Giter VIP home page Giter VIP logo

terraform-azuredevops-vmss-agent's Introduction

VMSS Azure DevOps Agent (Linux)

This contains a Bicep template that will deploy a VMSS suitable for an Azure Devops agent. It is currently configured for use with Terraform but can easily be customised using the cloud-init.yml.

The resulting ARM JSON file is over 700 lines long, this shows how much easier Bicep is to work with!

Features

  • Virtual network
    • NSG blocking all inbound connections
  • VM Scale Set
    • Managed identity enabled
    • Cloud-init used to install tooling
    • Randomly generated SSH public key used to prevent interactive logins
  • Storage account for Terraform backend
    • Azure AD RBAC assigned to VMSS identity
    • Private endpoint and firewall preventing public access
  • Key Vault for secrets storage
    • Azure AD RBAC assigned to VMSS identity
    • Private endpoint and firewall preventing public access
  • Private DNS zones
    • Zone for blob storage
    • Zone for Key Vault

Usage

# Generate a random SSH public key, discarding the private key
ADMINSSHPUBKEY=$(scripts/generate-random-ssh-pubkey.sh)

# Destination subscription id
# (omit if you want to use the context of az account, remember to remove --subscription from the az command line)
SUBSCRIPTIONID=00000000-0000-0000-0000-000000000000

# Destination region
LOCATION=westeurope

# Resource naming
RESOURCEGROUPNAME=myrg
KEYVAULTNAME=mykv
STORAGEACCOUNTNAME=mystg


az deployment sub create \
    --subscription $SUBSCRIPTIONID \
    --location $LOCATION \
    --template-file bicep/buildagent.bicep \
    --parameters adminSshPubKey="$ADMINSSHPUBKEY" \
                 resourceGroupName=$RESOURCEGROUPNAME \
                 keyVaultName=$KEYVAULTNAME \
                 storageAccountName=$STORAGEACCOUNTNAME

Finally, complete the setup in Azure DevOps to add the VM extension

Azure DevOps Pipeline

See the .azure-pipelines directory for a sample pipeline to deploy this.

terraform-azuredevops-vmss-agent's People

Contributors

matt-ffffff avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

liupums yys2000 sskoklev jeevanions nonsoudechukwu runtimeerror0x01

terraform-azuredevops-vmss-agent's Issues

cloud-init does not complete installs

First, awesome repo @matt-FFFFFF ... Found this extremely helpful when learning how to deploy VMSS ala Bicep.

What I've come to realize is the ado pipeline will pick-up an instance/agent before cloud-init has completed the post-deployment installations. I thought about incorporating cloud-init status --wait to ensure the pipeline does not progress until cloud-init completes the post-deployment tasks, but that's pretty messy. Every pipeline would need this noise... And the next stage could pick up a totally different instance/agent (let's say one that has not completed the cloud-init).

While not directly related to this repo (everything works beautifully), have you run into this issue before? Curious what your solution was to this dilemma. Thanks for your contributions!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.