public async Task <TaskAgent> UpdateAgentAsync(int poolId, TaskAgent agent, CommandSettings command)
{
agent = await _agentServer.UpdateAgentAsync(poolId, agent);
await GetAndAddTags(agent, command);
return(agent);
}
public Task <TaskAgent> UpdateAgentAsync(AgentSettings agentSettings, TaskAgent agent, CommandSettings command)
{
return(_agentServer.UpdateAgentAsync(agentSettings.PoolId, agent));
}
public async Task ConfigureAsync(CommandSettings command)
{
Trace.Info(nameof(ConfigureAsync));
if (IsConfigured())
{
throw new InvalidOperationException(StringUtil.Loc("AlreadyConfiguredError"));
}
// TEE EULA
bool acceptTeeEula = false;
switch (Constants.Agent.Platform)
{
case Constants.OSPlatform.OSX:
case Constants.OSPlatform.Linux:
// Write the section header.
WriteSection(StringUtil.Loc("EulasSectionHeader"));
// Verify the EULA exists on disk in the expected location.
string eulaFile = Path.Combine(IOUtil.GetExternalsPath(), Constants.Path.TeeDirectory, "license.html");
ArgUtil.File(eulaFile, nameof(eulaFile));
// Write elaborate verbiage about the TEE EULA.
_term.WriteLine(StringUtil.Loc("TeeEula", eulaFile));
_term.WriteLine();
// Prompt to acccept the TEE EULA.
acceptTeeEula = command.GetAcceptTeeEula();
break;
case Constants.OSPlatform.Windows:
break;
default:
throw new NotSupportedException();
}
// TODO: Check if its running with elevated permission and stop early if its not
// Loop getting url and creds until you can connect
string serverUrl = null;
ICredentialProvider credProvider = null;
WriteSection(StringUtil.Loc("ConnectSectionHeader"));
while (true)
{
// Get the URL
serverUrl = command.GetUrl();
// Get the credentials
credProvider = GetCredentialProvider(command, serverUrl);
VssCredentials creds = credProvider.GetVssCredentials(HostContext);
Trace.Info("cred retrieved");
try
{
// Validate can connect.
await TestConnectAsync(serverUrl, creds);
Trace.Info("Connect complete.");
break;
}
catch (Exception e) when(!command.Unattended)
{
_term.WriteError(e);
_term.WriteError(StringUtil.Loc("FailedToConnect"));
// TODO: If the connection fails, shouldn't the URL/creds be cleared from the command line parser? Otherwise retry may be immediately attempted using the same values without prompting the user for new values. The same general problem applies to every retry loop during configure.
}
}
// We want to use the native CSP of the platform for storage, so we use the RSACSP directly
RSAParameters publicKey;
var keyManager = HostContext.GetService <IRSAKeyManager>();
using (var rsa = keyManager.CreateKey())
{
publicKey = rsa.ExportParameters(false);
}
// Loop getting agent name and pool
string poolName = null;
int poolId = 0;
string agentName = null;
WriteSection(StringUtil.Loc("RegisterAgentSectionHeader"));
while (true)
{
poolName = command.GetPool();
try
{
poolId = await GetPoolId(poolName);
}
catch (Exception e) when(!command.Unattended)
{
_term.WriteError(e);
}
if (poolId > 0)
{
break;
}
_term.WriteError(StringUtil.Loc("FailedToFindPool"));
}
TaskAgent agent;
while (true)
{
agentName = command.GetAgentName();
// Get the system capabilities.
// TODO: Hook up to ctrl+c cancellation token.
_term.WriteLine(StringUtil.Loc("ScanToolCapabilities"));
Dictionary <string, string> systemCapabilities = await HostContext.GetService <ICapabilitiesManager>().GetCapabilitiesAsync(
new AgentSettings {
AgentName = agentName
}, CancellationToken.None);
_term.WriteLine(StringUtil.Loc("ConnectToServer"));
agent = await GetAgent(agentName, poolId);
if (agent != null)
{
if (command.GetReplace())
{
agent.Authorization = new TaskAgentAuthorization
{
PublicKey = new TaskAgentPublicKey(publicKey.Exponent, publicKey.Modulus),
};
// update - update instead of delete so we don't lose user capabilities etc...
