I am trying to build a CI/CD pipeline with azure. The deployment is working until the final stage where i need to run a powershell/cmd script on the machine that is running the deployment group agent. Can someone please assist on how to run a cmd/powershell script on the machine that is running the deployment group agent?
I have tried using remote powershell but that requires a username and password which i can not use for security reasons.
For context
I have a local server. I have a repo on azure. I have created a pipeline that builds the repo and the artifacts of the build are then copied to my local server. Now I want to run a powershell/cmd on the local server through the pipeline.
Refer to the documentation here:
https://learn.microsoft.com/en-us/azure/devops/pipelines/scripts/powershell?view=azure-devops&tabs=yaml#add-a-powershell-script
The syntax for including PowerShell Core is slightly different from the syntax for Windows PowerShell.
Push your PowerShell script to your repo.
Add a pwsh or powershell step. The pwsh keyword is a shortcut for the PowerShell task for PowerShell Core. The powershell keyword is another shortcut for the PowerShell task but Windows PowerShell and will only work on a Windows agent.
# for PowerShell Core
steps:
- pwsh: ./my-script.ps1
# for Windows PowerShell
steps:
- powershell: .\my-script.ps1
However as you would notice, this would only run on the agent.
You can also use the classic alternative, also described in the same documentation using the UI provided by Azure
Another alternative which may be suited for your case is to create a VM extension by navigating to the virtual machine in the Azure Portal, clicking on "Extensions" in the left sidebar, and then clicking the "+Add" button.
Otherwise, your only option may be the "Azure Remote Run", however you mention you cannot get the credentials for that.
Related
We have fluent migrator wrapped in a .net core console app which we added extra functionally to. We had this working on octopus deploy but trying to get it to work in azure DevOps release pipeline is proving very difficult.
We have a Deploy.ps1 powershell file with a single command in it which is as follows
& .\Migrations.exe -connectionStrings "Server=<server>,1433;Initial Catalog=MigrationTest-Dev;Persist Security Info=False;User ID=<name>;<password>;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
This runs fine locally and as I say on our octopus box.
How would I be able to run this in devops release pipeline, I can only think its permission related maybe!?
The below is the current Powershell task in the release pipeline
If anyone could provide some help it would be greatly appreciated
I got this working after finding this post https://rajbos.github.io/blog/2019/08/17/AzureDevOps-Run-NET-Core.
The solution was this PowerShell task, which this inline script. Note that because this is a .net core console app I could run dotnet on the .dll and don't have to use the .exe
cd "$(System.DefaultWorkingDirectory)/_SqlMigrationsTest/Migrations-Wip/Migrations"
dotnet Migrations.dll -connectionStrings "Server=<server>;Initial Catalog=MigrationTest-Dev;Persist Security Info=False;User ID=<name>;Password=<password>;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
The yaml looked like this if I clicked the View YAML link.
steps:
- powershell: |
cd "$(System.DefaultWorkingDirectory)/_SqlMigrationsTest/Migrations-Wip/Migrations"
dotnet Migrations.dll -connectionStrings "Server=<server>;Initial Catalog=MigrationTest-Dev;Persist Security Info=False;User ID=<name>;Password=<password>;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
displayName: 'Run Migration'
So this did run but then I had an issue with the azure database firewall rules, I spent a day looking into powershell script to connect to the database and add a new firewall rule. The IP constantly changes in devOps(which is expected). I never got the azure firewall scripts working, it was all around Get-AzureRmSqlServerFirewallRule or the other Get-AzureSqlDatabaseServerFirewallRule which was a very painful approach that never worked.
I later stumbled upon the solution where the azure database has firewall settings(which I knew I could add manually). There is a toggle to Allow Azure services resources to access this server. Putting this to Yes made it all work, finally.
I have a windows service I build with .net core and I can publish it with a publish profile and since Im using appsettings I can target the environment as well. Trying to figure out a solution for another project but its using .net framework and do not want to use installutil. So far I can just
- stop the service
- copy over the files
- restart the service
However, with a .net framework service, the settings are in app.config and the settings will be different obviously between a test server and production.
