HackMD
Setup the virtual machine Linux and Windows for Agents and Azure-Pipelines
tags: research devops azure
On the mood for sharing, This is second blog i am sharing for today, come and read about Setup MySQL with Wordpress in k8s: Easy migrate or not !!. So if you want to know about how to setup the Linux and Window VM for Azure-Pipeline, Go check it out downbelow
What things are you looking for ?
Azure Pipelinesis one most of thingsAzure, I confess that pretty supercool than other thing alternative likeGitlab CI/CD,Github Action- Why it good ? Template by what you want is why i like its, sofar it will help you optimize the time for customize new pipeline script but not make effect for another.
- But for doing this things and more secure, more time, more customize, Azure users will prefer how to use selfhost instead of vm provided by azure for purpose running the pipeline CI/CD on this Agents.
The scenerio for setup the agent and more things about it
- VM is Linux or Windows can be have access by azure pipeline via token, It will contains the environment for doing with Azure Resource like create VM, interaction with K8s - Cluster so you need about role for it or Azure AD for creating Application Role for access anything via that IAM.
- VM agents is environment which run anything task on pipeline so you need to configure them to have exacty what this pipeline need so go details to knowing about it.
- How to connect anything VM, Agent or VM cluster in Azure, that things will optimize your cost to setting up bastion host for service. So i will share about this on this Blog. So let go and break down anything from small task in down below.
Step to setup
Prepare for setup the azure agent
-
PAT (Personal Access Token) - most of important thing, which you need to configuration you VM
-
You need to create Azure DevOps that one will intergration Azure Pipeline inside
-
Go for security tab or setting tab on left your avatar icon to creating for your own Token
-
Token will include what role for access via itself, So i will drop down this
Rule Value Rule Value Rule Value Agent-Pools Read & Manage Load Test Read User Profile Read Build Read & Execute Marketplace Acquire & Manage Variable Group Read Code Read & Status Notification Read Task Groups Read Connected server Connected Server Packaging Read & Write Team Dashboard Read Deployment Groups Read & Manage Project and Team Read Test Management Read Environment Read & Manage Release Read,write & execute Wiki Read Extension Data Read Secure Files Read, create & manage Work items Read Extensions Read Security Manage Identity Read Service Connection Read & Query -
After you have applied rule you will have the PAT token and choose the expire day which you want (1 year is limited)
-
-
Go to the settings page of TFS on symbol in the edge and Choose create a new agent pool or existed pool
-
After create the pool you want have to create new agent, the agent configure have 3 OS can provide is Win, Mac and Linux. So you can choice once and do with the manual
NOTICE: You need to take care about this situation for prevent PAT can access to your pool
- If you don't have adminastrator of agent-pool, when you created a new agent in pool with your token –> It will cause error so remembering you need to have role adminastrator of pool (Not inherited role, yoi need adminastrator for whole pool from Org into repo, if you don't have it your progress for provisioning will fail)
Solution: Add role adminastrator for who own token created and give that one for progress which create the agent
- Validate the token when expire or delete
Solution: Do regenerate token again
Prepare job is done, you complete 1/2 way to having the goal. Go create IaC and provisioning your VM (Linux or Windows)
Linux
-
With linux OS - Ubuntu 22.04 for example, it quite easily so for optimize time you don't need to go far with bulild own image, Just do with raw image which Azure Provide
-
You can running that kind on your own VM or create that to Docker, Which my situation for customize more than one runner in VM, Docker is prefer more than first optional
-
I will choose terraform and like i said go for check my Terraform session to know about more. I just put my code about
main.tfand one more, you need to know about to create recycle your code in mutiple environment with Terraform, Go this to understand the theory. -
So i have
agents-poolsfolder to put that customize for my VM agents provide and second onemodules, this kind will put basically what resource i want to provision for each of vm -
With
modules, i will have 3 things insidenetwork,bastionhost,vm
So go for details on each modules. One more things i will put whole template forWindowandLinux, so you need to consider to find what you want
On my source code, i have additional condition for create bastion host if you want. And that will help you specify via variables. You need to know about terraform and it will break down this concept. "This is file will overwrite the variables.tf file and need specify parituclar variables need to be updated"
Example:
Quite easily 
, that just create bastion host the network is taken care by network above. So go for check it on important part VM or Virtual Machine
So maybe it is super complicated because i custom that one for both Win and Linux can applied, so it need and can be complex with 100% 
. But it have some feature you need to concern about that like:
- You can put your customize what image which you want to user for vm both Win and Linux is setup. Find out at
dynamic "source_image_reference"that will decied you to choose what image source you want customize or raw. - With Linux machine, it will help you have way to additional custom
user_datawhich better way to running the initialize for first time setup this VM. Read more in this –> link. With Window, I confess this to harding for setup that, so it not support for window vm and you need to find out way to bypass this and Window part i will break out. resource "azurerm_virtual_machine_extension"this kind of thing can be cool with Azure VM, it can help you run extend script after init setup the vm. Pretty cool
but it only work with the single instance don't try with scale set because scaleset itself intergration that one, go this link for know more 
. Especially, It just one again working only with Linux machine- And another one it not only work with script, it can run command if you want by
resource "azurerm_virtual_machine_extension" "bootstrap_command"
So after you got all that one we will go to detail of agent pools what it need
With that one you include all things from what resource, define you custom varible and choose the what type you want to deploy this to Azure. Linux can be choice in here type_os_vm = "linux" and scale set version can be choice by checked_scaleset = true. So go for and read it to understand that said 
.
