How to integrate OnPrem Azure DevOps Server with the cloud one? - azure-devops

My firm has the Azure DevOps online version where we have all our projects and repo's. We were not able to configure CI/CD for the repo's because our internal server network doesn't have access to the internet.
To overcome this issue, we built a new server that has access to the internet and also to the internal network. On the new server, we installed and configured Azure DevOps Server 2019. We don't want to migrate our repo's from the cloud version to the online version.
I am trying to link the OnPrem repo to the cloud repo but it was not working. I issued a PAT on the cloud version and added it as a service connection under Pipelines in the OnPrem version but still, I am not able to see and link the cloud repo's.
I can clone the repo from the cloud to the OnPrem server but that will not get the latest code as the code is being checked in the cloud repo's
Can anyone please guide me on how to link both of them, please.
Thanks!!!

I don't think there's a meaningful way to integrate Azure DevOps Services and Azure DevOps Server, as they are essentially the same product. I assume (but don't know) that you're looking to integrate Azure DevOps Services to on-premise builds and deployments, as you state that you want to keep the repos in Azure DevOps Services. So, in essence, you want to run build and deployment group agents in on-premise environment.
Take a look at the agent-documentation and especially the communication subsection:
https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/agents?view=azure-devops
Or this old blog post, from which the communication section originates:
https://devblogs.microsoft.com/devops/deploying-to-on-premises-environments-with-visual-studio-team-services-or-team-foundation-server/
The ideal solution would probably be that you run self-hosted build agents in your server that's open to internet, and configure an agent pool for them in Azure DevOps Services. For deployments, you'll want to use Deployment Groups and install deployment group agents to target servers, where they'll just need outbound 443 access for communicating with Azure DevOps Services.
If that's not possible, you'd have to install deployment agents to the build machine, which then sees your other on-premise servers, but this is rather unsatisfactory solution since you'd either have to rely on WinRm capabilities for deployments, or expose too much network between your build server and other on-premise servers.

Related

Azure DevOps see included commits in build

we are using Azure Pipelines to build and deploy various projects. We are using Enterprise Github service connection as our git repository source which we are using as part of the build pipelines that are running on on-prem AzureDevops build agent. We are then using on-prem hosted DevOps agents to deploy the service on our on-prem servers.
If we trigger a build we then receive an email notification about all the new commits which are included in the build. Is the same information (what commits are part of the build) included somewhere in the Azure DevOps UI? I was not able to find it and it's really difficult to then determine what I'm actually deploying our various environments as I'm not always the one who triggers each build.
Thanks

Can we deploy application to multiple Vms on multiple clouds with Github Actions?

I have an application which I want to deploy to a number of VMS on Azure and AWS, I was working with Azure DevOps before and it provided very nice features to achieve this with deployment groups etc. Now I want to work with Github and I am really having problems to design my CI CD pipeline since Github actions do not have any feature which could be used to do deployment on a set of VMS. If there are please guys share your thoughts any article would be appreciated. Thanks
You can firstly consider to deploy application to one Virtual Machine with Github Actions.
Just in the environment of Azure, all you need is to use GitHub Action to build a virtual machine (VM) within Azure.
you can learn the detailed steps to deploy application to one Virtual Machine with Github Actions in:How to use GitHub Actions to deploy an Azure Virtual Machine.
For multi-environment deployments either in Azure or AWS with GitHub Actions, I recommend you to use Octopus Deploy as a reference. you can still refer to Multi-environment deployments with GitHub Actions and Octopus to deploy Virtual Machine on AWS.
For
deploy application to multiple Vms
We recommend you to use Azure Batch to run parallel workloads. It can allow you to deploy application to multiple Vms at one time in batch in the basic of deploy application to one Virtual Machine.
You can run the batch job using Azure CLI by following the example: Run Batch job with the Azure CLI.

