Update Web.config configuration with powershell on Azure Release Script - powershell

I'm running my Deployments on the Release Management(Currently Preview) tool in VSO.
When you configure a new Release(with the new release management tool on VSO) you can add to the Flow a task named:Azure PowerShell(Run a PowerShell script within an Azure environment)
What i'm trying to do is to Make some changes to the web.config using the Get-WebApplication and then Set-WebConfigurationProperty.
the error i get from the Log is:
Process should have elevated status to access IIS configuration data.
##[error]Cannot find a provider with the name 'WebAdministration'.
Is it even possible to run those kind of commands in there or do you i need to use another kind of command to update my web.config?

There is no Azure API to make arbitrary transforms to your web.config.
Instead, the way this is typically done is to use the deployment time transform engine (e.g. via Web.Debug.config or using Chained Config transforms).

If you're trying to set the web.config of an Azure WebApp then you need to use the Set-AzureWebSite cmdlet or the Set-AzureRMWebApp cmdlet.
Which one you need to use depends on which Azure cmdlets are installed on the machine running the script. The hosted servers for RM may still have the 0.9.x cmdlets (which uses SetAzureWebSite). The Set-AzureRMWebApp cmdlet is in the 1.x cmdlets. Either will work to set the config, you just need to use the appropriate cmdlet for what's have installed.

Related

Run a powershell script on machine connected to deployment group in azure

I am trying to build a CI/CD pipeline with azure. The deployment is working until the final stage where i need to run a powershell/cmd script on the machine that is running the deployment group agent. Can someone please assist on how to run a cmd/powershell script on the machine that is running the deployment group agent?
I have tried using remote powershell but that requires a username and password which i can not use for security reasons.
For context
I have a local server. I have a repo on azure. I have created a pipeline that builds the repo and the artifacts of the build are then copied to my local server. Now I want to run a powershell/cmd on the local server through the pipeline.
Refer to the documentation here:
https://learn.microsoft.com/en-us/azure/devops/pipelines/scripts/powershell?view=azure-devops&tabs=yaml#add-a-powershell-script
The syntax for including PowerShell Core is slightly different from the syntax for Windows PowerShell.
Push your PowerShell script to your repo.
Add a pwsh or powershell step. The pwsh keyword is a shortcut for the PowerShell task for PowerShell Core. The powershell keyword is another shortcut for the PowerShell task but Windows PowerShell and will only work on a Windows agent.
# for PowerShell Core
steps:
- pwsh: ./my-script.ps1
# for Windows PowerShell
steps:
- powershell: .\my-script.ps1
However as you would notice, this would only run on the agent.
You can also use the classic alternative, also described in the same documentation using the UI provided by Azure
Another alternative which may be suited for your case is to create a VM extension by navigating to the virtual machine in the Azure Portal, clicking on "Extensions" in the left sidebar, and then clicking the "+Add" button.
Otherwise, your only option may be the "Azure Remote Run", however you mention you cannot get the credentials for that.

