I wrote recently about Creating Hyper-V hosted Azure DevOps Private Agents based on the same VM images as used by Microsoft for their Hosted Agent.
As discussed in that post, using this model you will recreate your build agent VMs on a regular basis, as opposed to patching them. When I came to do this recently I found that the Packer image generation was failing with errors related to accessing packages.
Initially, I did not read the error message too closely and just assumed it was an intermittent issue as I had found you sometime get random timeouts with this process. However, when the problem did not go away after repeated retries I realised I had a more fundamental problem, so read the log properly!
Turns out the issue is you now have to pass a GitHub PAT token that has at least read access to the packages feed to allow Packer to authenticate with GitHub to read packages.
The process to create the required PAT is as follows
- In a browser login to GitHub
- Click your profile (top right)
- Select Settings
- Pick Developer Settings
- Pick Personal Access Tokens and create a new one that has read:packages enabled
Once created, this PAT needs to be passed into Packer. If using the settings JSON file this is just another variable
{
"client\_id": "Azure Client ID",
"client\_secret": "Client Secret",
"tenant\_id": "Azure Tenant ID",
"subscription\_id": "Azure Sub ID",
"object\_id": "The object ID for the AAD SP",
"location": "Azure location to use",
"resource\_group": "Name of resource group that contains Storage Account",
"storage\_account": "Name of the storage account",
"ssh\_password": A password",
"install\_password": "A password",
"commit\_url": "A url to to be save in a text file on the VHD, usually the URL if commit VHD based on",
"github\_feed\_token": "A PAT"
}
If you are running Packer within a build pipeline, as the other blog post discusses, then the PAT will be another build variable.
Once this change was made I was able to get Packer to run to completion, as expected.