I've built a Logic App on Azure and it's working fine, this app connects to an API and then puts the data into an SQL server.
This app will need to be deployed to another subscription/resource group entirely at some point, I'm just wondering about the recommended methods for this, at the moment I'm attempting to use Azure DevOps to automate this process, and while I can run SQL against databases that are already there, I'm having trouble with deploying the logic app and then linking it to the SQL database previously deployed.
I'm using Power Shell on Azure DevOps as there doesn't seem to individual actions that I can use to deploy a particular resource (such as a Logic App).
Is Azure DevOps the way to go? Am I just missing something simple?
Logic app requires connection resources which have the credential information for talking to mail or Azure blob. These have to be created in the target resource group.
You can download the logic app and connections as an ARM template using Logic app VS tools.
You can then deploy this ARM template any other subscription or resource group.
However, OAuth based connections like "mail" will have to be authenticated manually in the new resource group.
Related
My requirement is to create a Logic App that will receive some inputs from other resources like Azure Data Factory and send out an email. I created this setup using the Azure portal and Logic app designer. When I added a Send an Email (V2) I was asked for an Office 365 account login and everything works as expected.
Now I'm trying to achieve all of this through Terraform. I can import the existing Logic app workflow to an AzureRM resource azurerm_logic_app_workflow but that doesn't import the API connection. I'm unsure on how to import the existing API connection into Terraform (or even to create a new API connection in Terraform).
Please advise.
As azender01 mentioned, the azurerm_api_connection terraform resource does not support all features Azure offers.
Workaround
In the past, i've connected a Logic App with a CosmosDb account using ARM scripts.
With Terraform, you can deploy ARM scripts with azurerm_resource_group_template_deployment. This feels like a big workaround, but i did not found a better solution.
You can export ARM scripts from existing resources in the Azure Portal and use them in your terraform azurerm_resource_group_template_deployment.
Most of the sample ARM templates I find for deploying an Azure App Service + Azure SQL database end up configuring the connection string for the web app using the administrator login credentials provided when creating the Azure SQL Server (this one from Microsoft, for example). I've also seen the App Service configured for Managed Identity and then that user granted administrative access over the Azure SQL instance via AAD.
I'd never want to provision a production application this way, but I can't find examples in a more secure configuration.
The only other info I find about provisioning non-admin users is via SQL after the Azure SQL instance is already up. This means I have to add another step outside of my ARM deployment to get my system fully functional.
As of the time this question was written, running custom Powershell scripts as part of an ARM deploy is in preview and that could be a path forward, but it's not ideal.
Can non-administrative users be provisioned in Azure SQL via an ARM template, without resorting to PowerShell?
If you want to create non-administrative users in Azure SQL database via arm template, it is impossible. Because Azure ARM template team just defines Administrators type and does not define user type or user property in server. We just can create SQL Admin or Azure AD Admin via ARM template. For more details, please refer to here and here
So if you want to create non-administrative users, you need to write custom scripting.
If you want to create the users as part of a template deployment, you can use the deploymentScripts resource to run TSQL or any arbitrary script:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-script-template?tabs=CLI
If you want to do it as part of the declaration of the Microsoft.SQL/servers resource, no you can't (as Jim mentioned).
I'm very new with Azure DevOps and I need some help to understand how to create a Release Pipeline. The Microsoft Doc is very extensive but I can't find what I'm looking for.
I've created a Build Pipeline with the sample python repository. Then I would like to create a Release Pipeline. I linked my account with my subscription, select the App type, but then I'm asking for App service name.
What is this App service ? How can I create it ?
On their documentation (here) they are just saying
App Service Name: Select the name of the web app from your subscription..
No more explanation.
Could someone please give me more information about that ?
Thanks a lot
An Azure DevOps release pipeline deploys the artifacts that are the output of a build pipeline to some environment that you define (Test, QA, Production, etc.).
For web apps the environment will be a "web hosting" (for other apps it could be something different).
The "web hosting" can be a 3rd party (you would deploy using tasks for FTP, WebDeploy, etc.) or it can be Azure "web hosting" PaaS offering, which is named Azure Web Apps.
Azure Web Apps require an Azure App Service Plan (which defines its characteristics and pricing): https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
Note: an Azure App Service can be used not only to host web apps but also to host the back-end (Web APIs) of mobile apps, containers and serverless functions apps. See App Service overview and for high scale and security see Introduction to the App Service Environments
The template for the Release Pipeline that you have chosen (assuming is the one named "Deploy a Python app to Azure App Service and Azure database for MySQL") is intended to "Deploy a Python Django, Bottle, or Flask application to an Azure Web App and database to Azure Database for MySQL." Since it's deploying to an Azure Web App, the task asks you for its Azure Subscription and its App Service Plan within that subscription.
So, if you plan to deploy to an Azure Web App, create a Service Plan in your Azure subscription (you can use the Azure Portal, Azure CLI, etc.). Otherwise remove the task and use a different task to deploy to your 3rd party web hosting.
If you are new to Azure DevOps and want to try out all the cool things, I suggest you to follow Azure DevOps Labs which has a great content to get started from Zero to Advanced.
I want to deploy a web app using CI/CD from VSTS to multiple (customer) Azure accounts. So not multiple subscriptions within the same Azure account, but multiple different Azure accounts owned by customers.
The app is a managed app from the Azure Marketplace so I have full access to the resource group in which the app resides.
Is there an easy way to do this using service connections and the web deploy task or should I be using Powershell to do this and script it myself?
Please create multiple Service Connections in your VSTS which used to connect to these Azure account first.
Then please create a Release pipeline with multiple environments. Then add Deploy task for every environment and choose different Azure Service Connections in different environment. Then you could deploy one app to different Azure environment through one release pipeline.
It turns out that with a Managed App, for every customer deployment a resource group is created that I own and therefore shows up in my Azure account.
So from VSTS I can just use Service Connections to those resource groups, no need to connect to these other Azure accounts.
My understanding so far on PaaS deployment using WebRoles or Worker Roles-
Spinning Web roles or Worker roles will create Cloud service to manage it.
However, in ARM resource group, their is no concept of Cloud service, then how are web & worker roles managed in ARM resource group?
Also I tried adding the webroles via JSON Outline in VS 2015, but no option to add webroles. So not sure if you can deploy webroles via JSON template?
Any information will be of great help.
Cloud Services have been around since the beginning of Azure.
To the deploy or manage them, you have to use the old APIs (Azure Service Management).
As far as I know, they won't be migrated to the new APIs (Azure Resource Manager), but you could use Virtual Machine Scale Sets instead.
Azure Resource Manager Web apps rely on the concept of App Service Plans, rather than cloud services. Basically this is the underlying VM(s) that the service runs on. You can specify the size and number of servers that make up the App Service plan, and then deploy on to those as a single unit.
You create an App service plan, then run web / worker roles inside that (as well as Logic, API, Functions)
As far as Web / Worker roles are concerned, App Service Plans do not draw a distinction between the two. You simply deploy code to it and it will run it however it is packaged. See here
The concept of cloud services simply don't exist within the Azure Resource Management model.
You can find a template for deploying a Web App here