Build Agent Error Please Try Running This Command Again as Root administrator

Skip to main content

Self-hosted Linux agents

• Commodity
• 05/04/2022
• 25 minutes to read

Is this page helpful?

Feedback will be sent to Microsoft: Past pressing the submit button, your feedback will be used to meliorate Microsoft products and services. Privacy policy.

In this article

Azure DevOps Services | Azure DevOps Server 2022 | Azure DevOps Server 2022 | TFS 2018

Note

In Microsoft Team Foundation Server (TFS) 2022 and previous versions, build and release pipelines are called definitions, runs are chosen builds, service connections are called service endpoints, stages are chosen environments, and jobs are called phases.

To run your jobs, you'll need at least one amanuensis. A Linux agent can build and deploy different kinds of apps, including Java and Android apps. We support Ubuntu, Ruby Chapeau, and CentOS.

Before y'all brainstorm:

• If your pipelines are in Azure Pipelines and a Microsoft-hosted agent meets your needs, you can skip setting upward a private Linux amanuensis.
• Otherwise, you've come to the right place to ready up an agent on Linux. Continue to the next section.

Larn near agents

If you already know what an agent is and how it works, feel gratuitous to leap correct in to the following sections. Merely if you'd like some more background about what they do and how they work, run across Azure Pipelines agents.

Check prerequisites

The amanuensis is based on .Cyberspace Core 3.i. You can run this agent on several Linux distributions. We back up the following subset of .Net Core supported distributions:

• x64
  • CentOS 7, 6 (encounter annotation ane)
  • Debian 9
  • Fedora 30, 29
  • Linux Mint xviii, 17
  • openSUSE 42.3 or later
  • Oracle Linux 7
  • Red Lid Enterprise Linux 8, 7, half dozen (see note 1)
  • SUSE Enterprise Linux 12 SP2 or later
  • Ubuntu 20.04, 18.04, sixteen.04
  • CBL-Mariner one.0 (see note 3)
• ARM32 (see note ii)
  • Debian 9
  • Ubuntu eighteen.04
• ARM64
  • Debian 9
  • Ubuntu 21.04, twenty.04, xviii.04

Note

Annotation i: RHEL 6 and CentOS vi require installing the specialized rhel.six-x64 version of the agent.

Note

Note 2: ARM pedagogy set ARMv7 or to a higher place is required. Run uname -a to run across your Linux distro's instruction set.

Annotation

Mariner Os distribution currently has fractional support from the Azure DevOps Agent. We are providing a mechanism for detection of this Bone distribution in installdependencies.sh script, simply due to lack of back up from the .Net Core side, nosotros couldn't guarantee full operability of all agent functions when running on this OS distribution.

Regardless of your platform, y'all volition demand to install Git 2.nine.0 or college. Nosotros strongly recommend installing the latest version of Git.

Notation

The agent installer knows how to check for other dependencies. You can install those dependencies on supported Linux platforms by running ./bin/installdependencies.sh in the amanuensis directory.

Be aware that some of these dependencies required by .NET Core are fetched from third political party sites, like packages.efficios.com. Review the installdependencies.sh script and ensure whatever referenced third political party sites are attainable from your Linux car before running the script.

Please likewise make sure that all required repositories are connected to the relevant package manager used in installdependencies.sh (like apt or zypper).

For bug with dependencies installation (similar 'dependency was not establish in repository' or 'trouble retrieving the repository index file') - you lot can reach out to distribution possessor for farther support.

TFS 2022 RTM and older: The shipped agent is based on CoreCLR i.0. We recommend that, if able, you should upgrade to a afterward agent version (ii.125.0 or higher). Encounter Azure Pipelines agent prereqs for more about what's required to run a newer agent.

If you must stay on the older amanuensis, brand sure your auto is prepared with our prerequisites for either of the supported distributions:

• Ubuntu systems
• Red Hat/CentOS systems

Subversion

If yous're building from a Subversion repo, you lot must install the Subversion client on the machine.