agent.Version = Constants.Agent.Version;
foreach (KeyValuePair <string, string> capability in systemCapabilities)
{
agent.SystemCapabilities[capability.Key] = capability.Value ?? string.Empty;
}
try
{
agent = await _agentServer.UpdateAgentAsync(poolId, agent);
_term.WriteLine(StringUtil.Loc("AgentReplaced"));
break;
}
catch (Exception e) when(!command.Unattended)
{
_term.WriteError(e);
_term.WriteError(StringUtil.Loc("FailedToReplaceAgent"));
}
}
else
{
// TODO: ?
}
}
else
{
agent = new TaskAgent(agentName)
{
Authorization = new TaskAgentAuthorization
{
PublicKey = new TaskAgentPublicKey(publicKey.Exponent, publicKey.Modulus),
},
MaxParallelism = 1,
Version = Constants.Agent.Version
};
foreach (KeyValuePair <string, string> capability in systemCapabilities)
{
agent.SystemCapabilities[capability.Key] = capability.Value ?? string.Empty;
}
try
{
agent = await _agentServer.AddAgentAsync(poolId, agent);
_term.WriteLine(StringUtil.Loc("AgentAddedSuccessfully"));
break;
}
catch (Exception e) when(!command.Unattended)
{
_term.WriteError(e);
_term.WriteError(StringUtil.Loc("AddAgentFailed"));
}
}
}
// See if the server supports our OAuth key exchange for credentials
if (agent.Authorization != null &&
agent.Authorization.ClientId != Guid.Empty &&
agent.Authorization.AuthorizationUrl != null)
{
var credentialData = new CredentialData
{
Scheme = Constants.Configuration.OAuth,
Data =
{
{ "clientId", agent.Authorization.ClientId.ToString("D") },
{ "authorizationUrl", agent.Authorization.AuthorizationUrl.AbsoluteUri },
},
};
// Save the negotiated OAuth credential data
_store.SaveCredential(credentialData);
}
else
{
// Save the provided admin credential data for compat with existing agent
_store.SaveCredential(credProvider.CredentialData);
}
// Testing agent connection, detect any protential connection issue, like local clock skew that cause OAuth token expired.
_term.WriteLine(StringUtil.Loc("TestAgentConnection"));
var credMgr = HostContext.GetService <ICredentialManager>();
VssCredentials credential = credMgr.LoadCredentials();
VssConnection conn = ApiUtil.CreateConnection(new Uri(serverUrl), credential);
var agentSvr = HostContext.GetService <IAgentServer>();
try
{
await agentSvr.ConnectAsync(conn);
}
catch (VssOAuthTokenRequestException ex) when(ex.Message.Contains("Current server time is"))
{
// there are two exception messages server send that indicate clock skew.
// 1. The bearer token expired on {jwt.ValidTo}. Current server time is {DateTime.UtcNow}.
// 2. The bearer token is not valid until {jwt.ValidFrom}. Current server time is {DateTime.UtcNow}.
Trace.Error("Catch exception during test agent connection.");
Trace.Error(ex);
throw new Exception(StringUtil.Loc("LocalClockSkewed"));
}
// We will Combine() what's stored with root. Defaults to string a relative path
string workFolder = command.GetWork();
string notificationPipeName = command.GetNotificationPipeName();
// Get Agent settings
var settings = new AgentSettings
{
AcceptTeeEula = acceptTeeEula,
AgentId = agent.Id,
AgentName = agentName,
NotificationPipeName = notificationPipeName,
PoolId = poolId,
PoolName = poolName,
ServerUrl = serverUrl,
WorkFolder = workFolder,
};
_store.SaveSettings(settings);
_term.WriteLine(StringUtil.Loc("SavedSettings", DateTime.UtcNow));
bool runAsService = false;
if (Constants.Agent.Platform == Constants.OSPlatform.Windows)
{
runAsService = command.GetRunAsService();
if (runAsService)
{
if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator))
{
Trace.Error("Needs Administrator privileges for configure agent as windows service.");
throw new SecurityException(StringUtil.Loc("NeedAdminForConfigAgentWinService"));
}
}
}
var serviceControlManager = HostContext.GetService <IServiceControlManager>();
serviceControlManager.GenerateScripts(settings);
bool successfullyConfigured = false;
if (runAsService)
{
Trace.Info("Configuring to run the agent as service");
successfullyConfigured = serviceControlManager.ConfigureService(settings, command);
}
if (runAsService && successfullyConfigured)
{
Trace.Info("Configuration was successful, trying to start the service");
serviceControlManager.StartService();
}
}
public Task <TaskAgent> UpdateAgentAsync(int poolId, TaskAgent agent)
{
return(_agentServer.UpdateAgentAsync(poolId, agent));
}
public async Task ConfigureAsync(CommandSettings command)
{
Trace.Info(nameof(ConfigureAsync));
if (IsConfigured())
{
throw new InvalidOperationException(StringUtil.Loc("AlreadyConfiguredError"));
}
// TEE EULA
bool acceptTeeEula = false;
switch (Constants.Agent.Platform)
{
case Constants.OSPlatform.OSX:
case Constants.OSPlatform.Linux:
// Write the section header.
