使用 azure python sdk 从自定义图像创建池时出错

Question

我正在尝试使用我从带有 azure python sdk 的 VM 创建的自定义映像创建一个池。位置和资源组匹配。

这是我的代码：

import azure.batch as batch
from azure.batch import BatchServiceClient
from azure.batch.batch_auth import SharedKeyCredentials
from azure.batch import models



account = 'mybatch'
key = 'Adgfdj1hhsdfqATc/K2fgxdfg/asYgKRP2pUdfglBce7mgmSBdfgdhC7f3Zdfgrcgkdgh/dfglA=='
batch_url = 'https://mybatch.westeurope.batch.azure.com'

creds = SharedKeyCredentials(account, key)
batch_client = BatchServiceClient(creds, base_url = batch_url)

pool_id_base = 'mypool'
idx = 1

pool_id = pool_id_base + str( idx )

while batch_client.pool.exists( pool_id ):
  idx += 1
  pool_id = pool_id_base + str( idx )

print( 'pool_id ' + pool_id )

sku_to_use =  'batch.node.ubuntu 18.04'

# 
# image_ref_to_use = models.ImageReference(
#     offer = 'UbuntuServer', 
#     publisher = 'Canonical',
#     sku = '18.04-LTS', 
#     version = 'latest'
#   )



image_ref_to_use = models.ImageReference(
    virtual_machine_image_id = '/subscriptions/1834572sd-34sd409a-sdfb-sc345csdfesourceGroups/resource-group-1/providers/Microsoft.Compute/images/my-image-1'
  )


vm_size = 'Standard_D3_v2' 

vmc = models.VirtualMachineConfiguration(
  image_reference = image_ref_to_use,
  node_agent_sku_id = sku_to_use
)

new_pool = models.PoolAddParameter(
  id = pool_id, 
  vm_size = vm_size, 
  virtual_machine_configuration = vmc,
  target_dedicated_nodes = 1
)

batch_client.pool.add(new_pool)

According to the docs 我应该可以使用 virtual_machine_image_id 其他提供的市场图像参数。 我可以创建一个标准市场图像池，但在尝试使用自定义图像的 ID 时出现错误。

Traceback (most recent call last):   File "create_pool.py", line 60, in <module>
    batch_client.pool.add(new_pool)   File "/root/miniconda/lib/python3.6/site-packages/azure/batch/operations/pool_operations.py", line 312, in add
    raise models.BatchErrorException(self._deserialize, response) azure.batch.models.batch_error.BatchErrorException: {'additional_properties': {}, 'lang': 'en-US', 'value': 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\nRequestId:0dfdf9c1-edad-4b72-8e8f-f8dbcfd0abbdf\nTime:2018-12-06T10:51:21.9417222Z'}

我该如何解决这个问题？

---

更新

我尝试将 ServicePrincipalCredentials 与以下内容一起使用：

CLIENT_ID：我在默认目录中创建了一个新应用程序 -> 添加注册并获得它的应用程序 ID。

SECRET：A 为新应用程序创建了一个密钥并使用了它的值。

TENANT_ID：az account show 在云外壳中。

资源：使用“https://batch.core.windows.net/”。

像这样更新了我的代码：

from azure.common.credentials import ServicePrincipalCredentials

creds = ServicePrincipalCredentials(
  client_id=CLIENT_ID,
  secret=SECRET,
  tenant=TENANT_ID,
  resource=RESOURCE
)

我得到另一个错误：

Keyring cache token has failed: No recommended backend was available. Install the keyrings.alt package if you want to use the non-recommended backends. See README.rst for details.
Traceback (most recent call last):
  File "create_pool.py", line 41, in <module>
    while batch_client.pool.exists( pool_id ):
  File "/root/miniconda/lib/python3.6/site-packages/azure/batch/operations/pool_operations.py", line 624, in exists
    raise models.BatchErrorException(self._deserialize, response)
azure.batch.models.batch_error.BatchErrorException: Operation returned an invalid status code 'Server failed to authorize the request.'

Answer 1

尝试使用服务主体凭据而不是共享密钥凭据

credentials = ServicePrincipalCredentials(
    client_id=CLIENT_ID,
    secret=SECRET,
    tenant=TENANT_ID,
    resource=RESOURCE
)

共享密钥凭据似乎存在错误。

文档链接：https://docs.microsoft.com/en-us/azure/batch/batch-aad-auth

问题链接：https://github.com/Azure/azure-sdk-for-python/issues/1668

注意：请删除您的帐户详细信息，因为任何人都可以访问它。将帐户名称和密钥替换为 ****。

更新 如果服务主体凭据不起作用，请尝试使用用户凭据并查看是否有效。

from azure.common.credentials import UserPassCredentials
import azure.batch.batch_service_client as batch

credentials = UserPassCredentials(
    azure_user,
    azure_pass
)
batch_client = batch.BatchServiceClient(credentials, base_url = batch_url)