Y'all should run amanuensis setup manually the first time. Later you lot go a feel for how agents piece of work, or if you desire to automate setting upwardly many agents, consider using unattended config.

TFVC

If you'll be using TFVC, you'll also need the Oracle Java JDK ane.6 or higher. (The Oracle JRE and OpenJDK aren't sufficient for this purpose.)

TEE plugin is used for TFVC functionality. It has an EULA, which yous'll need to have during configuration if you program to piece of work with TFVC.

Since the TEE plugin is no longer maintained and contains some out-of-date Java dependencies, starting from Amanuensis 2.198.0 it's no longer included in the amanuensis distribution. All the same, the TEE plugin will be downloaded during checkout task execution if you're checking out a TFVC repo. The TEE plugin will exist removed after the job execution.

Note

Note: Yous may notice your checkout chore taking a long time to start working because of this download mechanism.

If the amanuensis is running behind a proxy or a firewall, you'll need to ensure access to the post-obit site: https://vstsagenttools.blob.core.windows.internet/. The TEE plugin will exist downloaded from this accost.

If you're using a self-hosted amanuensis and facing issues with TEE downloading, you may install TEE manually:

1. Set DISABLE_TEE_PLUGIN_REMOVAL environment or pipeline variable to truthful. This variable prevents the agent from removing the TEE plugin later on TFVC repository checkout.
2. Download TEE-CLC version 14.135.0 manually from Squad Explorer Everywhere GitHub releases.
3. Extract the contents of TEE-CLC-14.135.0 binder to <agent_directory>/externals/tee.

Prepare permissions

Data security for self-hosted agents

The user configuring the agent needs pool admin permissions, but the user running the agent does not.

The folders controlled past the agent should exist restricted to equally few users as possible and they contain secrets that could be decrypted or exfiltrated.

The ADO pipelines agent is a software product designed to execute code it downloads from external sources. Information technology inherently could be a target for Remote Code Execution (RCE) attacks.

Therefore, it is important to consider the threat model surrounding each individual usage of Pipelines Agents to perform piece of work, and decide what are the minimum permissions could be granted to the user running the agent, to the motorcar where the agent runs, to the users who have write access to the Pipeline definition, the git repos where the yaml is stored, or the group of users who control access to the puddle for new pipelines.

It is a best practice to take the identity running the agent be different from the identity with permissions to connect the agent to the pool. The user generating the credentials (and other agent-related files) is dissimilar than the user that needs to read them. Therefore, it is safer to carefully consider admission granted to the agent machine itself, and the amanuensis folders which contain sensitive files, such every bit logs and artifacts.

It makes sense to grant admission to the agent folder only for DevOps administrators and the user identity running the agent procedure. Administrators may need to investigate the file organisation to understand build failures or get log files to exist able to report Azure DevOps failures.

Decide which user you'll use

As a i-fourth dimension step, you must annals the agent. Someone with permission to administrate the agent queue must complete these steps. The amanuensis will not utilize this person's credentials in everyday performance, but they're required to complete registration. Larn more near how agents communicate.

Authenticate with a personal access token (PAT)

1. Sign in with the user account you plan to use in your Team Foundation Server web portal (https://{your-server}:8080/tfs/).

1. Sign in with the user account you plan to use in you Azure DevOps Server web portal (https://{your-server}/DefaultCollection/).

1. Sign in with the user business relationship yous plan to utilise in your Azure DevOps organization (https://dev.azure.com/{your_organization}).

2. From your home folio, open your profile. Go to your security details.

   

3. Create a personal access token.

   

2. From your abode page, open your user settings, and so select Personal admission tokens.

   

3. Create a personal admission token.

   

4. For the scope select Agent Pools (read, manage) and make sure all the other boxes are cleared. If it's a deployment grouping agent, for the scope select Deployment grouping (read, manage) and brand sure all the other boxes are cleared.

