We're currently implementing an automated build process using Visual Studio Team Services Build.
The plan is to run tests on Azure VM's as part of a daily build. So far we've set up a build definition with an "Azure Resource Group Deployment"-step. This works fine, and a resource group template is deployed and the VM's in this template is started.
Next step is to install the test agent on these servers. I've added the "Visual Studio Test Agent Deployment" task, but has not been able to configure it properly.
There is a dropdown with the title "Test Machine Group / Azure Resource Group", but it only lets me choose between test machine groups. I'm not able to select nor enter a resource group name.
How do I deploy the test agent to the VM's in my newly created Azure Resource Group?
You can configure the VM first to enable the winrm service (Required for test agent deploy step). Refer to this link for details: Enable Remote Powershell Service.
And then go to VSTS Web Portal -> Test -> Machines, create a Machine group and add the Azure VM in it. Now you can select the new created machine group in "Visual Studio Test Agent Deployment" task for test agent deploy.
Related
We have created an Azure Virtual machine scale set agent pool and started the pipeline in the agent pool. We faced Access Denied problems in the jobs due to the tasks not running in the admin mode (CMD, PowerShell, and Final builder) on the VMSS instance. We need to run these tasks in admin mode in the Agent pool.
We couldn’t run an console application too with admin privileges in the VM.
Please provide any suggestions to resolve this issues.
VMSS Agent Pool:
Pipeline:
Access Denied Issue:
After you setup the scale set agent pool in Azure DevOps, it will use machinename\azdevops to run the pipeline task(can validate with 'whoami' in the task as below):
Remote to the target Scale set VM, the user is "Administrator" by default, the account has administrator permission.
I can create a file with the account in pipeline.
We couldn’t run an console application too with admin privileges in the VM.
If you cannot run the application with admin permission directly on VM, suspect it could be blocked the policy which should come from VMSS policy not DevOps.
It's recommended to create a new VMSS, and use it for DevOps agent for a check.
Is there a way to figure out if resource was deployed manually (via Azure portal) or via arm template?
I would say that your best option, although it won't guarantee 100% accuracy, is to look at the deployment name. If you look at a Resource Group from the Azure Portal and navigate to Deployments, you'll see a list of all deployments to that RG.
From my observations:
if the deployment name is in the format Resource.Provider-Timestamp (Microsoft.RouteTable-20200824154745) it was done via the Portal
if the deployment name is somewhat friendly or irregular (VirtualWanDeployment) it was a manual ARM template deployment (PowerShell in my case)
if the deployment name is in the format resource-date-time-xxxx (applicationGateway-20200821-135645-bf71) it was an Azure DevOps pipeline
I'm attempting to build out my DevOps pipeline to deploy a DataFactory, Databricks Notebooks & Azure Data Warehouse,
I have my resource subscriptions setup for both Dev and Prod. deploying to Prod is more tricky than it seems.
my keyvault has GET/LIST Permissions for both Secret & Keys for the Target DataFactory.
https://learn.microsoft.com/en-us/azure/data-factory/continuous-integration-deployment
I have used the above guide to setup my target data factory in prod - and it is stood up correctly with all the connection strings setup and keyvault permissions set.
but I am stuck on this portion :
Grant permissions to the Azure Pipelines agent The Azure Key Vault
task may fail with an Access Denied error if the proper permissions
aren't present. Download the logs for the release, and locate the .ps1
file with the command to give permissions to the Azure Pipelines
agent. You can run the command directly, or you can copy the principal
ID from the file and add the access policy manually in the Azure
portal. Get and List are the minimum permissions required.
when I deploy my release I get the following error on the KeyVault task :
The specified Azure service connection needs to have Get, List secret management permissions on the selected key vault. To set these permissions, download the ProvisionKeyVaultPermissions.ps1 script from build/release logs and execute it, or set them from the Azure portal
I've added this power shell script ProvisionKeyVaultPermissions.ps1 to my repo and added it to my task but it just runs forever ? unsure if I'm missing something here.
hope this is clear/ please ask for any additional info.
I wonder if it's the DevOps service connection that's missing the permissions.
You can check access policies for the vault from the console. You should see your service connection as an APPLICATION; it needs the GET and LIST privileges as the document your following says. My understanding is that these are privileges for the account that's deploying your code, rather than the account that will run your code.
I am not able to Create Azure Paas resource "VirtualMachineScaleSets" within DevTestLab, which i am trying by uploading ARM Template to DevtestLab repository through VSTS. It gives "Authorization failed for template resource of type 'Microsoft.Compute/VirtualMachineScaleSets' error
Overall goal is to create "Service fabric cluster" within DevTestLab
MSDN link : https://learn.microsoft.com/en-us/azure/devtest-lab/devtest-lab-create-environment-from-arm
Because DevTestLab is different with Azure resource module. For now, Azure does not support deploy VMSS to DevTestLab.
By the way, we can't use the same template to deploy resource in DevTestLab, there are different resource.
More information about DevTestLab template, please refer to this link.
We have a fix working its way through our safe deployment pipeline. The fix will be deployed soon to all regions.
As a work around you could give "VS Dev Test Lab" application "owner" permission at subscription level and "owner" permission to DevTestLab created.
I'm trying to onboard a VM to Azure Automation DSC. Can we add a VM from a different subscription as a DSC node ?
You won't be able to use the Register-AzureRMAutomationDSC to setup VMs cross subscription.
Following the instructions located here there are steps to run the Get-AzureRMAutomationRegistrationInfo cmdlet to get the registration key required (of the target Azure Automation account) and then steps to configure the DSC Extension on the target VM. Please note the instructions are for ASM VMs, but you can use Set-AzureRMVMExtension for ASR VMs.
Alternatively, for a more manual approach, follow the instructions here to obtain the registration url and the registration key, and then configure the Local DSC manager using the Set-DscLocalConfigurationManager cmdlet.