So now I am looking at doing this with powershell, and hopefully add this to a build pipeline to have it automated. The steps would be the same that the powershell script would do
- stop the service on the target server
- copy over the files from the /bin folder
- restart the service on the target server
except after copying over the files, I would need to modify the app.config, and all of the above Im sure I can accomplish with powershell.
My question is, can this be done via a build pipeline that runs on a on-prem build agent?
can this be done via a build pipeline that runs on a on-prem build
agent
For this issue , according to your situation, as mentioned by penaunt in the comment, you can try adding PowerShell on target machines task to the build pipeline.
You can use this task to execute PowerShell scripts on remote machines. This task uses Windows Remote Management (WinRM) to access on-premises physical computers or virtual computers that are domain-joined or workgroup-joined. For PowerShell scripts, the computers must have PowerShell 2.0 or higher installed.
- task: PowerShellOnTargetMachines#3
displayName: 'Run PowerShell on Target Machines'
inputs:
Machines: '...'
#userName: # Optional
#userPassword: # Optional
#scriptType: 'Inline'
#inlineScript: '# Write your powershell commands here'
#scriptArguments: # Optional
When I startup PowerShell from within my Azure Portal I can readily navigate to my Storage Accounts and files.
When running Powershell from my laptop, and logging into Azure using "Login-AzureRmAccount", I cannot do the same thing. My prompt is always "PS C:>" so any dir command is executed on my laptop rather than actually "inside" Azure.
What am I doing wrong and how can I navigate the Azure file system?
You'll need to create a PS drive from a provider. SHiPs was created to do e exactly this, take a look:
https://blogs.msdn.microsoft.com/powershell/2017/10/19/navigate-azure-resources-just-like-a-file-system/
In TFS 2017 Update 2 Release Management, what advantages does the "PowerShell on Remote Machines" task provide over PSRemote PowerShell scripts executed from the deployment agent machine?
As part of our release process, we use PowerShell scripts to validate and configure the servers being deployed to (e.g. install SSL certs, .NET version, etc.). We've historically used PowerShell remoting (New-PSSession/Invoke-Command) with CredSSP to execute scripts from the deployment agent to configure the destination machines.
The PowerShell on Remote Machines task appears to involve copying your ps1 to the destination machine and then executing it from that machine's context. Compared to the PSRemote method, it looks like all we gain is simpler syntax. Also, it looks harder to trace and troubleshoot from RM if we copy script files to a collection of servers and then let those boxes execute the scripts while we wait for the result. Given the popularity of websites referencing using this task, I feel I must be missing something.
The PowerShell on Target Machinestask makes the deployment more convenient and effective.
This task can run both PowerShell scripts and PowerShell-DSC scripts. It can execute PowerShell scripts on remote machines with a comma-separated list of machine FQDNs or IP addresses, optionally including the port number. Also pass other arguments easily.
Refer Deploy: PowerShell on Target Machines to know the details.
And this article for PSRemote : How to Run PowerShell Commands on Remote Computers
You can compare with them.
I'm running my Deployments on the Release Management(Currently Preview) tool in VSO.
When you configure a new Release(with the new release management tool on VSO) you can add to the Flow a task named:Azure PowerShell(Run a PowerShell script within an Azure environment)
What i'm trying to do is to Make some changes to the web.config using the Get-WebApplication and then Set-WebConfigurationProperty.
the error i get from the Log is:
Process should have elevated status to access IIS configuration data.
##[error]Cannot find a provider with the name 'WebAdministration'.
Is it even possible to run those kind of commands in there or do you i need to use another kind of command to update my web.config?
There is no Azure API to make arbitrary transforms to your web.config.
Instead, the way this is typically done is to use the deployment time transform engine (e.g. via Web.Debug.config or using Chained Config transforms).
If you're trying to set the web.config of an Azure WebApp then you need to use the Set-AzureWebSite cmdlet or the Set-AzureRMWebApp cmdlet.
Which one you need to use depends on which Azure cmdlets are installed on the machine running the script. The hosted servers for RM may still have the 0.9.x cmdlets (which uses SetAzureWebSite). The Set-AzureRMWebApp cmdlet is in the 1.x cmdlets. Either will work to set the config, you just need to use the appropriate cmdlet for what's have installed.