But one more things you need to put the user-data script with template style and call that via template func of terraform. Dockerfile can be
- All things is prepare and you are ready for deploy, use terraform CLI with workflow to applied it
- Optional when you choose using bastion host, your SSH Public Key is stored inside the tfstate of you. Go to and copy that for use connection to VM via that.
- And after all that, you machine will go on online inside your
agent-poolsand ready for connection via pipeline
Window
- With the window machine, i think it specially than with Linux. Because it is harder setup than linux, Close and Opensource that is different between them.
- And on the machine, it not open and set
SSHfor you connect to, instead that you need to get acquainted withwinrmandrdpfor work with windows- WinRM: IDK on the normal Window version like 10, 11 have it or not but on the Window Server especially 2019 version, all that one need to work with that. More detail about this protocol via this Link
- RDP: This is protocol which help you connect with you Win VM and remote that via UI, this protocol work good but it not help me run any script via that, so poor for setting up anything.
- But not stop that, Window is have specify things that you not understand, It will obtain you go setup the machine with manual for first running time, some thing call OOBE. So you need to bypass that with third party, it is not recommended. Do not use this for production, experiment is recommended and go for this Link and this Link
- So go to detail that on what i am doing with Window Machine and how can i bypass them. On my window we will use construct terraform like this above and with windows machine i will setup automation test agent for C# project with .netcore, azure, vstest.
Prequirement:
-
The agent should be able to use Windows VM because some reason:
- The AutomationTest need Browser with GUI Support –> Chrome needs to be installed on VM (Both Windows and Linux can be but Windows will be easily)
- The AutomationTest need the tools working with Powershell specific like AzureRM, Az, Azure and core of those things is AzurePS (Azure PowerShell convenient for setting up on Windows VM)
- The Flexible PowerShell version can effectively for installation progess –> Have different between V5.0 and V7.0 of PowerShell
- Setup dotnet core 7.0 (Both Windows and Linux can be installed but work with greate performs better in Windows than another OS)
- Something tool like vstest.exe (Use in the Pipeline) –> Must be used with Windows VM for sure
- Scripting use too much about TaskScheduler, Agent and another System lib like DLL file for work with.
-
Using Packer for packaging whole thing configuration. So why we need install packer with manual-install
-
Pipelines will need to setup Terraform for provisioning Agent and create some require for creating the agent. Those thing will reference to
-
Tools will use for Remote Connection to VM or Using the BastionHost (Need to configure to run sysprep.exe progress for Windows VM in Azure). With Windows you can using Remote Desktop or Linux can use Remmina to executing this one.
Features:
- First of all, I will introduce some feature about template AzureVM Agent for configuration Which use for running the pipeline. Go and check on step one for more detail. This provisioning will design for using with template style which will help you deploy with different versions of AzureVM and you can use it with create a folder and import module like Using Env Terraform Folder.
- The provisioning will combine two step with first step will run packer for packaging whole configuration for Windows VM and second step will provisioning the VM with image which build from first step.
Create a new AutomationTest Agent
- Create a packer for packaging configuration (This one will help you bypass OOBE when setup windows machine)
- Go for packer session for more detail about that.
- Create a packer folder with construct
- First, The constructure of packer, Packer is the tools of Hashicorp who design Terraform, so it will use the HCL language for doing the job. But different Terraform, you can flexible for split the folder into modules and env. But Packer will not be able to doing like that, You need add variable, local, packer and new thing like source and build block into one files, format of file will be
<Name-you-want>.pkr.hcl, more details about packer-hcl. And the another thing call variables file for configuration flexibility variable for pkr.hcl file, format of file will be<Name-you-want>.pkrvars.hcl. But also you can use alternative styles of packer file in json format, more details about packer-json. Example of packer like: - Second for working with packer, you need to understand the provider which will work your cloud like Azure -
AzureARM, AzureDTLor AWS -Instance, EBS. More detail about the provider can be found here: https://developer.hashicorp.com/packer/plugins - Third, on the building progress if you need to configure more thing for your VM, you will consider for using the provisioner in build block and it will connect to the VM with your what type of connection you configure on source block. With
AzureARM, SSH will use for LinuxVM and WinRM will use for WindowsVM. For more details and choose for right provider, please see the documentation: https://developer.hashicorp.com/packer/docs/provisioners
- First, The constructure of packer, Packer is the tools of Hashicorp who design Terraform, so it will use the HCL language for doing the job. But different Terraform, you can flexible for split the folder into modules and env. But Packer will not be able to doing like that, You need add variable, local, packer and new thing like source and build block into one files, format of file will be
-
All above will be scenarios, The results of the packer process will be like your what you configured. So for executing the packer process, you need to run the packer workflow for running the packer, more details please see the documentation. Before run the packer, you need configuration Authentication for use to communication cloud or what environment you want to build Image, Must be contribute role at lease which can perform create the resource on that platform.After authentication succeed, There are three steps which important when use packer.
