articles/azure-cli-arm-commands/
Please run these cmdlets to register the providers & then retry the
deployment
azure provider register –namespace Microsoft.Network
azure provider register –namespace Microsoft.Compute
azure provider register –namespace Microsoft.ContainerService
azure provider register –namespace Microsoft.ResourceHealth
azure provider register –namespace Microsoft.Storage
我成功执行了这些命令,但结果还是一样。
解决办法是需要在azure subscription中添加azure account as co admin
这里有一些有用的链接:
How to add or change Azure administrator roles
Changing Service Administrator and Co-Administrator when logged-in with an organizational account
我正在尝试学习 this Kubernetes 与 Azure 的官方教程。我在 Mac 和 Linux.
上都试过了我可以使用我的公司帐户从 CLI 成功登录,但是当我 运行 ./create-kubernetes-cluster.js 在输出的末尾我看到
info: Executing command network vnet create
info: Using default address space cidr: 12
info: Using default subnet start IP: 172.16.0.0
info: Using default subnet cidr: 15
+ Looking up network configuration
error: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
info: Error information has been recorded to /home/dds/.azure/azure.err
error: network vnet create command failed
这是什么证书?它来自哪里?
这里是azure.err:
[Error: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.]
stack: [Getter/Setter],
code: 'ForbiddenError',
statusCode: 403,
__frame:
{ name: 'get__3',
line: 47,
file: '/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/lib/commands/asm/network/networkConfig.js',
prev:
{ name: 'create__1',
line: 34,
file: '/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/lib/commands/asm/network/virtualNetwork.js',
prev: [Object],
calls: 1,
active: false,
offset: 4,
col: 43 },
calls: 0,
active: false,
offset: 4,
col: 59 },
rawStack: [Getter] }
Error: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
<<< async stack >>>
at get__3 (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/lib/commands/asm/network/networkConfig.js:51:60)
at create__1 (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/lib/commands/asm/network/virtualNetwork.js:38:44)
at __6 (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/lib/commands/asm/network/network.js:125:22)
<<< raw stack >>>
at Function.ServiceClient._normalizeError (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/node_modules/azure-common/lib/services/serviceclient.js:815:23)
at /home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/node_modules/azure-common/lib/services/filters/errorhandlingfilter.js:44:29
at Request._callback (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/node_modules/azure-common/lib/http/request-pipeline.js:109:14)
at Request.self.callback (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/node_modules/azure-common/node_modules/request/request.js:199:22)
at emitTwo (events.js:87:13)
at Request.emit (events.js:172:7)
at Request.<anonymous> (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/node_modules/azure-common/node_modules/request/request.js:1160:14)
at emitOne (events.js:82:20)
at Request.emit (events.js:169:7)
at IncomingMessage.<anonymous> (/home/dds/k8s/src/kubernetes/docs/getting-started-guides/coreos/azure/node_modules/azure-cli/node_modules/azure-common/node_modules/request/request.js:1111:12)
你能告诉我如何解决这个问题吗?
更新
我创建了一张 Azure 支持票,他们告诉我:
I see most of the Resource Providers are not registered for your subscription. Deployments (first time) done via portal register resource providers automatically, however if its via PowerShell or CLI we have these have to be registered (one time activity)
https://azure.microsoft.com/en-in/documentation/articles/azure-cli-arm-commands/Please run these cmdlets to register the providers & then retry the deployment
azure provider register –namespace Microsoft.Network
azure provider register –namespace Microsoft.Compute
azure provider register –namespace Microsoft.ContainerService
azure provider register –namespace Microsoft.ResourceHealth
azure provider register –namespace Microsoft.Storage
我成功执行了这些命令,但结果还是一样。
解决办法是需要在azure subscription中添加azure account as co admin
这里有一些有用的链接:
How to add or change Azure administrator roles
Changing Service Administrator and Co-Administrator when logged-in with an organizational account