I had Installed ADO agent on SELinux enabled RHEL8 Azure VM.
Facing issues running the agent as Service but can Run in interactive mode.
Reached out to Microsoft support and they asked to disable SELinux which can't be done due to security issues.
Can someone please suggest the best secured configuration that can be used to run ADO agent on Linux VM
Related
I've upgraded Azure DevOps Server to latest version (2020 Update 1). After upgradation I'm frequently facing below error, everything looks good on build agent VM and agents itself are up and running.
*We stopped hearing from agent Agent1-NightlyBuild-tc3tbld1. Verify the agent machine is running and has a healthy network connection. Anything that terminates an agent process, starves it for CPU, or blocks its network access can cause this error.*
Do Azure DevOps Release Pipelines support Agent Pools using Windows OS based images, which do have Docker preinstalled?
Or is it possible to install Docker on Windows VM agents? According to official docs, installing Docker requires VM reboot, so I assume rebooting the VM would cause whole workflow to crash.
You can install the agent software on your own Windows OS machine and use that as an agent as opposed to the devops pool. It will have access to resources such as docker that are available on the host machine.
This is my current scenario:
VM status is "Running", VMAgent is "Not Ready", Windows Azure Guest Agent service is "Stopped".
I will manually start Windows Azure Guest Agent whenever my VMAgent is not ready.
So is there any script I can write using Powershell to automatically Start the service whenever VMAgent is not ready ?
WMStatus
VMAgentStatus
Services
For your requirements, I'm afraid you cannot achieve it through a script to automatically start the service outside the VM. Please take a look at the description of the VM Agent:
The VM Agent has a primary role in enabling and executing Azure
virtual machine extensions. VM Extensions enable post-deployment
configuration of VM, such as installing and configuring software. VM
extensions also enable recovery features such as resetting the
administrative password of a VM. Without the Azure VM Agent, VM
extensions cannot be run.
In this situation, what you can do is interact with VM through the remote connection and manually start the services inside the VM. For more details about the VM Agent, see it here.
I'am using AzureDevOps to build and pack my docker application.
The goal is to execute docker-compose commands in Azure VM, which is behind the firewall and can be access only thru vpn connection or standard web-browsing ports.
You can use deployment groups to achieve that. Reason this will work, because it is a one way communication (from agent to Azure Devops), so you dont really need to open ports for the VM, the VM has to only be able to reach Azure Devops endspoints (more on this).
TLDR. Using agents will work, because its an outgoing connection from the agent, not from Azure Devops to the agent.
Thank you very much for your help with the previous questions
Deploying Windows Containers (created with Docker) into Azure Container Service
Windows Container vs Docker Container and Azure Container Services/Kubernetes cluster with Linux OS
I am continuing my research and somewhat at a standstill as I try to follow the instructions of the following article that explains how to create CI/CD pipeline to deploy a multi-container application.
https://learn.microsoft.com/en-us/azure/container-service/dcos-swarm/container-service-docker-swarm-setup-ci-cd
The code sample that is referenced here is built for the Linux application, and I am not able to run it or create Docker container out of it.
Thus, I have following questions (those questions could be all over the place, my apologies for that)
When I create a .Net Core Web API on Windows 2016 server, is there any possibility for me to create an application that I could deploy to a Linux environment? (portable .NET Core Web API application)
When I would like to take advantage of CI/CD pipeline using Visual Studio Team Services, do I really need to create Azure Container Service with Docker Swarm? As far as I understand ACS is a Linux based environment whereas I would create Windows based docker containers on Windows Server 2016
Do I really need to be concerned with ACS and SSH tunnel when dealing with Windows Server 2016 based docker containers if I could easily deploy those containers to a Kubernetes cluster with Windows nodes
Is there an alternative way for me to deploy docker containers created on Windows Server 2016 using Full CI/CD pipeline to Visual Studio Team Services without using the Linux based SSH tunnel/ACS
Thank you very much for your generous input
Mikhail
1.When I create a .Net Core Web API on Windows 2016 server, is there any
possibility for me to create an application that I could deploy to a
Linux environment?
Yes, .Net core is a general purpose development platform maintained by Microsoft and the .NET community on GitHub. It is cross-platform, supporting Windows, macOS and Linux, and can be used in device, cloud, and embedded/IoT scenarios. So we can deploy .net core web api app on Linux environment.
Maybe we can refer to this link.
2.When I would like to take advantage of CI/CD pipeline using Visual
Studio Team Services, do I really need to create Azure Container
Service with Docker Swarm?
No, creating a CI/CD pipeline on Azure Container service with kubernetes and visual studio team services is available. More information about VSTS and ACS k8s, please refer to this link.
3.Do I really need to be concerned with ACS and SSH tunnel when dealing with Windows Server 2016 based docker containers if I could
easily deploy those containers to a Kubernetes cluster with Windows
nodes
If you want to use VSTS to deploy your .net core container, I think we should connect to ACS cluster.
If you want to use ACS k8s, we should add kubernetes connection:
4.Is there an alternative way for me to deploy docker containers created on Windows Server 2016 using Full CI/CD pipeline to Visual
Studio Team Services without using the Linux based SSH tunnel/ACS
Do you mean you want to use ACS, but don't want to connect Linux based SSH tunnel? If I am right, we can deploy a site-to-site VPN between your on-prem network and Azure Vnet, in this way, we can connect k8s like local.