Azure DevOps how to run exe database migration

We have fluent migrator wrapped in a .net core console app which we added extra functionally to. We had this working on octopus deploy but trying to get it to work in azure DevOps release pipeline is proving very difficult.
We have a Deploy.ps1 powershell file with a single command in it which is as follows
& .\Migrations.exe -connectionStrings "Server=<server>,1433;Initial Catalog=MigrationTest-Dev;Persist Security Info=False;User ID=<name>;<password>;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
This runs fine locally and as I say on our octopus box.
How would I be able to run this in devops release pipeline, I can only think its permission related maybe!?
The below is the current Powershell task in the release pipeline
If anyone could provide some help it would be greatly appreciated
I got this working after finding this post https://rajbos.github.io/blog/2019/08/17/AzureDevOps-Run-NET-Core.
The solution was this PowerShell task, which this inline script. Note that because this is a .net core console app I could run dotnet on the .dll and don't have to use the .exe
cd "$(System.DefaultWorkingDirectory)/_SqlMigrationsTest/Migrations-Wip/Migrations"
dotnet Migrations.dll -connectionStrings "Server=<server>;Initial Catalog=MigrationTest-Dev;Persist Security Info=False;User ID=<name>;Password=<password>;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
The yaml looked like this if I clicked the View YAML link.
steps:
- powershell: |
cd "$(System.DefaultWorkingDirectory)/_SqlMigrationsTest/Migrations-Wip/Migrations"
dotnet Migrations.dll -connectionStrings "Server=<server>;Initial Catalog=MigrationTest-Dev;Persist Security Info=False;User ID=<name>;Password=<password>;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
displayName: 'Run Migration'
So this did run but then I had an issue with the azure database firewall rules, I spent a day looking into powershell script to connect to the database and add a new firewall rule. The IP constantly changes in devOps(which is expected). I never got the azure firewall scripts working, it was all around Get-AzureRmSqlServerFirewallRule or the other Get-AzureSqlDatabaseServerFirewallRule which was a very painful approach that never worked.
I later stumbled upon the solution where the azure database has firewall settings(which I knew I could add manually). There is a toggle to Allow Azure services resources to access this server. Putting this to Yes made it all work, finally.

How to validate Powershell Desired State Configuration Template before Executing?

As we provision certain resources in Azure, management portal validates the template generated, however when we do it using powershell we only come to know about issues, only when it is executed.
There must be some parameter or switch which could help to just
validate the template & not actually execute it. Any body knows
please?
I assume you are talking about deploying ARM templates and I also assume you are using the AzureRm PowerShell module. In that case you can use the Test-AzureRmResourceGroupDeployment command to 'Validates a resource group deployment' (from the command's help).

How do I deploy service fabric application from VSTS release pipeline?

I have configured a CI build for a Service Fabric application, in Visual Studio Team Services, according to this documentation: https://azure.microsoft.com/en-us/documentation/articles/service-fabric-set-up-continuous-integration
But instead of having my CI build do the publishing, I only perform the Build and Package tasks, and include all Service Fabric related output, such as pkg folder, scripts, publish profiles and application parameters, in the drop. This way I can pass it along to the new Release pipeline (agent-based releases) to do the actual deployment of my service fabric application.
In my release definition I have a single Azure Powershell task, that uses an ARM endpoint (with proper service principals configured).
When I deploy my app to an existing service fabric cluster, I use the default Deploy-FabricApplication cmdlet passing along the pkg folder and a publish profile that is configured with a connection to the existing cluster.
The release fails with an error message "Cluster connection instance is null". And I cannot understand why?
Doing some debugging I have found that:
The Deploy-FabricApplication cmdlet executes the Connect-ServiceFabricCluster cmdlet just fine, but as soon as the Publish-NewServiceFabricApplication cmdlet takes over execution, then the cluster connection is lost.
I would expect that this scenario is possible using the service fabric cmdlets, but I cannot figure out how to keep the cluster connection open during depoyment.
UPDATE: The link to the documentation no longer refers to the Service Fabric powershell scripts, so the pre-condition for this question is no longer documented. The article now refers to the VSTS build and release tasks, which can be prefered over the powershell cmdlets I tried to use.
When the Connect-ServiceFabricCluster function is called (from Deploy-FabricApplication.ps1) a local $clusterConnection variable is set after the call to Connect-ServiceFabricCluster. You can see that using Get-Variable.
Unfortunately there is logic in some of the SDK scripts that expect that variable to be set but because they run in a different scope, that local variable isn't available.
It works in Visual Studio because the Deploy-FabricApplication.ps1 script is called using dot source notation, which puts the $clusterConnection variable in the current scope.
I'm not sure if there is a way to use dot sourcing when running a script though the release pipeline but you could, as a workaround, make the $clusterConnection variable global right after it's been set via the Connect-ServiceFabricCluster call. Edit your Deploy-FabricApplication.ps1 script and add the following line after the connection logic (~line 169):
$global:clusterConnection = $clusterConnection
By the way, you might want to consider setting up custom build/release tasks that deploy a Service Fabric application, rather than using the various Deploy-FabricApplication.ps1 scripts.
There now exists a built-in VSTS task for deploying a Service Fabric app so you no longer need to bother with executing the PowerShell script on your own. Task documentation page is at https://www.visualstudio.com/docs/build/steps/deploy/service-fabric-deploy. The original CI article has also been updated which provides details on how to set everything up: https://azure.microsoft.com/en-us/documentation/articles/service-fabric-set-up-continuous-integration/.
Try to use "PowerShell" task instead of "Azure PowerShell" task.
I hit the same bug today and opened a GitHub issue here
On a side note, VS generated script Deploy-FabricApplication.ps1 uses module
"$((Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Service Fabric SDK" -Name "FabricSDKPSModulePath").FabricSDKPSModulePath)\ServiceFabricSDK.psm1"
That's where Publish-NewServiceFabricApplication comes from. You can check the deployment logic and rewrite it in more sane way using lower-level ServiceFabric SDK cmdlets (potentially getting connection using Get-ServiceFabricClusterConnection instead of global-ling it)

