Execute PowerShell on Azure VM from TFS via AzureRM - azure

I have a number of VMs provisioned in my Azure subscription, protected by an NSG, so I don't have WinRM available remotely.
I'd like to execute a PowerShell script on these VMs as part of my TFS release definition.
Is there any way to execute arbitrary PowerShell scripts on Azure VM resources?
I'm aware of the Custom Script extension for Azure VM resources, but I don't know if this is what I'm after, or if it plays nicely with TFS.

Custom Script Extension would work fine for running scripts on the VM - but it would have to be done as part of "adding" the extension. Meaning you'd have to deploy the extension to the VM to trigger running the script. So you'd do it when the VM is provisioned or submit another deployment to run the script after it's provision.
Either is doable from TFS/VSTS...

Related

Can I run powershell commands from Azure DevOps to vm's in Azure?

How am I able to run PowerShell commands against a Windows 2016 vm in Azure without using winrm or pssession where I have to install\configure a self signed cert?
Does anyone know
If I understand your query correctly, you want to run PowerShell commands on Azure VM
In such a case, Azure DevOps service will not know where to direct the request, hence out of the box this is not possible.
However what you can do is, you can setup a Self hosted agent on this machine(as long it is connected to the internet).
Then you can run the task on a self hosted agent, and choose to run a powershell task. (This might need you to whitelist some devops ranges on your firewall).
Other than that, there are several ways to run commands and scripts on Azure VMs depending on the design you need to implement.
You can use Azure portal to execute predefined, custom PowerShell commands on a VM using Virtual Machine blade in Azure portal.
Also please take a look at these docs for more reference :
Run Powershell Cmds
Run Cmd
Better to use Azure Automation account than Azure DevOps if you want to do PowerShell.
Read this on how to create an automation account.
See here how to create a Runbook in Azure Automation using PowerShell.
If you are not required to run only one command frequently, you can simply run any PowerShell command just from the portal using Run command, please take a look at the screenshot.
Can I run powershell commands from Azure DevOps to vm's in Azure?
Run PowerShell scripts in your Windows VM by using Run Command provides two possible directions:
1.Azure CLI way:
You can use Azure CLI task in azure devops pipeline to run az vm start
and az vm run-command invoke commands. The az vm start will start the VM, the second command will then run the PS commands.
2.Powershell way:
You can use Azure Powershell task in azure devops pipeline to run Start-AzVM and Invoke-AzVMRunCommand commands.
Note:
It requires several seconds even when starting VM in web portal, so it's recommended to have 10~15 seconds as interval between these two commands(Start VM and Run PS). eg:
Try Start-Sleep -s 15.

Delete an Azure Virtual Machine automatically after deployment

To deploy my infrastructure I need to deploy a VM with a custom script extension. The only purpose of the VM, is to execute the script. After the execution of the script the VM should be deleted automatically.
How can this be done?
Additional information:
This is an azure resource manager deployment
the deletion should work in the azure marketplace environment as well.
this probably means you are doing something wrong, you can use Azure Container Instance to run the script and shutdown. it should work with marketplace as well (as far as I know you can have custom container in marketplace offerings).
Marketplace only allows you to use arm templates to deploy stuff, so you cannot really do what you are asking with an arm template. well, you might be able to hack something like that with nested deployments and complete mode, but I doubt that will pass moderation in marketplace.
technically, you can make vm delete itself as a part of the script. again, not something I would advise.

Provision a VM as part of an Azure Devops build pipeline

I have a build pipeline that is working pretty well currently in Azure DevOps. As part of the pipline/build process, I create an artifact, which is published and reachable. After that, I'd like to do the following:
Create/Start Up a new VM (Windows)
Grab the now published artifact, unzip it and run the executable within
Run the integration tests
Close the VM
I've looked around the Azure documentation but cannot find much that discusses this sort of solution. Please help!
There is nothing built-in (like a readymade task create a vm), so you can use any way to create a VM in Azure. Azure powershell, Azure Cli, ARM Templates, SDK calls. whatever works for you.
You would need to open ssh\winrm to talk to that vm to deploy stuff to it. thats about it. You can find lots of examples on how to create a VM online. VSTS got tasks for Azure Powershell\Cli\ARM Tempaltes so you dont need to handle auth.
You can create a VM using ARM templates with the task 'Azure Resource Group Deployment'
With a separate task 'Powershell on target machine' you can run a powershell script on the target VM, if you put the downloading, unzipping and running of this exe in this script you should be able to perform the tasks you need.
You could also look into the 'invoke-azurermvmruncommand' powershell command, this allows you to run a powershell script in the vm. https://learn.microsoft.com/en-us/powershell/module/azurerm.compute/invoke-azurermvmruncommand?view=azurermps-6.11.0