   Select Show all scopes at the lesser of the Create a new personal access token window window to encounter the complete list of scopes.

5. Copy the token. You'll utilize this token when you configure the agent.

Confirm the user has permission

Make certain the user account that y'all're going to employ has permission to register the agent.

Is the user an Azure DevOps organization owner or TFS or Azure DevOps Server administrator? End here, you have permission.

Otherwise:

1. Open up a browser and navigate to the Agent pools tab for your Azure Pipelines organization or Azure DevOps Server or TFS server:

   1. Choose Azure DevOps, Arrangement settings.

      

   2. Choose Agent pools.

      

   1. Choose Azure DevOps, Collection settings.

      

   2. Choose Agent pools.

      

   1. Choose Azure DevOps, Collection settings.

      

   2. Cull Agent pools.

      

   1. Navigate to your project and cull Settings (gear icon) > Amanuensis Queues.

      

   2. Choose Manage pools.

      

2. Select the puddle on the right side of the page and and so click Security.

3. If the user business relationship you're going to use is non shown, then get an administrator to add it. The administrator tin be an agent pool administrator, an Azure DevOps organization owner, or a TFS or Azure DevOps Server administrator.

   If it's a deployment group agent, the administrator can be an deployment group administrator, an Azure DevOps organization possessor, or a TFS or Azure DevOps Server administrator.

   You lot can add together a user to the deployment group ambassador role in the Security tab on the Deployment Groups folio in Azure Pipelines.

Annotation

If yous see a bulletin like this: Sorry, we couldn't add the identity. Please effort a different identity., you probably followed the higher up steps for an organization owner or TFS or Azure DevOps Server administrator. You don't demand to exercise anything; you already accept permission to administrate the amanuensis queue.

Download and configure the agent

Azure Pipelines

1. Log on to the machine using the business relationship for which you've prepared permissions equally explained above.

2. In your web browser, sign in to Azure Pipelines, and navigate to the Amanuensis pools tab:

   1. Choose Azure DevOps, Organization settings.

      

   2. Choose Agent pools.

      

   1. Choose Azure DevOps, Drove settings.

      

   2. Choose Agent pools.

      

   1. Choose Azure DevOps, Collection settings.

      

   2. Cull Amanuensis pools.

      

   1. Navigate to your project and choose Settings (gear icon) > Amanuensis Queues.

      

   2. Choose Manage pools.

      

3. Select the Default pool, select the Agents tab, and cull New agent.

4. On the Go the agent dialog box, click Linux.

5. On the left pane, select the specific flavor. Nosotros offer x64 or ARM for most Linux distributions. We also offer a specific build for Ruddy Hat Enterprise Linux 6.

6. On the right pane, click the Download button.

7. Follow the instructions on the page.

8. Unpack the agent into the directory of your pick. cd to that directory and run ./config.sh.

Azure DevOps Server 2022 and Azure DevOps Server 2020

1. Log on to the automobile using the account for which you've prepared permissions as explained to a higher place.

2. In your web browser, sign in to Azure DevOps Server 2019, and navigate to the Agent pools tab:

   1. Choose Azure DevOps, System settings.

      

   2. Choose Agent pools.

      

   1. Cull Azure DevOps, Collection settings.

      

   2. Cull Agent pools.

      

   1. Choose Azure DevOps, Collection settings.

      

   2. Choose Amanuensis pools.

      

   1. Navigate to your project and cull Settings (gear icon) > Agent Queues.

      

   2. Cull Manage pools.

      

3. Click Download agent.

4. On the Get agent dialog box, click Linux.

5. On the left pane, select the specific flavor. We offer x64 or ARM for most Linux distributions. We also offering a specific build for Crimson Hat Enterprise Linux half-dozen.

