Azure-devops-docs: unclear which values to use from the downloaded weekly JSON file
In the section https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops#agent-ip-ranges it's not clear which service name should be used for determining the IP ranges. I've downloaded the json file, but I haven't seen any description of it's contents. I see many (service?) names for values in the file, such as "ApiManagement AppService AppServiceManagement AzureActiveDirectory AzureActiveDirectoryDomainServices AzureBackup AzureCloud AzureConnectors AzureContainerRegistry AzureCosmosDB ... SqlManagement Storage". I can only guess which service applies to Azure DevOps public build agents. Is "AzureCloud" the right service or is it some other?
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 99af681d-41ad-da15-0b72-08b5cd5a11ac
- Version Independent ID: 2fa0df36-a437-8cbb-b019-b49b31b1e116
- Content: Microsoft-hosted agents for Azure Pipelines - Azure Pipelines
- Content Source: docs/pipelines/agents/hosted.md
- Product: devops
- Technology: devops-cicd
- GitHub Login: @thejoebourneidentity
- Microsoft Alias: jobourne
doug-fish
All 5 comments
@doug-fish -- here are a couple of options where you might consider asking your question:
WilliamAntonRohm
on 7 Oct 2019
I agree that this is unusable. I got the DevOps pipeline all working, then discovered that there is no practical way of whitelisting the build agent so that it can actually deploy to my server!
glittle
on 9 Oct 2019
Completely agree on this - the JSON file is useless. Has anyone successfully managed to find an IP range for their region which they could whitelist? If so please share!
JonnerG
on 15 Oct 2019
I've whitelist all the ip ranges for East us2 and east us since they are in my organization settings, but now I think I will need to add all US ip ranges, most of the time the pipeline is intermittent with failures because of nginx blocking it :-(
nipuns11
on 6 Nov 2019
Hey folks, your hosted agent can run inside any region in your geography. https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops#agent-ip-ranges
Your hosted agents run in the same Azure geography as your organization. Each geography contains one or more regions, and while your agent may run in the same region as your organization, it is not guaranteed to do so. To obtain the complete list of possible IP ranges for your agent, you must use the IP ranges from all of the regions that are contained in your geography. For example, if your organization is located in the United States geography, you must use the IP ranges for all of the regions in that geography.
To determine your geography, navigate to https://dev.azure.com/
/_settings/organizationOverview, get your region, and find the associated geography from the Azure geography table. Once you have identified your geography, use the IP ranges from the weekly file for all regions in that geography.
Once you identify all the regions in your geography, The IP JSON file contains an array called values. Inside that array, you can find the supported IP addresses in an object with a name in the following format: AzureCloud.{your-azure-region}
thejoebourneidentity
on 6 Nov 2019
Related issues
anlatsko
·
3Comments
sevaa
·
3Comments
mikedouglasdev
·
3Comments
adnanebrahimi
·
3Comments
o-o00o-o
·
3Comments