Azure Devops configuration with Jenkins

Background info:
Both Jenkins and Azure DevOps are located in Azure. Jenkins is not accessible from internet and is behind organization firewall where as Azure DevOps is not, need an ability to use Jenkins Service hook with mentioned background
Also can below be possible :
possibility to configure Azure DevOps in local Azure VNET
If we can identify or get Azure DevOps host server IP to white-list it for incoming traffic in Jenkins.
The way to link Azure DevOps to your private Azure VNETs, is through Express Route.
Connectivity to Microsoft online services like Azure Storage, Azure SQL, Dynamics 365 and now Azure DevOps is through the Microsoft peering configuration of ExpressRoute circuits.
Route filters are a way to consume a subset of supported services through Microsoft peering. Using route filters, you can enable services you want to consume through your circuit’s Microsoft peering. Azure DevOps is included in the new Azure Global Services route filter with a BGP community value of 12076:5050.
ExpressRoute is available for all Azure DevOps services, including:
Organizations using the new https://dev.azure.com/ URL,
Organizations using the legacy https://{organization}.visualstudio.com/ URL,
Self-hosted Azure Pipelines agents,
Self-hosted Cloud Load Test agents,
Visual Studio Marketplace (https://marketplace.visualstudio.com/),
Visual Studio Subscriber Portal (https://my.visualstudio.com), and
Visual Studio Subscriptions Administration Portal (https://manage.visualstudio.com).
ExpressRoute is not available for Azure DevOps static content that is delivered via Azure Content Delivery Network (CDN), which includes:
Scripts, images, fonts and stylesheets, from the cdn.vsassets.io URL, and
Web extensions from the {publishername}.gallerycdn.vsassets.io URL.
ExpressRoute is available for use with Azure Artifacts. However, you will need to configure route filters for the Microsoft Azure region that your organization is located in.
See also:
https://devblogs.microsoft.com/devops/expressroute-for-azure-devops/https://devblogs.microsoft.com/devops/expressroute-for-azure-devops/
https://learn.microsoft.com/azure/expressroute/how-to-routefilter-portal

Azure pipeline - How do I deploy code to Preregistered application

Our devops team have created an application (ex:athena) and registered with AD. They also have given us Service Principle.
The question I have is , how do I deploy my code in GitHub to the application (athena) that the devops team created for me using the “Deploy to kubernetes service” configuration template ?
Apologies in advance, as I am not proficient in Azure and this shows my gap in understanding.
The Information I have are :
Repository - GitHub (I have done the appropriate authorisation and can see the repository)
Service Principle (create by devops team)
Application (created by devops team)
I have created a Container Registry and Kubernetes service using azure portal
Now, I want to use the “Deploy to kubernetes service” configuration template.
Help much appreciated.
If you want to use this Deploy to kubernetes service, you must get two service connection : Azure Resource Manager and Kubernetes Service Connection.
So, first, you need to configure the connection between Azure Kubernetes, ARM and Azure Devops. Enter project setting->service connection, open New Service Connection and select Kubernetes. Input the relevant configure according to your Azure:
And so do with Azure Resource Manager, you can follow this doc to configure it. Here is my ARM connection you can refer:
Then, you can begin your build and release pipeline.
Deploy to kubernetes service task used in release pipeline. In build pipeline, you must run docker build, push task to finish pushing to Azure registry Container.
And then, run this deploy task in release. You can refer to this blog which written by Azure DevOps Labs: Deploying a multi-container application to Azure Kubernetes Services. It has detailed steps you can refer.
In addition, there has two build source type. One is you import your github repos into Azure Devops repos. So the build can be trigger by Azure Devops Repos. And the other is select Github as your build source, in this type, you can triggered directly by your github instead of use Azure Devops repos:
And also, this need you get the service connection with your Github first. Then, authorize it during the build pipeline.

Azure Devops Pull Request and Jenkins behind corporate network

I'm trying to figure out how can I connect my Jenkins Build server to the Azure DevOps Pull Request. My Jenkins Server is behind a corporate firewall, I don't have any way to have access to this server outside of the corporate network.
Due to the corporate network rules I cannot add a hook in Azure to call my Jenkins server, but my server can have access to the Microsoft Azure web site.
I tried to run the VSTS Agent with success on my Linux Jenkins server. It works, but It doesn't do what I would need to do. I don't want to change all my build process to build my application inside this Agent. I really want to be able to launch a Jenkins Pipeline build from my server and forward the build result to the Azure DevOps.
I cannot use the Jenkins VM provided by Azure DevOps, because my Jenkins build process has to run some regression test tool on real hardware unit in our lab to flag the build as a success.
So in other word:
1- I cannot use the VSTS agent because I need to use my Jenkins Build Server
2- I cannot use the Jenkins VM provided by Azure DevOps because I need to have access to real Hardware Unite
3- I think I cannot instrument my Jenkins to see if we have a new Pull Request branch, because I will not be able to send the Jenkins build result to the Microsoft Azure DeveOps server.
Anybody had to do something like that?
Any reading to suggest?
Thanks!
Since one-way communication is going to be possible (from Jenkins to Azure DevOps), you'll have to do the following:
Set up your Jenkins pipeline to periodically poll Azure DevOps for new PR branches and build PRs
Set up a branch policy for approval from external services
Have Jenkins post the build status back to the external service API so that Azure DevOps knows whether the build has succeeded or failed