I am developing CD release pipeline using TFS 2015 update 2 on-prem instance. I'm relying on ARM template to setup Azure website and Azure Sql server. I'm using FTP method for deploying website bits from internal Build server to Azure website. For this website deployment I'm reading the credentials from PublsihingProfile of the newly created website.
Is this a right way or can you suggest a better way? Any comments are appreciated.
P.S. Customer wants to use FTP method and not WebDeploy.
If you really have to use FTP, and the thing you're not happy with is the process/password secret management, you could try this:
https://marketplace.visualstudio.com/items?itemName=januskamphansen.ftpupload-task
Its a VSTS extension task for release, which works with the vnext build/release system in VSTS or TFS2015 server. This task lets you put the parameters in against each environment you setup, and mark the passwords as secrets so they wont come out in logs or the UI.
The step basically wraps up the process of doing the ftp bit for you - you may want to do other steps as part of the release.
Related
what I did;
I have my c# windows form application on Azure Repo and I created a build.
I assigned my physical test server to Azure DevOps under the Deployment groups page. And it is online.
I defined a release, I added an artifact that refers to the build pipeline from the Azure repo.
Now I want to transfer my windows form app release files to my physical test server (windows) under the Desktop folder and run. (also stop and delete previous app if it is already running)
For that, I tried to add a stage. But for the stage templates, I don't know which one to choose. There are deployment options for IIS and Azure services.
Bufre, I published my ASP.NET app using IIS website deployment. Worked fine. But how to do it for a desktop application? How to transfer and run?
I see a as a similar issue here, But I am new to YAML files and I could not produce.
Where to mention target physical path, which template to choose? Could you please advise on the steps?
You must install the DevOps agent on this server, then add it to the agent pool and then use any task that allows to install your app (depends on what kind of app you have). All tasks will be executed on the server directly, so you can use PowerShell, cmd or what ever.
https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows?view=azure-devops
https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/pools-queues?view=azure-devops&tabs=yaml%2Cbrowser
I have several .NET applications that are hosted In Azure on virtual machines IIS. I want to automate deployment process directly from my machine or visual studio without using Azure portal because we are doing several deliveries each day. The biggest challenge for me now is to do backup before deployment. So I need to backup specific folder on VM remotely. Could anyone tell me how I can do it?
Are there any best practices for automation delivery from visual studio to Azure VM? Backup of app is required.
First, I'm assuming that you would like to back up some specific folders in your VM to an Azure Blobs or Azure Files storage. There are two parts you'd need to complete your continuous deployment:
Automate backing up some folders in your virtual machine.
Integrate task #1 into a CICD (Continuous Integration Continuous Deployment) tool, which I'd suggest VSTS (Visual Studio Team Services) for your beginning.
Approach #1
You can expose Windows Remote Management (WinRM) endpoint publicly and use PowerShell to perform a folder backup task. You will also need to invoke some scripts to write/copy your backup to Azure Blobs Storage. Your script must be authenticated silently so you don't need to key in Azure subscription admin or VM admin.
Once you have a PowerShell script, you can invoke this PowerShell by creating a new PowerShell task in your Build or Release definition. I'd suggest to define in Release definition.
Approach #2
It's more Cloud native and you don't have to expose WMI of your virtual machine which would lead to security threat. Instead, you utilize Azure Automation Worker to automate the entirely backup & copy to another Azure services (Blobs, Files, another backup/file server virtual machine..). In your run book, you need to use PowerShell DSC (Desired State Configuration) to interact with resources inside your virtual machine.
In VSTS, you have two ways to start your runbook
Invoke runbook's webhook: you can create a webhook for your runbook and call this webhook by creating a Http Task
Start runbook by PowerShell: similar to the approach #1, just create PowerShell task then use Start-AzureAutomationRunbook cmdlet with sample here.
