Hi
We are using hosted Azure DevOps and an on-premises Octopus Deploy instance, and I am struggling with my Operations team to allow inbound connections to Octopus Deploy. Is there any way to connect Azure DevOps and Octopus Deploy without opening up ports?
Hi,
The best way to achieve this would be to install a Self-Hosted Azure DevOps Agent. There is a great document on how to do this on the Microsoft website on https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows?view=azure-devops.
We’d recommend running through the installation and a configuration on a server locally on your network and install any dependencies on the server such as MSBuild etc…
The caveat here is that you will need to ensure the server hosting the agent has outbound connectivity to connect to the following URLs:
https://dev.azure.com
https://*.dev.azure.com
https://login.microsoftonline.com
https://management.core.windows.net
If you need to go through a Proxy server, then configure it in line with https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/proxy?view=azure-devops&tabs=windows.
Once you have configured the agent with your dependencies, you can register it in Azure DevOps in the default pool, or as an “On-Premises” Pool or similar. I configured an example for you, and you can see it below:
If you then click in to to the On-Premises Agent, you should see your agent as connected and Online.
Once this is in place, you will need to update the location of your job to run on the On-Premises Agent/Agent Pool. To do this, browse to the Project, Select Pipelines, then select your Pipeline and select Edit.
From the Pipeline section under Tasks, select the correct Agent Pool, and then run your Pipeline, and the process should run on your On-Premises agent as below:
One thing to be aware of, make sure that under the section “Agent Job 1” step, to select inherit from the Pipeline, so that it uses the same agent for the entire step.
Run the Pipeline on the agent and ensure it works successfully, and you may need to install additional dependencies if there are any errors.
This approach will run your agent on your On-Premises server and allow you to push packages and use the Octopus Azure DevOps extension to create a release, deploy a release, etc… from inside your local network without having to open up any network ports to the Public Internet.
Please let me know how you get on.
Thanks
Hi Derek,
Where do you configure this setting? In IE? In the Octopus Server?
Hi @Quads71,
In this example, I’m talking about how you will need to open the above url’s for outbound connectivity. You would need to ensure that your hosted build agent can connect to these servers meaning via a proxy or ensuring outbound connectivity. I’d recommend raising this with your network operations team to ensure it has this outbound connectivity in place.
Please let me know if I can help further,
Derek
Thank you Derek for responding, so in our case Octopus does have access to all environments. per your comment
If I understand this as long as Octopus has access to the deployment servers ADO Services just needs access to Octopus.
The problem that I’m having is I setup the service connections in ADO Services and the drop down are all empty. But the agent pools are set and waiting.
if the outbound connectivity is enabled in Octopus are you stating I will be able to see the drop down values?
Hi @Quads71,
Have you set up the Service Connection to Octopus from your Azure DevOps instance?
You should be able to configure this using: Service connections in Azure Pipelines - Azure Pipelines | Microsoft Docs as long as you select Octopus. Further reading on: Using the Octopus extension - Octopus Deploy
Once it’s been set up, you will need to approve the Service Connection on the first run!
Let me know how you get on,
Derek
If you are referring to the service connection to Octopus yes
Just to test for now I just type in the values for Space, Project Group, Project and Channel as the drop down is not being populated.
This is the part that I’m trying to figure out how ADO can read this from Octopus so I will be able to select a value instead of typing it in because per my understanding it will be an ID and not a text value. For example is the visible text is APP in the Project I need to enter the equivalent Project ID for it to make it work.
Yes the service connection is setup and I was able to test connectivity by deploying but I need to enter all the values manually. In your example I only see the compiling of the build are you able to auto populate the fields when creating a release pipeline calling Octopus? This is the part I’m struggling on what to tell our IT folks to open.
