Open alanauckland86 opened 4 years ago
@alanauckland86 Thanks for reporting this issue with the ADO agent. It looks like your agent has two versions of Az installed (4.4.0 and 4.3.0 in this case) and this is likely caused by the manual installation which you should not do with this task.
Can you use the settings azurePowerShellVersion: latestVersion in the task configuration to specify the agent to use the latest version of the Az module and let me know the result?
Hello Dcaro, Please see the attached screenshot that shows the setting is already set. I have also tried to use a different task version and get the same result up to about version 3 then the error changes but I think that is irrelevant here.
However, I think from what you are saying I do not need to install the AZ module on the Self-hosted Linux agent server for this task to run.
Correct, installing Az will conflict with the installation that the task is doing in the preparation steps. Please try without the manual installation.
Hello Dcaro, I removed both of the Az modules from the managed VM. When I run the Azure Powershell task in the classic pipeline, I got an error saying that the Az.Accounts module was not found.
I installed it using the command
Install-Module -Name Az.Accounts
I re-ran the pipeline and I got the following error again:
Only SPN credential auth scheme is supported for non windows agent
Please see output of Get-Module -ListAvailable below as the current state of my Managed Linux Pipeline agent
Directory: /home/some-place/.local/share/powershell/Modules
ModuleType Version PreRelease Name PSEdition
---------- ------- ---------- ---- ---------
Script 1.9.1 Az.Accounts Core,Desk
Script 1.4.7 PackageManagement Desk
Script 2.2.4.1 PowerShellGet Desk
Directory: /snap/powershell/137/opt/powershell/Modules
ModuleType Version PreRelease Name PSEdition
---------- ------- ---------- ---- ---------
Manifest 1.2.5 Microsoft.PowerShell.Archive Desk
Manifest 7.0.0.0 Microsoft.PowerShell.Host Core
Manifest 7.0.0.0 Microsoft.PowerShell.Management Core
Manifest 7.0.0.0 Microsoft.PowerShell.Security Core
Manifest 7.0.0.0 Microsoft.PowerShell.Utility Core
Script 1.4.7 PackageManagement Desk
Script 2.2.4.1 PowerShellGet Desk
Script 2.0.5 PSDesiredStateConfiguration Core
Script 2.0.2 PSReadLine Desk
Binary 2.0.3 ThreadJob Desk
@alanauckland86 This issue is caused by the Azure DevOps PowerShell task. A similar issue has been logged: https://github.com/microsoft/azure-pipelines-tasks/issues/13372
Any progress on this? I'm facing the same issue as well.
Any progress on this? I'm facing the same issue as well.
Ah yes sorry, I got passed it the other day.
So in Azure you have different service connections Classic and AzureRM.
I was using an AzureRM service connection
But in my power shell script was using the AZ module command lets. So it was trying to find a classic connection but I was in fact using an RM connections.
This uses the classic service connection and not AzureRM
I installed AZ module again and then changed the service principle I was using to a classic one.
If I didn't install AZ module I would have had to install rm modules which are legacy and deprecated and then ensure my power shell script used RM commands and not AZ commands.
Long and short 2 modules AZ uses classic service connections AzureRM uses AzureRm service connections.
You can see this when you create a service connections :)
I hope this makes some sense. Harder to explain.
@alanauckland86 I assume you used this solution outside of Azure Devops, just any normal Azure Powershell module script? On AZDO it doesn't let you select the classic connections, only RM based ones.
I did have success adding a new service connection, Azure RM, and using the Service Principal (Manual) option with an SPN from one of my registered AAD apps. But that feels.. kludgy.
Is someone able to provide info on what the limitation is here ?
I have a few layers, so not sure which layer this error is coming from ?
Windows agent works fine with the combination of those 3 above.
@alanauckland86 This issue is caused by the Azure DevOps PowerShell task. A similar issue has been logged: microsoft/azure-pipelines-tasks#13372
I see this comment. so it appears to be options 2 above.
The refererenced issue there is however closed.
Is there any workaround besides creating a classic serviceConnection? We're using azure MSI with Linux Agents at a client and they'd very much to not have to use classic service connections with service principals.
Any chance this will be looked at? Its only been over 3 years.
I'm having the same issue. Is anyone actually working on this?
Description
When I create an Azure Pipeline to run an Azure Powershell task v5 using a self-hosted and managed Ubuntu 18.04 server in an Agent pool I get the error "Only SPN credential auth scheme is supported for non windows agent"
Steps to reproduce
I initially created a post HERE
I have created a Ubuntu 18.04 server in Azure. I created an Agent pool using docs HERE
I manually installed PowerShell using docs HERE
I have since then updated the module with the command
Update-Module -Name Az
to 4.4.0 and I get the same errorI created a classic pipeline to run a Powershell script to test the AZ module from the agent pool can be used
When this runs I get the above-mentioned error with no indication how I can resolve the issue. Only SPN credential auth scheme is supported for non windows agent
Environment data
Debug output
I am assuming this is the pipeline output
Error output