I have a Azure Pipeline to create alerts in Azure. So in pipeline task I am using the AzureResourceGroupDeployment task and where I gave option to define the deployment name. My requirement is to create alerts timely basis when needed and using a sample alertquert deployment template and parameters.json where the parameters values will be replaced with each time when pipeline triggered for creating the alerts with different input values using runtime parameter ad the parameters.json will be updated accordingly.
So here I am not sure about the deployment name, as whether I have to specify the deployment name differently in each time when I create different alerts or, I can have the same deployment name itself?
If i create the alerts with same deployment name for with different alerts names, whether this will delete or modify the previously created alerts using the same deployment ?
Also if I want to update the alerts which is already created, whether I can update it by using the ame deployment name and same alert name?
The resource group keeps a record of deployment events; the information stored includes the parameters input, the resources created, and any outputs.
Each record is identified by a name; that's what the deployment name is.
This history of deployment events is accessible in the azure portal, and also through az cli and azure powershell.
It's up to you whether you want to reuse a deployment name again, or use unique names (e.g. by adding a datetime suffix). If you reuse a name in a future deployment then the previous record will be overwritten; so you lose your history a bit, but it means that the deployment events record is quite tidy, holding only the most recent deployment record for each resource.
If you prefer to use new unique deployment names each time, then you get the advantage of having a fuller history; but there is a limit of 800 deployments per resource group and if you reach it then you cannot deploy anything until you delete some records.
Related
I want to use Library Varibles as Azure Deployement Group name in Azure Dev-Ops Release pipelines , is it possible ? And Is it a good practise to do it ?
Purpose : I want to use same pipeline and same stage to deploy on different environments , so that If I change Deployment Group Name (Dev,QA,UAT) in library variable , it will deploy to that env.
I am afraid that the Deployment Group name field doesn't support to use Pipeline Variable(e.g. Library Variable) to define the name.
It currently only supports hard-coded deployment group name in Deployment Group job.
For a workaround, you can add multiple deployment group jobs with different deployment group name. Then you can set the condition to determine which job can run
based on the Library variable value.
Here is an example:
On the other hand, I can fully understand your requirement, I suggest that you can create a suggestion ticket in the Developer Community.
I'm creating a Deployment Group in CodeDeploy with a CloudFormation template.
The Deployment Group is successfully created and the application is deployed perfectly fine.
The CF resource that I defined (Type: AWS::CodeDeploy::DeploymentGroup) has the "Deployment" property set. The thing is that I would like to configure automatic rollbacks for this deployment, but as per CF documentation for "AutoRollbackConfiguration" property: "Information about the automatic rollback configuration that is associated with the deployment group. If you specify this property, don't specify the Deployment property."
So my understanding is that if I specify "Deployment", I cannot set "AutoRollbackConfiguration"... Then how are you supposed to configure any rollback for the deployment? I don't see any other resource property that relates to rollbacks.
Should I create a second DeploymentGroup resource and bind it to the same instances that the original Deployment Group has? I'm not sure this is possible or makes sense but I ran out of options.
Thanks,
Nicolas
First i like to describe why you cannot specify both, deployment and rollback configuration:
Whenever you specify a deployment directly for the group, you already state which revision you like to deploy. This conflicts with the idea of CloudFormation of having resources managed by it without having a drift in the actual configuration of those resources.
I would recommend the following:
Use CloudFormation to deploy the 'underlying' infrastructure (the deployment group, application, roles, instances, etc.)
Create a CodePipline within this infrastructure template, which then includes a CodeDeploy deployment action (https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodeDeploy.html, https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-stages-actions-actiontypeid.html)
The pipeline can triggered whenever you have a new version inside you revision location
This approach clearly separates the underlying stuff, which is not changing dynamically and the actual application deployment, done using a proper pipeline.
Additionally in this way you can specify how you like to deploy (green/blue, canary) and how/when rollbacks should be handled. The status of your deployment also to be seen inside CodePipeline.
I didn't mention it but what you are suggesting about CodePipeline is exactly what I did.
In fact, I have one CloudFormation template that creates all the infrastructure and includes the DeploymentGroup. With this, the application is deployed for the first time to my EC2 instances.
Then I have another CF template for CI/CD purposes with a CodeDeploy stage/action that references the previous DeploymentGroup. Whenever I push some code to my repository, the Pipeline is triggered, code is built and new version successfully deployed to the instances.
However, I don't see how/where in any of the CF templates to handle/configure the rollback for the DeploymentGroup as you were saying. I think I get the idea of your explanation about the conflict CF might have in case of having a drift, but my impression is that in case of errors during the CF stack creation, CF rollback should just remove the DeploymentGroup you're trying to create. In other words, for me there's no CodeDeploy deployment rollback involved in that scenario, just removing the resource (DeploymentGroup) CF was trying to create.
