How to deploy to artifactory from azure pipeline? - azure

I'm trying to copy files to artifactory from my Azure pipeline but getting error:
"curl: (60) SSL certificate problem: unable to get issuer certificate
curl failed to verify the legitimacy of the server and therefore could
not establish a secure connection to it."
This used to work fine but I suspect someone has blocked me somehow.
If I try to deploy the file manually within Artifactory, the error shows:
"Error deploying these files: my-linux-shell-script.sh -
artifactory-build-info:path/to/repo/my-linux-shell-script.sh could not
be deployed. Build Info repositories only supports build-info.json
files."
Assuming I could get the Artifactory server's public key, I wouldn't know where to install it on Azure.
I can view all our files within Jfrog Artifactory but can no longer deploy to them. Suggestions?

The error "curl: (60) SSL certificate problem: unable to get issuer certificate" usually means that your server (client) does not have the target's server trusted certificates.
You can ignore it by adding the -k flag or -insecure to the cURL command.
With regards to the artifactory-build-info repository, it will only support to deploy json files that have valid build name, build number and timestamp. There is another possibility that the deploy repository might have not been selected correctly rather the repository "artifactory-build-info" is selected, if that is the case, "artifactory-build-info" will not allow artifacts to be deployed as it only allows a valid JSON files. Please validate.

Related

Application Insights Java Agent: Which Certificates to add to truststore?

I'm getting the following error when starting my spring-boot application with the azure application-insights agent:
*************************
ApplicationInsights Java Agent failed to send telemetry data.
*************************
Description:
Unable to find valid certification path to requested target.
Action:
Please import the SSL certificate from https://westeurope.livediagnostics.monitor.azure.com/QuickPulseService.svc, into your custom java key store located at:
/truststore/truststore.jks
Learn more about importing the certificate here: https://go.microsoft.com/fwlink/?linkid=2151450
This error only appears sometimes, sometimes it works.
It seems that different Azure Servers use different chains (+ root CA's).
My truststore contains the following Certs:
Baltimore CyberTrust Root
Microsoft RSA TLS CA 02
Cert for live.applicationinsights.azure.com
cert for in.applicationinsights.azure.com
I found the following List of all Azure Certificates.
Which Certificates from this list do I need to add to the truststore for the error to go away permanently?
EDIT:
I've now added all the root certs from the page to my truststore, but I'm still getting the same error message. I do however see data in Azure Insights...
Try using application insight agent by which there is no need of modifying your spring boot application you only need to provide the correct environment variables
Here is the sample code for setting environment variables
APPLICATIONINSIGHTS_CONNECTION_STRING = <Copy connection string from Application Insights Resource Overview>
Else you can even set the environment variables by adding them in connecting string using applicationsettings.json file and below is the sample code for that
{
"connectionString": "Copy connection string from Application Insights Resource Overview"
}
For the complete information regarding adding environment variables you can refer the document suggested by #Paizo.

Azure Pipelines Agent artifact failed to apply

I am trying to apply Azure Pipeline Agent artifact while creating an Azure VM from the pipeline using Azure Dev Test Lab Create VM Task.
I have provided all the valid values in the ARM Template(organization, pat, agent name, etc)
but the specified artifact is failed to apply. here is the exception info
Validating parameters
Preparing agent installation location
Checking for previously configured agent
Downloading agent package
Extracting agent package contents
Getting agent installer path
Installing agent
ERROR: Connecting to remote server localhost failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
The artifact failed to apply.
Anyone has any idea on why I am getting this exception? please help me if you have any information
(401) Unauthorized
This means that your token is not be get and used correctly. Just for test purpose, you can create a PAT with Full access scope to see if this works.
You need to check whether your token is correctly converted to Base64String in the script.
$token = "{PAT}"
$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($token)"))
In addition, if you tried the above two points and the problem still exists, you can share your script sample in the question for further investigation.
After configuring WinRM before installing the artifacts, the issue is resolved.

Git deploy to Azure app service from Gitlab fails

I am attempting to deploy to an Azure app service from Gitlab but ran into a problem. The deployment fails immediatley with:
Host key verification failed.\r\nfatal: Could not read from remote
repository.\n\nPlease make sure you have the correct access
rights\nand the repository exists.\n\r\nD:\Program Files
(x86)\Git\cmd\git.exe fetch origin --progress
I've deleted the deployment configuration in the App service a few times and recreted to make sure the SSL URL for the Gitlab repository is correct. I've also tried addkng my key into the Gitlab deployment keys but it wont let me as its already there, so I knw the key is definitely correct.
Searching around on the web suggests to remove the host from the known hosts file, but as this is on azure there is no known_hosts in the /ssh folder (Kudu->Console->D:\home\.ssh) so I'm not sure what else to try.
Thanks

Trouble building VS2012 project with signed ClickOnce manifest on Jenkins

I'm having trouble building a VS2012 project with a signed ClickOnce deployment manifest. The .pfx certificate used to sign the project is password-protected with a paid-for key. I'm using Jenkins with the MSBuild plugin.
The error that shows up right after BUILD FAILED is:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.targets(2455,5): error MSB3325: Cannot import the following key file: xxxx.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_11234A3322194 [C:\Program Files (x86)\Jenkins\jobs\xxxx\workspace\xxxx\xxxx.csproj]
I've tried installing the certificate as a Trusted Root Certificate on my local machine (using certlm.msc) and also tried installing it to the specific container mentioned with sn.exe, but this makes no difference. I've made sure that the Jenkins service is running as a specific user rather than the Local System account.
If I open the project in VS2012, I can build it but only once I've selected the certificate under the Signing tab of the project properties and entered the password. This is even though the .csproj is set to use that specific file to sign the ClickOnce manifest.
I can successfully build the project using MSBuild from the command line as an admin user, but it fails when Jenkins runs the build. I've also tried passing the certificate to Jenkins' MSBuild as the /property:AssemblyOriginatorKeyFile parameter.
Any ideas on what could be causing this?
I have no idea what "Jenkins" is, but I know this about certificates and ClickOnce. The certificate must be installed under the user account that is doing the build. Try importing it and use the defaults, which will import it into the user store, rather than importing it into Trusted Publishers or one of the older folders. You can see it after you import it by running certmgr.msc.
We hit this when doing automated builds on our TFS server. Every year, we have to log into the account that does the builds and import the new signing certificate.

Keyset does not exist exception with deployment on windows server 2012 on Azure

I got a problem with upgrading my deployment to windows server 2012, my deploy works fine with osfamily=2 and compiled with .net4, but failed at .net4.5 and osfamily=3,
the exception I saw when remote to the vm is "Keyset does not exist", seems to related to some certificates. My program using the certificates to encrypt some stream and should be able to using this certs to decode this stream after I deploy it.
I checked the certs on vm, it is installed fine, in the right place.
So I suspect this is an issue with the different secure policy with 2012 that prevent my role to get the key in the certs.
this blocks me for a while so Thank a lot for any clue!
Keyset does not exist typically refers to an error when your program is trying to access a private key of a certificate and is unable to do so, either because the private key does not exist or because it has no permissions to access it
You will need to find the certificate in question in your certificate store, verify that it contains a private key (that will show up in the properties of the certificate)
And then verify that your process/application pool has permissions to access the private key by right-clicking on the certificate from the certificate store and choosing: All Tasks->Manage Private Keys. From there, make sure to add sufficient users to the allowed list
Hope this helps

Resources