I have created a devops project from azure portal.
I choose an ASP.Net Core application, SQL Database and Virtual Machine option.
I have 2 variables in azure devops release pipeline: dbpassword and vmpassword.
I need to connect to my sql database, and to my vm by hand.
How can i reveal the value of this 2 variables ? They are not shown (asterisks)
Thanks a lot
Assuming from the context clues that you used the Azure DevOps starter apps
There is documentation for gaining access to the SQL database here. You will need to reset the password.
I don't see it explicitly in the docs for starter apps but you can reset the VM password in the portal.
In both cases make sure you update those values back in your pipeline.
If you want to get any asterisks value add simple inline powershell task with:
$dbpassword.ToCharArray() -join " "
Copy and remove spaces, not best sollution, but should do the job
Related
This relates to the documentation that is available at the link below.
https://learn.microsoft.com/en-us/azure/devops/migrate/migration-overview?view=azure-devops
What would be the minimum role for a user to complete the migration successfully and without any permissions issues? That is my question.
For example, the user must have the what kind of necessary roles and permissions on both the Azure Devops server and the Azure Devops Services.
According to the Data Migration Utility Guide, the user who uses this tool must possess the following:
SQL Server's TFSEXECROLE role, and
Access rights to the TFS collection and configuration databases.
My understanding for example :-
Azure DevOps Server:
If we add the user to the Team Foundation Administrators group on the Azure DevOps Server, does the role fulfill.
Azure Devops Services: If we assign the same user who performs migration as an Azure DevOps Administrator mention in the below image on the Azure devops services, does the below role fulfill.
"Azure Devops Administrator"
Also, it would be useful if you could specify the maximum size limit of the. Dacpac backup file that the Data Migration Tool supports (i.e. the maximum size of the project collection backup) in order for the migration to go properly.
What permissions does the same user that runs the data migration tool need in SQL server to perform the command SqlPackage.exe?
I would thank you in advance for the help. It would help us to understand the better usage of the Data Migration Tool.
Many Thanks..!
Best Regards
We Have Automated scripts that we would like to build and Test on Azure DevOps but our pipeline cannot run our Test Scripts on Azure
We have a Database Service Account that we want to configure on Azure but we don't know how to go about it. Please assist.
Here is a well explained video (by Hassan Habib from Microsoft) on exactly how to run a console app (you create) in an Azure Pipeline that securely gets credentials to immediately do stuff in Azure (https://youtu.be/ht0xhQyF1x4?t=1688)
He basically, in a handful of minutes shows exactly how to:
Link Pipeline Variables to KeyVault Secrets, so when accessed, the variables do a get() from KeyVault and return that value.
Securely links Pipeline Variables to Azure Environment Variables.
As a step in the release pipeline the console app reads the Azure Environment Variables to get credentials to do stuff in Azure.
In his case he created an Azure Resource Group in Azure.
In your case if I’m understanding correctly. You could possibly make a simple console app that runs in the pipeline, that gets creds\connections strings for your database to do whatever in the DB and could possibly test your scripts.
I am trying to wrap up my mind around this process.
I have a SQL Server in azure. This server has a Azure Active Directory Admin enable using an azure group to authenticate using MFA.
Further more, in the same blade, I have enabled the Support only Azure Active Directory Authentication for this server.
Everything works just fine, and I am able to connect to my server by using MFA as I am part of the Active directory.
Now, I am a disaster and most of the time I forget to update my database schema, and when I deploy some tests, everything explodes.
I have been looking around for an automation process to authenticate with azure DevOps and run a sql script every time my release pipeline is triggered.
I came across this documentation
https://learn.microsoft.com/en-us/powershell/module/sqlserver/invoke-sqlcmd?view=sqlserver-ps
Which seems to be just what a need as it has the --InputFile.
but I am having some problems to understand how I can authenticate my release pipeline and perform those changes using an AAD to access the DB without having to expose username and password.
If anyone can help me to understand what its the best approach here iw ill be grateful.
And please if my question is not 100% clear, just let me know and I will explain better
An alternative would be to write a script which will do all the sql queries instead of doing it in pipeline. This way we can using azure ad to authenticate.
Register the sql service to the azure ad then we can get tokens to authenticate the sql queries.
finally run the script in pipeline using command line task
Reference:
how to run script
authenticate using azure ad
Looking for suggestions on a problem I'm facing in pipeline deployments for Azure Functions. I'm using the new Azure App Config service to pull app configuration variables to the pipeline.
These are then being used by an Azure App Service Deploy Task in the App settings section to populate the app configuration of an Azure Function. I'm in need of a way to hide the release logs for this from our developer group in the production stage of our deployment. Otherwise it will display the the app settings in the log file from the release. We still want devs to be able to see other stages of the release pipeline.
I believe I could write a powershell script to mark the variables as secrets, but that seems less manageable based on the number of release pipelines and variables that would need to be scripted. I would rather just be able to hide the logs from everyone besides a select group of users or turn them off for that release task in general by stage.
I'm also trying to avoid using Key-Vault for this scenario.
So long story short-
Is there a way to turn off logs for a specific release task in AzDo? If possible by stage?
Is there a way to hide logs by stage? Can that be done on a user level?
Suggestions are appreciated.
No, this is not possible and leads to security by obscurity.
Just use keyvault or use a script to register the secret values. You don't have to hard-code them in a powershell step or anything, you can register secrets by parsing whatever settings file you have and calling:
write-host "##vso[task.setvariable variable=$name;issecret=true]$valueToRegister"
See:
https://github.com/Microsoft/azure-pipelines-tasks/blob/master/docs/authoring/commands.md
I am trying to restore the reports data in Azure Devops Server.
I am wondering how to restore only the database TFS_Warehouse as named in the documentation.
I have created an empty database called something like TFS_Warehouse as mentioned in the documentation. Testing the connection on that part is okay.
I am trying to activate only the warehouse and not the Analysis services or reports.
The reports wizard in Azure Devops administration console does not seem to allow only this and requires that all fields are filled.
How can I use only the warehouse ?
Thanks in advance.
You can find documentation here: Manually process the TFS data warehouse and analysis services cube
Try the ProcessWarehouse command.