Python Azure批处理-Active Directory身份验证出现问题

下面我将介绍如何使用自定义机器映像创建Azure批处理池。我被Azure Active Directory（AD）身份验证卡住了。我已经完成了另一个线程上的所有教程，用于注册应用程序并获取应用程序id、租户id和私钥

以下是创建批处理客户端的标准位：

credentials = ServicePrincipalCredentials(
        client_id=APP_CLIENT_ID,
        secret=APP_CLIENT_KEY,
        tenant=APP_TENANT_ID,
        resource='https://batch.core.windows.net'
    )
    self._batch_client = batch.BatchServiceClient(credentials, base_url=BATCH_ACCOUNT_URL)

以下是创建池的代码：

    # Get details for configuring worker machines with the node image file
    node_agents = self._batch_client.account.list_node_agent_skus()
    image_agent = next(agent for agent in node_agents if 'ubuntu 16.04' in agent.id)
    image_ref = batchmodels.ImageReference(virtual_machine_image_id='/subscriptions/<long_URL>')
    virtual_machine_config = batchmodels.VirtualMachineConfiguration(
        image_reference=image_ref,
        node_agent_sku_id=image_agent.id
    )

    # Define an admin user account for the worker machines
    user = batchmodels.AutoUserSpecification(
        scope=batchmodels.AutoUserScope.pool,
        elevation_level=batchmodels.ElevationLevel.admin
    )

    # Define the pool
    new_pool = batch.models.PoolAddParameter(
        id=self.id,
        virtual_machine_configuration=virtual_machine_config,
        vm_size=self._vm_size,
        target_dedicated_nodes=self.nodes,
        start_task=batch.models.StartTask(
            command_line=start_commands,
            user_identity=batchmodels.UserIdentity(auto_user=user),
            wait_for_success=True,
            resource_files=self._resource_files),
    )

    # Instantiate the pool
    try:
        self._batch_client.pool.add(new_pool)
        self._created = True
    except batchmodels.batch_error.BatchErrorException as err:
        print_batch_exception(err)
        raise

…随附HTTP日志：

requests.packages.urllib3.connectionpool: DEBUG: Starting new HTTPS 

connection (1): <batch_name>.westus.batch.azure.com
requests.packages.urllib3.connectionpool: DEBUG: https://<batch_name>.westus.batch.azure.com:443 "GET /nodeagentskus?api-version=2017-09-01.6.0 HTTP/1.1" 401 529
msrest.http_logger: DEBUG: Request URL: 'https://<batch_name>.westus.batch.azure.com/nodeagentskus?api-version=2017-09-01.6.0'
msrest.http_logger: DEBUG: Request method: 'GET'
msrest.http_logger: DEBUG: Request headers:
msrest.http_logger: DEBUG:     'Accept': 'application/json'
msrest.http_logger: DEBUG:     'Accept-Encoding': 'gzip, deflate'
msrest.http_logger: DEBUG:     'Connection': 'keep-alive'
msrest.http_logger: DEBUG:     'User-Agent': 'python/3.5.2 (Windows-10-10.0.15063-SP0) requests/2.14.0 msrest/0.4.18 msrest_azure/0.4.15 batchserviceclient/4.0.0 Azure-SDK-For-Python'
msrest.http_logger: DEBUG:     'client-request-id': '03663a50-c006-11e7-b93e-847beb5642f2'
msrest.http_logger: DEBUG:     'accept-language': 'en-US'
msrest.http_logger: DEBUG:     'Authorization': '*****'
msrest.http_logger: DEBUG:     'Content-Type': 'application/json; odata=minimalmetadata; charset=utf-8'
msrest.http_logger: DEBUG: Request body:
msrest.http_logger: DEBUG: None
msrest.http_logger: DEBUG: Response status: 401
msrest.http_logger: DEBUG: Response headers:
msrest.http_logger: DEBUG:     'Content-Length': '529'
msrest.http_logger: DEBUG:     'Content-Type': 'application/json;odata=minimalmetadata'
msrest.http_logger: DEBUG:     'Server': 'Microsoft-HTTPAPI/2.0'
msrest.http_logger: DEBUG:     'request-id': '1a38e970-fb6e-4d2e-b691-5c47f46186b1'
msrest.http_logger: DEBUG:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
msrest.http_logger: DEBUG:     'X-Content-Type-Options': 'nosniff'
msrest.http_logger: DEBUG:     'DataServiceVersion': '3.0'
msrest.http_logger: DEBUG:     'WWW-Authenticate': 'Bearer error="invalid_token", error_description="The access token is missing or invalid."'
msrest.http_logger: DEBUG:     'Date': 'Thu, 02 Nov 2017 19:42:53 GMT'
msrest.http_logger: DEBUG: Response content:
msrest.http_logger: DEBUG: b'{\r\n  "odata.metadata":"https://<batch_name>.westus.batch.azure.com/$metadata#Microsoft.Azure.Batch.Protocol.Entities.Container.errors/@Element","code":"AuthenticationFailed","message":{\r\n    "lang":"en-US","value":"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly.\\nRequestId:1a38e970-fb6e-4d2e-b691-5c47f46186b1\\nTime:2017-11-02T19:42:54.0264686Z"\r\n  },"values":[\r\n    {\r\n      "key":"AuthenticationErrorDetail","value":"Could not find identity for access token."\r\n    }\r\n  ]\r\n}'
msrest.exceptions: DEBUG: {'lang': 'en-US', 'value': 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly.\nRequestId:1a38e970-fb6e-4d2e-b691-5c47f46186b1\nTime:2017-11-02T19:42:54.0264686Z'}

