Azure Batch - Active Directory 身份验证问题
Azure Batch - problems with Active Directory authentication
我正在关注 this other post 关于使用自定义机器映像创建 Azure Batch 池的信息。我卡在 Azure Active Directory (AD) 身份验证上。我已经按照其他线程上的所有教程注册应用程序并获取应用程序 ID、租户 ID 和私钥。
这是创建 Batch Client 的标准位:
credentials = ServicePrincipalCredentials(
client_id=APP_CLIENT_ID,
secret=APP_CLIENT_KEY,
tenant=APP_TENANT_ID,
resource='https://batch.core.windows.net'
)
self._batch_client = batch.BatchServiceClient(credentials, base_url=BATCH_ACCOUNT_URL)
这是创建池的代码:
# Get details for configuring worker machines with the node image file
node_agents = self._batch_client.account.list_node_agent_skus()
image_agent = next(agent for agent in node_agents if 'ubuntu 16.04' in agent.id)
image_ref = batchmodels.ImageReference(virtual_machine_image_id='/subscriptions/<long_URL>')
virtual_machine_config = batchmodels.VirtualMachineConfiguration(
image_reference=image_ref,
node_agent_sku_id=image_agent.id
)
# Define an admin user account for the worker machines
user = batchmodels.AutoUserSpecification(
scope=batchmodels.AutoUserScope.pool,
elevation_level=batchmodels.ElevationLevel.admin
)
# Define the pool
new_pool = batch.models.PoolAddParameter(
id=self.id,
virtual_machine_configuration=virtual_machine_config,
vm_size=self._vm_size,
target_dedicated_nodes=self.nodes,
start_task=batch.models.StartTask(
command_line=start_commands,
user_identity=batchmodels.UserIdentity(auto_user=user),
wait_for_success=True,
resource_files=self._resource_files),
)
# Instantiate the pool
try:
self._batch_client.pool.add(new_pool)
self._created = True
except batchmodels.batch_error.BatchErrorException as err:
print_batch_exception(err)
raise
当尝试创建 image_agent:
时,这会在第 3 行触发以下错误输出
Traceback (most recent call last):
File "C:\Echo\Code\pysource\Pysource\dataIO\Tests\TestAzure.py", line 170, in test_create_and_destroy_pool
pool.create(data=res_folder)
File "C:\Echo\Code\pysource\Pysource\dataIO\azureUtils.py", line 440, in create
image_agent = next(agent for agent in node_agents if 'ubuntu 16.04' in agent.id)
File "C:\Echo\Code\pysource\Pysource\dataIO\azureUtils.py", line 440, in <genexpr>
image_agent = next(agent for agent in node_agents if 'ubuntu 16.04' in agent.id)
File "C:\Users\Patrick\Anaconda3\lib\site-packages\msrest\paging.py", line 109, in __next__
self.advance_page()
File "C:\Users\Patrick\Anaconda3\lib\site-packages\msrest\paging.py", line 95, in advance_page
self._response = self._get_next(self.next_link)
File "C:\Users\Patrick\Anaconda3\lib\site-packages\azure\batch\operations\account_operations.py", line 119, in internal_paging
raise models.BatchErrorException(self._deserialize, response)
azure.batch.models.batch_error.BatchErrorException: {'lang': 'en-US', 'value': 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly.\nRequestId:1a38e970-fb6e-4d2e-b691-5c47f46186b1\nTime:2017-11-02T19:42:54.0264686Z'}
...附带 HTTP 日志:
requests.packages.urllib3.connectionpool: DEBUG: Starting new HTTPS
connection (1): <batch_name>.westus.batch.azure.com
requests.packages.urllib3.connectionpool: DEBUG: https://<batch_name>.westus.batch.azure.com:443 "GET /nodeagentskus?api-version=2017-09-01.6.0 HTTP/1.1" 401 529
msrest.http_logger: DEBUG: Request URL: 'https://<batch_name>.westus.batch.azure.com/nodeagentskus?api-version=2017-09-01.6.0'
msrest.http_logger: DEBUG: Request method: 'GET'
msrest.http_logger: DEBUG: Request headers:
msrest.http_logger: DEBUG: 'Accept': 'application/json'
msrest.http_logger: DEBUG: 'Accept-Encoding': 'gzip, deflate'
msrest.http_logger: DEBUG: 'Connection': 'keep-alive'
msrest.http_logger: DEBUG: 'User-Agent': 'python/3.5.2 (Windows-10-10.0.15063-SP0) requests/2.14.0 msrest/0.4.18 msrest_azure/0.4.15 batchserviceclient/4.0.0 Azure-SDK-For-Python'
msrest.http_logger: DEBUG: 'client-request-id': '03663a50-c006-11e7-b93e-847beb5642f2'
msrest.http_logger: DEBUG: 'accept-language': 'en-US'
msrest.http_logger: DEBUG: 'Authorization': '*****'
msrest.http_logger: DEBUG: 'Content-Type': 'application/json; odata=minimalmetadata; charset=utf-8'
msrest.http_logger: DEBUG: Request body:
msrest.http_logger: DEBUG: None
msrest.http_logger: DEBUG: Response status: 401
msrest.http_logger: DEBUG: Response headers:
msrest.http_logger: DEBUG: 'Content-Length': '529'
msrest.http_logger: DEBUG: 'Content-Type': 'application/json;odata=minimalmetadata'
msrest.http_logger: DEBUG: 'Server': 'Microsoft-HTTPAPI/2.0'
msrest.http_logger: DEBUG: 'request-id': '1a38e970-fb6e-4d2e-b691-5c47f46186b1'
msrest.http_logger: DEBUG: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
msrest.http_logger: DEBUG: 'X-Content-Type-Options': 'nosniff'
msrest.http_logger: DEBUG: 'DataServiceVersion': '3.0'
msrest.http_logger: DEBUG: 'WWW-Authenticate': 'Bearer error="invalid_token", error_description="The access token is missing or invalid."'
