Terraform Azure DevOps virtual machine scale set agent module
A getting started, simple standalone example of using the module can be found in the ado-vmss-simple-demo repository.
This Terraform module will create an Azure Virtual Machine Scale Set in Azure and an associated Azure virtual machine scale set agent pool in Azure DevOps.
It is an abstraction over two child modules:
The child modules can be used separately if required.
This brings the functionality together in an all in one module with a number of examples that demonstrate how the module and VMSS can be used within Azure DevOps for self-hosted agents.
The default behaviour is that the VMSS instances will be configured as Docker hosts, but that can be disabled if desired by setting the
vmss_custom_data_script variable to null. Alternatively, supplying a base64 encoded value for vmss_custom_data_data, which overrides the vmss_custom_data_script variable.
Once the Azure DevOps Terraform provider has been updated to use an updated SDK we can use that to replace the workaround of using the Terraform Azure DevOps Scale Set Agent module.
Currently, due to the fact that creating an Agent Pool - Azure virtual machine scale set is currently blocked because the SDK used by the Azure DevOps Terraform Provider does not support the required functionality, this module uses the Terraform shell provider as a workaround. Therefore, it inherits most of the requirements of the Terraform Azure DevOps Scale Set Agent module module, namely:
-
An Azure subscription. Note: you can get started with a Azure free account
-
An Azure DevOps Organization. Note: you can sign up for free in the preceding link.
-
An Azure service connection to the subscription where your Azure Virtual Machine Scale Set is located.
-
An Azure DevOps project.
-
An Azure DevOps Personal Access Token(PAT) created with at least Agent Pools (Read & manage) and Service Connections (Read & query) permissions (some examples will need more extensive permissions)
-
A Linux based system is required to execute this Terraform module, with the following commands installed:
- cat
- curl
- sed
- jq
The Azure DevOps PAT and other required variables need be passed to the Terraform configuration by any standard mechanism, for example:
export AZURE_DEVOPS_EXT_PAT="ckusfcc8ope2soot1yuovmdvlgtfgj9nio2orfwyvv5jsgcnwwga"
export TF_VAR_ado_ext_pat="$AZURE_DEVOPS_EXT_PAT"
Note: The PAT is used for the initial creation of the agent pool and for subsequent Terraform operations. Therefore, it would be advisable to create/use a service account for this rather than a standard user account.
A full example of passing the necessary variables can be seen in the demo_environment/README.md.
provider "azurerm" {
features {}
}
provider "shell" {
sensitive_environment = {
AZURE_DEVOPS_EXT_PAT = var.ado_ext_pat
}
}
data "azurerm_subnet" "agents" {
name = var.vmss_subnet_name
resource_group_name = var.vmss_resource_group_name
virtual_network_name = var.vmss_vnet_name
}
module "terraform-azurerm-vmss-devops-agent" {
source = "tonyskidmore/vmss-devops-agent/azurerm"
version = "0.2.6"
ado_org = var.ado_org
ado_pool_name = var.ado_pool_name
ado_project = var.ado_project
ado_service_connection = var.ado_service_connection
vmss_admin_password = var.vmss_admin_password
vmss_name = var.vmss_name
vmss_resource_group_name = var.vmss_resource_group_name
vmss_subnet_id = data.azurerm_subnet.agents.id
vmss_custom_data_script = var.vmss_custom_data_script
tags = var.tags
}
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ado_dirty | Azure DevOps pool settings are dirty | bool |
false |
no |
| ado_org | Azure DevOps Organization name | string |
n/a | yes |
| ado_pool_auth_all_pipelines | Setting to determine if all pipelines are authorized to use this TaskAgentPool by default (at create only) | string |
"True" |
no |
| ado_pool_auto_provision_projects | Setting to automatically provision TaskAgentQueues in every project for the new pool (at create only) | string |
"True" |
no |
| ado_pool_desired_idle | Number of machines to have ready waiting for jobs | number |
0 |
no |
| ado_pool_desired_size | The desired size of the pool | number |
0 |
no |
| ado_pool_max_capacity | Maximum number of machines that will exist in the elastic pool | number |
2 |
no |
| ado_pool_max_saved_node_count | Keep machines in the pool on failure for investigation | number |
0 |
no |
| ado_pool_name | Azure DevOps agent pool name | string |
"azdo-vmss-pool-001" |
no |
| ado_pool_os_type | Operating system type of the nodes in the pool | string |
"linux" |
no |
| ado_pool_recycle_after_use | Discard machines after each job completes | bool |
false |
no |
| ado_pool_sizing_attempts | The number of sizing attempts executed while trying to achieve a desired size | number |
0 |
no |
| ado_pool_ttl_mins | The minimum time in minutes to keep idle agents alive | number |
15 |
no |
