Azure DevOps release pipeline has suddenly started failing

Su1tan
July 10, 2024
108 views
0 votes
2 Answers

2024-07-09T23:11:19.7718791Z Complete getting Artifacts From Template
2024-07-09T23:11:19.7719155Z Start deploying artifacts from the template.
2024-07-09T23:11:19.7722609Z Deploy dev_keyVault_linkedService of type linkedService
2024-07-09T23:11:19.9503411Z For Artifact: dev_keyVault_linkedService: ArtifactDeploymentTask status: 403; status message: Forbidden
2024-07-09T23:11:19.9506451Z Failed
2024-07-09T23:11:19.9507649Z deploy operation failed
2024-07-09T23:11:19.9509658Z An error occurred during execution: Error: Linked service deployment failed "Failed"
2024-07-09T23:11:19.9543086Z ##[error]Encountered with exception:Error: Linked service deployment failed "Failed"
2024-07-09T23:11:19.9553608Z For Artifact: dev_keyVault_linkedService: Deploy artifact failed: {"code":"ClientIpAddressNotAuthorized","message":"Client Ip address : ...***"}
2024-07-09T23:11:19.9652636Z ##[section]Finishing: Synpase deployment task for workspace: uat01-vm04-d200

Answers

- Nandan
- July 10, 2024 at 7:48 am
- 0 votes
0
Based on the error message , we can conclude that the deployment failed with the error : "ClientIpAddressNotAuthorized" , which means that the request was forbidden due to Workspace not being configured to allow access to the client IP address.

You would need to create or manage the firewall configuration for the Workspace allowing the devops Client IP address to the workspace.

Login or Signup to reply.

- ZiyangLiuMSFT
- July 10, 2024 at 10:24 am
- 0 votes
0
I can reproduce the issue when I configure the firewall for my workspace but don’t add the IP of the agent running the pipeline to the allow list.

If you are using a self-hosted agent, add the IP of this agent to the firewall allow list.

If you are using a MS-hosted agent, you can run Azure CLI to add the IP of the current agent to the firewall and remove it after deployment. Refer to the details below.
1. Run az synapse workspace firewall-rule create in Azure CLI task to add the current agent IP to firewall.
  
  Inline script
```
$ip = Invoke-RestMethod http://ipinfo.io/json | Select -exp ip
Write-Host "The IP address of current agent machine is $ip"
az synapse workspace firewall-rule create -g {ResourceGroup} -n allowMSAgent --workspace-name {WorkspaceName} --start-ip-address $ip --end-ip-address $ip
```
1. Add a PowerShell task or Bash task to wait for a while to let the firewall-rule take effect.
  
  Inline script: Start-Sleep -s 30 for PowerShell task and sleep 30 for Bash task
2. Run Synapse workspace deployment task.
3. Run az synapse workspace firewall-rule delete in Azure CLI task to delete the rule created in step1.
```
$ip = Invoke-RestMethod http://ipinfo.io/json | Select -exp ip
Write-Host "The IP address of current agent machine is $ip"
az synapse workspace firewall-rule delete -g {ResourceGroup} --workspace-name {WorkspaceName} -n allowMSAgent --yes
```
1. Overview of the tasks:
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.