WriteSection(StringUtil.Loc("EulasSectionHeader"));
// Verify the EULA exists on disk in the expected location.
string eulaFile = Path.Combine(IOUtil.GetExternalsPath(), Constants.Path.TeeDirectory, "license.html");
ArgUtil.File(eulaFile, nameof(eulaFile));
// Write elaborate verbiage about the TEE EULA.
_term.WriteLine(StringUtil.Loc("TeeEula", eulaFile));
_term.WriteLine();
// Prompt to acccept the TEE EULA.
acceptTeeEula = command.GetAcceptTeeEula();
break;
case Constants.OSPlatform.Windows:
break;
default:
throw new NotSupportedException();
}
// TODO: Check if its running with elevated permission and stop early if its not
// Loop getting url and creds until you can connect
string serverUrl = null;
ICredentialProvider credProvider = null;
WriteSection(StringUtil.Loc("ConnectSectionHeader"));
while (true)
{
// Get the URL
serverUrl = command.GetUrl();
// Get the credentials
credProvider = GetCredentialProvider(command, serverUrl);
VssCredentials creds = credProvider.GetVssCredentials(HostContext);
Trace.Info("cred retrieved");
try
{
// Validate can connect.
await TestConnectAsync(serverUrl, creds);
Trace.Info("Connect complete.");
break;
}
catch (Exception e) when(!command.Unattended)
{
_term.WriteError(e);
_term.WriteError(StringUtil.Loc("FailedToConnect"));
}
}
// We want to use the native CSP of the platform for storage, so we use the RSACSP directly
RSAParameters publicKey;
var keyManager = HostContext.GetService <IRSAKeyManager>();
using (var rsa = keyManager.CreateKey())
{
publicKey = rsa.ExportParameters(false);
}
// Loop getting agent name and pool name
string poolName = null;
int poolId = 0;
string agentName = null;
WriteSection(StringUtil.Loc("RegisterAgentSectionHeader"));
while (true)
{
poolName = command.GetPool();
try
{
poolId = await GetPoolId(poolName);
Trace.Info($"PoolId for agent pool '{poolName}' is '{poolId}'.");
break;
}
catch (Exception e) when(!command.Unattended)
{
_term.WriteError(e);
_term.WriteError(StringUtil.Loc("FailedToFindPool"));
}
}
TaskAgent agent;
while (true)
{
agentName = command.GetAgentName();
// Get the system capabilities.
// TODO: Hook up to ctrl+c cancellation token.