| ado_project | Azure DevOps project name where service connection exists and optionally where pool will only be created | string |
n/a | yes |
| ado_project_only | Only create the agent pool in the Azure DevOps pool specified? (at create only) | string |
"False" |
no |
| ado_service_connection | Azure DevOps azure service connection name | string |
n/a | yes |
| tags | Tags to apply to Azure Virtual Machine Scale | map(string) |
{} |
no |
| vmss_admin_password | Azure Virtual Machine Scale Set instance administrator password | string |
null |
no |
| vmss_admin_username | Azure Virtual Machine Scale Set instance administrator name | string |
"adminuser" |
no |
| vmss_custom_data_data | The base64 encoded data to use as custom data for the VMSS instances | string |
null |
no |
| vmss_custom_data_script | The path to the script that will be base64 encoded custom data for the VMSS instances | string |
"scripts/cloud-init/cloud-init" |
no |
| vmss_data_disks | Additional data disks | list(object({ |
[] |
no |
| vmss_disk_size_gb | The Size of the Internal OS Disk in GB, if you wish to vary from the size used in the image this Virtual Machine Scale Set is sourced from | number |
null |
no |
| vmss_encryption_at_host_enabled | Should all of the disks (including the temp disk) attached to this Virtual Machine be encrypted by enabling Encryption at Host? | bool |
false |
no |
| vmss_identity_ids | Specifies a list of User Assigned Managed Identity IDs to be assigned to this Linux Virtual Machine Scale Set | list(string) |
null |
no |
| vmss_identity_type | Specifies the type of Managed Service Identity that should be configured on this Linux Virtual Machine Scale Set | string |
null |
no |
| vmss_instances | Azure Virtual Machine Scale Set number of instances | number |
0 |
no |
| vmss_load_balancer_backend_address_pool_ids | A list of Backend Address Pools IDs from a Load Balancer which this Virtual Machine Scale Set should be connected to | list(string) |
null |
no |
| vmss_location | Existing resource group name of where the VMSS will be created | string |
"uksouth" |
no |
| vmss_name | Azure Virtual Machine Scale Set name | string |
"azdo-vmss-pool-001" |
no |
| vmss_os | Whether to process the Linux Virtual Machine Scale Set resource | string |
"linux" |
no |
| vmss_os_disk_caching | The Type of Caching which should be used for the Internal OS Disk | string |
"ReadOnly" |
no |
| vmss_os_disk_storage_account_type | The Type of Storage Account which should back this the Internal OS Disk | string |
"StandardSSD_LRS" |
no |
| vmss_resource_group_name | Existing resource group name of where the VMSS will be created | string |
n/a | yes |
| vmss_resource_prefix | Prefix to apply to VMSS resources | string |
"vmss" |
no |
| vmss_se_enabled | Whether to process the Linux Virtual Machine Scale Set extension resource | bool |
false |
no |
| vmss_se_settings_data | The base64 encoded data to use as the script for the VMSS custom script extension | string |
null |
no |
| vmss_se_settings_script | The path of the file to use as the script for the VMSS custom script extension | string |
"scripts/vmss-startup.sh" |
no |
| vmss_sku | Azure Virtual Machine Scale Set SKU | string |
"Standard_B2s" |
no |
| vmss_source_image_id | Azure Virtual Machine Scale Set Image ID | string |
null |
no |
| vmss_source_image_offer | Azure Virtual Machine Scale Set Source Image Offer | string |
"0001-com-ubuntu-server-focal" |
no |
| vmss_source_image_publisher | Azure Virtual Machine Scale Set Source Image Publisher | string |
"Canonical" |
no |
| vmss_source_image_sku | Azure Virtual Machine Scale Set Source Image SKU | string |
"20_04-lts" |
no |
| vmss_source_image_version | Azure Virtual Machine Scale Set Source Image Version | string |
"latest" |
no |
| vmss_ssh_public_key | Public key to use for SSH access to VMs | string |
"" |
no |
| vmss_storage_account_uri | VMSS boot diagnostics storage account URI | string |
null |
no |
| vmss_subnet_id | Existing subnet ID of where the VMSS will be connected | string |
n/a | yes |
| vmss_user_data | The base64 encoded data to use as user data for the VMSS instances | string |
null |
no |
| vmss_zones | A collection of availability zones to spread the Virtual Machines over | list(string) |
[] |
no |
| Name | Description |
|---|---|
| ado_vmss_pool_output | Azure DevOps VMSS Agent Pool output |
| vmss_id | Virtual Machine Scale Set ID |
| vmss_system_assigned_identity_id | Virtual Machine Scale Set SystemAssigned Identity |
| vmss_user_assigned_identity_ids | Virtual Machine Scale Set UserAssigned Identities |
No providers.
- Running a
terrform destroywhile pipelines are running will result in an error. If pipelines are expected to be running then it is best to disable agents and then run the destroy. Although, re-running the destroy should subsequently work after an error when pipelines are not running.