Build machine configuration
So that my build agents can delegate build tasks to the workstations, I need to make a few slight configuration changes to all the participants.
Let's get a few terms sorted
In terms of CredSSP, the build agents act only as a client (originators).
In terms of CredSSP, the workstations are both clients (originators) and servers (receivers).
Essentially, CredSSP works like a passport in that it permits scripts to make multiple hops across a network from their point of origin. Without CredSSP, scripts could only make one hop from the originator and would be subject to strict sand-boxing on the remote host.
Configuring the "build agents"The build agents are configured to work both-ways.
- They make outbound connections to the developer workstations
- They receive inbound connections from the workstations for file access.
Configuring the "workstations" in my nascent build farmThe workstations are also configured to work both-ways.
- They receive inbound connections from the build agent.
- They will make outbound connections to other network resources for access to files
- In my case, this will be the build agent which will have the TFS workspace.
The CredSSP services can be disabled any time
TestingFrom my own computer (acting as build agent), I should now be able to connect to one of my new build workstations, and then inspect the file system back on my local computer.
What really happened?
Well, nothing ever goes quite to plan, does it? :) The information in my post above got me 90% there, but there were a few extra steps I'd kind of skipped over, and/or forgotten. Fortunately, someone invented the Internet, and here's what else I had to do.
So, the new developers PC wasn't configured at all for any form of Powershell Remoting, and it's likely that most PCs won't be.
The first 4 lines simply setup the machine for remoting, which includes opening port 5985 in your firewall. The 6th line is a critical step that modifies the computers policy settings.
Job Done! Next up, job scheduling. How I'm going to orchestrate my jobs for remote execution on the developer PC's. I have already started this, but it needs a bit of refining before I embarras myself any further in a public forum :)