Azure
/
vdc
зеркало из https://github.com/Azure/vdc.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
vdc/Agent/Linux
История
Kungumaraj Nachimuthu 2c83f220e1 AKS Archetype (#96) 
* AKS Archetype - Initial Commit

* Change in pipeline variable group for testing

* Corrected dependency to the teardown of validation resource group

* Corrected the dependsOn for TearDownValidationResourceGroup

* Changed the Azure Subscription

* Changed from SharedServices to AKS in pipeline.yml

* Added missing Tests folder

* Removing duplicate task

* Updates to new modules

* Separate module for application rule

* Update to application rule module

* Clean up

* Cleaned up security center module

* Multiple var groups

* Added var groups for AKS

* Added env vars for User group IDs

* Updated the Packer agent file to include the az cli installation

* Splitting into Archetype and LandingZone

* Updated the paths in pipeline.yml after restructuring folders

* More updates to file paths

* AzureSecurityCenter correction

* Separate module for updating Azure Firewall

* Code fix for prevention of resource group while executing scripts

* Corrections to the orchestration and parameters file

* Added the Azure Firewall update section to the pipeline yml file

* Fixed json parameters file for AKS module that was formatted incorrectly

* Minor fixes to Virtual Network

* Updated the subscription GUIDs and added a subscription info for AKS

* Changed vNet to VirtualNetwork. Also, added dependsOn for AKS Archetype in Orchestration file.

* Changed the KeyVault behavior to enable Service EndPoint after Landing Zone deployment.

* Orchestration and Pipeline updates for AKS Archetype

* AKS Archetype pipeline / orchestration update

* Fixed unsupported versions for aks

* Changes based on feedback from AKS Archetype review

* Minor changes - feedback work continued

* Pipeline changes specific to AKS LandingZone

* AKS Archetype - Initial Commit

* Change in pipeline variable group for testing

* Corrected dependency to the teardown of validation resource group

* Corrected the dependsOn for TearDownValidationResourceGroup

* Changed the Azure Subscription

* Changed from SharedServices to AKS in pipeline.yml

* Added missing Tests folder

* Removing duplicate task

* Updates to new modules

* Separate module for application rule

* Update to application rule module

* Clean up

* Cleaned up security center module

* Multiple var groups

* Added var groups for AKS

* Added env vars for User group IDs

* Updated the Packer agent file to include the az cli installation

* Splitting into Archetype and LandingZone

* Updated the paths in pipeline.yml after restructuring folders

* More updates to file paths

* AzureSecurityCenter correction

* Separate module for updating Azure Firewall

* Code fix for prevention of resource group while executing scripts

* Corrections to the orchestration and parameters file

* Added the Azure Firewall update section to the pipeline yml file

* Fixed json parameters file for AKS module that was formatted incorrectly

* Minor fixes to Virtual Network

* Updated the subscription GUIDs and added a subscription info for AKS

* Changed vNet to VirtualNetwork. Also, added dependsOn for AKS Archetype in Orchestration file.

* Changed the KeyVault behavior to enable Service EndPoint after Landing Zone deployment.

* Orchestration and Pipeline updates for AKS Archetype

* AKS Archetype pipeline / orchestration update

* Fixed unsupported versions for aks

* Changes based on feedback from AKS Archetype review

* Minor changes - feedback work continued

* Pipeline changes specific to AKS LandingZone

* Changes based on testing firewall rules update logic

* Pipeline yml file updated

* Minor update

* Minor update

* Minor update

* Minor correction to file path

* Minor file path correction

* Minor correction

* Debug statements added

* Fix for Azure Firewall scripts

* Updated

* Updated

* Minor update

* Pipeline jobs rearranged.

* File path fixed

* Fixes to chmod script

* Minor fixes

* Updated the dependencies

* Corrected the bootstrap var in pipeline

* Live updates from feedback review

* Fixes based on today's review
 		2019-08-23 22:48:47 -07:00
..
build.sh Updates to Packer Image for Ubuntu AzDO Agent (#78) 2019-07-11 10:19:53 -07:00
readme.md Kunachim/documentation fix (#82) 2019-07-12 11:02:27 -07:00
ubuntu-1804.json AKS Archetype (#96) 2019-08-23 22:48:47 -07:00
vsts-agent-create.sh Updates to Packer Image for Ubuntu AzDO Agent (#78) 2019-07-11 10:19:53 -07:00

readme.md

Azure DevOps - Ubuntu 18.04 Agent

The following sections provide a step-by-step guide to creating an Azure DevOps Agent Image using Packer, spin up an Agent using the Image and add it to the Azure DevOps Agent Pool.

Prepare your Azure DevOps Account

  1. Create an Azure DevOps Agent pool

  2. Generate a Personal Access Token (PAT) for your Azure DevOps Organization. When generating the Personal Access Token (PAT), assign the following scopes:

  • Agent Pools - Read & Manage
  • Deployment Groups - Read & Manage

  1. Create a Service Principal.

  2. Add RBAC Assignment to the service principal created in previous step by adding the service principal as Owner of the subscription that will host the image and agent VMs.

Build a Packer Image

  1. Build a Docker image.
docker build --rm -f "dockerfile" -t vdc:latest .

Note: Do not miss the . at the end when running the above command.

  1. Create a container from the Docker image built in the previous step. Mount the Agent folder as a volume in your Docker container when creating the container.
docker run -it -v <path-to-vdc-folder>/Agent:/usr/src/app/Agent vdc:latest
  1. Update the build.sh file under Agent\Linux folder with the service principal's client id, client secret, subscription id and tenant id.

Note: When saving the build.sh file, save the file in 'LF' mode. If your Operating System is Windows Visutal Studio Code defaults to CRLF. In Visual Studio Code, the option to change from CRLF to LF is available at the bottom left blue bar.

  1. Run the command below from PowerShell terminal to build a VM Image
cd /usr/src/app/Agent/Linux
bash -c "./build.sh"

VM Image will contain all the required tools, SDKs and CLIs to run the VDC toolkit.

Create a VM from Packer Image

  1. Run the command below from PowerShell terminal to create a VM from the Image
bash -c "./vsts-agent-create.sh <organization-url> <personal-access-token> <vsts-pool-name> <agent-vm-name>"

VM will be created in the same resource group, subscription and tenant as the Image created by Packer. The name of this resource group can be found in the build.sh and vsts-agent-create.sh bash scripts. VM will have following attributes:

  • Created from the Image built by Packer
  • No Public IP
  • Explicit NSG rule to block all SSH connections
  • Virtual Network with a default subnet Note: If you need to allow SSH connectivity from your computer, enable a SSH Connection with a specific IP.

Ubuntu Agent - Notes

  • PowerShell Modules - Az, Pester and Resource Graph are installed and available part of the Agent Image. These modules are installed using Save-Module Cmdlet. Ubuntu 18.04 has a specific location for these Modules to be saved. You will find the location of the Module to be saved in the ubuntu-1804.json packer file.

  • Installing modules using Install-Module will not allow the Cmdlets to be available for use by all users.