I have already created the resource with the azure cli, and I have verified that the resource is in the azure portal.
I have this error:
Build 'azure-arm' errored after 1 second 668 milliseconds: Cannot locate the managed image resource group packerResourceGroup.
I'm using an institutional account, will it have something to do with it?
Related
Now i want to import Python packages by ARM template.
Please help me
enter image description here
You can reference this document to set up an ARM template to deploy your Azure Automation account.
After setting up the ARM template:
On your local machine, you can execute the related Azure CLI or Azure PowerShell commands to run the ARM template deployment.
In the Azure Pipelines on Azure DevOps, you can use the ARM Template Deployment Task to run the deployment.
For automation download and add python package in Azure Automation Account:
Step 1: You have to create Azure Run As Account.
Step 2: Create Runbook and you can import a Python 3 package and its dependencies by importing the following Python script into a Python 3 runbook, and then running it
Step 3: Start runbook
You have to add following argument for runbook:
subscription_id (-s) - Subscription id of the Automation account
resource_group (-g) - Resource group name of the Automation account
automation_account (-a) - Automation account name
module_name (-m) - Name of module to import from pypi.org
More information: Manage python2, Manage python3
I have created an Azure Container Registry.
I have an Azure DevOps project.
I have created an Azure DevOps Pipeline using the wizard so
that it uses the standard template to build and push a Docker image.
When validating the Pipeline the following error is thrown:
Failed to set Azure permission 'RoleAssignmentId: ****' for the service principal '****' on subscription ID '****': error code: Forbidden, inner error code: AuthorizationFailed, inner error message The client '****' with object id '****' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/****/resourceGroups/****/providers/Microsoft.ContainerRegistry/registries/****/providers/Microsoft.Authorization/roleAssignments/****' or the scope is invalid. If access was recently granted, please refresh your credentials. Ensure that the user has 'Owner' or 'User Access Administrator' permissions on the Subscription.
What configuration could I be missing? The documentation for this is all very sparse and written as though it should all just work.
Thanks
You need to add AcrPull permission to service principal you used here. Please got to you ACR and add it.
Here you have id of you service principal:
Failed to set Azure permission 'RoleAssignmentId: ' for the service principal ''
Also please check also networking on ACR if it blocks you or not.
To build and push your Docker image in Azure pipeline, you need follow the steps below:
Navigate to Project Settings > Service connections to create a Docker Registry service connection that can connect to your ACR.
In the pipeline, add the Docker task to build and push your Docker image to ACR.
Yours service principal on service connection is missing permissions link to documentation https://learn.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli. You can use custom role or build like contributor on resource group level. Example of custom role and allowed actions "Microsoft.ContainerRegistry/registries/push/write",
I have created a Build Docker Image task inside DevOps Build Pipeline.
In this task, after selecting the Azure Subscription, the Azure container registry list shows No results Found message.
Although I have created the ACR in that subscription, I'm unable to connect to it via DevOps Build Pipeline.
Is this issue related to permissions or any other?
Did you create a Service Principal for Azure DevOps pipeline? Once created you can give it the proper role for what you are trying to do.
# Assign the desired role to the service principal. Modify the '--role' argument
# value as desired:
# acrpull: pull only
# acrpush: push and pull
# owner: push, pull, and assign roles
az role assignment create --assignee $SERVICE_PRINCIPAL_ID --scope $ACR_REGISTRY_ID --role acrpull
In your build pipeline, you need to add a login task that uses an existing Service Connection before your Docker build and/or push task. The Service Connection has the subscription and the name of the Azure Container Registry where you will be uploading your Docker images.
I've acquired one of the Microsoft templates for CI/CD using: Jenkins, Docker (ACS), Kubernetes (AKS). This template comes with a pipeline example, but when trying to start it I present the following error trying to do the integration with Azure Kubernetes (AKS):
Starting Azure Container Service / Kubernetes Service Deployment
Delete Kubernetes management config file
/var/lib/jenkins/workspace/hello-world/kubeconfig-7112538207763465492
ERROR: ERROR: Status code 403, {"error":
{"code":"AuthorizationFailed","message":"The client '7912b768-a178-4996-
b6e6-38912a9b90da' with object id '7912b768-a178-4996-b6e6-38912a9b90da'
does not have authorization to perform action
'Microsoft.ContainerService/managedClusters/accessProfiles
/listCredential/action' over scope '/subscriptions/4e601d44-4d18-4e49-
95001793e668f9e0/resourcegroups/SystemBackend_Resource/
providers/Microsoft.ContainerService/managedClusters/aksa5ru5sgbdaum2/
accessProfiles/clusterAdmin'."}}
Any idea?
the error says it all, the client (credentials) you are using to access the AKS cluster does not have permissions to use the listCredentials action over that cluster. You need to grant that client those permissions. Easiest way grant contributor rights to 7912b768-a178-4996-b6e6-38912a9b90da to the SystemBackend_Resource resource group.
New-AzureRmRoleAssignment -ObjectId 7912b768-a178-4996-b6e6-38912a9b90da `
-RoleDefinitionName "Contributor" `
-Scope '/subscriptions/4e601d44-4d18-4e49-95001793e668f9e0/resourcegroups/SystemBackend_Resource/'
you can obviously grant only that permission to that entity using custom roles, but this is just an example
With this reference, https://learn.microsoft.com/en-us/bot-framework/deploy-bot-local-git
I executed command as follows.
$ azure site create --git my-app-name
Then, an error message appeared.
info: Executing command site create
error: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
error: Error information has been recorded to C:\Users\yokoyamt\.azure\azure.err
error: site create command failed
I've tried in another azure account, which I have "power-user", then
A new Resource group was created and the app service was deployed in it.
But in this time, I haven't enough role to create new resource group.
So I guessed If I had specify resource group when I create app via azure-cli.
Can anyone put some light on this?
> az account list --output table
Name CloudName SubscriptionId State IsDefault
-------- ----------- ------------------------------------ ------- -----------
従量課金 AzureCloud my-subscription-id Enabled True
azure site is a classic(asm) mode resource, azure web is a arm mode resource. You should give your account co-admin permission in classic Portal. New Portal does not work on it. Please refer to this question.
According to your description, you want to deploy a web app on Azure. You could use Azure CLI 2.0 to do this. Please refer to this link.