- init: used to download Packer plugin binaries
- validate: used to validate the syntax and configuration of a template
- build: takes a template and runs all the builds within it in order to generate a set of artifacts
But take a little time for about my script to setup Window vm viawinrmandpowershell:
You need to understand that why i am need to bypass OOBE, if don't have setup OOBE, your provisioning progress of Window will break and not succesfull.
- After packer and you have image, you need to go for create VM with your customize image by terraform,
main.tfhere i come
Some variable you need configuration for Terraform working (Consider to change for make sure right configuration):
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| pool_name | Name of agent pool | string | N/A | True |
| location | Location of resource | string | southeastasia | False |
| use_image | Conditionally for optional use Packer Image or Not | bool | True | False |
| image_resource_group | RG where storage Packer Image | string | "PackerVMImage" | False |
| image_name | RG where storage Packer Image | string | N/A | True |
| azure_pat | Azure Personal access token | string | N/A | True |
| url_org | URL of organization where give access for pool | string | N/A | True |
| agent_vm_size | Size of VM for agent | string | Standard_B1ms | False |
| workdir | work directory for pool | string | usr/local/agent_work | False |
The Terraform of Agent which build on Template so make sure the type of variable is needed for doing right job.
- Remote Access into VM (IMPORTANT STEP !! PLEASE DO THIS STEP MANUALLY FOR HELP RUNNING SYSPREP)
-
Like i said when you provision Win VM, it have some different, Go for different about
The Consistency of Windows VM in Azure Cloud:- When you build the VM you need verify that your Image need to be have sysprep.exe for wipe anything before packing into VM. More information in documentation: https://learn.microsoft.com/en-us/azure/virtual-machines/windows/build-image-with-packer
- Windows VM have different type to connection in Azure, It will not configuration SSH for first thing provisioning so you cannot performance that because that will not support but Windows have another way to connection like RDP and WinRM. With RDP Protocol, you can access and get the GUI of Windows Machine but it will not like ssh you cannot perform script via RDP. So windows exchange and use winrm is replacing solution but in the basic image Windows will not have permission to execution that protocol, you need configuration it about packer or with documentation https://learn.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management
- So may be it is possible but first of time, You connect to Windows it will need you perform the sysprep of machine, so RDP, WinRM or ExtensionScript cannot help us doing the Schedule Task so that why you need doing Manual on that step
-
So you can perform sysprep for first setup with RDP through port 3389 with windows you can using Remote Desktop or Linux can use Remmina to executing.
-
Maybe have more way can bypass the sysprep but it not recommended because this can cause problems with Windows (Like i said on the head of this). So that step it need to be obligatory
-
After that you first time the agent configuration is setup inside the Windows Machine on Packer Step. So things you need to do first is go to Users folder at location
C:\Users\for doing Powershell Scriptstartup.ps1. That kind is just a thinks for use setup thestartupjob viaschedule job- Tool of window. -
After the machine restart about deplay 30 second the agent will start
The last of the last, Like i promise you will create bastion host free with low cost to operation
- This is things about network, so you have different network between this resources and that resources. Find the way to connect them that is solution
- So you just need about take care one more thing
how can peer the networkwith themand you will custom your machine to bastionhost. Go detail on this Link. This is more way (VPN, Network peering, …) but network peering is easily to setup via azure- First you need to decide what network you want to peering (Remember: Your VPC or Virtual Network need to split in different range, if similar you can do in with that) and go to peering tab
- Choose add option and fill the name what you want, choose what rule you applied you this peering, choose subscription and what virtual network other you want. Save and go live it
- Go to the virtual machine and try to ping go through another one, with Windows Machine you need to turn off the firewall or set rule before ping and Linux is not need. That quite pretty easily
- First you need to decide what network you want to peering (Remember: Your VPC or Virtual Network need to split in different range, if similar you can do in with that) and go to peering tab
Conclusion
- That all of things which i want to share with you about setup Linux and Windows agent for purpose setting Agent for Azure Pipeline. Hope you solve with hard things and happily if read it to the end
- With that one you can do anything pipeline with specify repo like github, azure devops git, gitlab and what ever where you want just need a token to access
- With the terraform, you will learn how to setup template of Win and Linux for recycling code for mutiple purpose
- Packer is really good for optimize anything, this will help you compress anything into one and optimize the time you give for running whole this for multiple time.
- OOBE is best, Window can help you know about more and discover them can help you learn to the best, Bypass OOBE is popular things i find in DevOps and SysOps forum
- Azure is the supicious thing which some resource with high complex, but probally it have logic with tough and tightness. So you need to learning more to understand this loud
- The network peering is not hard like you thought. So try that and optimize the cost for give you equivalent value.