6. On the right pane, click the Download button.

7. Follow the instructions on the page.

8. Unpack the agent into the directory of your choice. cd to that directory and run ./config.sh.

TFS 2018

1. Log on to the machine using the account for which you've prepared permissions as explained higher up.

2. In your web browser, sign in to TFS, and navigate to the Amanuensis pools tab:

   1. Navigate to your project and cull Settings (gear icon) > Agent Queues.

      

   2. Choose Manage pools.

      

3. Click Download agent.

4. On the Get amanuensis dialog box, click Linux.

5. Click the Download button.

6. Follow the instructions on the page.

7. Unpack the agent into the directory of your choice. cd to that directory and run ./config.sh. Make sure that the path to the directory contains no spaces because tools and scripts don't always properly escape spaces.

Server URL

Azure Pipelines: https://dev.azure.com/{your-system}

Azure DevOps Server 2019: https://{your_server}/DefaultCollection

TFS 2018: https://{your_server}/tfs

Authentication type

Azure Pipelines

Choose PAT, then paste the PAT token you lot created into the control prompt window.

TFS or Azure DevOps Server

When y'all configure your agent to connect to TFS, you've got the following options:

• Alternating Connect to TFS or Azure DevOps Server using Basic authentication. After you select Alternate you'll exist prompted for your credentials.

• Integrated Not supported on macOS or Linux.

• Negotiate (Default) Connect to TFS or Azure DevOps Server as a user other than the signed-in user via a Windows authentication scheme such as NTLM or Kerberos. After y'all select Negotiate you'll be prompted for credentials.

• PAT Supported merely on Azure Pipelines and TFS 2022 and newer. Afterward y'all cull PAT, paste the PAT token you lot created into the command prompt window. Apply a personal access token (PAT) if your Azure DevOps Server or TFS instance and the agent machine are not in a trusted domain. PAT authentication is handled by your Azure DevOps Server or TFS instance instead of the domain controller.

Notation

When using PAT as the authentication method, the PAT token is used only for the initial configuration of the agent on Azure DevOps Server and the newer versions of TFS. Learn more at Communication with Azure Pipelines or TFS.

Run interactively

For guidance on whether to run the agent in interactive manner or every bit a service, run into Agents: Interactive vs. service.

To run the agent interactively:

1. If y'all have been running the amanuensis as a service, uninstall the service.

2. Run the agent.

                     ./run.sh                                  

To restart the agent, press Ctrl+C and so run run.sh to restart it.

To utilise your agent, run a chore using the agent's pool. If you didn't cull a dissimilar puddle, your agent will be in the Default pool.

Run once

For agents configured to run interactively, you lot can cull to have the agent accept only one job. To run in this configuration:

              ./run.sh --once                          

Agents in this mode volition accept only ane chore so spin down gracefully (useful for running in Docker on a service like Azure Container Instances).

Run as a systemd service

If your agent is running on these operating systems yous can run the agent as a systemd service:

• Ubuntu sixteen LTS or newer
• Cherry Hat seven.1 or newer

We provide an case ./svc.sh script for you to run and manage your amanuensis every bit a systemd service. This script volition be generated afterward you configure the agent. We encourage you to review, and if needed, update the script before running it.

Some important caveats:

• If you run your agent as a service, you lot cannot run the amanuensis service equally root user.
• Users running SELinux have reported difficulties with the provided svc.sh script. Refer to this amanuensis outcome every bit a starting point. SELinux is non an officially supported configuration.

Note

If y'all take a different distribution, or if you prefer other approaches, you tin use whatever kind of service mechanism you prefer. See Service files.

Commands

Change to the amanuensis directory

For example, if you installed in the myagent subfolder of your home directory:

              cd ~/myagent$                          

Install

Control:

              sudo ./svc.sh install [username]                          

This command creates a service file that points to ./runsvc.sh. This script sets upward the environment (more details beneath) and starts the agents host. If username parameter is not specified then the username is taken from the $SUDO_USER environment variable which is set past sudo command. This variable is always equal to the name of the user who invoked the sudo control.

