To build and deploy Windows, Azure, and other Visual Studio solutions you'll need at least one Windows agent. Windows agents can also build Java and Android apps. If you already know what an agent is and how it works, feel free to jump right in to the following sections. But if you'd like some more background about what they do and how they work, see Azure Pipelines agents.
If you're building from a Subversion repo, you must install the Subversion client on the machine. You should run agent setup manually the first time.
After you get a feel for how agents work, or if you want to automate setting up many agents, consider using unattended config. The hardware specs for your agents will vary with your needs, team size, etc. It's not possible to make a general recommendation that will apply to everyone. As a point of reference, the Azure DevOps team builds the hosted agents code using pipelines that utilize hosted agents.
On the other hand, the bulk of the Azure DevOps code is built by core server class machines running 4 self-hosted agents apiece. The user configuring the agent needs pool admin permissions, but the user running the agent does not.
The folders controlled by the agent should be restricted to as few users as possible and they contain secrets that could be decrypted or exfiltrated. The ADO pipelines agent is a software product designed to execute code it downloads from external sources. Therefore, it is important to consider the threat model surrounding each individual usage of Pipelines Agents to perform work, and decide what are the minimum permissions could be granted to the user running the agent, to the machine where the agent runs, to the users who have write access to the Pipeline definition, the git repos where the yaml is stored, or the group of users who control access to the pool for new pipelines.
It is a best practice to have the identity running the agent be different from the identity with permissions to connect the agent to the pool. The user generating the credentials and other agent-related files is different than the user that needs to read them.
Therefore, it is safer to carefully consider access granted to the agent machine itself, and the agent folders which contain sensitive files, such as logs and artifacts. It makes sense to grant access to the agent folder only for DevOps administrators and the user identity running the agent process. Administrators may need to investigate the file system to understand build failures or get log files to be able to report Azure DevOps failures.
As a one-time step, you must register the agent. Someone with permission to administer the agent queue must complete these steps. The agent will not use this person's credentials in everyday operation, but they're required to complete registration. Learn more about how agents communicate. Create a personal access token. From your home page, open your user settings, and then select Personal access tokens.
For the scope select Agent Pools read, manage and make sure all the other boxes are cleared. If it's a deployment group agent, for the scope select Deployment group read, manage and make sure all the other boxes are cleared. Select Show all scopes at the bottom of the Create a new personal access token window window to see the complete list of scopes. On TFS , for macOS and Linux only, we recommend that you create a local Windows user on each of your TFS application tiers and dedicate that user for the purpose of deploying build agents.
Stop here , you have permission. If the user account you're going to use is not shown, then get an administrator to add it. You can add a user to the deployment group administrator role in the Security tab on the Deployment Groups page in Azure Pipelines.
If you see a message like this: Sorry, we couldn't add the identity. Please try a different identity. You don't need to do anything; you already have permission to administer the agent queue. Log on to the machine using the account for which you've prepared permissions as explained above. In your web browser, sign in to Azure Pipelines, and navigate to the Agent pools tab:.
Select the Default pool, select the Agents tab, and choose New agent. On the left pane, select the processor architecture of the installed Windows OS version on your machine. The x64 agent version is intended for bit Windows, whereas the x86 version is intended for bit Windows. If you aren't sure which version of Windows is installed, follow these instructions to find out.
Unpack the agent into the directory of your choice. Make sure that the path to the directory contains no spaces because tools and scripts don't always properly escape spaces. Extracting in the download folder or other user folders may cause permission issues. Then run config. This will ask you a series of questions to configure the agent. Click Download agent. On the Get agent dialog box, click Windows.
We strongly recommend you configure the agent from an elevated PowerShell window. If you want to configure as a service, this is required. Please avoid using mintty based shells, such as git-bash, for agent configuration. When setup asks for your authentication type, choose PAT.
Then paste the PAT token you created into the command prompt window. When using PAT as the authentication method, the PAT token is only used during the initial configuration of the agent.
Later, if the PAT expires or needs to be renewed, no further changes are required by the agent. Make sure your server is configured to support the authentication method you want to use. After you select Alternate you'll be prompted for your credentials. After you select Negotiate you'll be prompted for credentials.
We'll ask a few questions to ensure we serve you safely, including options for contact free service. If you need a tow, unfortunately our vehicles don't have room for physical distancing, so for your safety please plan another way to get home. Thanks for your understanding. Your safety is everything to us. Learn More. Buy Travel Insurance. Buy Home Insurance. Buy Car Insurance. Book Auto Repair.
Book an Appointment. While I am not sure sure about the performance that Blue Coat recommends I can tell you my experiences. I understand that according to Microsoft the Domain Controller should be able to handle parallel authentication requests, so presumably Microsoft can handle the authentication performance.
I recommend using VMware the free version so that you can use the snapshot features to perform upgrades and to give you a simple roll back plan. You should have at least two machines for high availability. You will not notice any CPU use, and memory will hardly be used.
0コメント