requests.packages.urllib3.connectionpool:调试：启动新的HTTPS
连接（1）：.westus.batch.azure.com
requests.packages.urllib3.connectionpool:调试：https://.westus.batch.azure.com:443 “GET/nodeagentskus？api版本=2017-09-01.6.0 HTTP/1.1”401529
msrest.http_记录器：调试：请求URL:'https://.westus.batch.azure.com/nodeagentskus?api-版本=2017-09-01.6.0'
msrest.http_记录器：调试：请求方法：“GET”
msrest.http_记录器：调试：请求头：
msrest.http_记录器：调试：'Accept'：'application/json'
msrest.http_记录器：调试：“接受编码”：“gzip，deflate”
msrest.http_记录器：调试：“连接”：“保持活动”
msrest.http_记录器：调试：“用户代理”：“python/3.5.2（Windows-10-10.0.15063-SP0）请求/2.14.0 msrest/0.4.18 msrest_azure/0.4.15 batchserviceclient/4.0.0 azure SDK For python”
msrest.http_记录器：调试：“客户端请求id”：“03663a50-c006-11e7-b93e-847beb5642f2”
msrest.http_记录器：调试：“接受语言”：“en-US”
msrest.http_记录器：调试：“授权”：“*****”
msrest.http_记录器：调试：'Content-Type'：'application/json；odata=最小元数据；字符集=utf-8'
msrest.http_记录器：调试：请求正文：
msrest.http_记录器：调试：无
msrest.http_记录器：调试：响应状态：401
msrest.http_记录器：调试：响应头：
msrest.http_记录器：调试：“内容长度”：“529”
msrest.http_记录器：调试：'Content-Type'：'application/json；odata=最小元数据'
msrest.http_记录器：调试：“服务器”：“Microsoft HTTPAPI/2.0”
msrest.http_记录器：调试：“请求id”：“1a38e970-fb6e-4d2e-b691-5c47f46186b1”
msrest.http_记录器：调试：“严格的传输安全性”：“最大年龄=31536000；包含子域'
msrest.http_记录器：调试：'X-Content-Type-Options'：'nosniff'
msrest.http_记录器：调试：“DataServiceVersion”：“3.0”
msrest.http\u logger:DEBUG:'WWW Authenticate'：'Bearer error=“invalid\u token”，error\u description=“访问令牌丢失或无效。”'
msrest.http_记录器：调试：“日期”：“2017年11月2日星期四19:42:53 GMT”
msrest.http_记录器：调试：响应内容：
msrest.http_记录器：调试：b'{\r\n“odata.metadata”：https://.westus.batch.azure.com/$metadata#Microsoft.Azure.Batch.Protocol.Entities.Container.errors/@Element”，“code:“AuthenticationFailed”，“message:{\r\n“lang:”en-US，“value:”“服务器无法验证请求。请确保授权标头的值格式正确。\\n请求ID:1a38e970-fb6e-4d2e-b691-5c47f46186b1\\n时间：2017-11-02T19:42:54.0264686Z”\r\n}，“值”：[\r\n{\r\n“键”：“AuthenticationErrorDetail”，“值”：“找不到访问令牌的标识”。\r\n}\r\n]\r\n}”
msrest.exceptions:调试：{'lang'：'en-US'，'value'：'Server未能验证请求。请确保授权标头的值格式正确。\n请求ID:1a38e970-fb6e-4d2e-b691-5c47f46186b1\n时间：2017-11-02T19:42:54.0264686Z'}

密钥消息是这样的：“密钥”：“AuthenticationErrorDetail”，“值”：“找不到访问令牌的标识。”

请注意，如果我硬编码

node\u agent\u sku\u id

，则在尝试添加新池时，错误会从第3行移动到

try

语句下方的一行

---

如何开始对此进行故障排除？

Azure批处理的资源应为“”（注意尾部斜线）。

Azure批处理的资源应为“”（注意尾部斜线）.

