Had a quick google, and there appears to be nothing out there.
Can an Azure Pipeline update Azure App Configuration? Or would it make sense to be builds and deployment/run-time config away from each other
The Azure App Configuration Push task works pretty well now :
https://learn.microsoft.com/en-us/azure/azure-app-configuration/push-kv-devops-pipeline
Probably the simplest solution to get this working is by using Azure CLI which you can integrate into your pipelines using the Azure CLI task.
To update, use the az appconfig kv set command.
Set a key using an App Configuration name and label
az appconfig kv set -n {name} --key {key1} --label {label} --value {value1} --content-type {text} --tags {tag1,tag2}
Can an Azure Pipeline update Azure App Configuration?
Apart from the az appconfig kv set in rickvdbosch's answer, you can also consider using Azure Resource Manager which can also be used to manage app settings. See similar hint here.
You can use Override template parameters option in Azure Resource Group Deployment task to update the app configurations in build/release pipeline.
Related
We Have Automated scripts that we would like to build and Test on Azure DevOps but our pipeline cannot run our Test Scripts on Azure
We have a Database Service Account that we want to configure on Azure but we don't know how to go about it. Please assist.
Here is a well explained video (by Hassan Habib from Microsoft) on exactly how to run a console app (you create) in an Azure Pipeline that securely gets credentials to immediately do stuff in Azure (https://youtu.be/ht0xhQyF1x4?t=1688)
He basically, in a handful of minutes shows exactly how to:
Link Pipeline Variables to KeyVault Secrets, so when accessed, the variables do a get() from KeyVault and return that value.
Securely links Pipeline Variables to Azure Environment Variables.
As a step in the release pipeline the console app reads the Azure Environment Variables to get credentials to do stuff in Azure.
In his case he created an Azure Resource Group in Azure.
In your case if I’m understanding correctly. You could possibly make a simple console app that runs in the pipeline, that gets creds\connections strings for your database to do whatever in the DB and could possibly test your scripts.
we have automated the following steps using azure devops
A Release pipeline which creates a website in azure and the next step which deploys the code, all is well and working so far
The next step that we need to do is create a Azure SQLDB and and an Azure Storage Account in the release pipeline and then configure these values in the appsettings.json file
Questions
Creating the Storage account is the easy part, but how do we get the storage account key back in the pipeline and associate that value in the appsetting.json file ?
Similarly for the SQLDB how do we get the IPAddress and add it in the exclusions list.
and also it you could point us to any documentation on this
how do we get the storage account key back in the pipeline.
You can use the Azure CLI az storage account keys to get storage account keys.
I'm currently working on a pipeline job that requires kubernetes access through powershell.
The only issue is that I need to sign in for Az cli. For testing I'm using my personal credentials, clearly not a good definitive option. Are there any other options for Azure cli login that could be used instead?
I'm guessing you are working with hosted agents, therefore, you need to configure kube.config on the hosted agent.
in order to do that, run az aks get-credentials --name $(CLUSTER_NAME) --resource-group $(RESOURCE_GROUP_NAME). The easiest way is to use Azure CLI task. Be aware that this task required authorization from Azure DevOps to Azure.
More info can be found here.
In case you are the subscription owner- select your subscription and click on Authorize.
When the kube.config configured on the hosted agent, you can run any kubectl command you wish (Using Powershell\Bash\CMD).
The Azure CLI with the Azure DevOps extension has replaced the VSTS CLI. But I can't find any sample on how to connect to Team Foundation Server (TFS) or Azure DevOps Server using Azure CLI with Azure DevOps extension.
I tried to create a PAT on my Azure DevOps Server with all scope permission. Then I use the following command to login:
az devops login --organization https://vm-dev-cgudevops/DefaultCollection --verbose
Here is what I've got:
C:\>az devops login --organization https://vm-dev-cgudevops/DefaultCollection --verbose
Token:
Creating connection with personal access token.
Failed to authenticate using the supplied token.
Suppress exception There are no active accounts.
Suppress exception Please run 'az login' to setup account.
command ran in 25.138 seconds.
The token can't be wrong. I don't know what's going on.
At present Azure DevOps CLI is not supported for Azure DevOps server. This is fundamentally due to API versioning as Azure DevOps Server runs on a particular version but the CLI client consistently updates to the latest version. Therefore, ideally if you are using the latest version of Azure DevOps Server, then the CLI should work for you as both are using the same API versions.
Have a look at the docs available at - https://learn.microsoft.com/en-us/azure/devops/cli/index?view=azure-devops
Azure Cli support login your private TFS currently, see: https://learn.microsoft.com/en-us/azure/devops/cli/log-in-via-pat?view=azure-devops&tabs=windows
Create PAT
Login with PAT, eg. cat PAT.txt|az devops login --organization http://your_tfs_url
There is an extension in Azure DevOps that let's you mange the Azure DevOps from Azure CLI.
As mentioned in the extension you have to :
Install the Azure CLI. You must have at least v2.0.49, which you can
verify with az --version command.
Add the Azure DevOps Extension az extension add --name azure-devops
Run the az login command.
You can also find a sample for it here.
Read this article if you need more information about how to get started with it.
Add /tfs/DefaultCollection to URL. That did the trick for me.
We need to create and Key Vault and populate it (or generate) with secrets, then reference them as passwords to SQL servers (PaaS) at the next build step. What would be the best approach to do that?
There are many ways to create/update Azure Key Vault, such as Azure PowerShell, Azure CLI, REST API, also there are Azure PowerShell and Azure CLI tasks in VSTS build/release. So do it with Azure PowerShell or Azure CLI.
To create/update the variable in build/release, you can use Logging Command (##vso[task.setvariable]value), then the variable can be used in subsequent task.
On the other hand, if you just want the variable secret, you just need to add a build or release variable and click lock icon to set the variable secret.