_term.WriteLine(StringUtil.Loc("ScanToolCapabilities"));
Dictionary <string, string> systemCapabilities = await HostContext.GetService <ICapabilitiesManager>().GetCapabilitiesAsync(
new AgentSettings {
AgentName = agentName
}, CancellationToken.None);
_term.WriteLine(StringUtil.Loc("ConnectToServer"));
agent = await GetAgent(agentName, poolId);
if (agent != null)
{
if (command.GetReplace())
{
// Update existing agent with new PublicKey, agent version and SystemCapabilities.
agent = UpdateExistingAgent(agent, publicKey, systemCapabilities);
try
{
agent = await _agentServer.UpdateAgentAsync(poolId, agent);
_term.WriteLine(StringUtil.Loc("AgentReplaced"));
break;
}
catch (Exception e) when(!command.Unattended)
{
_term.WriteError(e);
_term.WriteError(StringUtil.Loc("FailedToReplaceAgent"));
}
}
else if (command.Unattended)
{
// if not replace and it is unattended config.
throw new TaskAgentExistsException(StringUtil.Loc("AgentWithSameNameAlreadyExistInPool", poolId, agentName));
}
}
else
{
// Create a new agent.
agent = CreateNewAgent(agentName, publicKey, systemCapabilities);
try
{
agent = await _agentServer.AddAgentAsync(poolId, agent);
_term.WriteLine(StringUtil.Loc("AgentAddedSuccessfully"));
break;
}
catch (Exception e) when(!command.Unattended)
{
_term.WriteError(e);
_term.WriteError(StringUtil.Loc("AddAgentFailed"));
}
}
}
// respect the serverUrl resolve by server.
// in case of agent configured using collection url instead of account url.
string agentServerUrl;
if (agent.Properties.TryGetValidatedValue <string>("ServerUrl", out agentServerUrl) &&
!string.IsNullOrEmpty(agentServerUrl))
{
Trace.Info($"Agent server url resolve by server: '{agentServerUrl}'.");
// we need make sure the Host component of the url remain the same.
UriBuilder inputServerUrl = new UriBuilder(serverUrl);
UriBuilder serverReturnedServerUrl = new UriBuilder(agentServerUrl);
if (Uri.Compare(inputServerUrl.Uri, serverReturnedServerUrl.Uri, UriComponents.Host, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) != 0)
{
inputServerUrl.Path = serverReturnedServerUrl.Path;
Trace.Info($"Replace server returned url's host component with user input server url's host: '{inputServerUrl.Uri.AbsoluteUri}'.");
serverUrl = inputServerUrl.Uri.AbsoluteUri;
}
else
{
serverUrl = agentServerUrl;
}
}
// See if the server supports our OAuth key exchange for credentials
if (agent.Authorization != null &&
agent.Authorization.ClientId != Guid.Empty &&
agent.Authorization.AuthorizationUrl != null)
{
var credentialData = new CredentialData
{
Scheme = Constants.Configuration.OAuth,
Data =
{
{ "clientId", agent.Authorization.ClientId.ToString("D") },
{ "authorizationUrl", agent.Authorization.AuthorizationUrl.AbsoluteUri },
},
};
// Save the negotiated OAuth credential data
_store.SaveCredential(credentialData);
}
else
{
// Save the provided admin credential data for compat with existing agent
_store.SaveCredential(credProvider.CredentialData);
}
// Testing agent connection, detect any protential connection issue, like local clock skew that cause OAuth token expired.
_term.WriteLine(StringUtil.Loc("TestAgentConnection"));
var credMgr = HostContext.GetService <ICredentialManager>();
VssCredentials credential = credMgr.LoadCredentials();
VssConnection conn = ApiUtil.CreateConnection(new Uri(serverUrl), credential);
var agentSvr = HostContext.GetService <IAgentServer>();
try
{
await agentSvr.ConnectAsync(conn);
}
catch (VssOAuthTokenRequestException ex) when(ex.Message.Contains("Current server time is"))
{
// there are two exception messages server send that indicate clock skew.
// 1. The bearer token expired on {jwt.ValidTo}. Current server time is {DateTime.UtcNow}.
// 2. The bearer token is not valid until {jwt.ValidFrom}. Current server time is {DateTime.UtcNow}.