Start

              sudo ./svc.sh start                          

Status

              sudo ./svc.sh status                          

Stop

              sudo ./svc.sh stop                          

Uninstall

Yous should stop earlier you lot uninstall.

              sudo ./svc.sh uninstall                          

Update environment variables

When you lot configure the service, it takes a snapshot of some useful environment variables for your electric current logon user such every bit PATH, LANG, JAVA_HOME, ANT_HOME, and MYSQL_PATH. If you demand to update the variables (for example, after installing some new software):

              ./env.sh sudo ./svc.sh stop sudo ./svc.sh outset                          

The snapshot of the environment variables is stored in .env file (PATH is stored in .path) nether amanuensis root directory, you can also alter these files directly to apply surroundings variable changes.

Run instructions earlier the service starts

Y'all can also run your ain instructions and commands to run when the service starts. For instance, you could set upward the environs or call scripts.

1. Edit runsvc.sh.

2. Supervene upon the following line with your instructions:

                     # insert anything to setup env when running as a service                                  

Service files

When you install the service, some service files are put in place.

systemd service file

A systemd service file is created:

/etc/systemd/system/vsts.amanuensis.{tfs-proper noun}.{agent-name}.service

For example, you accept configured an agent (see in a higher place) with the name our-linux-amanuensis. The service file will exist either:

• Azure Pipelines: the proper name of your organization. For instance if yous connect to https://dev.azure.com/fabrikam, then the service proper name would be /etc/systemd/organisation/vsts.agent.fabrikam.our-linux-amanuensis.service

• TFS or Azure DevOps Server: the name of your on-premises server. For example if you connect to http://our-server:8080/tfs, then the service proper name would exist /etc/systemd/system/vsts.agent.our-server.our-linux-agent.service

sudo ./svc.sh install generates this file from this template: ./bin/vsts.agent.service.template

.service file

sudo ./svc.sh start finds the service by reading the .service file, which contains the name of systemd service file described above.

Alternative service mechanisms

Nosotros provide the ./svc.sh script as a convenient mode for you to run and manage your agent as a systemd service. But you can use whatever kind of service machinery you adopt (for example: initd or upstart).

You tin can use the template described above as to facilitate generating other kinds of service files.

Apply a cgroup to avoid agent failure

It's important to avert situations in which the agent fails or go unusable because otherwise the agent tin can't stream pipeline logs or report pipeline status dorsum to the server. You can mitigate the risk of this kind of trouble being caused past high retention pressure by using cgroups and a lower oom_score_adj. Subsequently you've washed this, Linux reclaims organization memory from pipeline task processes before reclaiming retentivity from the agent procedure. Larn how to configure cgroups and OOM score.

Replace an amanuensis

To replace an amanuensis, follow the Download and configure the agent steps again.

When you lot configure an agent using the same name as an agent that already exists, you're asked if yous want to replace the existing amanuensis. If you lot answer Y, and then brand sure you remove the agent (see below) that you lot're replacing. Otherwise, later on a few minutes of conflicts, i of the agents will shut downwardly.

Remove and re-configure an agent

To remove the agent:

1. Stop and uninstall the service every bit explained to a higher place.

2. Remove the agent.

                     ./config.sh remove                                  

3. Enter your credentials.

Later on you've removed the agent, you can configure information technology again.

Unattended config

The agent can be prepare up from a script with no human intervention. You must pass --unattended and the answers to all questions.

To configure an agent, information technology must know the URL to your organisation or drove and credentials of someone authorized to set up agents. All other responses are optional. Any control-line parameter can exist specified using an environment variable instead: put its proper noun in upper example and prepend VSTS_AGENT_INPUT_. For example, VSTS_AGENT_INPUT_PASSWORD instead of specifying --password.

