VSTS Build Succeeded even ARM Template was invalid - azure

Am working on Azure Resource Manager Templates(ARM Templates) and VSTS CI&CD. With the help of ARM Templates, I want to deploy AKS (Azure kubernete Service). So before going to deploy, I need to validate my ARM Template in the CI-Build by applying a PowerShell task. But here, at the time of validating my ARM Template “It’s not stopping CI-Build even when the validation fails”. Its giving output as “Validation Completed” as shown in the below picture . Is there any solution to resolve this issue, i.e. I wanted to stop my CI-Build running if any validation fails.

Not sure how does your powershell script look like. But according to the screenshot, the powershell script is executed successfully without any error code return. You can update your powershell script to check the validate result and set the exit code to "1" if the result is "InvalidTemplate". This will make the powershell task fail when the template is valid.

Looks like the resource is defined multiple times in the template. You can remove it and its always a good practice from the PowerShell script to use Test-AzureRmResourceGroupDeployment and validate if the template is valid and has obtained all its parameters and then deploy using New-AzureRmResourceGroupDeployment
Like Eddie said you can try this inside a try{} catch block and return an exception or an exit code to make the VSTS Build pipeline fail, if the script fails.

Related

Request timing out when exporting Azure resource group in powershell

I want to export an ARM template for a resource group in Windows Azure. I'm using the Azure Powershell module.
Whenever I try to export the resource group using Export-AzResourceGroup, the cmdlet fails with the following error:
Export-AzResourceGroup : Operation failed because a request timed out.
I have inspected the web traffic with Fiddler and I can see that the actual HTTP call to Azure is completing successfully, it's just taking a long time. So it's not a matter of e.g. extending the timeout on the ServicePointManager.
Is there any solution or work-around to stop this cmdlet timing out?
This issue maybe occurring due to a previous version of Az powershell module. Please update your Az module to the latest version and try again.
Also make sure you have the write permissions in the directory you are trying to create the json file.
Meanwhile, you can create the template from the portal just to check if the json file is getting created successfully:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/export-template-portal#export-template-from-a-resource-group

Azure Data Factory Release Pipeline - Resource Not Found Error

I am testing a build/release of a very simple ADF (just one activity), the build, repository, arm template export all seem ok until when I run the release task, the error shows up in the final step, that says:
"error": {
"code": "ResourceNotFound",
"message": "The Resource 'Microsoft.DataFactory/factories/htTestDF' under resource group 'xxx-rg' was not found."
}
I watched several tutorials and microsoft web sites, and tried exporting the ARM template several times, the same error occurs. Any ideas will be greatly appreciated.
Thanks for your details clarifies in comments. Now, the error message you met caused by using a different target resource group as this ARM template deploy to.
To make this more clear, I reproduce the issue based on the details you provided. Fortunately, got the same error with you. Now, let's focus on its log, then get why it cause the Not Found error.(Please set debug=true)
As I mentioned in the above pic, it is the api that this task used at first step while the template begin to apply into the corresponding resource group and deployment. For more cleared, please refer to this REST API doc firstly: Deployments - Create Or Update.
The logic of this task is compile parameters from ARM template file, pack them and use it as request body for this PUT api call. See its api doc, you can get that for this API call, its resourceGroupName and deploymentName need to be specified firstly. In another words, if you specified another target resource group, it would not find the correct target place that can apply this template definition. Because, you can see that this ARM template is preparing to applying activities SetVariable into your Data Factory HTDF3 and the defined pipelines name is HTPipe1. But these should all not exists in your target Resource Group. Thus it caused the error like this:
"error": {
"code": "ResourceNotFound",
"message": "The Resource 'Microsoft.DataFactory/factories/Merlin-1003' under resource group 'Merlin-ARM-deploy' was not found."
}
In my sample, Merlin-ARM-deploy is my target resource group.
If you want to deploy this into your target resource group, you need to create one data factory manually, or use another ARM Template to create a new one same factory in the target resource group. If you choose the previous method, just then modify the template.json file, to let its parameters correspond to the actual target resource group. But if use the second method, do not operate anything. Just apply them with task.
The ARM template generated by ADF(publish) cannot be deployed directly to a new RG.
Solution
Create RG(optional, assuming it is IAC(infra as code))
Run a powershell script task in pipeline to create an empty ADF(do not use empty ARM instead). Since it is not ARM you would need to put an optional condition to check if it already exists)
Set-AzDataFactoryV2 -ResourceGroupName "RG" -Name "ADF" -Location "North Europe"
Now we can execute the ARM template from publish folder (the one you had given)
Errors in ADF publish system.
The ARM template need to be generated in such a way that it is
idempotent(should also create afresh if not present). But it is not
at the moment. It expects an ADF to be present already(strangely).
When an empty ARM template created in another RG is used to create a fresh empty ADF in this RG(newly created), it fails. Well, it creates empty ADF but we cannot put adf_publish(default publish folder for ADF) on top of it because we get 'resource not found error'.
But when we manually create an ADF and run the adf_publish template
then it works! But ofcourse, this is not what we want.
Why does manual & powershell work(empty + publish) but not ARM template? It could be that the ARM Template has wrong location/region mentioned in it but that was not the case.(really puzzling to me)

