- Macos Service Battery
- Self Service For Macos Pc
- Self Service For Macos Windows 7
- Self Service For Mobile Web Portal
- Dash For Macos
Azure Pipelines | Azure DevOps Server 2019 | TFS 2018 | TFS 2017 | TFS 2015
Note
Oct 21, 2015 Description: Mac Self Service is the future of Mac support at The University of Adelaide. Find the most popular apps, University licenced software and updates for your Mac in one convenient location. Self Service (macOS and iOS) Service Overview Self Service is an app pre-installed on all University owned and managed Macs that allows easy access to licensed or free software, printers, scripts, and various other services for your Mac. Download the 'ZuluDesk Self Service' package (v2.2, released 2020-02-17) In ZuluDesk, go to Apps and click on 'Add In-House macOS Package' Upload the package you've just downloaded; How to distribute the ZuluDesk Self Service app. In ZuluDesk, create a Smart Group or Static Group with all or a selection of your macOS devices in it. Self Service App Store. The Self Service App Store, found in the Applications folder or Launchpad on your Mac, is your gateway to the new suite of Mac-centric services offered to the SCS Community. Software Installation. Access to all software provided to the SCS Mac Community is available via the Self Service. Using Self-Service. On a macOS computer, look for Self-Service in the Applications folder and double-click. In OS X 10.10 and up, a Spotlight search (as indicated by the red arrow in the illustration below) can find Self Service faster.
Self Service Notifications. The Self Service Configuration settings allow you to enable Self Service notifications. After enabling Self Service notifications, item-specific notification options are made available in Jamf Pro when adding or editing items. These settings allow you to add a notification for the item.
In Microsoft Team Foundation Server (TFS) 2018 and previous versions,build and release pipelines are called definitions,runs are called builds,service connections are called service endpoints,stages are called environments,and jobs are called phases.
To build and deploy Xcode apps or Xamarin.iOS projects, you'll need at least one macOS agent. This agent can also build and deploy Java and Android apps.
Before you begin:
- If your pipelines are in Azure Pipelines and a Microsoft-hosted agent meets your needs, you can skip setting up a self-hosted macOS agent.
- Otherwise, you've come to the right place to set up an agent on macOS. Continue to the next section.
Learn about agents
If you already know what an agent is and how it works, feel free to jump right in to the following sections. But if you'd like some more background about what they do and how they work, see Azure Pipelines agents.
Check prerequisites
Make sure your machine has these prerequisites:
- macOS Sierra (10.12) or higher
- Git 2.9.0 or higher (latest version strongly recommended - you can easily install with Homebrew)
These prereqs are required for agent version 2.125.0 and higher.
These prereqs are required for agent version 2.124.0 and below.If you're able, we recommend upgrading to a newer macOS (10.12+) and upgrading to the newest agent.
Make sure your machine has these prerequisites:
- OS X Yosemite (10.10), El Capitan (10.11), or macOS Sierra (10.12)
- Git 2.9.0 or higher (latest version strongly recommended)
- Meets all prereqs for .NET Core 1.x
If you'll be using TFVC, you will also need the Oracle Java JDK 1.6 or higher.(The Oracle JRE and OpenJDK are not sufficient for this purpose.)
Prepare permissions
If you're building from a Subversion repo, you must install the Subversion client on the machine.
You should run agent setup manually the first time.After you get a feel for how agents work, or if you want to automate setting up many agents, consider using unattended config.
Decide which user you'll use
As a one-time step, you must register the agent. Someone with permission toadminister the agent queuemust complete these steps. The agent will not use this person'scredentials in everyday operation, but they're required to complete registration.Learn more about how agents communicate.
- Sign in with the user account you plan to use in your Team Foundation Server web portal (
https://{your-server}:8080/tfs/
).
- Sign in with the user account you plan to use in you Azure DevOps Server web portal (
https://{your-server}/DefaultCollection/
).
- Sign in with the user account you plan to use in your Azure DevOps organization (
https://dev.azure.com/{your_organization}
).
- From your home page, open your profile. Go to your security details.
- Create a personal access token.