Required options

• --unattended - agent setup will non prompt for information, and all settings must be provided on the command line
• --url <url> - URL of the server. For example: https://dev.azure.com/myorganization or http://my-azure-devops-server:8080/tfs
• --auth <blazon> - authentication blazon. Valid values are:
  • pat (Personal admission token) - PAT is the only scheme that works with Azure DevOps Services.
  • negotiate (Kerberos or NTLM)
  • alt (Basic authentication)
  • integrated (Windows default credentials)

Authentication options

• If you chose --auth pat:
  • --token <token> - specifies your personal admission token
  • PAT is the only scheme that works with Azure DevOps Services.
• If you chose --auth negotiate or --auth alt:
  • --userName <userName> - specifies a Windows username in the format domain\userName or userName@domain.com
  • --password <password> - specifies a password

Pool and agent names

• --pool <puddle> - pool proper noun for the agent to join
• --agent <agent> - agent name
• --replace - replace the agent in a pool. If another amanuensis is listening past the same proper noun, it will first failing with a conflict

Agent setup

• --work <workDirectory> - work directory where chore information is stored. Defaults to _work under the root of the agent directory. The work directory is endemic by a given agent and should not be shared between multiple agents.
• --acceptTeeEula - accept the Squad Explorer Everywhere End User License Agreement (macOS and Linux only)
• --disableloguploads - don't stream or ship panel log output to the server. Instead, you may retrieve them from the agent host's filesystem afterwards the task completes.

Windows-only startup

• --runAsService - configure the agent to run as a Windows service (requires ambassador permission)
• --runAsAutoLogon - configure machine-logon and run the agent on startup (requires administrator permission)
• --windowsLogonAccount <account> - used with --runAsService or --runAsAutoLogon to specify the Windows user proper name in the format domain\userName or userName@domain.com
• --windowsLogonPassword <countersign> - used with --runAsService or --runAsAutoLogon to specify Windows logon password
• --overwriteAutoLogon - used with --runAsAutoLogon to overwrite the existing auto logon on the car
• --noRestart - used with --runAsAutoLogon to stop the host from restarting after agent configuration completes

Deployment group merely

• --deploymentGroup - configure the agent as a deployment group agent
• --deploymentGroupName <proper noun> - used with --deploymentGroup to specify the deployment group for the agent to join
• --projectName <name> - used with --deploymentGroup to ready the project proper name
• --addDeploymentGroupTags - used with --deploymentGroup to bespeak that deployment grouping tags should be added
• --deploymentGroupTags <tags> - used with --addDeploymentGroupTags to specify the comma separated list of tags for the deployment group amanuensis - for example "spider web, db"

Environments only

• --addvirtualmachineresourcetags - used to indicate that environment resource tags should be added
• --virtualmachineresourcetags <tags> - used with --addvirtualmachineresourcetags to specify the comma separated list of tags for the environment resource agent - for example "web, db"

./config.sh --assist always lists the latest required and optional responses.

Diagnostics

If you're having trouble with your self-hosted agent, yous can endeavor running diagnostics. After configuring the agent:

              ./run.sh --diagnostics                          

This will run through a diagnostic suite that may help you lot troubleshoot the problem. The diagnostics characteristic is available starting with agent version 2.165.0.

Help on other options

To larn about other options:

              ./config.sh --aid                          

The help provides information on authentication alternatives and unattended configuration.

Capabilities

Your agent'southward capabilities are cataloged and advertised in the puddle then that but the builds and releases it can handle are assigned to it. Come across Build and release agent capabilities.

In many cases, after you deploy an agent, you'll need to install software or utilities. Generally y'all should install on your agents whatever software and tools you utilize on your development machine.

For example, if your build includes the npm task, then the build won't run unless at that place's a build agent in the pool that has npm installed.

Important

Capabilities include all environment variables and the values that are set when the agent runs. If any of these values change while the agent is running, the amanuensis must be restarted to pick up the new values. Afterwards y'all install new software on an agent, you must restart the agent for the new capability to show upwards in the pool, so that the build can run.