One thing that really impresses me is that you can enable/disable automatic rollbacks for the DeploymentGroup through the AWS Console. Just edit and go to Advanced Configuration for the DeploymentGroup and you have a checkbox. I tried it and triggered the Pipeline again and worked perfectly. I made a faulty change to make the deployment fail in purpose, and then CodeDeploy automatically reverted back to the previous version of my application... completely expected behavior. Doesn't make much sense that this simple boolean/flag option is not available through CF.
Hope this makes sense and helps clarifying my current situation. Any extra help would be highly appreciated.
Thanks again
Let say I have 2 Deployment Groups Named QC and Production, each one contains X number of servers.
I also have a Release Pipeline with 2 stages QCStage,ProductionStage.
How can I set my permissions,on Deployment Group Level, so that users can't deploy to Production?
I can achieve this using "Pre-deployment approvals" on each stage but I have hundreds of Pipelines,
we can't be setting permissions for every stage for every pipeline
Update:
This doesn't see to be supported on Azure DevOps,a new Feature Suggestion has been created:
Prevent users from deploying to a Deployment group using Deployment Group Permissions (not on each Stage)
How prevent users from deploying to a Deployment group
Answering this question at two different scope levels.
Scope 1:
Take a simple sample, there has 2 deployment groups in your project: QA and Product.
If what you want is some of users can deploy to QA but not Product, I'm afraid this hasn't been expanded into azure devops until now.
Now for azure devops service, we provide 3 permission level controlled: collection, project and object. Deployment group is the one which belong to object level permission. We haven't provided more granular permissions control, like setting permission on one specific deployment group at this scenario.
Scope 2:
Just restrict someone to deploy a release.
As you know, Deployment group are used for a release stage. In this scenario, in order to control who can/can't deploy a release, please use the release permissions. BUT, there has one disadvantage that it work only for manually initiated releases.
So, I'm afraid Approvals on release stage is another and better option for you to make use until now.
Can deployment groups be searched for a particular machine? I need a way to find if a server is already part of a deployment group. I can't tell from the group names if they are applicable to the project.
You could use the REST API for Deployment Groups and look in the Machines property.
Or, if you have access, you can open the deployment groups navigation and look at the targets.
You may want to employ a more robust implementation of tags for the machines in your deployment groups, so you know you'll only deploy to machines in the group that are applicable.
You could simply use Rest API to list all deployment groups in a specific team project.
GET https://dev.azure.com/fabrikam/{project}/_apis/distributedtask/deploymentgroups?api-version=5.0-preview.1
Conversely, it's not able to list all target groups for a special machine at present.
As a workaround, you can add a tag to a machine on the depoyment group configuration.
After that, specify the tag at the release deployment group phase.
This will make the release to choose all machine within the group deployment that match you tag.
We would like to try building a release pipeline for our product in VSTS - however, our product requires a separate instance of the application per customer (there are some legacy in the picture here :)). What we THINK we want, is a process like this:
For each customer:
Update DB schema
Configure a container, with customer-specific configuration etc.
Publish the container into Azure Container Registry
Deploy the container in Azure Container Service (OR on-prem if the customer runs on-prem)
The configuration can be multiple things: Extensions of the API in the application (new DLLs basically), connection strings, ...
I figure we can do this fairly easily using a custom PowerShell script, but I would like to not write anything custom (at least for the "looping" issue) if I don't have to. We could also create separate environments in VSTS for each customer, but that seems quite unmaintainable with well over 100 customers.
Some additional details:
- There's a separate DB per customer
- There's two separate web applications per customer
So what's the best practice here? Any advice? Thanks! :-)
You could think of doing it in two ways.
1 - By creating one environment for each customer. So you could have the exact same tasks for each environment, or have the flexibility to change steps in a particular environment.
This approach would give you also the ability to use a flow pipeline, because your build will be released only after is passes your internal QA and other processes.
To do it easily, you could also create task groups to reuse then in each environment.
2 - The other way is to create create separate releases for each customer or group of customers. This will also give you the same flexibility, you can use your builds, but you have to add some extra steps to make sure you are using the right build, since you can choose any build when you create a release, which you can do mannualy.
Updated
A third option could be to create on environment for all customers and then have the one deployment agent installed for every customer, using all of them on the same deployment group. Then have one file with all your variables per customer, with the file named with the agent name, and a powershell script that uses the agent name variable to find what file to run. This powershell script would then run all your individual configurations.
In that case, I suspect that you would end up doing almost all your deployment in powershell, which could be more time consuming for you to maintain. You also have to keep in mind that in this particular scenario you would update all your customers the same time, because all agents would be on the same deployment group.