- For the scope select Agent Pools (read, manage) and make sure all the other boxes are cleared.If it's a deployment group agent, for the scope select Deployment group (read, manage) and make sure all the other boxes are cleared.Select Show all scopes at the bottom of the Create a new personal access token window window to see the complete list of scopes.
- Copy the token. You'll use this token when you configure the agent.
Authenticate as a Windows user (TFS 2015 and TFS 2017)
As an alternative, on TFS 2017, you can use either a domain user or alocal Windows user on each of your TFS application tiers.
On TFS 2015, for macOS and Linux only,we recommend that you create a local Windows user on each of your TFS application tiers and dedicate that user for the purpose of deploying build agents.
Confirm the user has permission
Make sure the user account that you're going to use has permission to register the agent.
Is the user an Azure DevOps organization owner or TFS or Azure DevOps Server administrator? Stop here, you have permission.
Otherwise:
- Open a browser and navigate to the Agent pools tab for your Azure Pipelines organization or Azure DevOps Server or TFS server:
- Choose Azure DevOps, Organization settings.
- Choose Agent pools.
- Choose Azure DevOps, Collection settings.
- Choose Agent pools.
- Navigate to your project and choose Settings (gear icon) > Agent Queues.
- Choose Manage pools.
- Navigate to your project and choose Settings (gear icon) > Agent Queues.
- Choose Manage pools.
- Navigate to your project and choose Manage project (gear icon).
- Choose Control panel.
- Select Agent pools.
- Click the pool on the left side of the page and then click Security.
- If the user account you're going to use is not shown, then get an administrator to add it. The administrator can be an agent pool administrator, an Azure DevOps organization owner, or a TFS or Azure DevOps Server administrator.If it's a deployment group agent, the administrator can be an deployment group administrator, an [Azure DevOps organization owner, or a TFS or Azure DevOps Server administrator.You can add a user to the deployment group administrator role in the Security tab on the Deployment Groups page in Azure Pipelines.
Note
If you see a message like this: Sorry, we couldn't add the identity. Please try a different identity., you probably followed the above steps for an organization owner or TFS or Azure DevOps Server administrator. You don't need to do anything; you already have permission to administer the agent queue.
Download and configure the agent
Azure Pipelines
- Log on to the machine using the account for which you've prepared permissions as explained above.
- In your web browser, sign in to Azure Pipelines, and navigate to the Agent pools tab:
- Choose Azure DevOps, Organization settings.
- Choose Agent pools.
- Select the Default pool, select the Agents tab, and choose New agent.
- On the Get the agent dialog box, click macOS.
- Click the Download button.
- Follow the instructions on the page.
- Clear the extended attribute on the tar file:
xattr -c vsts-agent-osx-x64-V.v.v.tar.gz
. - Unpack the agent into the directory of your choice.
cd
to that directory and run./config.sh
. Make sure that the path to the directory contains no spaces because tools and scripts don't always properly escape spaces.
Azure DevOps Server 2019
- Log on to the machine using the account for which you've prepared permissions as explained above.
- In your web browser, sign in to Azure DevOps Server 2019, and navigate to the Agent pools tab:
- Choose Azure DevOps, Collection settings.
- Choose Agent pools.
- Click Download agent.
- On the Get agent dialog box, click macOS.
- Click the Download button.
- Follow the instructions on the page.
- Clear the extended attribute on the tar file:
xattr -c vsts-agent-osx-x64-V.v.v.tar.gz
. - Unpack the agent into the directory of your choice.
cd
to that directory and run./config.sh
. Make sure that the path to the directory contains no spaces because tools and scripts don't always properly escape spaces.
TFS 2017 and TFS 2018
- Log on to the machine using the account for which you've prepared permissions as explained above.
- In your web browser, sign in to Azure Pipelines or TFS, and navigate to the Agent pools tab:
- Navigate to your project and choose Settings (gear icon) > Agent Queues.
- Choose Manage pools.
- Click Download agent.
- On the Get agent dialog box, click macOS.
- Click the Download button.
- Follow the instructions on the page.
- Clear the extended attribute on the tar file:
xattr -c vsts-agent-osx-x64-V.v.v.tar.gz
. - Unpack the agent into the directory of your choice.
cd
to that directory and run./config.sh
. Make sure that the path to the directory contains no spaces because tools and scripts don't always properly escape spaces.
