Azure Self Hosted Agent Docker Configuration and Management

Azure Self Hosted Agent Docker Configuration and Management is a crucial aspect of setting up a self-hosted agent in Azure DevOps.

You can configure the agent by using a Docker container, which allows for easy management and scaling of the agent.

The agent can be managed using the Azure DevOps UI, where you can view and update the agent's configuration, including its Docker image and container settings.

To configure the agent's Docker image, you can use a YAML file to specify the image and its properties, such as the agent's name and version.

By using a YAML file, you can easily manage and update the agent's configuration without having to manually update the agent's container settings.

To configure the agent, you'll need to change the shell script to use the --once switch, which will terminate and cleanup the agent when the job is complete. This is only required if you're using the auto-deployment parent template method.

You can configure secrets and deploy a replica set by creating secrets on the AKS cluster using the kubectl command. This involves creating a generic secret with the AZP_URL, AZP_TOKEN, and AZP_POOL values.

The agent can be configured to use a Docker container, which can be useful for running jobs on a cluster. To do this, you'll need to create a replica set and a deployment using the Kubernetes YAML file.

You can also configure the agent to use a self-hosted agent, which gives you more control to install dependent software needed for your builds and deployments. This type of agent is widely backward compatible, but we only support the most recent version of the agent.

Here's a step-by-step guide to configuring the agent:

Note that you should only install one agent per machine to avoid performance issues.

To create an Azure Container Registry, you'll need to navigate to the Azure portal and select Create a resource from the left navigation panel. You can also use the Azure CLI to create a new resource group and container registry.

To create a resource group using the Azure CLI, you'll need to run the command `az group create --name myapp-rg --location eastus`. This will create a new resource group named "myapp-rg" in the eastus location.

Once you've created your resource group, you can create a new container registry using the command `az acr create --resource-group myapp-rg --name mycontainerregistry --sku Basic`. This will create a new container registry named "mycontainerregistry" in the "myapp-rg" resource group with a Basic SKU.

To create a Docker registry service connection, you'll need to navigate to your Project settings in Azure DevOps. From there, select Service connections from the left pane.

To create a new service connection, select New service connection, and then select Docker Registry then Next. You can choose from three authentication types: Managed Service Identity, Service Principal, or Workload Identity federation.

For Managed Service Identity, select Azure Container Registry as your service connection type, and enter your Subscription ID, Subscription name, and Azure container registry login server. You'll also need to paste your VM's system assigned Tenant ID.

Here are the steps to create a service connection using each authentication type:

Once you've completed the steps, select Save to create your service connection. Be sure to check the Grant access permission to all pipelines checkbox to grant access to your pipeline.

To create a container registry, you'll need to navigate to the Azure portal. Select "Create a resource" from the left navigation panel and choose "Containers" then "Container Registry".

You can either select an existing subscription or create a new one. If you're creating a new subscription, you'll need to select a resource group or create a new one. The registry name must be unique within Azure and contain at least 5 characters.

The location for your container registry can be anywhere in Azure, but you'll need to select a preferred location and SKU. Once you've reviewed your settings, you can select "Create" to create the container registry.

Alternatively, you can use the Azure CLI to create a container registry. This involves opening the Azure Cloud Shell and creating a new resource group using the command `az group create --name myapp-rg --location eastus`.

Next, you can create a new container registry using the command `az acr create --resource-group myapp-rg --name mycontainerregistry --sku Basic`. This will create a Basic SKU container registry in the specified resource group.

Azure DevOps uses several versions of NodeJS libraries to support target tasks that use different Node handlers. This includes Node 20 as a universal handler, which is used by all official Azure DevOps tasks.

However, some customers still use custom tasks that rely on older Node versions, such as Node 6, Node 10, or Node 16, which have reached End-of-Life. To support backward compatibility with these older Node versions, you can use the following self-service methods to install the designated Node runner manually.

For example, you can manually install the Node 6 runner or use the NodeTaskRunnerInstaller@0 task in your pipelines that require the outdated Node 6 library. Alternatively, you can install an agent package that includes Node 6.

If you know you're not using any Node 6-dependent tasks, you can install the agent from the Alternate Agent Downloads section from https://github.com/microsoft/azure-pipelines-agent/releases. This will prevent Node 6 from being installed on your agent machine.

