Team City server plugin to automatically authorize agents connecting to TeamCity server and de-authorize agents disconnecting from the server.
It is intended for cloud TeamCity/Agents deployments where Agents can be created on demand by load balancer and destroyed when they are no longer needed. This can happen many times a day. In such a case manual authorization every time agent connects to the server is not a feasible solution.
The implementation is based on the existing plugin Agent Auto Authroize with modification to make it safe to use for publicly available TeamCity servers.
To prevent malicious authorization, the plugin uses a property with a secret value to verify the agent before it is authorized. Therefore, you have to configure both the agent, and the server to allow the plugin to recognize valid agents and handle authorization.
AGENT_KEYmust be set on the TeamCity server as Java propertyagentKeymust be set on the Agent as agent's property to the secret value matchingAGENT_KEYon the server.
- Upload
agent-auto-auth.zipto your TeamCity plugin directory. (If you're doing this through the UI, you can find it at https://your-teamcity/admin/admin.html?item=plugins) - Set the
AGENT_KEYas JVM Option in Standard TeamCity Startup Scripts to some secret value. For example this can be done by setting environment variable:TEAMCITY_SERVER_OPTS=-DAGENT_KEY=some-secret-token. Or you can just pass-DAGENT_KEY=some-secret-tokento Java command starting up TeamCity server. - Restart your TeamCity server
- Add the following to your agent properties (located at
$agentDir/conf/buildAgent.properties):agentKey=some-secret-tokenwhere thesome-secret-tokenmatches theAGENT_KEYJava property on the server. - Start your build agent
- Note that as soon as it's registered, it will also be authorized.