Is there a way trigger "http trigger" azure function, after deploy ARM template?

I have ARM who deploy kubernetes cluster and httptrigger function app. Inside httptrigger func I have client for kubernetes who do some action if I trigger this func manually, its work fine. But I need run this trigger automatically after deploy ARM was finished.
The HTTP request that triggers the Azure Function may be sent either by ARM itself or by whatever orchestrator you use to execute the template (e.g. Azure DevOps pipeline). Terraform can execute scripts directly; unless you really want to use ARM, it might be an option.
If you want to go with ARM, there are at least three options:
Make the Azure Function return an "empty" ARM template and trigger it by a request for a nested deployment template. https://blog.cloudtrooper.net/2017/04/04/run-azure-functions-from-your-quickstart-arm-templates/
Use Azure Container Instances to launch an instance of a container image as a stand-alone container in Azure and execute an arbitrary command inside. https://samcogan.com/run-scripts-in-arm-deployments-with-aci/
Use the deployment scripts resource (Microsoft.Resources/deploymentScripts). It is basically built-in support for the approach using Azure Container Instances. See the official docs or an older article from the time the feature was still in preview that I still like: https://dev.to/omiossec/arm-template-what-s-new-for-2020-4kli#deployementsscripts-resource-provider
In any case, you will need to properly set up the dependsOn references so that the request is sent at the right time. Or better, use Bicep that mostly takes care of the dependencies implicitly, if used right.
Assuming you are using Powershell to deploy your ARM template, you can use Powershell to trigger your azure http trigger function right after you deploy your ARM template:
Invoke-WebRequest -Uri <function_uri> -Method POST
Hope this helps!

Automation account rerun, a jobshedule already exist

I have created a CD pipeline in Azure DevOps that will deploy an Azure Automation account and a runbook , shedule , jobshedule through ARM templates.
All working fine except when rerunning the template. My template is a part of a large deployment process that is still under construction so until the total scope is finished the ARM template that creates the runbook, shedule, jobshedule will rerun with every release.
The problem right now is the following: Whenever I rerun the template with a new release pipeline, I receive following error
A job schedule for the specified runbook and schedule already
exists.
At first I tried to be smart so added a GUI before the name of my jobshedule but the shedule itself attaches the runbook with the shedule and the deployment was smart enough to figure it out that the shedule was already connected to the runbook. Is there a way of making this still within the DevOps mindset / process so that I can rerun my templates with no problem.
The workaround solution I have created atm is to delete the shedule at every deployment but that seems like a very bad workaround.
Related feature request from UserVoice / feedback forum is here that's currently in triaged state.
Job Schedule id need to be unique for each deployment as per azure documentation.

"The term '***' is not recognized as the name of a cmdlet" error thrown in Azure Powershell step in Azure DevOps Pipeline

I have an Azure Powershell step in my release pipeline that calls the Invoke-RestMethod cmdlet to make a call to the kudu API.
At the point of creating the step is selected my Azure Subscription from the list of available subscriptions and it uses this to authenticate.
I was able to run the step successfully at first, getting the following output in the console log:
However, for every subsequent release now I am receiving the error ##[error]The term '***' is not recognized as the name of a cmdlet, function, script file, or operable program. with the following output:
I haven't changed the powershell that the step actually runs. Could there be an issue with the way the release pipeline is authenticating and selecting the subscription? I see in the output that the TenantId is shown as ***, which is what the error message is complaining about, could that be the source of it?
It looks like a problem in your script. *** is used to mask secret variables, so your script is probably doing something where it's trying to run the contents of a variable. Maybe something like &$TenantId.

Resources