In Visual Studio Team Services, I would like to specify the Azure Subscription via a variable (see image below). The reason for this is that our ops team maintains the NON-PROD and PROD environments on different subscriptions.
However, when I do this I get the following in the log:
##[section]Starting: Azure App Service Deploy: XXXXfunc
==============================================================================
Task : Azure App Service Deploy
Description : Update Azure App Service using Web Deploy / Kudu REST APIs
Version : 2.1.10
Author : Microsoft Corporation
Help : [More Information](https://aka.ms/azurermwebdeployreadme)
==============================================================================
[RESOURCE_NAME] exists false
##[warning]Can\'t find loc string for key: CouldnotfetchacccesstokenforAzureStatusCode
##[error]CouldnotfetchacccesstokenforAzureStatusCode 401 Unauthorized
##[section]Finishing: Azure App Service Deploy: XXXXfunc
If I set the subscription using the drop down, then it all works fine.
Is this possible to do? If so, how?
UPDATE:
I am using App Service here as a simple example, but I also have a collection of Azure PowerShell tasks joined into a single Task Group. Each of these tasks need to have the subscription specified. If I can't pass a Azure sub in, then I'll have to either clone the Task Group or just list each step individually.
Its easier (and fits with how the system has been designed), if instead of this, you just use the Releases workflow to setup your dev/test environment, with the app service deploy pointing at that subscription, then clone that environment, call the new one "prod", and modify the release step in that environment to point at the other subscription. You can then also add governance (ie. email approval processes) around the build and deploy, and ensure the exact same build artifact is deployed to both environments, but when you want them to. I wrote a blog post last year to take you through this step by step, see https://russellyoung.net/2016/11/09/continuous-deployment-of-a-asp-net-core-app-to-azure-using-vsts/
Related
I have 2 .NET 5 Azure Function Visual Studio projects . These 2 Functions to be deployed in a single Azure Function App.
I have 2 separate Build Pipelines for each of the projects and have separate Release Pipelines as well in Azure DevOps. I am not using YAML for release pipelines but depends on DevOps UI to choose a new Release pipeline.
My issue is that whenever running the Release pipeline, the last Release overrides the existing Function in Azure Function App. So, I am not getting 2 Functions as expected under a single Azure Function App. Always the last release deployment exists in Azure. Why one release deployment overrides existing Functions, even though they are from different Release pipelines?
In the MS documentation it states that if you perform a "Zip Deployment" to an Azure Function, it will always overwrite what is running on the Azure Function Service. I presume that the "Classic Pipeline" gives you the "Zip Deployment" option.
Link to MS Documentation: https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-function-app?view=azure-devops#deployment-methods
For the moment, I do have a ticket open at Microsoft on how to manage different apps on the same Azure Function service. I only want changes made to the specific app where there are code changes without impacting any other existing apps on the Azure Function. For now, I only had one troubleshooting session with no solution in sight. I will share more information once I have received a solution/workaround.
I need to push a DevOps website from azure to IIS on Amazon or Microsoft (or locally).
When I run the script in the Azure VM, I get the error the domain vstsagentpackage.azureedge.net isn't accessible. I assume this is for advanced internal azure networking reasons.
What is the most appropriate way to publish one DevOps site into one IIS Web(app) site while others are running and perhaps managed by others? I'm currently using this approach.
I'm not sure if you have permission to, but if you do, I'd recommend setting up a deployment group or agent (deployment group for classic pipelines, agent for YAML) on the Windows Server hosting the site.
Once you set up a deployment group/agent, you'll want to configure your release pipeline to be set to use the newly registered agent or deployment group within your pipeline.
If you're using a classic (UI) pipeline, you'll want to add a new Deployment Group Job by clicking the ellipsis to the right of your stage name:
After you've added the deployment group job, you'll want to select the deployment group you've just added:
With that configured, you'll be running your pipeline on the IIS server you're deploying to, and you'll just need to add the IISWebAppDeployemntOnMachineGroup#0 task to your release pipeline and point to the site you're deploying to:
I have an appservice called compspiadev, and I am using Azure's Pipelines to set-up CI/CD. Created the build pipeline and build the project into an artifact to use it in the build pipeline. When I try to deploy I get the following error:
Now my appService doesn't have the ".scm." part in it, and in my configuration I don't set the name to have the KUDU endpoint it adds it automatically:
How can I fix this issue for it to deploy correctly?
Your guess is correct. That is an network error which is because our Azure devops Hosted agent could not connect to the internal deployment endpoint of ILB ASE. (As I mentioned in this ticket, I checked your app from our backend and found it is connecting to ILB ASE.)