Here are the self-service methods for installing Node runners:

To show details about a Docker agent, you can use the az pipelines agent show command. This command is essential for managing your agents in Azure Pipelines.

The az pipelines agent show command requires the agent ID and pool ID. You can obtain these values from the Azure Pipelines dashboard.

To retrieve agent details, you can use the following parameters with the az pipelines agent show command:

Keep in mind that the agent must run under an account with access to the service in pipelines or variable groups when exchanged with the agent.

To install the Azure Self-Hosted Agent in Docker, you'll need to create a new directory and navigate to it. You can do this by running `mkdir ~/azp-agent-in-docker/` and then `cd ~/azp-agent-in-docker/`.

The next step is to save a Dockerfile to the current directory, which will contain the instructions for building the image. This file should include the line `ENV AGENT_ALLOW_RUNASROOT="true"` to allow the agent to run as root.

You'll also need to save a `start.sh` script to the directory, which will be used to start the agent. This script will check for environment variables and create a token file if necessary.

To build the image, run the command `docker build --tag "azp-agent:linux" --file "./azp-agent-linux.dockerfile"`.

Here are the steps to install Docker, broken down into a list:

Environment Variables are a crucial part of the installation and setup process. They help configure your Azure DevOps environment.

You'll need to set up the AZP_URL environment variable, which specifies the URL of your Azure DevOps or Azure DevOps Server instance. This is the foundation of your configuration.

The AZP_TOKEN variable requires a Personal Access Token (PAT) with Agent Pools (read, manage) scope, created by a user who has permission to configure agents, at the specified AZP_URL. This token is essential for authenticating with Azure DevOps.

You can also customize the AZP_AGENT_NAME variable, which defaults to the container hostname. This allows you to give your agent a unique name.

Another important variable is AZP_POOL, which specifies the agent pool name and defaults to "Default". You can change this to match your organization's naming conventions.

Lastly, the AZP_WORK variable sets the work directory and defaults to "_work". This is where your agent will store its working files.

Here's a summary of the environment variables:

To install the Docker image, you'll need to create a new directory and navigate to it. This will be the root directory for your Azure Pipelines agent installation.

Open a terminal and create a new directory using the command `mkdir ~/azp-agent-in-docker/`. Then, go to this new directory with the command `cd ~/azp-agent-in-docker/`.

You'll need to save two files to this directory: `azp-agent-linux.dockerfile` and `start.sh`. The first file should contain the content specified in the article, which includes uncommenting the `AGENT_ALLOW_RUNASROOT="true"` line and adding packages like `zip` and `unzip` to the `RUN apt install -y` command.

The `start.sh` file should contain the specified bash script, which sets environment variables, downloads and extracts the Azure Pipelines agent, and runs the agent.

Here's a brief overview of the files you'll need to create:

Once you've saved these files, you can build the Docker image using the command `docker build --tag "azp-agent:linux" --file "./azp-agent-linux.dockerfile"`. This will create a Docker image tagged as `azp-agent:linux`.

To create a pool, navigate to your Azure DevOps project and select the gear icon to access your Project settings. From there, select Agent pools and then Add pool.

Select New and then Self-hosted from the Pool type dropdown menu. Give your pool a name and check the Grant access permission to all pipelines checkbox.

To create the pool, select Create when you're done. Now, select the pool you just created and then New agent.

To get information about an agent, you can use the az pipelines agent show command. This command requires the agent ID and pool ID.

The agent ID is a required parameter that specifies the agent you want to retrieve details about. The pool ID is also required and specifies the agent pool containing the agents.

You can use the detect parameter to automatically detect your organization, and it accepts values of false or true.

If you want to include details about the agents' current work, you can use the include-assigned-request parameter, which accepts values of false or true.

The include-capabilities parameter is used to include the agents' capabilities in the response, and it also accepts values of false or true.

You can also use the include-last-completed-request parameter to include details about the agents' most recent completed work, and it accepts values of false or true.

Here are the parameters you can use with the az pipelines agent show command:

To run tasks using Windows authentication to access an external service, the agent must run under an account with access to that service in pipelines or variable groups when exchanged with the agent.