msrest.http_logger: DEBUG: 'Date': 'Thu, 02 Nov 2017 19:42:53 GMT'
msrest.http_logger: DEBUG: Response content:
msrest.http_logger: DEBUG: b'{\r\n "odata.metadata":"https://<batch_name>.westus.batch.azure.com/$metadata#Microsoft.Azure.Batch.Protocol.Entities.Container.errors/@Element","code":"AuthenticationFailed","message":{\r\n "lang":"en-US","value":"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly.\nRequestId:1a38e970-fb6e-4d2e-b691-5c47f46186b1\nTime:2017-11-02T19:42:54.0264686Z"\r\n },"values":[\r\n {\r\n "key":"AuthenticationErrorDetail","value":"Could not find identity for access token."\r\n }\r\n ]\r\n}'
msrest.exceptions: DEBUG: {'lang': 'en-US', 'value': 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly.\nRequestId:1a38e970-fb6e-4d2e-b691-5c47f46186b1\nTime:2017-11-02T19:42:54.0264686Z'}
关键信息是这样的:"key":"AuthenticationErrorDetail","value":"Could not find identity for access token."
请注意,如果我对 node_agent_sku_id 进行硬编码,则在尝试添加新池时,错误会从第 3 行移动到 try 语句正下方的行。
我该如何开始对此进行故障排除?
Azure Batch 的资源应该是 'https://batch.core.windows.net/'(注意尾部斜线)。
我正在关注 this other post 关于使用自定义机器映像创建 Azure Batch 池的信息。我卡在 Azure Active Directory (AD) 身份验证上。我已经按照其他线程上的所有教程注册应用程序并获取应用程序 ID、租户 ID 和私钥。
这是创建 Batch Client 的标准位:
credentials = ServicePrincipalCredentials(
client_id=APP_CLIENT_ID,
secret=APP_CLIENT_KEY,
tenant=APP_TENANT_ID,
resource='https://batch.core.windows.net'
)
self._batch_client = batch.BatchServiceClient(credentials, base_url=BATCH_ACCOUNT_URL)
这是创建池的代码:
# Get details for configuring worker machines with the node image file
node_agents = self._batch_client.account.list_node_agent_skus()
image_agent = next(agent for agent in node_agents if 'ubuntu 16.04' in agent.id)
image_ref = batchmodels.ImageReference(virtual_machine_image_id='/subscriptions/<long_URL>')
virtual_machine_config = batchmodels.VirtualMachineConfiguration(
image_reference=image_ref,
node_agent_sku_id=image_agent.id
)
# Define an admin user account for the worker machines
user = batchmodels.AutoUserSpecification(
scope=batchmodels.AutoUserScope.pool,
elevation_level=batchmodels.ElevationLevel.admin
)
# Define the pool
new_pool = batch.models.PoolAddParameter(
id=self.id,
virtual_machine_configuration=virtual_machine_config,
vm_size=self._vm_size,
target_dedicated_nodes=self.nodes,
start_task=batch.models.StartTask(
command_line=start_commands,
user_identity=batchmodels.UserIdentity(auto_user=user),
wait_for_success=True,
resource_files=self._resource_files),
)
# Instantiate the pool
try:
self._batch_client.pool.add(new_pool)
self._created = True
except batchmodels.batch_error.BatchErrorException as err:
print_batch_exception(err)
raise
当尝试创建 image_agent:
Traceback (most recent call last):
File "C:\Echo\Code\pysource\Pysource\dataIO\Tests\TestAzure.py", line 170, in test_create_and_destroy_pool
pool.create(data=res_folder)
File "C:\Echo\Code\pysource\Pysource\dataIO\azureUtils.py", line 440, in create
image_agent = next(agent for agent in node_agents if 'ubuntu 16.04' in agent.id)
File "C:\Echo\Code\pysource\Pysource\dataIO\azureUtils.py", line 440, in <genexpr>
image_agent = next(agent for agent in node_agents if 'ubuntu 16.04' in agent.id)
File "C:\Users\Patrick\Anaconda3\lib\site-packages\msrest\paging.py", line 109, in __next__
self.advance_page()
File "C:\Users\Patrick\Anaconda3\lib\site-packages\msrest\paging.py", line 95, in advance_page
self._response = self._get_next(self.next_link)
