How to install Self-hosted Windows agent for Azure DevOps

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi this is kamil today we will talk about how to install your own agent on windows agent for azure devops average devops is very popular tools for building ci cd processors however it very often happens that we have some of the systems of our infrastructure in the enterprise in the internal network and the company's policies does not allow us access for external components hence open your firewall to the world this somehow complicates the preparation of azure devops and the application of its agents to the current on-premise architecture in such a situation we have the option of installing our own agent in the internal network which will work with azure devops system [Music] now we are going to talk about how to create a self-hosted windows agent an agent that will host ourselves on some machine whether it's in our company in our local network or is just like i'm going to show here i'm going to use for this purposes because it's more convenient and easier for me i'm going to use for this purposes of virtual machine which i prepared earlier i will show such a virtual machine this is my virtual machine this is its name and it's already filed up and it's already heating up waiting for presentation we'll connect to it in a moment why it's a lot of scenarios that i don't want to go into details whether to use microsoft secure server database in the cloud or just on premise and it turned out that a lot of majority of you use on-premise secure server so if you would like to for example to use the azure devops portal provided by microsoft in the cloud and not hosted in your own infrastructure in your own company it can also be combined here and this is one of the scenarios in which you can use an agent hosted in your own company in a local network and this agent will communicate with it or maybe the other devops portal will communicate with such an agent we can create many of these agents nothing particularly limits us here okay so how to start how to get started so first of all let's show you where we have these agents if we deploy or prepare the release pipeline maybe not this one especially because this one already has an agent set up this one should have some kind of general azure agent i mean and here we see what kind of agent it will be specifically we are talking about an agent pool and here is pool is provided which is called a azure pipelines this is the default pool hosted in the cloud by microsoft and we have access to it by default there are two agents over there if i remember correctly i click manage and go to project settings where you can see all the jobs that i have been done so far by this azure pipelines pool and i can also see the agent definitions one agent is available so here i have an agent hosted in azure by microsoft provided for us okay now i would like to because such an agent would have to somehow get in our network well it can be solved in various ways although opening a gateway or some port directly for databases or servers is not the happiest idea of course it can be done to deploy database using an agent hosted in the cloud but as i said for security reasons it's not necessarily the best idea that's why it's often created its own agent we host our own agent how do you prepare it i'm going to come back now let's go back agent pools okay we need to create our own pool a pool is actually a set for example a list of all agents that are logically contained in a given group we don't have to worry about this i have created i have already created such a pool something as you can see here i already had but i removed this agent so that i could present it from scratch so we need to create a new agent when we click the new agent button we actually have instruction to on what to do next and first of all where to download such an agent from here we have download button or we can copy url i'm going to copy the url and then i'm going to go to my virtual machine and i'm going to paste this the the url into the virtual machine because that's where we need to install the agent so of course earlier we need to prepare a physical machine in the company or maybe a virtual machine but it should be located within the internal network so i'm going to go to this virtual machine of mine i will paste this address here the address is this i mean it could be changed probably not but it can change depending on the version but you don't have to worry about it yeah the whole instruction or link to this file is given it's a zip file as you can see of course i have downloaded such file before so i will show it now it's located in my download section and this is the file in the next section uh as we saw there there was also a quick guide to what we need to do in the next step there was also a script which showed how we can use powershell script to deal with this zip file here the matter is simple because this powershell script is not doing anything else except that unpack this zip to a specific location what is the location it should be the shortest possible location the best most commonly used here is the location on the c drive of course you can use another one this is not a problem but this the point is that the agent's path should be as short as possible if we are using for example agent azure agent that in locks we can see that this path contains drive then backslash a as agent backslash some work directory etc and there are single letters so that when all the paths are passed together and the end at the end we don't lose those precious characters at the beginning because as we know the there's a limit on the length of a full path in windows i don't remember the exact number but nowadays it's very easy to achieve the limit especially when somebody in project builds very long folder names so for that reason it's worth doing that the file of powershell script that we are going to execute is like this we set a location on the c drive this is the first thing we create a folder in my case it will be a folder named agent we go into this folder at or import our library which will be used to decompress in a moment the file which is located in my folder download this is a dotnet library also as we can see powershell perfectly supports also.net libraries so i copied this script just from that page and i will run it right now a few seconds later we should see everything in the newly created agent folder all files should be extracted right here once this is finished then we need to install the agent install agent and i will do it in separate window because from my experience it's not always successful here in windows powershell easy application even though it's running in administration in in administrator mode okay it's still running it's already unpacked so let's go back to the agent we don't see anything else here but kind of all the necessary files are there now we need to run this file this file is located right here in the agent folder so this is it and it's a batch file it's just a file that contains all commands to get us through the installation process really all right then like i said i'm going to use a separate powershell window for this which i'm also going to run in administrator mode i'm going to go to this agent folder and i'm going to run this config.cmd script okay fine the application or script approach me with a request which is url now what is the url address i'm about to show that this url is nothing but the address of my azure devops portal including the name of my organization in my case the name of the organization is sql player this is a unique name so the url link will also be unique i have prepared it in a separate file file so i just paste it here and you will see everything this is my well this is also the address i'm working with in my other devops so i'll paste it in approve it that is the first thing now what will be the authentication i'm going to use token based authentication which has to be created first such a token need to be created first i saw i'm going back to devops to create the token as you can see