似乎

用户错误

某些信用详细信息不正确？似乎

用户错误

某些信用详细信息不正确？需要MS支持一个小时才能解决。非常好。而且，非常令人沮丧。需要MS支持一个小时才能解决。非常好。同样，非常令人沮丧。

requests.packages.urllib3.connectionpool: DEBUG: Starting new HTTPS 

connection (1): <batch_name>.westus.batch.azure.com
requests.packages.urllib3.connectionpool: DEBUG: https://<batch_name>.westus.batch.azure.com:443 "GET /nodeagentskus?api-version=2017-09-01.6.0 HTTP/1.1" 401 529
msrest.http_logger: DEBUG: Request URL: 'https://<batch_name>.westus.batch.azure.com/nodeagentskus?api-version=2017-09-01.6.0'
msrest.http_logger: DEBUG: Request method: 'GET'
msrest.http_logger: DEBUG: Request headers:
msrest.http_logger: DEBUG:     'Accept': 'application/json'
msrest.http_logger: DEBUG:     'Accept-Encoding': 'gzip, deflate'
msrest.http_logger: DEBUG:     'Connection': 'keep-alive'
msrest.http_logger: DEBUG:     'User-Agent': 'python/3.5.2 (Windows-10-10.0.15063-SP0) requests/2.14.0 msrest/0.4.18 msrest_azure/0.4.15 batchserviceclient/4.0.0 Azure-SDK-For-Python'
msrest.http_logger: DEBUG:     'client-request-id': '03663a50-c006-11e7-b93e-847beb5642f2'
msrest.http_logger: DEBUG:     'accept-language': 'en-US'
msrest.http_logger: DEBUG:     'Authorization': '*****'
msrest.http_logger: DEBUG:     'Content-Type': 'application/json; odata=minimalmetadata; charset=utf-8'
msrest.http_logger: DEBUG: Request body:
msrest.http_logger: DEBUG: None
msrest.http_logger: DEBUG: Response status: 401
msrest.http_logger: DEBUG: Response headers:
msrest.http_logger: DEBUG:     'Content-Length': '529'
msrest.http_logger: DEBUG:     'Content-Type': 'application/json;odata=minimalmetadata'
msrest.http_logger: DEBUG:     'Server': 'Microsoft-HTTPAPI/2.0'
msrest.http_logger: DEBUG:     'request-id': '1a38e970-fb6e-4d2e-b691-5c47f46186b1'
msrest.http_logger: DEBUG:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
msrest.http_logger: DEBUG:     'X-Content-Type-Options': 'nosniff'
msrest.http_logger: DEBUG:     'DataServiceVersion': '3.0'
msrest.http_logger: DEBUG:     'WWW-Authenticate': 'Bearer error="invalid_token", error_description="The access token is missing or invalid."'
msrest.http_logger: DEBUG:     'Date': 'Thu, 02 Nov 2017 19:42:53 GMT'
msrest.http_logger: DEBUG: Response content:
msrest.http_logger: DEBUG: b'{\r\n  "odata.metadata":"https://<batch_name>.westus.batch.azure.com/$metadata#Microsoft.Azure.Batch.Protocol.Entities.Container.errors/@Element","code":"AuthenticationFailed","message":{\r\n    "lang":"en-US","value":"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly.\\nRequestId:1a38e970-fb6e-4d2e-b691-5c47f46186b1\\nTime:2017-11-02T19:42:54.0264686Z"\r\n  },"values":[\r\n    {\r\n      "key":"AuthenticationErrorDetail","value":"Could not find identity for access token."\r\n    }\r\n  ]\r\n}'
msrest.exceptions: DEBUG: {'lang': 'en-US', 'value': 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly.\nRequestId:1a38e970-fb6e-4d2e-b691-5c47f46186b1\nTime:2017-11-02T19:42:54.0264686Z'}