TFS 2015
- Browse to the latest release on GitHub.
- Follow the instructions on that page to download the agent.
- Configure the agent.
Server URL
Azure Pipelines:
https://dev.azure.com/{your-organization}
TFS 2015:
http://{your_server}:8080/tfs
Authentication type
Azure Pipelines
Choose PAT, and then paste the PAT token you created into the command prompt window.
Note
When using PAT as the authentication method, the PAT token is used only for the initial configuration of the agent. Learn more at Communication with Azure Pipelines or TFS.
TFS or Azure DevOps Server
Important
Make sure your server is configured to support the authentication method you want to use.
When you configure your agent to connect to TFS, you've got the following options:
- Alternate Connect to TFS or Azure DevOps Server using Basic authentication. After you select Alternate you'll be prompted for your credentials.
- Integrated Not supported on macOS or Linux.
- Negotiate (Default) Connect to TFS or Azure DevOps Server as a user other than the signed-in user via a Windows authentication scheme such as NTLM or Kerberos. After you select Negotiate you'll be prompted for credentials.
- PAT Supported only on Azure Pipelines and TFS 2017 and newer. After you choose PAT, paste the PAT token you created into the command prompt window. Use a personal access token (PAT) if your Azure DevOps Server or TFS instance and the agent machine are not in a trusted domain. PAT authentication is handled by your Azure DevOps Server or TFS instance instead of the domain controller.
Note
![Macos Macos](/uploads/1/2/6/0/126071286/102690487.jpg)
When using PAT as the authentication method, the PAT token is used only for the initial configuration of the agent on Azure DevOps Server and the newer versions of TFS. Learn more at Communication with Azure Pipelines or TFS.
Run interactively
For guidance on whether to run the agent in interactive mode or as a service, see Agents: Interactive vs. service.
To run the agent interactively:
- If you have been running the agent as a service, uninstall the service.
- Run the agent.
To restart the agent, press Ctrl+C and then run
run.sh
to restart it.To use your agent, run a job using the agent's pool.If you didn't choose a different pool, your agent will be in the Default pool.
Run once
For agents configured to run interactively, you can choose to have the agent accept only one job. To run in this configuration:
Agents in this mode will accept only one job and then spin down gracefully (useful for running on a service like Azure Container Instances).
Run as a launchd service
We provide the
./svc.sh
script for you to run and manage your agent as a launchd LaunchAgent service. This script will be generated after you configure the agent. The service has access to the UI to run your UI tests.Note
If you prefer other approaches, you can use whatever kind of service mechanism you prefer. See Service files.
Tokens
In the section below, these tokens are replaced:
{agent-name}
{tfs-name}
For example, you have configured an agent (see above) with the name
our-osx-agent
. In the following examples, {tfs-name}
will be either:- Azure Pipelines: the name of your organization. For example if you connect to
https://dev.azure.com/fabrikam
, then the service name would bevsts.agent.fabrikam.our-osx-agent
- TFS: the name of your on-premises TFS AT server. For example if you connect to
http://our-server:8080/tfs
, then the service name would bevsts.agent.our-server.our-osx-agent
Commands
Change to the agent directory
For example, if you installed in the
myagent
subfolder of your home directory:Install
Command:
This command creates a launchd plist that points to
./runsvc.sh
. This script sets up the environment (more details below) and starts the agent's host.Start
Command:
Output:
The left number is the pid if the service is running. If second number is not zero, then a problem occurred.
Status
Command:
Output:
The left number is the pid if the service is running. If second number is not zero, then a problem occurred.
Stop
Command:
Output:
Uninstall
You should stop before you uninstall.
Command:
Automatic login and lock
Normally, the agent service runs only after the user logs in. If you want the agent service to automatically start when the machine restarts, you can configure the machine to automatically log in and lock on startup. See Set your Mac to automatically log in during startup - Apple Support.
Note
For more information, see the Terminally Geeky: use automatic login more securely blog. The .plist file mentioned in that blog may no longer be available at the source, but a copy can be found here: Lifehacker - Make OS X load your desktop before you log in.