we go through this path all the time we have a link here to detail the instruction if anyone would like to take a look uh there so there's no problem to see in detail what you need to do there in is also described when it comes to the whole token how to create a token this is where the instruction starts to create a token i did it a little bit in reverse order but there's no problem we're going back here as we can see no agent has been created yet it's not communicating with my portal yet now i need to create a token so i come over here and here i have this option in this many personal access token if i click on this option i can see this list can be empty or it can contain like in my case already created tokens which are used by various services or applications to communicate with my azure devops portal even through i have already a token created i'm going to intentionally create a new token here to show you how to create it and what permissions we need to assign to this token so that the service in this case the agent service will be able to get and talk to the right level or with the right permissions with the portal the name of this token is we can come up with something here like p80 token custom agent for example organization secure player when it expires i will change it here so that the token expires tomorrow let's say and now the permissions this is the most important here we don't see by default or permissions so it is very important to use this show all scopes option so i click this button at the bottom this link and at this point i can see all the permissions that are available for the token what i need to set this is the first thing this is agent pulse and here i set the read and manage permissions the second thing is the deployment groups i'm going to use a cheat sheet here because i don't remember it exactly i wouldn't want to have to repeat this and this is the second group of settings or permissions that we need to set deployment groups we check the only option is read and manage and we are actually left with creating this token in response we receive a key that we must copy this is important you either have to keep it in a safe place or you can use it and forget but in a case we need to use it again well if you don't have it start then of course we have to create a new token but if we have it somewhere we can use it again and again why i'm talking about this because in a moment when we close this window we won't be able to look at this token anywhere else it won't be available for us it's encrypted okay i'm going to copy it over here and we'll go back to the virtual machine paste that token here sorry come back first we still decide which authentication type it is the authentication type so for the token we click enter this is important it can get confusing now we paste the correct token please don't worry this token will be removed right after the video is recorded so all of you who watch this presentation this video much later you will not be able to use a handy token okay now the agent registration the default pool that we want to add this agent to this is the pool and that is showed in the azure devops portal in my case it's called private azure pool that's the name i came up with and i would like to add it to this pool what agent name will be visible in this pool what we will see in azure devops portal by default i will leave this vm name but of course i can change it and i will still be asked to indicate the path or the folder that will be used for this current work for the agent if a task is delegated for it i can either leave the default here underscore work or change it to w for example that's it the settings for this agent has been saved now i'm asked if i want to run this agent as a service i would like to run it and now i have the opportunity to indicate if we run as a service the user or account under which the agent will work previously i created a separate account so us to have full control over permission etc and here i have to give the name of this account first in my case it's a locally located account because i don't have any domain here with name agent simple as that and the password for this account i copy it again so i don't make a mistake paste the password enter and that's it the process was successful the process has been started let's see if we come to services in this window it should be visible in this window it should be visible here vsts agent as the name whereas when we open services that's in the documentation as well depending on what type of agent it is and i think he can go by different names there were three names there uh at least three different naming types i saw whereas it in the service window we see this under the name azure pipelines agent so it's running we are using this account and so on so we can see that the service on our computer in this case on our virtual machine is up and running furthermore it should have already been automatically contacted it should have called back to the portal to azure devops and said hey i'm here i exist so you can communicate with me on this part so please add me to this pool yes so let's see if that actually happened back to my browser back to the pool i was in ssdt project settings and the agent pool private azure pool is this pool and the agent as we can see the agent has been created with the name that we have shown the agent is currently online it is waiting for any requests that we may make to it here is the agent name status and so on we can turn off such an agent or we can see the possibilities of such an agent here are various parameters or a list of parameters properties and values which define not only certain paths to the agent but also such properties or such parameters can also define its capabilities by the existence of all field parameters we are able to check in pipeline if a given agent meets certain requirements for example we may have some agents which have which have sql package installed or other application which we would like to use and another pool of agents or another agent which will have or will be used for something else because it will have other services or other application installed we can also use this to control and for example add a new capability named secure package so as we give it this property it will jump into the list and we can check it using pipeline at the end i will just show you in the release i had previously created a release pipeline which i was using to test this agent with this virtual machine i will show only that here we are able to define a different pool that the one that was the default and here we are defining the pool of agents that we would like to use and what's more we can define some requirements that this agent must meet before it will be given some action some task or perform some job so here we have an option and here i just defined a requirement as you can see that this agent must have a secure package property defined this property just has to exist the other option is that something this property must equal some value and that's what the value field is for all right then and in this case uh we can use again a different task either already defined or prepared by someone or simply prepared and available for free or for a fee in the marketplace and use various other tasks to deploy near the database in this case i use a task called publish tagpack using duckpack publish profile where i specify the publication profile and deploy the database to the target servers to the target server in this case my target server is the same host that is the same virtual machine where i also have secure server installed on a local virtual machine now you know how to install your own agent in the local network and how to configure it to work with azure devops thanks to this you will be one step closer to starting the preparation of full automation of system deployment good luck and see you next [Music] time

Info

Channel: Kamil Nowinski

Views: 3,041

Rating: undefined out of 5

Keywords:

Id: xuKXO811O_w

Channel Id: undefined

Length: 22min 24sec (1344 seconds)

Published: Thu Apr 08 2021