If you want to exclude surroundings variables as capabilities, you can designate them by setting an surroundings variable VSO_AGENT_IGNORE with a comma-delimited list of variables to ignore.

FAQ

How do I make sure I have the latest v2 agent version?

1. Navigate to the Agent pools tab:

   1. Choose Azure DevOps, System settings.

      

   2. Cull Amanuensis pools.

      

   1. Choose Azure DevOps, Collection settings.

      

   2. Choose Agent pools.

      

   1. Choose Azure DevOps, Collection settings.

      

   2. Cull Amanuensis pools.

      

   1. Navigate to your project and choose Settings (gear icon) > Amanuensis Queues.

      

   2. Choose Manage pools.

      

2. Click the pool that contains the agent.

3. Make sure the amanuensis is enabled.

4. Navigate to the capabilities tab:

   1. From the Amanuensis pools tab, select the desired agent pool.

      

   2. Select Agents and cull the desired agent.

      

   3. Choose the Capabilities tab.

      

      Note

      Microsoft-hosted agents don't display system capabilities. For a list of software installed on Microsoft-hosted agents, see Use a Microsoft-hosted agent.

   1. From the Agent pools tab, select the desired puddle.

      

   2. Select Agents and choose the desired agent.

      

   3. Choose the Capabilities tab.

      

   1. From the Amanuensis pools tab, select the desired pool.

      

   2. Select Agents and choose the desired agent.

      

   3. Choose the Capabilities tab.

      

   Select the desired agent, and choose the Capabilities tab.

   

5. Wait for the Agent.Version capability. You tin can cheque this value against the latest published agent version. See Azure Pipelines Agent and cheque the page for the highest version number listed.

6. Each amanuensis automatically updates itself when it runs a job that requires a newer version of the amanuensis. If you want to manually update some agents, right-click the pool, and select Update all agents.

Tin I update my v2 agents that are part of an Azure DevOps Server pool?

Yes. Beginning with Azure DevOps Server 2019, you lot can configure your server to await for the agent bundle files on a local disk. This configuration will override the default version that came with the server at the time of its release. This scenario also applies when the server doesn't take access to the internet.

1. From a computer with Net access, download the latest version of the agent package files (in .zippo or .tar.gz grade) from the Azure Pipelines Agent GitHub Releases page.

2. Transfer the downloaded package files to each Azure DevOps Server Awarding Tier by using a method of your choice (such as USB drive, Network transfer, then on). Place the agent files under the %ProgramData%\Microsoft\Azure DevOps\Agents folder.

3. You're all set! Your Azure DevOps Server will now apply the local files whenever the agents are updated. Each agent automatically updates itself when it runs a job that requires a newer version of the agent. But if yous desire to manually update some agents, right-click the pool, and then choose Update all agents.

Why is sudo needed to run the service commands?

./svc.sh uses systemctl, which requires sudo.

Source lawmaking: systemd.svc.sh.template on GitHub

I'g running a firewall and my lawmaking is in Azure Repos. What URLs does the agent need to communicate with?

If you're running an agent in a secure network backside a firewall, brand certain the agent can initiate advice with the post-obit URLs and IP addresses.