Update environment variables
When you configure the service, it takes a snapshot of some useful environment variables for your current logon user such as PATH, LANG, JAVA_HOME, ANT_HOME, and MYSQL_PATH. If you need to update the variables (for example, after installing some new software):
The snapshot of the environment variables is stored in
.env
file under agent root directory, you can also change that file directly to apply environment variable changes.Run instructions before the service starts
You can also run your own instructions and commands to run when the service starts. For example, you could set up the environment or call scripts.
- Edit
runsvc.sh
. - Replace the following line with your instructions:
Service Files
When you install the service, some service files are put in place.
.plist service file
A .plist service file is created:
For example:
sudo ./svc.sh install
generates this file from this template: ./bin/vsts.agent.plist.template
.service file
./svc.sh start
finds the service by reading the .service
file, which contains the path to the plist service file described above.Alternative service mechanisms
We provide the
./svc.sh
script as a convenient way for you to run and manage your agent as a launchd LaunchAgent service. But you can use whatever kind of service mechanism you prefer.You can use the template described above as to facilitate generating other kinds of service files. For example, you modify the template to generate a service that runs as a launch daemon if you don't need UI tests and don't want to configure automatic log on and lock. See Apple Developer Library: Creating Launch Daemons and Agents.
Replace an agent
To replace an agent, follow the Download and configure the agent steps again.
When you configure an agent using the same name as an agent that already exists,you're asked if you want to replace the existing agent. If you answer
Y
,then make sure you remove the agent (see below) that you're replacing. Otherwise,after a few minutes of conflicts, one of the agents will shut down.Remove and re-configure an agent
To remove the agent:
- Stop and uninstall the service as explained above.
- Remove the agent.
- Enter your credentials.
After you've removed the agent, you can configure it again.
Unattended config
The agent can be set up from a script with no human intervention.You must pass
--unattended
and the answers to all questions.To configure an agent, it must know the URL to your organization or collection and credentials of someone authorized to set up agents.All other responses are optional.Any command-line parameter can be specified using an environment variable instead:put its name in upper case and prepend
VSTS_AGENT_INPUT_
.For example, VSTS_AGENT_INPUT_PASSWORD
instead of specifying --password
.Required options
--unattended
- agent setup will not prompt for information, and all settings must be provided on the command line--url <url>
- URL of the server. For example: https://dev.azure.com/myorganization or http://my-azure-devops-server:8080/tfs--auth <type>
- authentication type. Valid values are:pat
(Personal access token)negotiate
(Kerberos or NTLM)alt
(Basic authentication)integrated
(Windows default credentials)
Authentication options
- If you chose
--auth pat
:--token <token>
- specifies your personal access token
- If you chose
--auth negotiate
or--auth alt
:--userName <userName>
- specifies a Windows username in the formatdomainuserName
or[email protected]
--password <password>
- specifies a password
Pool and agent names
--pool <pool>
- pool name for the agent to join--agent <agent>
- agent name--replace
- replace the agent in a pool. If another agent is listening by the same name, it will start failing with a conflict
Agent setup
--work <workDirectory>
- work directory where job data is stored. Defaults to_work
under theroot of the agent directory. The work directory is owned by a givenagent and should not share between multiple agents.--acceptTeeEula
- accept the Team Explorer Everywhere End User License Agreement (macOS and Linux only)
Windows-only startup
--runAsService
- configure the agent to run as a Windows service (requires administrator permission)--runAsAutoLogon
- configure auto-logon and run the agent on startup (requires administrator permission)--windowsLogonAccount <account>
- used with--runAsService
or--runAsAutoLogon
to specify the Windows username in the formatdomainuserName
or[email protected]
--windowsLogonPassword <password>
- used with--runAsService
or--runAsAutoLogon
to specify Windows logon password--overwriteAutoLogon
- used with--runAsAutoLogon
to overwrite the existing auto logon on the machine--noRestart
- used with--runAsAutoLogon
to stop the host from restarting after agent configuration completes
Deployment group only
--deploymentGroup
- configure the agent as a deployment group agent--deploymentGroupName <name>
- used with--deploymentGroup
to specify the deployment group for the agent to join--projectName <name>
- used with--deploymentGroup
to set the project name--addDeploymentGroupTags
- used with--deploymentGroup
to indicate that deployment group tags should be added--deploymentGroupTags <tags>
- used with--addDeploymentGroupTags
to specify the comma separated list of tags forthe deployment group agent - for example 'web, db'
./config.sh --help
always lists the latest required and optional responses.Diagnostics
If you're having trouble with your self-hosted agent, you can try running diagnostics.After configuring the agent:
This will run through a diagnostic suite that may help you troubleshoot the problem.The diagnostics feature is available starting with agent version 2.165.0.
