CLOUD SOLUTIONS
Azure DevOps Self-Hosted Agents Terraform
GitHub
https://github.com/cloudelementsca/ado-agents
Introduction
This guide provides instructions to setup self-hosted agents on your Azure DevOps project using the code contained in our GitHub repo.
By default, Microsoft-hosted agents only allow you to run one parallel job and up to 1800 job minutes per month, and buying more is the only option to increase this limit. While using self-hosted agents doesn't allow you to run more parallel jobs by default, it will allow you run as many parallel jobs as you have Visual Studio Enterprise Subscriptions, and it removes the 1800 minutes/month restriction.
In our solution, Terraform is used to create the infrastructure to support the self-hosted agents. Azure DevOps pipelines are used to automate the startup and shutdown of the self-hosted agents. The provided terraform code will deploy Azure Container Registry, a vnet and subnet required for Azure Container Instance (ACI), and an ACI Container Group for each type of agent image.
Each agent is based on a container image built from a Dockerfile running with Microsoft provided script to register with Azure DevOps project. Agents can be customized with different components and tools based on your requirements.
Prerequisites
Docker:
- Environment to build the docker container to customizatie agent.Azure DevOps Project:
Azure DevOps Project:
- Azure DevOps to host the agent pool, and for self-hosted agents to connect to.
- Permission to generate Personal Access Token.
- Azure DevOps pipeline to setup automation on startup and shutdown agents.
Azure Resource Group:
- Deploy Azure Container Instances to run containers.
- Deploy Azure Container Registry to host agent docker images.
Knowledge of, and Experience with Terraform:
- remote state
- azurerm provider
countloop
Guide
Prepare Agent Pool and Pipeline
1. Import the GitHub repo into your ADO project: https://github.com/cloudelementsca/ado-agents.git
2. Create a new Agent Pool. In ADO, open Project Settings, Agent Pool, then select Add Pool to create a new agent pool for our self-hosted agent.
3. Create a new personal access token:
In Scopes section, make sure the following scopes are selected
- Agent Pools - select 'Read & Manage'
- Auditing - select 'Read Audit Log'
4. Create variables group named 'ado-agents' replace the variables:
- Agent Pool
- 'AZP_POOL' with the name of Agent Pool in ADO Settings
- 'AZP_URL' with the value of your ADO organization
- 'PERSONAL_ACCESS_TOKEN' with the value your TOKEN
- Pipeline
- 'environmentServiceName' with the SPN that has contributor permission to the resource
- 'tfversion' the terraform version
- terraform state management specific
- 'storagekey' the storage account storage key
- 'terraformacrstatename' the name of the terraform state file for acr terraform deployment
- 'terraformstatename' with the name of the terraform state file for agent deployment
- 'terraformstorageaccount' with the value of the storage account
- 'terraformstoragecontainername' with the value of storage container
- 'terraformstoragerg' with the value of the resource group
5. Add a pipeline to build the agent using existing YAML file: /pipelines/build-agent-images.yml
6. Add two pipeline variables to indicate how many Windows and Linux agents you would like to stand up.
- NUMBER_OF_WINDOWS_AGENT
- NUMBER_OF_LINUX_AGENT
Configure Terraform for ACR and Agent Deployment
7. Configure Terrraform variables in *.tfvars files for Azure Container Registry (ACR) and Azure Container Instances
In /terraform/acr/acr.auto.tfvars, update the following variables
- 'rg' with resource group name and location
- 'vnet' with virtual network name, address space and default subnet and subnet address_prefix
- 'acr' with azure container registry name and sku
// resource group
rg = {
name = "SelfHostedAgentRg"
location = "canadacentral"
}
// Azure Container Registry
acr = {
name = "cloudelementsacr"
sku = "Standard"
}
In /terraform/agents/aci.auto.tfvars and data.auto.tfvars, replace the values in the following variables:
- 'aci_subnet' with subnet information for ACI
- 'windowsCg' and 'linuxCg' with container group configuration. Make sure the container image points to your container registry.
- 'resource_groups' with name of the resource group where the agent will be deployed
- 'aci_vnet' with the value of the virtual network for the ACI
- 'acr' with the name of ACR and the resource group name
// virtual network
aci_vnet = {
name = "agentvnet"
address_space = ["192.168.1.0/24"]
rg_key = "agentrg"
}
// aci subnet
aci_subnet = {
name = "AgentContainerSubnet"
address_prefixes = ["192.168.1.160/27"]
rg_key = "agentrg"
delegation = {
name = "aci-delegation"
service_delegation_name = "Microsoft.ContainerInstance/containerGroups"
actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
}
}
// Container Group Configurations - windows agent
windowsCg = {
name = "winagent-co"
location = "canadacentral"
rgname = "SelfHostedAgentRg"
os_type = "Windows"
ip_address_type = "Public"
container = {
name = "winagent"
image = "cloudelementsacr.azurecr.io/winagent:latest"
cpu = 1
memory = 4
port = 443
protocol = "TCP"
}
azure_devops_org_url = "__AZP_URL__"
personal_access_token = "__PERSONAL_ACCESS_TOKEN__"
agent_pool_name = "__AZP_POOL__"
number_of_agents = __NUMBER_OF_WINDOWS_AGENT__
}
// Container Group Configurations - linux agent
linuxCg = {
name = "linuxagent-co"
location = "canadacentral"
rgname = "SelfHostedAgentRg"
os_type = "Linux"
ip_address_type = "Public"
container = {
name = "linuxagent"
image = "cloudelementsacr.azurecr.io/linuxagent:latest"
cpu = 1
memory = 4
port = 443
protocol = "TCP"
}
azure_devops_org_url = "__AZP_URL__"
personal_access_token = "__PERSONAL_ACCESS_TOKEN__"
agent_pool_name = "__AZP_POOL__"
number_of_agents = __NUMBER_OF_LINUX_AGENT__
}
8. Run the pipeline to deploy Azure Container Registry, Build agent images, and deploy the Self-hosted Agents
Notes
- To add additional functionality to your agent; e.g. pre-install terraform, aws cli or other tool. Modify the dockerfile located in dockeragent/windowsagent or dockeragent/linuxagent. Run the pipeline to build new agents.