Trace.Error("Catch exception during test agent connection.");
Trace.Error(ex);
throw new Exception(StringUtil.Loc("LocalClockSkewed"));
}
// We will Combine() what's stored with root. Defaults to string a relative path
string workFolder = command.GetWork();
// notificationPipeName for Hosted agent provisioner.
string notificationPipeName = command.GetNotificationPipeName();
// Get Agent settings
var settings = new AgentSettings
{
AcceptTeeEula = acceptTeeEula,
AgentId = agent.Id,
AgentName = agentName,
NotificationPipeName = notificationPipeName,
PoolId = poolId,
PoolName = poolName,
ServerUrl = serverUrl,
WorkFolder = workFolder,
};
_store.SaveSettings(settings);
_term.WriteLine(StringUtil.Loc("SavedSettings", DateTime.UtcNow));
#if OS_WINDOWS
// config windows service as part of configuration
bool runAsService = command.GetRunAsService();
if (!runAsService)
{
return;
}
else
{
if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator))
{
Trace.Error("Needs Administrator privileges for configure agent as windows service.");
throw new SecurityException(StringUtil.Loc("NeedAdminForConfigAgentWinService"));
}
Trace.Info("Configuring to run the agent as service");
var serviceControlManager = HostContext.GetService <IWindowsServiceControlManager>();
serviceControlManager.ConfigureService(settings, command);
}
#elif OS_LINUX || OS_OSX
// generate service config script for OSX and Linux, GenerateScripts() will no-opt on windows.
var serviceControlManager = HostContext.GetService <ILinuxServiceControlManager>();
serviceControlManager.GenerateScripts(settings);
#endif
}
public Task <TaskAgent> UpdateAgentAsync(AgentSettings agentSettings, TaskAgent agent, CommandSettings command)
{
ArgUtil.NotNull(agentSettings, nameof(agentSettings));
return(_agentServer.UpdateAgentAsync(agentSettings.PoolId, agent));
}
private async Task <TaskAgent> UpdateAgent(int poolId, TaskAgent agent)
{
TaskAgent created = await _agentServer.UpdateAgentAsync(poolId, agent);
return(created);
}
public async Task ConfigureAsync(CommandSettings command)
{
Trace.Info(nameof(ConfigureAsync));
if (IsConfigured())
{
throw new InvalidOperationException(StringUtil.Loc("AlreadyConfiguredError"));
}
// TEE EULA
bool acceptTeeEula = false;
switch (Constants.Agent.Platform)
{
case Constants.OSPlatform.OSX:
case Constants.OSPlatform.Linux:
// Write the section header.
WriteSection(StringUtil.Loc("EulasSectionHeader"));
// Verify the EULA exists on disk in the expected location.
string eulaFile = Path.Combine(IOUtil.GetExternalsPath(), Constants.Path.TeeDirectory, "license.html");
ArgUtil.File(eulaFile, nameof(eulaFile));
// Write elaborate verbiage about the TEE EULA.
_term.WriteLine(StringUtil.Loc("TeeEula", eulaFile));
_term.WriteLine();
// Prompt to acccept the TEE EULA.
acceptTeeEula = command.GetAcceptTeeEula();
break;
case Constants.OSPlatform.Windows:
break;
default:
throw new NotSupportedException();
}
// TODO: Check if its running with elevated permission and stop early if its not
// Loop getting url and creds until you can connect
string serverUrl = null;
ICredentialProvider credProvider = null;
WriteSection(StringUtil.Loc("ConnectSectionHeader"));
while (true)
{
// Get the URL
serverUrl = command.GetUrl();
// Get the credentials
credProvider = GetCredentialProvider(command, serverUrl);
VssCredentials creds = credProvider.GetVssCredentials(HostContext);
Trace.Info("cred retrieved");
try
{
// Validate can connect.
await TestConnectAsync(serverUrl, creds);
Trace.Info("Connect complete.");
break;
}
catch (Exception e) when(!command.Unattended)
{
_term.WriteError(e);
_term.WriteError(StringUtil.Loc("FailedToConnect"));
// TODO: If the connection fails, shouldn't the URL/creds be cleared from the command line parser? Otherwise retry may be immediately attempted using the same values without prompting the user for new values. The same general problem applies to every retry loop during configure.
}
}
_term.WriteLine(StringUtil.Loc("SavingCredential"));
Trace.Verbose("Saving credential");
_store.SaveCredential(credProvider.CredentialData);
// Loop getting agent name and pool
string poolName = null;
int poolId = 0;
string agentName = null;
WriteSection(StringUtil.Loc("RegisterAgentSectionHeader"));
while (true)
{
poolName = command.GetPool();
try
{
poolId = await GetPoolId(poolName);
}
catch (Exception e) when(!command.Unattended)
{
_term.WriteError(e);
}
if (poolId > 0)
{
break;
}
_term.WriteError(StringUtil.Loc("FailedToFindPool"));
}
TaskAgent agent;
while (true)
{
agentName = command.GetAgent();
// Get the system capabilities.