Help on other options
To learn about other options:
The help provides information on authentication alternatives and unattended configuration.
Capabilities
Your agent's capabilities are cataloged and advertised in the pool so that only the builds and releases it can handle are assigned to it. See Build and release agent capabilities.
In many cases, after you deploy an agent, you'll need to install software or utilities. Generally you should install on your agents whatever software and tools you use on your development machine.
For example, if your build includes the npm task, then the build won't run unless there's a build agent in the pool that has npm installed.
Important
After you install new software on an agent, you must restart the agent for the new capability to show up in the pool so that the build can run.
FAQ
How do I make sure I have the latest v2 agent version?
- Navigate to the Agent pools tab:
- Choose Azure DevOps, Organization settings.
- Choose Agent pools.
- Choose Azure DevOps, Collection settings.
- Choose Agent pools.
- Navigate to your project and choose Settings (gear icon) > Agent Queues.
- Choose Manage pools.
- Navigate to your project and choose Settings (gear icon) > Agent Queues.
- Choose Manage pools.
- Navigate to your project and choose Manage project (gear icon).
- Choose Control panel.
- Select Agent pools.
- Click the pool that contains the agent.
- Make sure the agent is enabled.
- Navigate to the capabilities tab:
- From the Agent pools tab, select the desired agent pool.
- Select Agents and choose the desired agent.
- Choose the Capabilities tab.NoteMicrosoft-hosted agents don't display system capabilities. For a list of software installed on Microsoft-hosted agents, see Use a Microsoft-hosted agent.
- From the Agent pools tab, select the desired pool.
- Select Agents and choose the desired agent.
- Choose the Capabilities tab.
Select the desired agent, and choose the Capabilities tab.Select the desired agent, and choose the Capabilities tab.From the Agent pools tab, select the desired agent, and choose the Capabilities tab. - Look for the
Agent.Version
capability. You can check this value against the latest published agent version. See Azure Pipelines Agent and check the page for the highest version number listed. - Each agent automatically updates itself when it runs a task that requires a newer version of the agent. If you want to manually update some agents, right-click the pool, and select Update all agents.
Can I update my v2 agents that are part of an Azure DevOps Server pool?
Yes.Beginning with Azure DevOps Server 2019, you can configure your server to look for the agent package files on a local disk.This configuration will override the default version that came with the server at the time of its release.This scenario also applies when the server doesn't have access to the internet.
- From a computer with Internet access, download the latest version of the agent package files (in .zip or .tar.gz form) from the Azure Pipelines Agent GitHub Releases page.
- Transfer the downloaded package files to each Azure DevOps Server Application Tier by using a method of your choice (such as USB drive, Network transfer, and so on). Place the agent files under the
%ProgramData%MicrosoftAzure DevOpsAgents
folder. - You're all set! Your Azure DevOps Server will now use the local files whenever the agents are updated. Each agent automatically updates itself when it runs a task that requires a newer version of the agent. But if you want to manually update some agents, right-click the pool, and then choose Update all agents.
Where can I learn more about how the launchd service works?
I'm running a firewall and my code is in Azure Repos. What URLs does the agent need to communicate with?
If you're running an agent in a secure network behind a firewall, make sure the agent can initiate communication with the following URLs and IP addresses.
For organizations using the *.visualstudio.com
domain:
For organizations using the dev.azure.com
domain:
To ensure your organization works with any existing firewall or IP restrictions, ensure that
dev.azure.com
and *dev.azure.com
are open and update your allow-listed IPs to include the following IP addresses, based on your IP version. If you're currently allow-listing the 13.107.6.183
and 13.107.9.183
IP addresses, leave them in place, as you don't need to remove them.IPv4 ranges
13.107.6.0/24
13.107.9.0/24
13.107.42.0/24
13.107.43.0/24
IPv6 ranges
2620:1ec:4::/48
2620:1ec:a92::/48
2620:1ec:21::/48
2620:1ec:22::/48
How do I run the agent with self-signed certificate?