You can check this source code (actual working code snippet, I can not help you locate the exact code line since I don't know witch deploy method you used), and you will found that the process of Azure app deployment via Azure app service deploy task is actually the process of communicate with app files to Kudu service (xxx.scm.azurewebsite.net).
For example, if you are using Run from package type to deploy your web app, you can refer to this code snippet.
After you configured ILB ASE, per this doc, the scm site is only available at <appname>.scm.<asename>.appserviceenvironment.net. But you should have known that Hosted agent is a dynamic-distribution Azure VM that is neither in nor connected to the virtual network.
That is why you encountered the error like could not connect to the remote computer <appname>.scm.<asename>.appserviceenvironment.net.
To resolve this issue, you need use private agent to execute your deployment pipeline. For how to configure a valid self agent so that it can communicate with your private DNS, you can follow this reply or this blog.
As is visible in (the URL part of) the error message in your first image, you're deploying to an App Service Environment (which is something of a special cookie).
The Azure App Service Environment is an Azure App Service feature that provides a fully isolated and dedicated environment for securely running App Service apps at high scale.
As we can see in the second image, you don't have the checkbox "Deploy to Slot or App Service Environment" checked.
Check that checkbox, specify the Resource Group name, leave slot name set to production and you should be good to go.
If the deployment target is an Azure App Service environment, leave the slot name as production and specify just the Resource Group name.
Source: Azure App Service Deploy task - Prerequisites for the task
I have “.Net Core Web Api” and “Angular 8” projects. I am manually deploying these two application on Azure Virtual Machine.
Now I want to use Azure CI/CD pipeline process and deployed above application on IIS present on above Azure Virtual Machine.
Can I achieve above tasks by using Azure Deployment Groups? I am not able to find proper solutions on internet.
Any help will be really appreciated.
I have this link: https://learn.microsoft.com/en-us/azure/devops/pipelines/apps/cd/deploy-webdeploy-iis-deploygroups?view=azure-devops but no use.
Can I achieve above tasks by using Azure Deployment Groups?
Of course sure. Azure virtual machine just the VM which hosted by Azure, there's no more difference with the normal VM.
To deploy application to Azure VMs through IIS tasks and azure devops deployment group, you must pay attention to below 2 prerequisites:
1) As normal, VM is a separated machine. In order to combine them into Azure Devops and use them with CI/CD, to be precise, let the Deployment group manage to these virtual machine, you need to run script to register these VMs to VSTS deployment group.
2) Also, to deploy application to VMs via IIS, you need also ensure that these VMs web servers configured with IIS.
Above 2 is what mentioned in the doc you shared.
Our lab published a blog which describe the very detailed steps on how to Deploying to Azure VM using Deployment Groups. You can follow it to continue your configuration in VSTS pipeline.
Since it is very detailed, I would only point some key to you:
1 To configure Deployment Group agent on each of the virtual machines, firstly, please use Azure Resource Group Deployment task with Configure virtual machine deployment options action and enable prerequisites as Configure with Deployment Group agent:
2 For the configuration of IIS manage and deploy task, including physical path and etc, you can follow this(just ignore its task of start) to finish your configuration.
Note:
Here you must add 2 phases since Azure Resource Group Deployment task need run with agent job, and IIS web app manage/deploy task run with deployment group job
These are the basic steps which could help you achieve what you want.
I am trying to create a build pipeline in Azure DevOps to deploy an Azure Function Application automatically as part of a continous integration pipeline. When the Function App Deploy step is run, the step fails with 'credentials' cannot be null.
Does anyone know why this happens?
My Build Pipeline:
The Log output when the step runs:
The only thing that I think that it can be is the Azure Resource Manager subscription which I am using Publish Profile Based Authentication however I have managed to create a similar pipeline for a web application with a deploy option using this authentication and it worked successfully. I just cannot deploy the function application.
This same problem also ocurrs with publishing web apps I found. There are two different tasks that can be used for web apps to publish and you have to use the right one.
There is a task called Azure Web App Deploy that works.
Also a task called Azure App Service Deploy that doesn't.
This is with Publish Profile Based Authentication.
I found that to deploy the Function Application you can also use the Azure Web App Deploy task and it seems to work.
Just for a bit of context on this one.
The Azure Functions task will allow you to select - and even create - a Publish Profile based service connection. No warning is given, but - looking at the code - the task doesn't implement the needed fetching of the push profile.
At least the task - when selecting the service - should warn you that it doesn't handle Publish Profile authentication. At best they should implement it.
For the nerds in here, even more detail.
For tasks that work with Publish Profile authentication - like for example the Web App Deployment - you have something like this happening:
if (Service Endpoint is Publish Profile) {
publishProfileUtility.getSCMCredentialsFromPublishProfile();
}
Look at the link for the actual code.
On the other hand the Azure Functions will simply create the service with the passed endpoint and hope for the best.