Menu
When does a Deployment Group stop working due to expiration or regeneration of the Personal Access Token (PAT) that it was configured with?
If I regenerate the PAT, do I need to update the deployed agents, e.g. reconfigure them with the new PAT?
What happens if I just edit the PAT, update the Expiration date, but don't do anything else, e.g. do not regenerate the PAT or do any changes at the configured deployment agent? Will it stop it from expiring and the configured deployment agent still work?
We have Azure DevOps pipeline, along with a deployment group configured to install the solution to one server.
We have a service account, which we use have generated a PAT and used that token to configure the Deployment Group.
I have tried to regenerate the token, which gave me a new PAT. I have not tried to configure the server with the new PAT. However, deployments still seem to work just fine hours from regenerating the PAT.
What is the proper way to update the PAT so that it does not expire and my deployment agents do not stop working?
965
You can regenerate or extend a PAT, and modify its scope. After regeneration, the previous PAT is no longer authorized. From your home page, open your user settings , and then select Profile. Under Security, select Personal access tokens.
Agent registration for deployment groups requires access to your Visual Studio project. If you do not have an existing service connection, choose Add and create one now. Configure it to use a Personal Access Token (PAT) with scope restricted to Deployment Group.
In effect, a deployment group is just another grouping of agents, much like an agent pool. The main difference of Deployment groups and Agent Pools is where they can be used in the azure pipeline. Deployment groups can only be used in the Deployment group job in Classic release pipelines.
From the official Microsoft docs:
To register an agent, you need to be a member of the administrator role in the agent pool. The identity of agent pool administrator is needed only at the time of registration and is not persisted on the agent, and is not used in any subsequent communication between the agent and Azure Pipelines or TFS. In addition, you must be a local administrator on the server in order to configure the agent.
Your agent can authenticate to Azure Pipelines or TFS using one of the following methods: Personal Access Token (PAT): Generate and use a PAT to connect an agent with Azure Pipelines or TFS 2017 and newer. PAT is the only scheme that works with Azure Pipelines. Also, as explained above, this PAT is used only at the time of registering the agent, and not for subsequent communication.
So, if you remove or re-generate the PAT the agents will keep working without any issues.
83
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