File "C:\Users\Patrick\Anaconda3\lib\site-packages\azure\batch\operations\account_operations.py", line 119, in internal_paging
raise models.BatchErrorException(self._deserialize, response)
azure.batch.models.batch_error.BatchErrorException: {'lang': 'en-US', 'value': 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly.\nRequestId:1a38e970-fb6e-4d2e-b691-5c47f46186b1\nTime:2017-11-02T19:42:54.0264686Z'}
...附带 HTTP 日志:
requests.packages.urllib3.connectionpool: DEBUG: Starting new HTTPS
connection (1): <batch_name>.westus.batch.azure.com
requests.packages.urllib3.connectionpool: DEBUG: https://<batch_name>.westus.batch.azure.com:443 "GET /nodeagentskus?api-version=2017-09-01.6.0 HTTP/1.1" 401 529
msrest.http_logger: DEBUG: Request URL: 'https://<batch_name>.westus.batch.azure.com/nodeagentskus?api-version=2017-09-01.6.0'
msrest.http_logger: DEBUG: Request method: 'GET'
msrest.http_logger: DEBUG: Request headers:
msrest.http_logger: DEBUG: 'Accept': 'application/json'
msrest.http_logger: DEBUG: 'Accept-Encoding': 'gzip, deflate'
msrest.http_logger: DEBUG: 'Connection': 'keep-alive'
msrest.http_logger: DEBUG: 'User-Agent': 'python/3.5.2 (Windows-10-10.0.15063-SP0) requests/2.14.0 msrest/0.4.18 msrest_azure/0.4.15 batchserviceclient/4.0.0 Azure-SDK-For-Python'
msrest.http_logger: DEBUG: 'client-request-id': '03663a50-c006-11e7-b93e-847beb5642f2'
msrest.http_logger: DEBUG: 'accept-language': 'en-US'
msrest.http_logger: DEBUG: 'Authorization': '*****'
msrest.http_logger: DEBUG: 'Content-Type': 'application/json; odata=minimalmetadata; charset=utf-8'
msrest.http_logger: DEBUG: Request body:
msrest.http_logger: DEBUG: None
msrest.http_logger: DEBUG: Response status: 401
msrest.http_logger: DEBUG: Response headers:
msrest.http_logger: DEBUG: 'Content-Length': '529'
msrest.http_logger: DEBUG: 'Content-Type': 'application/json;odata=minimalmetadata'
msrest.http_logger: DEBUG: 'Server': 'Microsoft-HTTPAPI/2.0'
msrest.http_logger: DEBUG: 'request-id': '1a38e970-fb6e-4d2e-b691-5c47f46186b1'
msrest.http_logger: DEBUG: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
msrest.http_logger: DEBUG: 'X-Content-Type-Options': 'nosniff'
msrest.http_logger: DEBUG: 'DataServiceVersion': '3.0'
msrest.http_logger: DEBUG: 'WWW-Authenticate': 'Bearer error="invalid_token", error_description="The access token is missing or invalid."'
msrest.http_logger: DEBUG: 'Date': 'Thu, 02 Nov 2017 19:42:53 GMT'
msrest.http_logger: DEBUG: Response content:
msrest.http_logger: DEBUG: b'{\r\n "odata.metadata":"https://<batch_name>.westus.batch.azure.com/$metadata#Microsoft.Azure.Batch.Protocol.Entities.Container.errors/@Element","code":"AuthenticationFailed","message":{\r\n "lang":"en-US","value":"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly.\nRequestId:1a38e970-fb6e-4d2e-b691-5c47f46186b1\nTime:2017-11-02T19:42:54.0264686Z"\r\n },"values":[\r\n {\r\n "key":"AuthenticationErrorDetail","value":"Could not find identity for access token."\r\n }\r\n ]\r\n}'
msrest.exceptions: DEBUG: {'lang': 'en-US', 'value': 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly.\nRequestId:1a38e970-fb6e-4d2e-b691-5c47f46186b1\nTime:2017-11-02T19:42:54.0264686Z'}
关键信息是这样的:"key":"AuthenticationErrorDetail","value":"Could not find identity for access token."
请注意,如果我对 node_agent_sku_id 进行硬编码,则在尝试添加新池时,错误会从第 3 行移动到 try 语句正下方的行。
我该如何开始对此进行故障排除?
Azure Batch 的资源应该是 'https://batch.core.windows.net/'(注意尾部斜线)。