Domain URL	Description
https://{organization_name}.pkgs.visualstudio.com	Azure DevOps Packaging API for organizations using the {organization_name}.visualstudio.com domain
https://{organization_name}.visualstudio.com	For organizations using the {organization_name}.visualstudio.com domain
https://{organization_name}.vsblob.visualstudio.com	Azure DevOps Telemetry for organizations using the {organization_name}.visualstudio.com domain
https://{organization_name}.vsrm.visualstudio.com	Release Direction Services for organizations using the {organization_name}.visualstudio.com domain
https://{organization_name}.vssps.visualstudio.com	Azure DevOps Platform Services for organizations using the {organization_name}.visualstudio.com domain
https://{organization_name}.vstmr.visualstudio.com	Azure DevOps Test Management Services for organizations using the {organization_name}.visualstudio.com domain
https://*.blob.core.windows.internet	Azure Artifacts
https://*.dev.azure.com	For organizations using the dev.azure.com domain
https://*.vsassets.io	Azure Artifacts via CDN
https://*.vsblob.visualstudio.com	Azure DevOps Telemetry for organizations using the dev.azure.com domain
https://*.vssps.visualstudio.com	Azure DevOps Platform Services for organizations using the dev.azure.com domain
https://*.vstmr.visualstudio.com	Azure DevOps Test Management Services for organizations using the dev.azure.com domain
https://app.vssps.visualstudio.com	For organizations using the {organization_name}.visualstudio.com domain
https://dev.azure.com	For organizations using the dev.azure.com domain
https://login.microsoftonline.com	Azure Active Directory sign in
https://management.core.windows.net	Azure Management API's
https://vstsagentpackage.azureedge.net	Agent parcel

To ensure your organization works with any existing firewall or IP restrictions, ensure that dev.azure.com and *dev.azure.com are open and update your allow-listed IPs to include the following IP addresses, based on your IP version. If you're currently allow-listing the thirteen.107.half dozen.183 and 13.107.9.183 IP addresses, exit them in place, as you don't need to remove them.

IPv4 ranges

• 13.107.6.0/24
• 13.107.9.0/24
• thirteen.107.42.0/24
• 13.107.43.0/24

IPv6 ranges

• 2620:1ec:four::/48
• 2620:1ec:a92::/48
• 2620:1ec:21::/48
• 2620:1ec:22::/48

How do I run the agent with cocky-signed certificate?

Run the agent with cocky-signed certificate

How exercise I run the agent behind a web proxy?

Run the agent behind a web proxy

How do I restart the amanuensis

If yous are running the agent interactively, see the restart instructions in Run interactively. If you are running the agent as a systemd service, follow the steps to Stop and and then Starting time the agent.

How do I configure the agent to bypass a web proxy and connect to Azure Pipelines?

If you want the agent to featherbed your proxy and connect to Azure Pipelines direct, then you should configure your web proxy to enable the agent to access the following URLs.

For organizations using the *.visualstudio.com domain:

                https://login.microsoftonline.com https://app.vssps.visualstudio.com  https://{organization_name}.visualstudio.com https://{organization_name}.vsrm.visualstudio.com https://{organization_name}.vstmr.visualstudio.com https://{organization_name}.pkgs.visualstudio.com https://{organization_name}.vssps.visualstudio.com                              

For organizations using the dev.azure.com domain:

                https://dev.azure.com https://*.dev.azure.com https://login.microsoftonline.com https://management.cadre.windows.cyberspace https://vstsagentpackage.azureedge.net https://vssps.dev.azure.com                              

To ensure your arrangement works with any existing firewall or IP restrictions, ensure that dev.azure.com and *dev.azure.com are open and update your allow-listed IPs to include the following IP addresses, based on your IP version. If you're currently allow-listing the xiii.107.6.183 and 13.107.9.183 IP addresses, leave them in place, as you don't need to remove them.

IPv4 ranges

• 13.107.vi.0/24
• thirteen.107.9.0/24
• 13.107.42.0/24
• thirteen.107.43.0/24

IPv6 ranges

• 2620:1ec:4::/48
• 2620:1ec:a92::/48
• 2620:1ec:21::/48
• 2620:1ec:22::/48

Annotation

This procedure enables the agent to bypass a web proxy. Your build pipeline and scripts must nonetheless handle bypassing your web proxy for each chore and tool yous run in your build.

For instance, if you are using a NuGet task, yous must configure your web proxy to support bypassing the URL for the server that hosts the NuGet feed you're using.

Feedback

Submit and view feedback for

trippeverporly.blogspot.com

Source: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-linux

Share this post