Azure DevOps Pipelines - Scale Set Agents: Installing Docker
We've recently reconfigured our build process to run entirely in containers, and we're now looking to migrate away from on-premise build agents to using agents in an Azure Scale Set.
We want to avoid having to maintain our own VM images for the Azure Scale Set, and have opted to use the default Ubuntu 18.04 LTS image which is available in Azure.
This image does not include Docker, so we've configured the Azure Scale Set to use a cloud-config script which will install Docker when the VM first boots:
#cloud-config
apt:
sources:
docker.list:
source: deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE stable
keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
packages:
- docker-ce
- docker-ce-cli
groups:
- docker
This seems to work well, but sometimes the build jobs fail:
Starting: Initialize containers
/usr/bin/docker version --format '{{.Server.APIVersion}}'
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
'
##[error]Exit code 1 returned from process: file name '/usr/bin/docker', arguments 'version --format '{{.Server.APIVersion}}''.
Finishing: Initialize containers
It looks like either the cloud-init script failed, or the Azure DevOps agent started on the VM before the cloud-init script completed.
So far, I've seen the following scenarios:
- Provisioning a new VM works fine, and the jobs run correctly
- The first few jobs fail on a newly provisioned VM, and then run correctly. (Perhaps because the cloud-init script ran in parallel with Azure DevOps extension which deploys the agent to the VM, and you have a race condition?)
- All jobs fail, even after say 30 minutes. Sometimes reimagining the VM helps, sometimes it does not.
Does anyone have a similar setup? Does it work properly? If not, what are alternative ways to deploy Docker to the VMs before the VM runs a container job?
When you configure Azure DevOps agent pool to use an Azure Scale Set to provision build machines, the Microsoft.Azure.DevOps.Pipelines.Agent/TeamServicesAgentLinux extension is automatically added to your scale set.
This extension is responsible for installing the Azure DevOps agent on your VMs and adding it to your agent pool.
The extension runs when the VM boots, at about the same time as the cloud-init script. This can cause race conditions.
To work around this, add a bootcmd script to your cloud-config script which forces the walinuxagent agent service (which will launch the Azure DevOps extension) after the cloud-config script, like this:
#cloud-config
bootcmd:
- mkdir -p /etc/systemd/system/walinuxagent.service.d
- echo "[Unit]\nAfter=cloud-final.service" > /etc/systemd/system/walinuxagent.service.d/override.conf
- sed "s/After=multi-user.target//g" /lib/systemd/system/cloud-final.service > /etc/systemd/system/cloud-final.service
- systemctl daemon-reload
apt:
sources:
docker.list:
source: deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE stable
keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
packages:
- docker-ce
- docker-ce-cli
groups:
- docker
This allows you to create an Azure DevOps scale set agent pool which uses the standard Ubuntu 18.04 image, and installs docker on top of that image.
See https://github.com/microsoft/azure-pipelines-agent/issues/2866 and https://github.com/Azure/WALinuxAgent/issues/1938#issuecomment-657293920 for more background.
While you're at it, you may also want to mount /agent on the resource disk of your VM, which typically has better performance than the OS disk. You can add this to your cloud-init script to do so:
disk_setup:
ephemeral0:
table_type: gpt
layout: [66, [33,82]]
overwrite: true
fs_setup:
- device: ephemeral0.1
filesystem: ext4
mounts:
- ["ephemeral0.1", "/agent"]
- ADO YAML Pipelines | How to get secret variable from a variable group based on the value of another variable
- Azure Devops - Get release definitions by agent pool ID
- Azure Pipelines using YAML for multiple environments (stages) with different variable values but no YAML duplication
- How to specify which version of nuget.exe to use with self-hosted agent in Azure DevOps?
- Login failed for user '<token-identified principal>' while authorizing to SQL Server via Service Principal from AAD group assigned
- Access Azure DevOps Pipeline Artifacts from different organization
- Initiate Azure DevOps Release Pipeline from Logic App and Retrieve Environment Variable Output from the pipeline
- Is it necessary to switch from the Hosted XML to the Inheritance Process Model after a migration
- Why is Azure Pipelines installing the wrong .NET SDK version (according to global.json)
- Azure pipeline does't allow to git push throwing 'GenericContribute' permission is needed
- Azure Devops - How to START one stage before parallel stages?
- Dynamically populate DependsOn in Azure DevOps Yaml job
- Issue with AzurePowerShell@5 task: 'The term 'pwsh.exe' is not recognized as the name of a cmdlet, function, script file, or operable program."
- Azure Devops pipeline, git authentication only works with -c http.extraheader
- How to find the associated pipeline in Azure DevOps from a given yaml file?
- Error Deploying Apps on K8 on-Prem Cluster using Azure Devops CI/CD pipeline
- Git Fetch command not fetching latest changes from Azure DevOps repo
- Post-Job taking a long time in Azure DevOps Pipelines
- How to install private python package from Azure Artifact feed via CLI
- Add environment to Pipeline stuck in "connecting to server"
- Azure DevOps yaml pipeline: Using output variables in conditions does not evaluate correctly
- NuGetCommand@2 in Azure Devops Pipeline is unable to get Azure Artifacts feed
- I am having issues with docker compose task in azure pipeline
- Field Automation Based On Date Field
- Grant Azure Devops ARM Service Connection access to Key Vault
- Azure DevOps Pipelines: Environment Variables Not Available in dotnet test Command
- Terraform source error - Error: Failed to query available provider packages
- Run jobs in `each` expression run in sequence in Azure Devops
- Azure Pipeline not triggered by changes to other than self repository
- Azure cli cant connect due to Invalid client secret provided