// TODO: Hook up to ctrl+c cancellation token.
// TODO: LOC
_term.WriteLine("Scanning for tool capabilities.");
Dictionary <string, string> systemCapabilities = await HostContext.GetService <ICapabilitiesManager>().GetCapabilitiesAsync(
new AgentSettings {
AgentName = agentName
}, CancellationToken.None);
// TODO: LOC
_term.WriteLine("Connecting to the server.");
agent = await GetAgent(agentName, poolId);
if (agent != null)
{
if (command.GetReplace())
{
// update - update instead of delete so we don't lose user capabilities etc...
agent.Version = Constants.Agent.Version;
foreach (KeyValuePair <string, string> capability in systemCapabilities)
{
agent.SystemCapabilities[capability.Key] = capability.Value ?? string.Empty;
}
try
{
agent = await _agentServer.UpdateAgentAsync(poolId, agent);
_term.WriteLine(StringUtil.Loc("AgentReplaced"));
break;
}
catch (Exception e) when(!command.Unattended)
{
_term.WriteError(e);
_term.WriteError(StringUtil.Loc("FailedToReplaceAgent"));
}
}
else
{
// TODO: ?
}
}
else
{
agent = new TaskAgent(agentName)
{
MaxParallelism = 1,
Version = Constants.Agent.Version
};
foreach (KeyValuePair <string, string> capability in systemCapabilities)
{
agent.SystemCapabilities[capability.Key] = capability.Value ?? string.Empty;
}
try
{
agent = await _agentServer.AddAgentAsync(poolId, agent);
_term.WriteLine(StringUtil.Loc("AgentAddedSuccessfully"));
break;
}
catch (Exception e) when(!command.Unattended)
{
_term.WriteError(e);
_term.WriteError(StringUtil.Loc("AddAgentFailed"));
}
}
}
// We will Combine() what's stored with root. Defaults to string a relative path
string workFolder = command.GetWork();
// Get Agent settings
var settings = new AgentSettings
{
AcceptTeeEula = acceptTeeEula,
AgentId = agent.Id,
ServerUrl = serverUrl,
AgentName = agentName,
PoolName = poolName,
PoolId = poolId,
WorkFolder = workFolder,
};
_store.SaveSettings(settings);
_term.WriteLine(StringUtil.Loc("SavedSettings", DateTime.UtcNow));
bool runAsService = command.GetRunAsService();
var serviceControlManager = HostContext.GetService <IServiceControlManager>();
bool successfullyConfigured = false;
if (runAsService)
{
Trace.Info("Configuring to run the agent as service");
successfullyConfigured = serviceControlManager.ConfigureService(settings, command);
}
// chown/chmod the _diag and settings files to the current user, if we started with sudo.
// Also if we started with sudo, the _diag will be owned by root. Change this to current login user
if (Constants.Agent.Platform == Constants.OSPlatform.Linux ||
Constants.Agent.Platform == Constants.OSPlatform.OSX)
{
string uidValue = Environment.GetEnvironmentVariable("SUDO_UID");
string gidValue = Environment.GetEnvironmentVariable("SUDO_GID");
if (!string.IsNullOrEmpty(uidValue) && !string.IsNullOrEmpty(gidValue))
{
var filesToChange = new Dictionary <string, string>
{
{ IOUtil.GetDiagPath(), "775" },
{ IOUtil.GetConfigFilePath(), "770" },
{ IOUtil.GetCredFilePath(), "770" },
};
var unixUtil = HostContext.CreateService <IUnixUtil>();
foreach (var file in filesToChange)
{
await unixUtil.Chown(uidValue, gidValue, file.Key);
await unixUtil.Chmod(file.Value, file.Key);
}
}
}
if (runAsService && successfullyConfigured)
{
Trace.Info("Configuration was successful, trying to start the service");
serviceControlManager.StartService();
}
}