Get a list of all Resources in my Azure Subscription (Powershell Preferably)

I have an azure subscription and I'm trying to write a powershell script to automatically get a list of all the resources (VMs, Storage Accounts, Databases, etc) that I currently have in my subscription. Is there a way to do this using the azure management REST API or the Azure Cmdlets?
If you are using the new Resource Manager model (introduced in 2014) you can use the following PowerShell script.
Login-AzureRmAccount
Get-AzureRmResource | Export-Csv "c:\Azure Resources.csv"
To use the Resource Manager PowerShell commands you will need the AzureRM PowerShell module (https://learn.microsoft.com/en-us/powershell/azure/install-azurerm-ps).
Install-Module AzureRM
For more information on the difference between Resource Manager and Classic models see, https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-deployment-model.
For users with multiple subscriptions:
If you want to output the contents of multiple subscriptions then you will need to call Select-AzureRmSubscription to switch to another subscription before calling Get-AzureRmResource.
I don't think there's just one function (or PS Cmdlet) to fetch all this information. However each of these can be fetched through both Windows Azure Service Management REST API as well as Window Azure PowerShell Cmdlets.
Windows Azure Service Management REST API: http://msdn.microsoft.com/en-us/library/windowsazure/ee460799.aspx. For example, if you want to list storage accounts in your subscription, you would use this: http://msdn.microsoft.com/en-us/library/windowsazure/ee460787.aspx
Windows Azure PowerShell Cmdlets: http://msdn.microsoft.com/en-us/library/jj554330.aspx. Again, if you want to list storage accounts in your subscription, you would use this: http://msdn.microsoft.com/en-us/library/dn205168.aspx.
well,
You may update the version of your AzurePowershell and execute this command.
Get-AzureResource
In the output, You may check for "ResourceType".
It has the information about the type of resource creatd on azure.
Since you said PowerShell "preferably", I'm going to assume other options are still maybe useful? You can go to http://portal.azure.com, and click on the Menu icon (three horizontal lines), then All Resources. Then at the top of the page you can click Export to CSV and open that in Excel.
You have to take 30 seconds to do a little cleanup in Excel, but for what I'm trying to do right now, this was definitely the best & fastest solution. I hope it's useful to you (or someone else) too.
Adding to #Gaurav's answer (and related to your comment about SQL database enumeration): You can enumerate all of your databases, on a per-server basis, in a few easy steps.
First, enumerate all of the SQL Database servers in your subscription:
Then, for each server, create a connection context and enumerate the databases. Note that, with the Get-Credentials cmdlet, I was prompted to enter a username + password via a popup, which I don't show here. For demonstration purposes, I created a brand new server, with only a master database, to show what the output looks like:
This sample demonstrates how to automatically get a list of all the resources (VMs, Storage Accounts, Databases, App Services) and status via Powershell by certificate authentication.
https://gallery.technet.microsoft.com/Access-Azure-resource-data-ca9cc9f7
I know it's already been answered however, I have found the Get-AzResource command easy to use and fetches all the resources from a particular subscription. Try using it with "ft" for clean text
Get-AzResource | ft
Screenshot