Build an ARM template for your Runbook then define in Build definition. Here is the sample reference to deploy an ARM template in VSTS,
The reason I have to give several references because you might not have familiarity with CICD and DevOps concept, as well as some useful tools in Azure and VSTS which supports your continuous deployment. There are some awesome CICD solutions in the market you should also explore, such as Chef, Ansible, Puppet. They support CICD very well. Below are some references to get started with DevOps on Azure:
https://learn.microsoft.com/en-us/vsts/deploy-azure/
https://learn.microsoft.com/en-us/azure/automation/automation-dsc-overview
https://learn.microsoft.com/en-us/vsts/build-release/apps/cd/azure/azure-devops-project-aspnetcore
I am planning to setup sonar in VSTS for that I tried searching blogs and stack overflow.I got few links to setup sonar but all I need is to have Microsoft SQL windows server 2012 R2 as a IAAS. I need dedicated VM as IAAS(Infrastructure as a service) to configure sonar in Azure after creating Microsoft SQL server VM I can give that endpoint in VSTS and can run sonar.But in my company we are having all VM's as a PAAS(Platform as a service).My organization is not ready to have VM as IAAS.So kindly provide the solution how can I configure sonar in VSTS.
The below link received from stackOverflow.
http://donovanbrown.com/post/how-to-setup-a-sonarqube-server-in-azure
SonarQube is designed to use a dedicated server and needs access to a database. Take a look at the system requirements for details. There is no way to host it inside of VSTS.
If your organization isn't ready to do IaaS with Azure, then you have two options. The first option is to setup a SonarQube server in your office or data center and make it publicly accessible.
If that isn't an option, then your only other option is to make use of SonarCloud as Fabrice mentioned in the comments. Take a look at this blog post for setting up VSTS and SonarCloud.
Well, if you wish to hosted in SonarQube in Azure then you are in luck. You can make a VSTS/Azure DevOps Project where you add this Github: ARM Template for VM, network and DB setup for SonarQube to your a GIT repo.
This will give you the possiblity to have you secrets safe in VSTS/Azure Dev but automatically support the SonarQube setup from Azure DevOps with Cloud Infrastructure.
How can I publish to an Azure Website (NO VM!) using Microsoft Release Management.
At the moment, ms release management only seems to support deploying to Azure VM's. I like MS Release Management system as it lets me control my deployment variables across multiple deployment stages.
Basically, this is not a supported scenario out of the box.
Your best bet here is to use an agent-based release template with a "springboard" server to manage the release, and custom PowerShell scripts that use the Azure SDK to interact with Azure. One of my colleagues did the leg work to figure it out a few months ago, and has a few comprehensive blog posts describing how he accomplished deploying an Azure Web Application via RM.
Visual Studio Release Management now offers built-in steps to manage Azure App Services. In a Release Management process add the Azure App Service Deploy step, and configure for your website. Note that this step requires your site to be published as a .zip file.
In addition to the deploy step, it is best practice to deploy to an inactive slot, or stop / start the site using the Azure App Service Manage steps in Release Management.
For now, you should take a look at the new build system, it has an out of box task to deploy a package to azure web app.
What I want to accomplish:
I want to deploy an Azure Cloud Service via Release Management. I managed to get this working by following the steps outlined in this post. In the post the Azure publishsettings file is added to the project and used in Release Management to deploy the Azure package to a Cloud Service. So far so good.
What is the issue:
The Azure publishsettings file will also contain information about the production environment. I don't want that information to be available to all the developers and therefor I would like to have a more secure alternative.
What did I try:
I created a custom action which takes 3 arguments: subscription id, subscription name and certificate key. This way the Azure information stays in Release Management and can be passed to a script. This didn't work because the action is not shown in the Release Template Toolbox.
What is my question:
What is the best way to pass Azure credentials to a deployment script via Release Management on a secure manner?
We have a solution for Build today that will work for RM in the future.
Publish Settings file is an important one with which anybody can get access to certain activities. And once how ever the way you pass on the publish settings file, it can be misused (if tried).
So along with the publish settings file, you need to add a bit of process to the deployment like -
Inactive or remove the management certificate which will in turn invalidate the given publish settings and anyone should request for a new set of publish settings file before they actually start any release procedures.
Even though it adds a rough edge to your smooth flow of deployment process, as it is a live or production system, it is always better to tight the process and make it idiot proof.