Azure - backup app on vm before delivering new changes

I have several .NET applications that are hosted In Azure on virtual machines IIS. I want to automate deployment process directly from my machine or visual studio without using Azure portal because we are doing several deliveries each day. The biggest challenge for me now is to do backup before deployment. So I need to backup specific folder on VM remotely. Could anyone tell me how I can do it?
Are there any best practices for automation delivery from visual studio to Azure VM? Backup of app is required.
First, I'm assuming that you would like to back up some specific folders in your VM to an Azure Blobs or Azure Files storage. There are two parts you'd need to complete your continuous deployment:
Automate backing up some folders in your virtual machine.
Integrate task #1 into a CICD (Continuous Integration Continuous Deployment) tool, which I'd suggest VSTS (Visual Studio Team Services) for your beginning.
Approach #1
You can expose Windows Remote Management (WinRM) endpoint publicly and use PowerShell to perform a folder backup task. You will also need to invoke some scripts to write/copy your backup to Azure Blobs Storage. Your script must be authenticated silently so you don't need to key in Azure subscription admin or VM admin.
Once you have a PowerShell script, you can invoke this PowerShell by creating a new PowerShell task in your Build or Release definition. I'd suggest to define in Release definition.
Approach #2
It's more Cloud native and you don't have to expose WMI of your virtual machine which would lead to security threat. Instead, you utilize Azure Automation Worker to automate the entirely backup & copy to another Azure services (Blobs, Files, another backup/file server virtual machine..). In your run book, you need to use PowerShell DSC (Desired State Configuration) to interact with resources inside your virtual machine.
In VSTS, you have two ways to start your runbook
Invoke runbook's webhook: you can create a webhook for your runbook and call this webhook by creating a Http Task
Start runbook by PowerShell: similar to the approach #1, just create PowerShell task then use Start-AzureAutomationRunbook cmdlet with sample here.
Build an ARM template for your Runbook then define in Build definition. Here is the sample reference to deploy an ARM template in VSTS,
The reason I have to give several references because you might not have familiarity with CICD and DevOps concept, as well as some useful tools in Azure and VSTS which supports your continuous deployment. There are some awesome CICD solutions in the market you should also explore, such as Chef, Ansible, Puppet. They support CICD very well. Below are some references to get started with DevOps on Azure:
https://learn.microsoft.com/en-us/vsts/deploy-azure/
https://learn.microsoft.com/en-us/azure/automation/automation-dsc-overview
https://learn.microsoft.com/en-us/vsts/build-release/apps/cd/azure/azure-devops-project-aspnetcore

Continuous Dilvery as Windows Service and Web Api using TFS Build on Azure VM

I have TFS 2015 and i was able to automated the build process from the branch and get the files from the drop folder as shown below:
It has release for multiple projects like Web API and Windows Service
I want Azure VM on which i want to automate the deployment process - continuous delivery.
Deploy the Web API on IIS on Azure VM
Deploy the Windows Services On Azure VM.
Run Scripts SQL.
I have credentials of Azure VM. How i can perform the three above steps.
I have worked on a similar problem in the past so can probably help you out (MSFT, if it helps).
Web Api on IIS on Azure VM
This is almost completely automated in the form of WinRM - IIS Web App Deployment task that you can find and add in your release definition. The link provides complete instructions on what parameters to provide and tweaks to be done for Azure VM compared to on-premise ones. There are a few prerequisites to running this task, like installing and configuring IIS on the VM which the documentation discusses in detail. As a necessary input to this task, you need to provide the web deploy package which I am assuming was generated as your build output. If not, you can refer to this SO post to get the required output. If you have parameters like connection strings that you wish to modify at deploy time, using a parameters.xml file in the above task.
Windows Service on Azure VM
There is no completely automated task for this requirement, but it is pretty straight-forward. It can be achieved by using the PowerShell on Target Machines task along with Azure File Copy task. For the first task, all that is required as input is the .exe of the windows service that you wish to deploy, which should be generated as the output of your build process (build artifacts). Much of the remote machine inputs for this task is similar to the previous one so you should not have any problem there. You will need to check-in the Powershell script that does the actual windows service installation, in your source code as part of the same windows service project (copy local = True). This will ensure that as the build output, you will have access to the powershell script which you can use in the second task. Azure File Copy is required to copy your powershell script to the Azure VM so that the Powershell task can execute it. Let's assume you copied the powershell script to a folder C:\Data\ on the Azure VM.
$serviceName = "MyWindowsService"
$exeFullName = "path\\to\\your\\service.exe"
$serviceDisplayName = "MyWindowsService"
$pss = New-Service $serviceName $exeFullName -DisplayName $serviceDisplayName
-StartupType Automatic
Add this content to the checked in powershell file and name it installWindowsService.ps1. Then in the powershell task provide the path of the powershell file to execute as C:\Data\installWindowsService.ps1.
Run SQL Scripts on Azure VM
I haven't personally worked on this so the best I can do is point you in the right direction. If you are using DACPAC for your SQL deployment, you can use the WinRM - SQL Server Database Deployment task. If you just intend to execute scripts, use the remote powershell task from above and refer this post that will help you with running SQL commands through powershell script
Seems you want the CD release process picks up the artifacts published by your CI build and then deploys them to your IIS servers/Windows Services on Azure VM.
If you've just completed a CI build, then you should create a new release definition that's automatically linked to the build definition.
Open the Releases tab of the Build & Release hub, open the + drop-down in the list of release definitions, and choose Create release definition.
For 2, write a powershell script to handle this, ensure build outputs
were available to copy from the ‘Drop’ folder on the build and that
they are copied to C:\xxx\ on the target VM(s). More detail steps
please refer this blog.
For 3, you could use Azure SQL Database Deployment task. Either
select the SQL Script file on the automation agent or on a UNC path
that is accessible to the automation agent. Or directly enter the
InLine SQL Script to run against the Azure SQL Server Database. Also take a look at the tutorial.
Maybe not all the task is fully Compatible with TFS2015 version, you could upgrade your TFS version to get more new features or customize your own build/release task to handle it.

Resources