How do I run the agent behind a web proxy?
How do I restart the agent
If you are running the agent interactively, see the restart instructions in Run interactively. If you are running the agent as a service, follow the steps to Stop and then Start the agent.
How do I configure the agent to bypass a web proxy and connect to Azure Pipelines?
If you want the agent to bypass your proxy and connect to Azure Pipelines directly, then you should configure your web proxy to enable the agent to access the following URLs.
For organizations using the *.visualstudio.com
domain:
For organizations using the dev.azure.com
domain:
To ensure your organization works with any existing firewall or IP restrictions, ensure that
dev.azure.com
and *dev.azure.com
are open and update your allow-listed IPs to include the following IP addresses, based on your IP version. If you're currently allow-listing the 13.107.6.183
and 13.107.9.183
IP addresses, leave them in place, as you don't need to remove them.IPv4 ranges
13.107.6.0/24
13.107.9.0/24
13.107.42.0/24
13.107.43.0/24
Macos Service Battery
IPv6 ranges
2620:1ec:4::/48
2620:1ec:a92::/48
2620:1ec:21::/48
2620:1ec:22::/48
Note
This procedure enables the agent to bypass a web proxy. Your build pipeline and scripts must still handle bypassing your web proxy for each task and tool you run in your build.
For example, if you are using a NuGet task, you must configure your web proxy to support bypassing the URL for the server that hosts the NuGet feed you're using.
I'm using TFS and the URLs in the sections above don't work for me. Where can I get help?
I use TFS on-premises and I don't see some of these features. Why not?
Some of these features are available only onAzure Pipelinesand not yet available on-premises. Some features are available on-premises if you haveupgraded to the latest version of TFS.
You can use the Self Service Configuration settings in Jamf Pro to install Jamf Self Service for macOS and customize aspects of the user experience by doing the following:
Self Service For Macos Pc
- Automatically install Self Service on managed computers and customize the installation location. For more information, see Installing Jamf Self Service for macOS.
- Configure the method for logging in to Self Service. For more information, see Jamf Self Service for macOS User Login Settings.
- Enable Self Service notifications.
- Enable the User Approved MDM Profile notification. For more information, see the Managing User Approved MDM with Jamf Pro Knowledge Base article.
- Select the category that displays on the Home page when users launch Self Service.
- Customize the bookmarks display name in Self Service. The bookmarks display name is populated with 'Bookmarks' by default, but you can change it to meet the needs of your organization (e.g., 'Websites' or 'Resources').
The Self Service Configuration settings allow you to enable Self Service notifications.
After enabling Self Service notifications, item-specific notification options are made available in Jamf Pro when adding or editing items. These settings allow you to add a notification for the item or software title update to Self Service only, or to both Self Service and Notification Center. For more information on which items can be made available in Self Service, see Making Items Available to Users in Jamf Self Service for macOS.
Notifications in Self Service display in the Notifications list in the Self Service toolbar. A badge appears on the Notifications icon when new items or software updates are added to Self Service.
Self Service For Macos Windows 7
You can also display notifications in Notification Center as banners or alerts in macOS. Users can click the notification to go to the item in Self Service.
There are some additional requirements for displaying notifications in Notification Center. For more information, see the 'Requirements' section below.
Requirements
To display Self Service notifications in Notification Center, you must have the following:
- A push certificate in Jamf Pro (For more information, see Push Certificates.)
- The Enable push notifications checkbox selected in Jamf Pro (For more information, see Security Settings.)
- A valid proxy server token uploaded to Jamf Pro (For more information, see Jamf Push Proxy.)
Self Service For Mobile Web Portal
- Log in to Jamf Pro.
- In the top-right corner of the page, click Settings .
- Click Self Service.
- Click macOS .
- Click Edit.
- Click the Configuration tab.
- Configure the settings on the pane.
- Click Save.
The settings are applied the next time computers check in with Jamf Pro.
Dash For Macos
Once you have configured Self Service, you may want to customize how Self Service is displayed to present users with a familiar look and feel. For more information, see Jamf Self Service for macOS Branding Settings.